Typo.

Submitted by: Reviewed by: PR:
Release 0.9.7-beta3
2002-07-30 11:30:03 +00:00 · 2002-07-30 11:27:18 +00:00 · 2002-07-30 11:21:19 +00:00 · 2002-07-30 07:18:03 +00:00 · 2002-07-29 13:28:57 +00:00 · 2002-07-29 12:34:14 +00:00
381 changed files with 9821 additions and 26095 deletions
--- a/172
+++ b/172
@@ -2,58 +2,54 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.7 and 0.9.8  [xx XXX 2002]
+ Changes between 0.9.6e and 0.9.7  [XX xxx 2002]

-  *) Change internals of the EC library so that the functions
-          EC_GROUP_set_generator()
-          EC_GROUP_get_generator()
-          EC_GROUP_get_order()
-          EC_GROUP_get_cofactor()
-     are implemented directly in crypto/ec/ec_lib.c and not dispatched
-     to methods, which would lead to unnecessary code duplication when
-     adding different types of curves.
-     [Nils Larsch with input by Bodo Moeller]
+  *) Make sure tests can be performed even if the corresponding algorithms
+     have been removed entirely.  This was also the last step to make
+     OpenSSL compilable with DJGPP under all reasonable conditions.
+     [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]

-  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
-     arithmetic, and such that modified wNAFs are generated
-     (which avoid length expansion in many cases).
-     [Bodo Moeller]
+  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
+     to allow version independent disabling of normally unselected ciphers,
+     which may be activated as a side-effect of selecting a single cipher.

-  *) Add a function EC_GROUP_check_discriminant() (defined via
-     EC_METHOD) that verifies that the curve discriminant is non-zero.
+     (E.g., cipher list string "RSA" enables ciphersuites that are left
+     out of "ALL" because they do not provide symmetric encryption.
+     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
+     [Lutz Jaenicke, Bodo Moeller]

-     Add a function EC_GROUP_check() that makes some sanity tests
-     on a EC_GROUP, its generator and order.  This includes
-     EC_GROUP_check_discriminant().
-     [Nils Larsch <nla@trustcenter.de>]
+  *) Add appropriate support for separate platform-dependent build
+     directories.  The recommended way to make a platform-dependent
+     build directory is the following (tested on Linux), maybe with
+     some local tweaks:

-  *) Add ECDSA in new directory crypto/ecdsa/.
+	# Place yourself outside of the OpenSSL source tree.  In
+	# this example, the environment variable OPENSSL_SOURCE
+	# is assumed to contain the absolute OpenSSL source directory.
+	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
+		mkdir -p `dirname $F`
+		ln -s $OPENSSL_SOURCE/$F $F
+	done

-     Add applications 'openssl ecdsaparam' and 'openssl ecdsa'
-     (these are variants of 'openssl dsaparam' and 'openssl dsa').
+     To be absolutely sure not to disturb the source tree, a "make clean"
+     is a good thing.  If it isn't successfull, don't worry about it,
+     it probably means the source directory is very clean.
+     [Richard Levitte]

-     ECDSA support is also included in various other files across the
-     library.  Most notably,
-     - 'openssl req' now has a '-newkey ecdsa:file' option;
-     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
-     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
-       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
-       them suitable for ECDSA where domain parameters must be
-       extracted before the specific public key.
-     [Nils Larsch <nla@trustcenter.de>]
+  *) Make sure any ENGINE control commands make local copies of string
+     pointers passed to them whenever necessary. Otherwise it is possible
+     the caller may have overwritten (or deallocated) the original string
+     data when a later ENGINE operation tries to use the stored values.
+     [Götz Babin-Ebell <babinebell@trustcenter.de>]

-  *) Include some named elliptic curves, and add OIDs from X9.62,
-     SECG, and WAP/WTLS.  The curves can be obtained from the new
-     functions
-          EC_GROUP_new_by_nid()
-          EC_GROUP_new_by_name()
-     Also add a 'nid' field to EC_GROUP objects, which can be accessed
-     via
-         EC_GROUP_set_nid()
-         EC_GROUP_get_nid()
-     [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
- 
- Changes between 0.9.6d and 0.9.7  [XX xxx 2002]
+  *) Improve diagnostics in file reading and command-line digests.
+     [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
+
+  *) Add AES modes CFB and OFB to the object database.  Correct an
+     error in AES-CFB decryption.
+     [Richard Levitte]

  *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this 
     allows existing EVP_CIPHER_CTX structures to be reused after
@@ -76,6 +72,8 @@
     form for "surname", serialNumber has no short form.
     Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
     therefore remove "mail" short name for "internet 7".
+     The OID for unique identifiers in X509 certificates is
+     x500UniqueIdentifier, not uniqueIdentifier.
     Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
     [Lutz Jaenicke]

@@ -382,6 +380,10 @@
     By default, clients may request session resumption even during
     renegotiation (if session ID contexts permit); with this option,
     session resumption is possible only in the first handshake.
+
+     SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL.  This makes
+     more bits available for options that should not be part of
+     SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
     [Bodo Moeller]

  *) Add some demos for certificate and certificate request creation.
@@ -502,8 +504,8 @@
     [Bodo Moeller, Lutz Jaenicke]

  *) Rationalise EVP so it can be extended: don't include a union of
-     cipher/digest structures, add init/cleanup functions. This also reduces
-     the number of header dependencies.
+     cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+     (similar to those existing for EVP_CIPHER_CTX).
     Usage example:

         EVP_MD_CTX md;
@@ -1087,14 +1089,15 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     handle the new API. Currently only ECB, CBC modes supported. Add new
     AES OIDs.

-     Add TLS AES ciphersuites as described in the "AES Ciphersuites
-     for TLS" draft-ietf-tls-ciphersuite-06.txt. As these are not yet
-     official, they are not enabled by default and are not even part
-     of the "ALL" ciphersuite alias; for now, they must be explicitly
-     requested by specifying the new "AESdraft" ciphersuite alias. If
-     you want the default ciphersuite list plus the new ciphersuites,
-     use "DEFAULT:AESdraft:@STRENGTH".
-     [Ben Laurie, Steve Henson, Bodo Moeller]
+     Add TLS AES ciphersuites as described in RFC3268, "Advanced
+     Encryption Standard (AES) Ciphersuites for Transport Layer
+     Security (TLS)".  (In beta versions of OpenSSL 0.9.7, these were
+     not enabled by default and were not part of the "ALL" ciphersuite
+     alias because they were not yet official; they could be
+     explicitly requested by specifying the "AESdraft" ciphersuite
+     group alias.  In the final release of OpenSSL 0.9.7, the group
+     alias is called "AES" and is part of "ALL".)
+     [Ben Laurie, Steve  Henson, Bodo Moeller]

  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
     request to response.
@@ -1664,11 +1667,70 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Clean old EAY MD5 hack from e_os.h.
     [Richard Levitte]

- Changes between 0.9.6d and 0.9.6e  [XX xxx XXXX]
+ Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer.
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Fix cipher selection routines: ciphers without encryption had no flags
+     for the cipher strength set and where therefore not handled correctly
+     by the selection routines (PR #130).
+     [Lutz Jaenicke]

  *) Fix EVP_dsa_sha macro.
     [Nils Larsch]

+  *) New option
+          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+     that was added in OpenSSL 0.9.6d.
+
+     As the countermeasure turned out to be incompatible with some
+     broken SSL implementations, the new option is part of SSL_OP_ALL.
+     SSL_OP_ALL is usually employed when compatibility with weird SSL
+     implementations is desired (e.g. '-bugs' option to 's_client' and
+     's_server'), so the new option is automatically set in many
+     applications.
+     [Bodo Moeller]
+
+  *) Changes in security patch:
+
+     Changes marked "(CHATS)" were sponsored by the Defense Advanced
+     Research Projects Agency (DARPA) and Air Force Research Laboratory,
+     Air Force Materiel Command, USAF, under agreement number
+     F30602-01-2-0537.
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer. (CAN-2002-0659)
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Assertions for various potential buffer overflows, not known to
+     happen in practice.
+     [Ben Laurie (CHATS)]
+
+  *) Various temporary buffers to hold ASCII versions of integers were
+     too small for 64 bit platforms. (CAN-2002-0655)
+     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized master key in Kerberos-enabled versions.
+     (CAN-2002-0657)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized session ID to a client. (CAN-2002-0656)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL2 protocol - an attacker could
+     supply an oversized client master key. (CAN-2002-0656)
+     [Ben Laurie (CHATS)]
+
+
 Changes between 0.9.6c and 0.9.6d  [9 May 2002]

  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
--- a/103
+++ b/103
@@ -134,7 +134,7 @@ my %table=(

 # Our development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
-"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
+"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
 "debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
@@ -145,8 +145,8 @@ my %table=(
 "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",		"cc:-O::(unknown)::::::",

 # Basic configs that should work on any (32 and less bit) box
@@ -169,10 +169,11 @@ my %table=(
 "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
 "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
 "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 ####
 "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -196,10 +197,10 @@ my %table=(
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # !!!Folowing can't be even tested yet!!!
 #    We have to wait till 64-bit glibc for SPARC is operational!!!
 #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
@@ -255,6 +256,9 @@ my %table=(
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# 64bit PARISC for GCC without optimization, which seems to make problems.
+# Submitted by <ross.alexander@uk.neceur.com>
+"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # IA-64 targets
 # I have no idea if this one actually works, feedback needed. <appro>
@@ -376,7 +380,7 @@ my %table=(
 "linux-k6",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
@@ -409,13 +413,13 @@ my %table=(
 "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # UnixWare 2.0x fails destest with -O
-"unixware-2.0","cc:-DFILIO_H::-Kthread::-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-DFILIO_H -DNO_STRINGS_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",

 # UnixWare 2.1
-"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",

 # UnixWare 7
 "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -477,7 +481,7 @@ my %table=(

 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
-"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
 "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",

@@ -508,9 +512,15 @@ my %table=(
 # and its library files in util/pl/*)
 "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",

+# UWIN 
+"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+
 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",
+
+# DJGPP
+"DJGPP", "gcc:-I/dev/env/DJDIR/watt32/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/DJDIR/watt32/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown):::::::",
@@ -529,12 +539,12 @@ my %table=(
 "OpenBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-vax",		"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-hppa",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-hppa",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::-fPIC",
+"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",

 ##### Sony NEWS-OS 4.x
 "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
@@ -636,6 +646,7 @@ my $libs;
 my $target;
 my $options;
 my $symlink;
+my $make_depend=0;
 my %withargs=();

 my @argvcopy=@ARGV;
@@ -734,14 +745,6 @@ PROCESS_ARGS:
 				$depflags .= "-DOPENSSL_NO_MDC2 ";
 				$openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
 				}
-			if ($algo eq "EC" || $algo eq "SHA" || $algo eq "SHA1")
-				{
-				push @skip, "ecdsa";
-				$options .= " no-ecdsa";
-				$flags .= "-DOPENSSL_NO_ECDSA ";
-				$depflags .= "-DOPENSSL_NO_ECDSA ";
-				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDSA\n";
-				}
 			if ($algo eq "MD5")
 				{
 				$no_md5 = 1;
@@ -901,6 +904,7 @@ print "Configuring for $target\n";
 my $IsWindows=scalar grep /^$target$/,@WinTargets;

 $exe_ext=".exe" if ($target eq "Cygwin");
+$exe_ext=".exe" if ($target eq "DJGPP");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";

@@ -908,7 +912,7 @@ chop $openssldir if $openssldir =~ /\/$/;
 chop $prefix if $prefix =~ /\/$/;

 $openssldir=$prefix . "/ssl" if $openssldir eq "";
-$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;


 print "IsWindows=$IsWindows\n";
@@ -1123,6 +1127,10 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}

+# "Stringify" the C flags string.  This permits it to be made part of a string
+# and works as well on command lines.
+$cflags =~ s/([\\\"])/\\\1/g;
+
 my $version = "unknown";
 my $major = "unknown";
 my $minor = "unknown";
@@ -1154,7 +1162,8 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
 	}

 open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
-open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
+unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
 print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
 my $sdirs=0;
 while (<IN>)
@@ -1208,18 +1217,28 @@ while (<IN>)
 	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
 		{
 		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
+		}
+	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
+		{
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
 		}
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
 		{
 		my $sotmp = $1;
 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
 		}
+	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+		{
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
+		}
 	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
 	print OUT $_."\n";
 	}
 close(IN);
 close(OUT);
+rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";

 print "CC            =$cc\n";
 print "CFLAG         =$cflags\n";
@@ -1290,7 +1309,8 @@ foreach (sort split(/\s+/,$bn_ops))
 	}

 open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
-open(OUT,'>crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n";
+unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new";
+open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n";
 print OUT "/* opensslconf.h */\n";
 print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";

@@ -1384,6 +1404,8 @@ while (<IN>)
 	}
 close(IN);
 close(OUT);
+rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";


 # Fix the date
@@ -1423,11 +1445,13 @@ if($IsWindows) {
 EOF
 	close(OUT);
 } else {
-	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
-		if $symlink;
-	### (system 'make depend') == 0 or exit $? if $depflags ne "";
-	# Run "make depend" manually if you want to be able to delete
-	# the source code files of ciphers you left out.
+	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+	my $make_targets = "";
+	$make_targets .= " links" if $symlink;
+	$make_targets .= " depend" if $depflags ne "" && $make_depend;
+	$make_targets .= " gentests" if $symlink;
+	(system $make_command.$make_targets) == 0 or exit $?
+		if $make_targets ne "";
 	if ( $perl =~ m@^/@) {
 	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
 	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
@@ -1437,7 +1461,16 @@ EOF
 	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
 	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
-	}	    
+	}
+	if ($depflags ne "" && !$make_depend) {
+		print <<EOF;
+
+Since you've disabled at least one algorithm, you need to do the following
+before building:
+
+	make depend
+EOF
+	}
 }

 print <<EOF;
--- a/79
+++ b/79
@@ -39,6 +39,9 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
+* What is special about OpenSSL on Redhat?
+* Why does the OpenSSL compilation fail on MacOS X?
+* Why does the OpenSSL test suite fail on MacOS X?

 [PROG] Questions about programming with OpenSSL

@@ -52,6 +55,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why can't the OpenSSH configure script detect OpenSSL?
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 * Why doesn't my server application receive a client certificate?
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?

 ===============================================================================

@@ -60,7 +64,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6d was released on May 9, 2002.
+OpenSSL 0.9.6e was released on July 30, 2002.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -216,8 +220,11 @@ For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
 installing the SUNski package from Sun patch 105710-01 (Sparc) which
 adds a /dev/random device and make sure it gets used, usually through
 $RANDFILE.  There are probably similar patches for the other Solaris
-versions.  However, be warned that /dev/random is usually a blocking
-device, which may have some effects on OpenSSL.
+versions.  An official statement from Sun with respect to /dev/random
+support can be found at
+  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
+However, be warned that /dev/random is usually a blocking device, which
+may have some effects on OpenSSL.


 * Why do I get an "unable to write 'random state'" error message?
@@ -459,6 +466,64 @@ under 'Program Files').  This needs to be done prior to running NMAKE,
 and the changes are only valid for the current DOS session.


+* What is special about OpenSSL on Redhat?
+
+Red Hat Linux (release 7.0 and later) include a preinstalled limited
+version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
+is disabled in this version. The same may apply to other Linux distributions.
+Users may therefore wish to install more or all of the features left out.
+
+To do this you MUST ensure that you do not overwrite the openssl that is in
+/usr/bin on your Red Hat machine. Several packages depend on this file,
+including sendmail and ssh. /usr/local/bin is a good alternative choice. The
+libraries that come with Red Hat 7.0 onwards have different names and so are
+not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
+/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
+/lib/libcrypto.so.2 respectively).
+
+Please note that we have been advised by Red Hat attempting to recompile the
+openssl rpm with all the cryptography enabled will not work. All other
+packages depend on the original Red Hat supplied openssl package. It is also
+worth noting that due to the way Red Hat supplies its packages, updates to
+openssl on each distribution never change the package version, only the
+build number. For example, on Red Hat 7.1, the latest openssl package has
+version number 0.9.6 and build number 9 even though it contains all the
+relevant updates in packages up to and including 0.9.6b.
+
+A possible way around this is to persuade Red Hat to produce a non-US
+version of Red Hat Linux.
+
+FYI: Patent numbers and expiry dates of US patents:
+MDC-2: 4,908,861 13/03/2007
+IDEA:  5,214,703 25/05/2010
+RC5:   5,724,428 03/03/2015
+
+
+* Why does the OpenSSL compilation fail on MacOS X?
+
+If the failure happens when trying to build the "openssl" binary, with
+a large number of undefined symbols, it's very probable that you have
+OpenSSL 0.9.6b delivered with the operating system (you can find out by
+running '/usr/bin/openssl version') and that you were trying to build
+OpenSSL 0.9.7 or newer.  The problem is that the loader ('ld') in
+MacOS X has a misfeature that's quite difficult to go around.
+Look in the file PROBLEMS for a more detailed explanation and for possible
+solutions.
+
+
+* Why does the OpenSSL test suite fail on MacOS X?
+
+If the failure happens when running 'make test' and the RC4 test fails,
+it's very probable that you have OpenSSL 0.9.6b delivered with the
+operating system (you can find out by running '/usr/bin/openssl version')
+and that you were trying to build OpenSSL 0.9.6d.  The problem is that
+the loader ('ld') in MacOS X has a misfeature that's quite difficult to
+go around and has linked the programs "openssl" and the test programs
+with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
+libraries you just built.
+Look in the file PROBLEMS for a more detailed explanation and for possible
+solutions.
+
 [PROG] ========================================================================

 * Is OpenSSL thread-safe?
@@ -624,5 +689,13 @@ if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
 SSL_CTX_set_verify() function to enable the use of client certificates.


+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
+
+For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
+versions, uniqueIdentifier was incorrectly used for X.509 certificates.
+The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
+Change your code to use the new name when compiling against OpenSSL 0.9.7.
+
+
 ===============================================================================

--- a/16
+++ b/16
@@ -2,8 +2,10 @@
 INSTALLATION ON THE UNIX PLATFORM
 ---------------------------------

- [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
-  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
+ [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
+  is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
+  This document describes installation on operating systems in the Unix
+  family.]

 To install OpenSSL, you will need:

@@ -137,8 +139,11 @@
     the failure that aren't problems in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
-     message will be forwarded to a public mailing list).  Include the
-     output of "make report" in your message.
+     message will be recorded in the request tracker publicly readable
+     via http://www.openssl.org/rt2.html and will be forwarded to a public
+     mailing list). Include the output of "make report" in your message.
+     Please check out the request tracker. Maybe the bug was already
+     reported or has already been fixed.

     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
@@ -156,7 +161,8 @@
     try removing any compiler optimization flags from the CFLAGS line
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@openssl.org>, including the output of
-     "make report".
+     "make report" in order to be added to the request tracker at
+     http://www.openssl.org/rt2.html.

  4. If everything tests ok, install OpenSSL with

--- a/INSTALL.DJGPP
+++ b/INSTALL.DJGPP
@@ -0,0 +1,32 @@
+
+ 
+ INSTALLATION ON THE DOS PLATFORM WITH DJGPP
+ -------------------------------------------
+
+ Openssl has been ported to DOS, but only with long filename support. If
+ you wish to compile on native DOS with 8+3 filenames, you will have to
+ tweak the installation yourself, including renaming files with illegal
+ or duplicate names.
+
+ You should have a full DJGPP environment installed, including the
+ latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
+ requires that PERL and BC also be installed.
+
+ All of these can be obtained from the usual DJGPP mirror sites, such as
+ "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to have
+ the WATT-32 networking package installed before you try to compile
+ openssl. This can be obtained from "http://www.bgnett.no/~giva/". The
+ Makefile assumes that the WATT-32 code is in directory "watt32" under
+ /dev/env/DJDIR.
+
+ To compile openssl, start your BASH shell. Then configure for DOS by
+ running "./Configure" with appropriate arguments. The basic syntax for
+ DOS is:
+ ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
+ 
+ You may run out of DPMI selectors when running in a DOS box under
+ Windows. If so, just close the BASH shell, go back to Windows, and
+ restart BASH. Then run "make" again.
+
+ Building openssl under DJGPP has been tested with DJGPP 2.03,
+ GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01.
--- a/INSTALL.OS2
+++ b/INSTALL.OS2
@@ -20,3 +20,12 @@

 If that finishes successfully you will find the libraries and programs in the
 "out" directory.
+
+ Alternatively, you can make a dynamic build that puts the library code into
+ crypto.dll and ssl.dll by running
+
+ > make -f os2-emx-dll.mak
+
+ This will build the above mentioned dlls and a matching pair of import
+ libraries in the "out_dll" directory along with the set of test programs
+ and the openssl application.
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -94,6 +94,18 @@
 You can also build a static version of the library using the Makefile
 ms\nt.mak

+ Borland C++ builder 5
+ ---------------------
+
+ * Configure for building with Borland Builder:
+   > perl Configure BC-32
+
+ * Create the appropriate makefile
+   > ms\do_nasm
+
+ * Build
+   > make -f ms\bcb.mak
+
 Borland C++ builder 3 and 4
 ---------------------------

@@ -140,17 +152,17 @@
 GNU C (Cygwin)
 --------------

- Cygwin provides a bash shell and GNU tools environment running on
- NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL
- with Cygwin is closer to a GNU bash environment such as Linux rather
- than other W32 makes that are based on a single makefile approach.
- Cygwin implements Posix/Unix calls through cygwin1.dll, and is
- contrasted to Mingw32 which links dynamically to msvcrt.dll or
- crtdll.dll.
+ Cygwin provides a bash shell and GNU tools environment running
+ on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP.
+ Consequently, a make of OpenSSL with Cygwin is closer to a GNU
+ bash environment such as Linux than to other W32 makes which are
+ based on a single makefile approach. Cygwin implements Posix/Unix
+ calls through cygwin1.dll, and is contrasted to Mingw32 which links
+ dynamically to msvcrt.dll or crtdll.dll.

 To build OpenSSL using Cygwin:

- * Install Cygwin (see http://sourceware.cygnus.com/cygwin)
+ * Install Cygwin (see http://cygwin.com/)

 * Install Perl and ensure it is in the path (recent Cygwin perl 
   (version 5.6.1-2 of the latter has been reported to work) or
@@ -176,13 +188,9 @@
 stripping of carriage returns. To avoid this ensure that a binary
 mount is used, e.g. mount -b c:\somewhere /home.

- As of version 1.1.1 Cygwin is relatively unstable in its handling
- of cr/lf issues. These make procedures succeeded with versions 1.1 and
- the snapshot 20000524 (Slow!).
-
- "bc" is not provided in the Cygwin distribution.  This causes a
+ "bc" is not provided in older Cygwin distribution.  This causes a
 non-fatal error in "make test" but is otherwise harmless.  If
- desired, GNU bc can be built with Cygwin without change.
+ desired and needed, GNU bc can be built with Cygwin without change.


 Installation
--- a/Makefile.org
+++ b/Makefile.org
@@ -166,7 +166,7 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa dh dso engine aes \
+	bn ec rsa dsa dh dso engine aes \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

@@ -435,6 +435,7 @@ do_hpux-shared:
 		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Fl lib$$i.a -ldld -lc ) || exit 1; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done

 # This assumes that GNU utilities are *not* used
@@ -453,6 +454,7 @@ do_hpux64-shared:
 		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+forceload lib$$i.a -ldl -lc ) || exit 1; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done

 # The following method is said to work on all platforms.  Tests will
@@ -562,6 +564,10 @@ links:
 	fi; \
 	done;

+gentests:
+	@(cd test && echo "generating dummy tests (if needed)..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
 dclean:
 	rm -f *.bak
 	@for i in $(DIRS) ;\
@@ -576,8 +582,8 @@ rehash: rehash.time
 rehash.time: certs
 	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
 		export OPENSSL OPENSSL_DEBUG_MEMORY; \
-		LD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
-		export LD_LIBRARY_PATH SHLIB_PATH LIBPATH; \
+		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH; \
 		$(PERL) tools/c_rehash certs)
 	touch rehash.time

@@ -585,9 +591,9 @@ test:   tests

 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' OPENSSL_DEBUG_MEMORY=on tests );
-	@LD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
-		export LD_LIBRARY_PATH SHLIB_PATH LIBPATH; \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH; \
 		apps/openssl version -a

 report:
@@ -598,7 +604,7 @@ depend:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' depend ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
 	fi; \
 	done;

@@ -644,13 +650,19 @@ TABLE: Configure

 update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE

+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
 tar:
-	@$(TAR) $(TARFLAGS) -cvf - \
-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
+	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
+	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz

 tar-snap:
@@ -665,7 +677,7 @@ dist:
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) tar
+	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar

 dist_pem_h:
 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
@@ -707,7 +719,7 @@ install: all install_docs
 			(       echo installing $$i; \
 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
 					c=`echo $$i | sed 's/^lib/cyg/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
@@ -732,18 +744,20 @@ install_docs:
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `dirname $$i`; \
-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
-			 --release=$(VERSION) `basename $$i`) \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `dirname $$i`; \
-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`) \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done

--- a/15
+++ b/15
@@ -21,9 +21,8 @@
        against libdes providing similar functions having the same name).
        Provide macros for backward compatibility (will be removed in the
        future).
-      o Unifiy handling of cryptographic algorithms (software and
-        engine) to be available via EVP routines for asymmetric and
-        symmetric ciphers.
+      o Unify handling of cryptographic algorithms (software and engine)
+        to be available via EVP routines for asymmetric and symmetric ciphers.
      o NCONF: new configuration handling routines.
      o Change API to use more 'const' modifiers to improve error checking
        and help optimizers.
@@ -31,6 +30,7 @@
      o Reworked parts of the BIGNUM code.
      o Support for new engines: Broadcom ubsec, Accelerated Encryption
        Processing, IBM 4758.
+      o Extended and corrected OID (object identifier) table.
      o PRNG: query at more locations for a random device, automatic query for
        EGD style random sources at several locations.
      o SSL/TLS: allow optional cipher choice according to server's preference.
@@ -38,7 +38,12 @@
      o SSL/TLS: support Kerberos cipher suites (RFC2712).
      o SSL/TLS: allow more precise control of renegotiations and sessions.
      o SSL/TLS: add callback to retrieve SSL/TLS messages.
-      o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested).
+      o SSL/TLS: support AES cipher suites (RFC3268).
+
+  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
+
+      o Important security related bugfixes.
+      o Various SSL/TLS library bugfixes.

  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:

@@ -91,7 +96,7 @@
      o Bug fixes for Win32, HP/UX and Irix.
      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
        memory checking routines.
-      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes for RSA operations in threaded environments.
      o Bug fixes in misc. openssl applications.
      o Remove a few potential memory leaks.
      o Add tighter checks of BIGNUM routines.
--- a/40
+++ b/40
@@ -0,0 +1,40 @@
+* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
+
+
+    NOTE: The problem described here only applies when OpenSSL isn't built
+    with shared library support (i.e. without the "shared" configuration
+    option).  If you build with shared library support, you will have no
+    problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
+
+
+This is really a misfeature in ld, which seems to look for .dylib libraries
+along the whole library path before it bothers looking for .a libraries.  This
+means that -L switches won't matter unless OpenSSL is built with shared
+library support.
+
+The workaround may be to change the following lines in apps/Makefile.ssl and
+test/Makefile.ssl:
+
+  LIBCRYPTO=-L.. -lcrypto
+  LIBSSL=-L.. -lssl
+
+to:
+
+  LIBCRYPTO=../libcrypto.a
+  LIBSSL=../libssl.a
+
+It's possible that something similar is needed for shared library support
+as well.  That hasn't been well tested yet.
+
+
+Another solution that many seem to recommend is to move the libraries
+/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
+directory, build and install OpenSSL and anything that depends on your
+build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
+original places.  Note that the version numbers on those two libraries
+may differ on your machine.
+
+
+As long as Apple doesn't fix the problem with ld, this problem building
+OpenSSL will remain as is.
+
--- a/19
+++ b/19
@@ -1,5 +1,5 @@

- OpenSSL 0.9.8-dev XX xxx XXXX
+ OpenSSL 0.9.7-beta3 30 Jul 2002

 Copyright (c) 1998-2002 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -122,6 +122,13 @@
 lists the functions; you will probably have to look at the code to work out
 how to use them. Look at the example programs.

+ PROBLEMS
+ --------
+
+ For some platforms, there are some known problems that may affect the user
+ or application author.  We try to collect those in doc/PROBLEMS, with current
+ thoughts on how they should be solved in a future of OpenSSL.
+
 SUPPORT 
 -------

@@ -146,11 +153,13 @@
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)

- Report the bug to the OpenSSL project at:
+ Report the bug to the OpenSSL project via the Request Tracker
+ (http://www.openssl.org/rt2.html) by mail to:

    openssl-bugs@openssl.org

- Note that mail to openssl-bugs@openssl.org is forwarded to a public
+ Note that mail to openssl-bugs@openssl.org is recorded in the publicly
+ readable request tracker database and is forwarded to a public
 mailing list. Confidential mail may be sent to openssl-security@openssl.org
 (PGP key available from the key servers).

@@ -164,7 +173,9 @@
 textual explanation of what your patch does.

 Note: For legal reasons, contributions from the US can be accepted only
- if a copy of the patch is sent to crypt@bxa.doc.gov
+ if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
+ see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+ and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).

 The preferred format for changes is "diff -u" output. You might
 generate it like this:
--- a/README.ENGINE
+++ b/README.ENGINE
@@ -154,7 +154,7 @@
    shared-library that contains the ENGINE implementation, and "NO_VCHECK"
    might possibly be useful if there is a minor version conflict and you
    (or a vendor helpdesk) is convinced you can safely ignore it.
-    "ENGINE_ID" is probably only needed if a shared-library implements
+    "ID" is probably only needed if a shared-library implements
    multiple ENGINEs, but if you know the engine id you expect to be using,
    it doesn't hurt to specify it (and this provides a sanity check if
    nothing else). "LIST_ADD" is only required if you actually wish the
@@ -174,7 +174,7 @@

       ENGINE *e = ENGINE_by_id("dynamic");
       ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
-       ENGINE_ctrl_cmd_string(e, "ENGINE_ID", "foo", 0);
+       ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
       ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
       ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);

@@ -184,7 +184,7 @@

       openssl engine dynamic \
                 -pre SO_PATH:/lib/libfoo.so \
-                 -pre ENGINE_ID:foo \
+                 -pre ID:foo \
                 -pre LOAD \
                 -pre "CMD_FOO:some input data"

@@ -192,7 +192,7 @@

       openssl engine -vvvv dynamic \
                 -pre SO_PATH:/lib/libfoo.so \
-                 -pre ENGINE_ID:foo \
+                 -pre ID:foo \
                 -pre LOAD

    Applications that support the ENGINE API and more specifically, the
--- a/11
+++ b/11
@@ -1,10 +1,14 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/05/16 10:01:53 $
+  ______________                           $Date: 2002/07/30 11:27:05 $

  DEVELOPMENT STATE

-    o  OpenSSL 0.9.7:  Under development...
+    o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7-beta3: Released on July 30th, 2002
+    o  OpenSSL 0.9.7-beta2: Released on June 16th, 2002
+    o  OpenSSL 0.9.7-beta1: Released on June  1st, 2002
+    o  OpenSSL 0.9.6e: Released on July      30th, 2002
    o  OpenSSL 0.9.6d: Released on May        9th, 2002
    o  OpenSSL 0.9.6c: Released on December  21st, 2001
    o  OpenSSL 0.9.6b: Released on July       9th, 2001
@@ -58,9 +62,6 @@

  OPEN ISSUES

-    o  Do we want the EVP API changes in 0.9.7?
-       Can compatibility be improved?
-
    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
--- a/245
+++ b/245
@@ -1,3 +1,4 @@
+Output of `Configure TABLE':

 *** BC-16
 $cc           = bcc
@@ -79,15 +80,15 @@ $thread_cflag =
 $sys_id       = CYGWIN32
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
 $dso_scheme   = win32
 $shared_target= cygwin-shared
 $shared_cflag = 
@@ -119,6 +120,30 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 

+*** DJGPP
+$cc           = gcc
+$cflags       = -I/dev/env/DJDIR/watt32/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = MSDOS
+$lflags       = -L/dev/env/DJDIR/watt32/lib -lwatt
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+
 *** FreeBSD
 $cc           = gcc
 $cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
@@ -427,8 +452,8 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= bsd-gcc-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$shared_extension = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 

 *** OpenBSD-i386
@@ -739,8 +764,8 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= reliantunix-shared
 $shared_cflag = 
-$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$shared_extension = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 

 *** SINIX
@@ -791,6 +816,30 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 

+*** UWIN
+$cc           = cc
+$cflags       = -DTERMIOS -DL_ENDIAN -O -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = UWIN
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+
 *** VC-MSDOS
 $cc           = cl
 $cflags       = 
@@ -1273,33 +1322,9 @@ $ranlib       =

 *** darwin-i386-cc
 $cc           = cc
-$cflags       = -O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN
+$cflags       = -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN
 $unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = MACOSX
-$lflags       = 
-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = -fPIC
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-
-*** darwin-ppc-cc
-$cc           = cc
-$cflags       = -O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN
-$unistd       = 
-$thread_cflag = (unknown)
+$thread_cflag = -D_REENTRANT
 $sys_id       = MACOSX
 $lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
@@ -1315,13 +1340,37 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= darwin-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$shared_extension = 
+$shared_ldflag = 
+$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
+$ranlib       = 
+
+*** darwin-ppc-cc
+$cc           = cc
+$cflags       = -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = MACOSX
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= darwin-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 $ranlib       = 

 *** debug
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -1489,7 +1538,7 @@ $ranlib       =

 *** debug-levitte-linux-elf
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1513,7 +1562,7 @@ $ranlib       =

 *** debug-levitte-linux-noasm
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1555,8 +1604,8 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$shared_extension = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 

 *** debug-linux-elf-noefence
@@ -1775,6 +1824,30 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 

+*** debug-steve-linux-pseudo64
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -rdynamic -ldl
+$bn_ops       = SIXTY_FOUR_BIT
+$bn_obj       = 
+$des_obj      = dlfcn
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+
 *** debug-ulf
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
@@ -2327,6 +2400,30 @@ $shared_ldflag =
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 

+*** hpux64-parisc-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = -fpic
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+
 *** hpux64-parisc2-cc
 $cc           = cc
 $cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
@@ -2981,7 +3078,7 @@ $cflags       = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8.o
 $des_obj      = 
@@ -2992,11 +3089,11 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 

 *** linux-sparcv9
@@ -3005,7 +3102,7 @@ $cflags       = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8plus.o
 $des_obj      = 
@@ -3019,8 +3116,8 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$shared_extension = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 

 *** ncr-scde
@@ -3595,7 +3692,31 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = 
+$shared_ldflag = -m64
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+
+*** solaris64-sparcv9-gcc31
+$cc           = gcc
+$cflags       = -mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = -m64
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 

@@ -3673,11 +3794,11 @@ $ranlib       =

 *** unixware-2.0
 $cc           = cc
-$cflags       = -DFILIO_H
+$cflags       = -DFILIO_H -DNO_STRINGS_H
 $unistd       = 
 $thread_cflag = -Kthread
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lx
+$lflags       = -lsocket -lnsl -lresolv -lx
 $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = 
 $des_obj      = 
@@ -3697,11 +3818,11 @@ $ranlib       =

 *** unixware-2.0-pentium
 $cc           = cc
-$cflags       = -DFILIO_H -Kpentium
+$cflags       = -DFILIO_H -DNO_STRINGS_H -Kpentium
 $unistd       = 
 $thread_cflag = -Kthread
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lx
+$lflags       = -lsocket -lnsl -lresolv -lx
 $bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
 $bn_obj       = 
 $des_obj      = 
@@ -3725,7 +3846,7 @@ $cflags       = -O -DFILIO_H
 $unistd       = 
 $thread_cflag = -Kthread
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lx
+$lflags       = -lsocket -lnsl -lresolv -lx
 $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = 
 $des_obj      = 
@@ -3749,7 +3870,7 @@ $cflags       = -O -DFILIO_H -Kp6
 $unistd       = 
 $thread_cflag = -Kthread
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lx
+$lflags       = -lsocket -lnsl -lresolv -lx
 $bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
 $bn_obj       = 
 $des_obj      = 
@@ -3773,7 +3894,7 @@ $cflags       = -O -DFILIO_H -Kpentium
 $unistd       = 
 $thread_cflag = -Kthread
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lx
+$lflags       = -lsocket -lnsl -lresolv -lx
 $bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
 $bn_obj       = 
 $des_obj      = 
--- a/VMS/cert_tool/hostaddr.c
+++ b/VMS/cert_tool/hostaddr.c
@@ -1,477 +0,0 @@
-
-#ifdef VMS
-#pragma module HOSTADDR "X-1"
-
-/*
-**
-** Copyright (c) 2000 Compaq Computer Corporation
-** COMPAQ Registered in U.S. Patent and Trademark Office.
-**
-** Confidential computer software. Valid license from Compaq or
-** authorized sublicensor required for possession, use or copying.
-** Consistent with FAR 12.211 and 12.212, Commercial Computer Software,
-** Computer Software Documentation, and Technical Data for Commercial
-** Items are licensed to the U.S. Government under vendor's standard
-** commercial license.
-**
-*/
-
-/*
-**++
-**
-**  FACILITY:  Apache Web Server
-**
-**  ABSTRACT:
-**
-**	This program determine the hostaddr of the default node or of
-**	a given hostname.
-**
-**	The command line syntax is:
-**
-**	    HOSTADDR [-l log-name] [-s sym-name] [host-name]
-**
-**	where:
-**
-**	    -l log-name	    specifies an optional logical name to receive hostname.
-**
-**	    -c sym-name	    specifies an optional symbol name to receive hostname.
-**
-**	    host-name	    specifies an optional host name to resolve.
-**
-**  AUTHOR:  Matthew Doremus			CREATION DATE:  07-Jul-2000
-**
-**  Modification History:
-**
-**	X-1	Matthew Doremus				07-Jul-2000
-**		Initial development
-**
-**--
-**
-**  Compile/Link instructions:
-**
-**	OpenVMS Alpha/VAX:
-**	    $ CC HOSTADDR+SYS$LIBRARY:SYS$LIB_C/LIBRARY
-**	    $ LINK HOSTADDR
-**
-*/
-
-/*
-** Define __NEW_STARLET if it's not already defined
-*/
-#ifndef __NEW_STARLET
-#define __NEW_STARLET
-#define __NEW_STARLET_SET
-#endif
-
-/*
-** Include the necessary header files
-*/
-#include <lib$routines>
-#include <libclidef>
-#include <descrip>
-#include <stdlib>
-#include <string>
-#include <stdio>
-#include <netdb>
-#include <in>
-
-/*
-** Undefine __NEW_STARLET if we had defined it
-*/
-#ifndef __NEW_STARLET_SET
-#undef  __NEW_STARLET_SET
-#undef  __NEW_STARLET
-#endif
-
-/*
-** Option Data Structure
-*/
-typedef struct _opt_data {
-    char		*log_name;
-    char		*sym_name;
-    char		*host_name; 
-    } OPT_DATA;
-
-/*
-** Local Routine Prototypes
-*/
-static void 
-ParseCmdLine (
-    int,
-    char *[],
-    OPT_DATA *);
-
-static void
-SetLogName (
-    char *,
-    char *);
-
-static void
-SetSymName (
-    char *,
-    char *);
-
-static void 
-Usage ();
-
-/*
-**
-**  main - Main processing routine for the HOSTADDR utility
-**
-**  Functional Description:
-**
-**	This routine controls overall program execution.
-**
-**  Usage:
-**
-**      main argc, argv, envp
-**
-**  Formal parameters:
-**
-**      argc 		- (IN) argument count
-**      argv         	- (IN) address of an argument array 
-**      envp         	- (IN) address of an environment string 
-**
-**  Implicit Parameters:
-**
-**      None
-**
-**  Routine Value:
-**
-**      None
-**
-**  Side Effects:
-**
-**      None
-**
-*/
-int
-main (
-    int		argc,
-    char	*argv[],
-    char	*envp[]
-    )
-{
-struct in_addr *addr_ptr;
-char hostname[512+1];
-struct hostent *hp;
-OPT_DATA OptData;
-char *hostaddr;
-int addr_max,
-    i;
-
-/*
-** Parse the command line
-*/
-ParseCmdLine (argc, argv, &OptData);
-
-/*
-** If no host name was given, then use gethostname otherwise
-** use the host name given.
-*/
-if (! OptData.host_name)
-    {
-    if (gethostname (hostname, sizeof (hostname) - 1))
-        {
-        perror ("gethostname");
-        exit (1);
-        }
-    }
-else
-    strcpy (hostname, OptData.host_name);
-
-/*
-** Get the host address using gethostbyname
-*/
-if (! (hp = gethostbyname (hostname)))
-    {
-    perror ("gethostbyname");
-    exit (1);
-    }
-
-/*
-** Format the host address(es) into a comma separated list
-*/
-addr_max = hp->h_length / sizeof (struct in_addr);
-hostaddr = malloc ((addr_max * (15 + 1)) + 1);
-addr_ptr = (struct in_addr *) hp->h_addr;
-for (i = 0; i < addr_max; i++)
-    {
-    if (i > 0)
-	strcat (hostaddr, ",");
-    addr_ptr = addr_ptr + (i * sizeof (struct in_addr));
-    sprintf (hostaddr + strlen (hostaddr), "%d.%d.%d.%d",
-	addr_ptr->s_net, addr_ptr->s_host, 
-	addr_ptr->s_lh, addr_ptr->s_impno);
-    }
-
-/*
-** Define a logical name if one was provided
-*/
-if (OptData.log_name)
-    SetLogName (OptData.log_name, hostaddr);
-
-/*
-** Define a symbol name if one was provided
-*/
-if (OptData.sym_name)
-    SetSymName (OptData.sym_name, hostaddr);
-
-/*
-** print the host address if no logical or symbol name was provided
-*/
-if (! OptData.log_name && ! OptData.sym_name)
-    printf ("%s\n", hostaddr);
-
-}
-
-/*
-**
-**  ParseCmdLine - Parse the command line options
-**
-**  Functional Description:
-**
-**      This routine parses the command line options.
-**
-**  Usage:
-**
-**      ParseCmdLine argc, argv, OptData
-**
-**  Formal parameters:
-**
-**      argc 		- (IN) argument count
-**      argv         	- (IN) address of an argument array 
-**      OptData		- (OUT) address of command option data structure 
-**			  which will contain the parsed input.
-**
-**  Implicit Parameters:
-**
-**      None
-**
-**  Routine Value:
-**
-**      None
-**
-**  Side Effects:
-**
-**      None
-**
-*/
-static void
-ParseCmdLine (
-    int			argc,
-    char		*argv[],
-    OPT_DATA		*OptData
-    )
-{
-int option,
-    i;
-
-/*
-** Initialize the option data
-*/
-OptData->log_name = NULL;
-OptData->sym_name = NULL;
-OptData->host_name = NULL;
-
-/*
-** Process the command line options
-*/
-while ((option = getopt (argc, argv, "l:s:?")) != EOF) 
-    {
-    switch (option) 
-	{
-	/* 
-	** Output to logical name ?
-	*/
-	case 'l':
-	    OptData->log_name = strdup (optarg);
-	    break;
-
-	/* 
-	** Output to symbol name ?
-	*/
-	case 's':
-	    OptData->sym_name = strdup (optarg);
-	    break;
-
-	/* 
-	** Invalid argument ?
-	*/
-	case '?':
-	default:
-	    Usage ();
-	    exit (1);
-	    break;
-	}
-    }
-
-/*
-** Are the number of parameters correct ?
-*/
-if (argc - optind > 1)
-    {
-    Usage ();
-    exit (1);
-    }
-
-/*
-** Host Name provided ?
-*/
-if (argc - optind == 1)
-    OptData->host_name = strdup (argv[optind]);
-
-}
-
-/*
-**
-**  SetLogName - Set a logical name & value
-**
-**  Functional Description:
-**
-**      This routine sets a logical name & value.
-**
-**  Usage:
-**
-**      SetLogName LogName, LogValue
-**
-**  Formal parameters:
-**
-**      LogName		- (IN) address of the logical name
-**      LogValue       	- (IN) address of the logical value
-**
-**  Implicit Parameters:
-**
-**      None
-**
-**  Routine Value:
-**
-**      None
-**
-**  Side Effects:
-**
-**      None
-**
-*/
-static void
-SetLogName (
-    char 		*LogName,
-    char		*LogValue
-    )
-{
-struct dsc$descriptor_s log_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
-struct dsc$descriptor_s log_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
-int status;
-
-/*
-** Setup the logical name & value descriptors
-*/
-log_nam_desc.dsc$w_length = strlen (LogName);
-log_nam_desc.dsc$a_pointer = LogName;
-log_val_desc.dsc$w_length = strlen (LogValue);
-log_val_desc.dsc$a_pointer = LogValue;
-
-/*
-** Set the logical name & value
-*/
-status = lib$set_logical (&log_nam_desc, &log_val_desc, 0, 0, 0);
-if (! (status & 1))
-    exit (status);
-
-}
-
-/*
-**
-**  SetSymName - Set a symbol name & value
-**
-**  Functional Description:
-**
-**      This routine sets a symbol name & value.
-**
-**  Usage:
-**
-**      SetSymName SymName, SymValue
-**
-**  Formal parameters:
-**
-**      SymName		- (IN) address of the symbol name
-**      SymValue       	- (IN) address of the Symbol value
-**
-**  Implicit Parameters:
-**
-**      None
-**
-**  Routine Value:
-**
-**      None
-**
-**  Side Effects:
-**
-**      None
-**
-*/
-static void
-SetSymName (
-    char 		*SymName,
-    char		*SymValue
-    )
-{
-struct dsc$descriptor_s sym_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
-struct dsc$descriptor_s sym_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
-int status;
-
-/*
-** Setup the symbol name & value descriptors
-*/
-sym_nam_desc.dsc$w_length = strlen (SymName);
-sym_nam_desc.dsc$a_pointer = SymName;
-sym_val_desc.dsc$w_length = strlen (SymValue);
-sym_val_desc.dsc$a_pointer = SymValue;
-
-/*
-** Set the symbol name & value
-*/
-status = lib$set_symbol (&sym_nam_desc, &sym_val_desc, &LIB$K_CLI_LOCAL_SYM);
-if (! (status & 1))
-    exit (status);
-
-}
-
-/*
-**
-**  Usage - Display the acceptable unix style command usage
-**
-**  Functional Description:
-**
-**      This routine displays to standard output the appropriate unix style 
-**	command usage.
-**
-**  Usage:
-**
-**      Usage 
-**
-**  Formal parameters:
-**
-**      None
-**
-**  Implicit Parameters:
-**
-**      None
-**
-**  Routine Value:
-**
-**      None
-**
-**  Side Effects:
-**
-**      None
-**
-*/
-static void
-Usage ()
-{
-
-fprintf (stdout, "Usage: HOSTADDR [-l log-name] [-s sym-name] [host-name]\n");
-
-}
-#endif    /* #ifdef VMS */
--- a/VMS/cert_tool/hostname.c
+++ b/VMS/cert_tool/hostname.c
@@ -1,513 +0,0 @@
-
-#ifdef VMS
-#pragma module HOSTNAME "X-1"
-
-/*
-**
-** Copyright (c) 2000 Compaq Computer Corporation
-** COMPAQ Registered in U.S. Patent and Trademark Office.
-**
-** Confidential computer software. Valid license from Compaq or
-** authorized sublicensor required for possession, use or copying.
-** Consistent with FAR 12.211 and 12.212, Commercial Computer Software,
-** Computer Software Documentation, and Technical Data for Commercial
-** Items are licensed to the U.S. Government under vendor's standard
-** commercial license.
-**
-*/
-
-/*
-**++
-**
-**  FACILITY:  Apache Web Server
-**
-**  ABSTRACT:
-**
-**	This program determine the hostname of the default node or of
-**	a given hostaddr.
-**
-**	The command line syntax is:
-**
-**	    HOSTNAME [-l log-name] [-s sym-name] [host-addr]
-**
-**	where:
-**
-**	    -l log-name	    specifies an optional logical name to receive hostname.
-**
-**	    -c sym-name	    specifies an optional symbol name to receive hostname.
-**
-**	    host-addr	    specifies an optional host address to resolve.
-**
-**  AUTHOR:  Matthew Doremus			CREATION DATE:  07-Jul-2000
-**
-**  Modification History:
-**
-**	X-1	Matthew Doremus				07-Jul-2000
-**		Initial development
-**
-**--
-**
-**  Compile/Link instructions:
-**
-**	OpenVMS Alpha/VAX:
-**	    $ CC HOSTNAME+SYS$LIBRARY:SYS$LIB_C/LIBRARY
-**	    $ LINK HOSTNAME
-**
-*/
-
-/*
-** Define __NEW_STARLET if it's not already defined
-*/
-#ifndef __NEW_STARLET
-#define __NEW_STARLET
-#define __NEW_STARLET_SET
-#endif
-
-/*
-** Include the necessary header files
-*/
-#include <lib$routines>
-#include <libclidef>
-#include <descrip>
-#include <stdlib>
-#include <string>
-#include <stdio>
-#include <netdb>
-#include <in>
-#include <socket>
-
-/*
-** Undefine __NEW_STARLET if we had defined it
-*/
-#ifndef __NEW_STARLET_SET
-#undef  __NEW_STARLET_SET
-#undef  __NEW_STARLET
-#endif
-
-/*
-** Option Data Structure
-*/
-typedef struct _opt_data {
-    char		*log_name;
-    char		*sym_name;
-    unsigned char	host_addr[4]; 
-    } OPT_DATA;
-
-/*
-** Local Routine Prototypes
-*/
-static void 
-ParseCmdLine (
-    int,
-    char *[],
-    OPT_DATA *);
-
-static void
-SetLogName (
-    char *,
-    char *);
-
-static void
-SetSymName (
-    char *,
-    char *);
-
-static void 
-Usage ();
-
-/*
-**
-**  main - Main processing routine for the HOSTNAME utility
-**
-**  Functional Description:
-**
-**	This routine controls overall program execution.
-**
-**  Usage:
-**
-**      main argc, argv, envp
-**
-**  Formal parameters:
-**
-**      argc 		- (IN) argument count
-**      argv         	- (IN) address of an argument array 
-**      envp         	- (IN) address of an environment string 
-**
-**  Implicit Parameters:
-**
-**      None
-**
-**  Routine Value:
-**
-**      None
-**
-**  Side Effects:
-**
-**      None
-**
-*/
-int
-main (
-    int		argc,
-    char	*argv[],
-    char	*envp[]
-    )
-{
-struct in_addr host_addr;
-char hostname[512+1];
-struct hostent *hp;
-OPT_DATA OptData;
-int i;
-
-/*
-** Parse the command line
-*/
-ParseCmdLine (argc, argv, &OptData);
-
-/*
-** If no host address was given, then use gethostname otherwise
-** use gethostbyaddr.
-*/
-if (! OptData.host_addr[0] && ! OptData.host_addr[1] && 
-    ! OptData.host_addr[2] && ! OptData.host_addr[3])
-    {
-    if (gethostname (hostname, sizeof (hostname) - 1))
-        {
-        perror ("gethostname");
-        exit (1);
-        }
-
-    if (! (hp = gethostbyname (hostname)))
-	{
-        perror ("gethostbyname");
-	exit (1);
-	}
-    }
-else
-    {
-    host_addr.s_net = OptData.host_addr[0];
-    host_addr.s_host = OptData.host_addr[1];
-    host_addr.s_lh = OptData.host_addr[2];
-    host_addr.s_impno = OptData.host_addr[3];
-    	
-    if (! (hp = gethostbyaddr (&host_addr, sizeof (host_addr), AF_INET)))
-	{
-        perror ("gethostbyaddr");
-	exit (1);
-	}
-    }
-
-/*
-** Let's try to determine the best available fully qualified hostname.
-*/
-if (hp->h_name)
-    {
-    strcpy (hostname, hp->h_name);
-    if (! strchr (hostname, '.'))
-	{
-	for (i = 0; hp->h_aliases[i]; i++)
-	    {
-	    if (strchr (hp->h_aliases[i], '.') && 
-	        ! strncasecmp (hp->h_aliases[i], hostname, strlen (hostname)))
-		{     
-		strcpy (hostname, hp->h_aliases[i]);
-		break;
-		}
-	    }
-	}
-    }
-else
-    strcpy (hostname, "(unavailable)");
-
-/*
-** Define a logical name if one was provided
-*/
-if (OptData.log_name)
-    SetLogName (OptData.log_name, hostname);
-
-/*
-** Define a symbol name if one was provided
-*/
-if (OptData.sym_name)
-    SetSymName (OptData.sym_name, hostname);
-
-/*
-** print the host name if no logical or symbol name was provided
-*/
-if (! OptData.log_name && ! OptData.sym_name)
-    printf ("%s\n", hostname);
-
-}
-
-/*
-**
-**  ParseCmdLine - Parse the command line options
-**
-**  Functional Description:
-**
-**      This routine parses the command line options.
-**
-**  Usage:
-**
-**      ParseCmdLine argc, argv, OptData
-**
-**  Formal parameters:
-**
-**      argc 		- (IN) argument count
-**      argv         	- (IN) address of an argument array 
-**      OptData		- (OUT) address of command option data structure 
-**			  which will contain the parsed input.
-**
-**  Implicit Parameters:
-**
-**      None
-**
-**  Routine Value:
-**
-**      None
-**
-**  Side Effects:
-**
-**      None
-**
-*/
-static void
-ParseCmdLine (
-    int			argc,
-    char		*argv[],
-    OPT_DATA		*OptData
-    )
-{
-int option,
-    i;
-
-/*
-** Initialize the option data
-*/
-OptData->log_name = NULL;
-OptData->sym_name = NULL;
-OptData->host_addr[0] = 0;
-OptData->host_addr[1] = 0;
-OptData->host_addr[2] = 0;
-OptData->host_addr[3] = 0;
-
-/*
-** Process the command line options
-*/
-while ((option = getopt (argc, argv, "l:s:?")) != EOF) 
-    {
-    switch (option) 
-	{
-	/* 
-	** Output to logical name ?
-	*/
-	case 'l':
-	    OptData->log_name = strdup (optarg);
-	    break;
-
-	/* 
-	** Output to symbol name ?
-	*/
-	case 's':
-	    OptData->sym_name = strdup (optarg);
-	    break;
-
-	/* 
-	** Invalid argument ?
-	*/
-	case '?':
-	default:
-	    Usage ();
-	    exit (1);
-	    break;
-	}
-    }
-
-/*
-** Are the number of parameters correct ?
-*/
-if (argc - optind > 1)
-    {
-    Usage ();
-    exit (1);
-    }
-
-/*
-** Host Address provided ?
-*/
-if (argc - optind == 1)
-    {
-    char *addr_ptr = argv[optind],
-         *addr_sep;
-
-    for (i = 0; i < 4; i++)
-	{
-        if ((addr_sep = strchr (addr_ptr, '.')) && (i < 3))
-	    *addr_sep = '\0';
-
-	if (strlen (addr_ptr) == 0 || atoi (addr_ptr) > 255 ||
-	    strspn (addr_ptr, "0123456789") != strlen (addr_ptr))
-	    {
-	    printf ("Invalid TCP/IP address format.\n");
-	    exit (1);
-	    }
-
-	OptData->host_addr[i] = atoi (addr_ptr);
-	if (addr_sep)
-	    addr_ptr = addr_sep + 1;
-	}    
-    }
-}
-
-/*
-**
-**  SetLogName - Set a logical name & value
-**
-**  Functional Description:
-**
-**      This routine sets a logical name & value.
-**
-**  Usage:
-**
-**      SetLogName LogName, LogValue
-**
-**  Formal parameters:
-**
-**      LogName		- (IN) address of the logical name
-**      LogValue       	- (IN) address of the logical value
-**
-**  Implicit Parameters:
-**
-**      None
-**
-**  Routine Value:
-**
-**      None
-**
-**  Side Effects:
-**
-**      None
-**
-*/
-static void
-SetLogName (
-    char 		*LogName,
-    char		*LogValue
-    )
-{
-struct dsc$descriptor_s log_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
-struct dsc$descriptor_s log_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
-int status;
-
-/*
-** Setup the logical name & value descriptors
-*/
-log_nam_desc.dsc$w_length = strlen (LogName);
-log_nam_desc.dsc$a_pointer = LogName;
-log_val_desc.dsc$w_length = strlen (LogValue);
-log_val_desc.dsc$a_pointer = LogValue;
-
-/*
-** Set the logical name & value
-*/
-status = lib$set_logical (&log_nam_desc, &log_val_desc, 0, 0, 0);
-if (! (status & 1))
-    exit (status);
-
-}
-
-/*
-**
-**  SetSymName - Set a symbol name & value
-**
-**  Functional Description:
-**
-**      This routine sets a symbol name & value.
-**
-**  Usage:
-**
-**      SetSymName SymName, SymValue
-**
-**  Formal parameters:
-**
-**      SymName		- (IN) address of the symbol name
-**      SymValue       	- (IN) address of the Symbol value
-**
-**  Implicit Parameters:
-**
-**      None
-**
-**  Routine Value:
-**
-**      None
-**
-**  Side Effects:
-**
-**      None
-**
-*/
-static void
-SetSymName (
-    char 		*SymName,
-    char		*SymValue
-    )
-{
-struct dsc$descriptor_s sym_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
-struct dsc$descriptor_s sym_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
-int status;
-
-/*
-** Setup the symbol name & value descriptors
-*/
-sym_nam_desc.dsc$w_length = strlen (SymName);
-sym_nam_desc.dsc$a_pointer = SymName;
-sym_val_desc.dsc$w_length = strlen (SymValue);
-sym_val_desc.dsc$a_pointer = SymValue;
-
-/*
-** Set the symbol name & value
-*/
-status = lib$set_symbol (&sym_nam_desc, &sym_val_desc, &LIB$K_CLI_LOCAL_SYM);
-if (! (status & 1))
-    exit (status);
-
-}
-
-/*
-**
-**  Usage - Display the acceptable unix style command usage
-**
-**  Functional Description:
-**
-**      This routine displays to standard output the appropriate unix style 
-**	command usage.
-**
-**  Usage:
-**
-**      Usage 
-**
-**  Formal parameters:
-**
-**      None
-**
-**  Implicit Parameters:
-**
-**      None
-**
-**  Routine Value:
-**
-**      None
-**
-**  Side Effects:
-**
-**      None
-**
-*/
-static void
-Usage ()
-{
-
-fprintf (stdout, "Usage: HOSTNAME [-l log-name] [-s sym-name] [host-addr]\n");
-
-}
-#endif      /* #ifdef VMS */
--- a/VMS/cert_tool/ssl$auth_cert.com
+++ b/VMS/cert_tool/ssl$auth_cert.com
@@ -1,639 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$AUTH_CERT.COM - SSL Certificate Authority procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure prompts the user through creating a Server Certificate.
-$!
-$! There are no parameters used.
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ DELETE := DELETE
-$ SAY := WRITE SYS$OUTPUT
-$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
-$ PID = F$GETJPI ("","PID")
-$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO")
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
-$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
-$!
-$ GET_USER_DATA := CALL GET_USER_DATA
-$ SET_USER_DATA := CALL SET_USER_DATA
-$ DEL_USER_DATA := CALL DEL_USER_DATA
-$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
-$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE 
-$ SSL_CONF_FILE = F$TRNLMN ("SSL$CA_CONF")
-$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET
-$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$ BELL[0,8] = 7 	! Ring the terminal Bell
-$ RED = 1		! Color - Red
-$ FGD = 30		! Foreground
-$ BGD = 0		! Background
-$ CSCR = ESC + "[2J"	! Clear the Screen 
-$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
-$ CEOL = ESC + "[0K"	! Clear to the End of the Line
-$ NORM = ESC + "[0m"	! Turn Attributes off
-$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
-$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
-$!
-$!------------------------------------------------------------------------------
-$! Run the SSL setup if it hasn't been run yet
-$!------------------------------------------------------------------------------
-$!
-$ IF F$TRNLNM ("SSL$CA_CONF") .EQS. ""
-$ THEN
-$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
-$     THEN 
-$         @SSL$COM:SSL$INIT_ENV.COM
-$     ELSE
-$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
-$	  GOTO EXIT
-$     ENDIF
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Display the Page Header
-$!------------------------------------------------------------------------------
-$!
-$ INIT_TERM
-$ BCOLOR = BGD
-$ FCOLOR = FGD + RED
-$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
-$!
-$ TEXT = "SSL Certificate Tool"
-$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
-$!
-$ SAY ESC + "[01;01H", CSCR
-$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
-$!
-$ TEXT = "Create Certification Authority"
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[04;01H"
-$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
-$!
-$ ROW = 6
-$ COL = 2
-$ TOP_ROW = ROW
-$ MSG_ROW = TT_ROWS - 1
-$!
-$!------------------------------------------------------------------------------
-$! Initialize the Request Data
-$!------------------------------------------------------------------------------
-$!
-$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
-$ THEN 
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM
-$ ELSE
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM
-$ ENDIF
-$!
-$ _request_name = "req"
-$!
-$ _distinguished_name = "CA_distinguished_name"
-$ _distinguished_name_upd = "Y"
-$!
-$ _default_bits = "1024"
-$ _default_bits_upd = "Y"
-$!
-$ _default_days = "1825"
-$ _default_days_upd = "Y"
-$!
-$ _default_keyfile = "SSL$KEY:SERVER_CA.KEY"
-$ _default_keyfile_upd = "Y"
-$!
-$ _default_crtfile = "SSL$CRT:SERVER_CA.CRT"
-$ _default_crtfile_upd = "Y"
-$!
-$ _countryName_prompt = "Country Name ?"
-$ _countryName_min = "2"
-$ _countryName_max = "2"
-$ _countryName_default = "US"
-$ _countryName_upd = "Y"
-$ _countryName_cnt = 4
-$!
-$ _0organizationName_prompt = "Organization Name ?"
-$ _0organizationName_default = ""
-$ _0organizationName_upd = "Y"
-$ _0organizationName_cnt = 2
-$!
-$ _organizationalUnitName_prompt = "Organization Unit Name ?"
-$ _organizationalUnitName_default = ""
-$ _organizationalUnitName_upd = "Y"
-$ _organizationalUnitName_cnt = 2
-$!
-$ _commonName_prompt = "Common Name ?"
-$ _commonName_max = "64"
-$ _commonName_default = "CA Authority"
-$ _commonName_upd = "Y"
-$ _commonName_cnt = 3
-$!
-$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
-$ THEN 
-$     GET_CONF_DATA "[''_request_name']#distinguished_name"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _distinguished_name = SSL_CONF_DATA
-$         _distinguished_name_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_request_name']#default_bits"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_bits = SSL_CONF_DATA
-$         _default_bits_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_request_name']#default_days"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_days = SSL_CONF_DATA
-$         _default_days_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_request_name']#default_keyfile"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
- 		             F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + -
- 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
- 		             F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") 
-$         _default_keyfile_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_request_name']#default_crtfile"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_crtfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
- 		             F$PARSE (SSL_CONF_DATA,"[CRT]",,"DIRECTORY") + -
- 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
- 		             F$PARSE (SSL_CONF_DATA,".CRT",,"TYPE") 
-$         _default_crtfile_upd = "N"
-$     ENDIF
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#countryName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _countryName_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#countryName_min"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _countryName_min = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#countryName_max"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _countryName_max = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#countryName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _countryName_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _countryName_cnt .EQ. CTR THEN _countryName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _0organizationName_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _0organizationName_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _0organizationName_cnt .EQ. CTR THEN _0organizationName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _organizationalUnitName_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _organizationalUnitName_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _organizationalUnitName_cnt .EQ. CTR THEN _organizationalUnitName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#commonName"
-$     IF SSL_CONF_DATA .NES. "" 
-$     THEN
-$         _commonName_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#commonName_max"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _commonName_max = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#commonName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _commonName_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _commonName_cnt .EQ. CTR THEN _commonName_upd = "N"
-$ ENDIF
-$!
-$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#Y"
-$ SET_USER_DATA "[''_request_name']#default_bits#D#''_default_bits'#Encryption Bits ?#I###''_default_bits_upd'#Y#N"
-$ SET_USER_DATA "[''_request_name']#default_days#D#''_default_days'#Default Days ?#I###''_default_days_upd'#Y#N"
-$ SET_USER_DATA "[''_request_name']#default_keyfile#D#''_default_keyfile'#CA certificate Key File ?#F###''_default_keyfile_upd'#Y#N"
-$ SET_USER_DATA "[''_request_name']#default_crtfile#D#''_default_crtfile'#CA certificate File ?#F###''_default_crtfile_upd'#Y#N"
-$ SET_USER_DATA "[''_request_name']#distinguished_name#D#''_distinguished_name'##S###''_distinguished_name_upd'#N#N"
-$ SET_USER_DATA "[''_distinguished_name']#countryName#P#''_countryName_default'#''_countryName_prompt'#S#''_countryName_min'#''_countryName_max'#''_countryName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#0.organizationName#P#''_0organizationName_default'#''_0organizationName_prompt'#S###''_0organizationName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#organizationalUnitName#P#''_organizationalUnitName_default'#''_organizationalUnitName_prompt'#S###''_organizationUnitName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#commonName#P#''_commonName_default'#''_commonName_prompt'#S##''_commonName_max'#''_commonName_upd'#Y#N"
-$ SET_USER_DATA "[]#display_certificate#-#N#Display the CA certificate ?#S##1##Y#N"
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$!
-$!------------------------------------------------------------------------------
-$! Confirm/Update the SSL Configuration Data
-$!------------------------------------------------------------------------------
-$!
-$ CTR = 1
-$!
-$PROMPT_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN 
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
-$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
-$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
-$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
-$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
-$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input  ?
-$     CONFIRMED = 0
-$     IF REQ .EQS. "N"
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO PROMPT_LOOP
-$     ENDIF
-$     IF ROW .GT. MSG_ROW - 2
-$     THEN 
-$         SAY ESC + "[''TOP_ROW';01H", CEOS
-$	  ROW = TOP_ROW
-$     ENDIF
-$!
-$CONFIRM_LOOP:
-$!
-$     IF PRM .EQS. "" 
-$     THEN 
-$         PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'"
-$     ELSE
-$         PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'"
-$     ENDIF
-$     IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO
-$     ASK "''PROMPT'" ANS /END_OF_FILE=EXIT
-$     IF TYP .EQS. "P" THEN SET TERMINAL /ECHO
-$     ANS = F$EDIT (ANS,"TRIM")
-$     IF ANS .EQS. "" THEN ANS = DEF
-$     IF TYP .EQS. "F"
-$     THEN 
-$         ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY")	  
-$     ENDIF
-$     IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER"
-$     THEN 
-$         CALL INVALID_ENTRY
-$         SAY ESC + "[''ROW';01H", CEOS
-$         GOTO PROMPT_LOOP
-$     ENDIF
-$     IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. -
-         ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. -
-          (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX)))
-$     THEN 
-$         CALL INVALID_ENTRY
-$         SAY ESC + "[''ROW';01H", CEOS
-$	  IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP
-$         IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP
-$     ENDIF
-$     ROW = ROW + 1
-$     IF CFM .EQS. "Y"
-$     THEN
-$         IF CONFIRMED .EQ. 0
-$	  THEN
-$	      CONFIRMED = 1
-$	      CONFIRMED_ANS = ANS
-$	      PRM = "Confirm ''PRM'"
-$	      GOTO CONFIRM_LOOP
-$         ELSE
-$	      IF ANS .NES. CONFIRMED_ANS
-$	      THEN 
-$                 CALL INVALID_ENTRY
-$		  ROW = ROW - 2
-$                 SAY ESC + "[''ROW';01H", CEOS
-$                 GOTO PROMPT_LOOP
-$	      ENDIF
-$         ENDIF
-$     ENDIF
-$     IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'"
-$     CTR = CTR + 1
-$     GOTO PROMPT_LOOP
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Save the SSL Configuration Data
-$!------------------------------------------------------------------------------
-$!
-$ CTR = 1
-$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM
-$!
-$SAVE_CONF_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN 
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
-$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
-$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
-$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
-$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
-$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ?
-$     IF UPD .NES. "Y" .OR. VAL .EQS. "-"
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO SAVE_CONF_LOOP
-$     ENDIF
-$     IF VAL .EQS. "D"
-$     THEN 
-$         SET_CONF_DATA "''KEY'#''ITM'" "''DEF'"
-$     ELSE
-$         SET_CONF_DATA "''KEY'#''ITM'" "''PRM'"
-$         SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'"
-$     ENDIF
-$     IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'"
-$     IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'"
-$     CTR = CTR + 1
-$     GOTO SAVE_CONF_LOOP
-$ ENDIF
-$!
-$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE'
-$ RENAME 'SSL_CONF_FILE'; ;1
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$!
-$!------------------------------------------------------------------------------
-$! Create the Certificiate Authority
-$!------------------------------------------------------------------------------
-$!
-$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Creating Certificate Authority ...", NORM
-$!
-$ X1 = 2
-$ Y1 = TOP_ROW
-$ X2 = TT_COLS - 2
-$ Y2 = MSG_ROW - 1
-$!
-$ GET_USER_DATA "[''_request_name']#default_days"
-$ _default_days = SSL_USER_DATA
-$ GET_USER_DATA "[''_request_name']#default_keyfile"
-$ _default_keyfile = SSL_USER_DATA
-$ GET_USER_DATA "[''_request_name']#default_crtfile"
-$ _default_crtfile = SSL_USER_DATA
-$ GET_USER_DATA "[]#pem_pass_phrase"
-$ _pem_pass_phrase = SSL_USER_DATA
-$ GET_USER_DATA "[]#display_certificate"
-$ _display_certificate = SSL_USER_DATA
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_REQ_'PID'.RND
-$!
-$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM
-$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_REQ_''PID'.RND"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_REQ_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_REQ_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$ WRITE OFILE "$ OPENSSL req -config ''SSL_CONF_FILE' -new -x509 -days ''_default_days' -keyout ''_default_keyfile' -out ''_default_crtfile'"
-$ WRITE OFILE "''_pem_pass_phrase'"
-$ WRITE OFILE "''_pem_pass_phrase'"
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ CLOSE OFILE
-$!
-$ @SYS$LOGIN:SSL_REQ_'PID'.COM
-$!
-$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.RND;*
-$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;*
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:"
-$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" 
-$ THEN 
-$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0
-$     THEN 
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
-$         SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$         SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
-$         GOTO EXIT
-$     ENDIF
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
-$ ENDIF
-$!
-$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
-$! 
-$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y"
-$ THEN 
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL
-$!
-$     OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_X509_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_X509_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$     WRITE OFILE "$ OPENSSL x509 -noout -text -in ''_default_crtfile'"
-$     CLOSE OFILE
-$!
-$     @SYS$LOGIN:SSL_X509_'PID'.COM
-$!
-$     DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;*
-$!
-$     DEFINE /USER /NOLOG SYS$ERROR  NL:
-$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$     SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:"
-$     IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" 
-$     THEN 
-$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0
-$         THEN 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
-$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$             SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
-$             GOTO EXIT
-$         ENDIF
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
-$     ENDIF
-$!
-$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
-$     SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_crtfile' >" 
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
-$     GOTO EXIT
-$ ENDIF
-$!
-$ TEXT = "Press return to continue"
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'"
-$ ASK "''PROMPT'" OPT
-$!
-$GOTO EXIT
-$!
-$!------------------------------------------------------------------------------
-$! Set the User Data
-$!------------------------------------------------------------------------------
-$!
-$SET_USER_DATA: SUBROUTINE
-$!
-$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. ""
-$ THEN
-$     SSL_USER_DATA_MAX == 1
-$ ELSE
-$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1
-$ ENDIF
-$!
-$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'"
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Get the User Data
-$!------------------------------------------------------------------------------
-$!
-$GET_USER_DATA: SUBROUTINE
-$!
-$ CTR = 1
-$ USER_KEY = F$ELEMENT (0,"#",P1)
-$ USER_ITM = F$ELEMENT (1,"#",P1)
-$!
-$GET_USER_DATA_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO GET_USER_DATA_LOOP
-$     ENDIF
-$     IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'"
-$     IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'"
-$     IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'"
-$ ENDIF
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Delete the User Data
-$!------------------------------------------------------------------------------
-$!
-$DEL_USER_DATA: SUBROUTINE
-$!
-$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END
-$!
-$DEL_USER_DATA_LOOP:
-$!
-$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" 
-$ THEN
-$     DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX'
-$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1
-$     GOTO DEL_USER_DATA_LOOP
-$ ENDIF
-$!
-$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX
-$!
-$DEL_USER_DATA_END:
-$!
-$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Display the invalid entry 
-$!------------------------------------------------------------------------------
-$!
-$INVALID_ENTRY: SUBROUTINE
-$!
-$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
-$ Wait 00:00:01.5
-$ SAY ESC + "[''MSG_ROW';01H", CEOL
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Exit the procedure
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ CLOSE OFILE
-$!
-$ DEL_USER_DATA
-$!
-$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA
-$!
-$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO
-$!
-$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;*
-$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;*
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$auto_cert.com
+++ b/VMS/cert_tool/ssl$auto_cert.com
@@ -1,101 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$AUTO_CERT.COM - SSL Automatic Self-Signed Certificate procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$!
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Define Symbols
-$!------------------------------------------------------------------------------
-$! 
-$ OPENSSL       :== $ SSL$EXE:OPENSSL
-$ HOSTNAME      :== $ SSL$EXE:SSL$HOSTNAME
-$!
-$ HOSTNAME -s HOST_NAME
-$ PID = F$GETJPI ("","PID")
-$ USER = F$EDIT (F$GETJPI ("","USERNAME"),"TRIM")
-$ KEY_FILE = "SSL$KEY:SERVER.KEY"
-$ CRT_FILE = "SSL$CRT:SERVER.CRT"
-$!
-$!------------------------------------------------------------------------------
-$! Create a Temporary SSL Configuration
-$!------------------------------------------------------------------------------
-$!
-$ OPEN /WRITE CFILE SYS$LOGIN:SSL_'PID'.CNF
-$ WRITE CFILE "[req]"
-$ WRITE CFILE "default_bits = 1024"
-$ WRITE CFILE "distinguished_name = REQ_distinguished_name"
-$ WRITE CFILE "[REQ_distinguished_name]"
-$ WRITE CFILE "countryName = Country Name ?"
-$ WRITE CFILE "countryName_default = "
-$ WRITE CFILE "stateOrProvinceName = State or Province Name ?"
-$ WRITE CFILE "stateOrProvinceName_default = "
-$ WRITE CFILE "localityName = City Name ?"
-$ WRITE CFILE "localityName_default = "
-$ WRITE CFILE "0.organizationName = Organization Name ?"
-$ WRITE CFILE "0.organizationName_default = "
-$ WRITE CFILE "organizationalUnitName = Organization Unit Name ?
-$ WRITE CFILE "organizationalUnitName_default = "
-$ WRITE CFILE "commonName = Common Name ?"
-$ WRITE CFILE "commonName_default = ''HOST_NAME'"
-$ WRITE CFILE "emailAddress = Email Address ?"
-$ WRITE CFILE "emailAddress_default = ''USER'@''HOST_NAME'"
-$ CLOSE CFILE
-$!
-$!------------------------------------------------------------------------------
-$! Create the Self-Signed Server Certificiate
-$!------------------------------------------------------------------------------
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_'PID'.RND
-$!
-$ OPEN /WRITE OFILE SYS$LOGIN:SSL_'PID'.COM
-$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_''PID'.RND"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$ WRITE OFILE "$ OPENSSL req -nodes -new -days 30 -x509 -config SYS$LOGIN:SSL_''PID'.CNF -keyout ''KEY_FILE' -out ''CRT_FILE'"
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ CLOSE OFILE
-$!
-$ @SYS$LOGIN:SSL_'PID'.COM
-$!
-$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.CNF;*
-$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.RND;*
-$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.COM;*
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SEARCH SYS$LOGIN:SSL_'PID'.LOG /OUT=SYS$LOGIN:SSL_'PID'.ERR ":error:"
-$!
-$ IF F$SEARCH ("SYS$LOGIN:SSL_''PID'.ERR") .NES. "" 
-$ THEN 
-$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_''PID'.ERR","ALQ") .NE. 0
-$     THEN 
-$         TYPE SYS$LOGIN:SSL_'PID'.LOG
-$     ENDIF
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.ERR;*
-$ ENDIF
-$!
-$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.LOG;*
-$!
-$!------------------------------------------------------------------------------
-$! Exit
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$cert_tool.com
+++ b/VMS/cert_tool/ssl$cert_tool.com
@@ -1,231 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$CERT_TOOL.COM - SSL Certificate Tool procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure provides the user a menu from which they can choose desired 
-$! SSL Certificate processing.
-$!
-$! There are no parameters used.
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ DELETE := DELETE
-$ SAY := WRITE SYS$OUTPUT
-$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ TT_ROWS = f$getdvi ("TT:","TT_PAGE")
-$ TT_COLS = f$getdvi ("TT:","DEVBUFSIZ")
-$!
-$ SET_MENU_DATA := CALL SET_MENU_DATA
-$ DEL_MENU_DATA := CALL DEL_MENU_DATA
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$ BELL[0,8] = 7 	! Ring the terminal Bell
-$ RED = 1		! Color - Red
-$ FGD = 30		! Foreground
-$ BGD = 0		! Background
-$ CSCR = ESC + "[2J"	! Clear the Screen 
-$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
-$ CEOL = ESC + "[0K"	! Clear to the End of the Line
-$ NORM = ESC + "[0m"	! Turn Attributes off
-$ BOLD = ESC + "[1m"    ! Turn on BOLD Attribute
-$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
-$!
-$!------------------------------------------------------------------------------
-$! Run the SSL setup if it hasn't been run yet
-$!------------------------------------------------------------------------------
-$!
-$ IF F$TRNLNM ("SSL$CA_CONF") .EQS. ""
-$ THEN
-$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
-$     THEN 
-$         @SSL$COM:SSL$INIT_ENV.COM
-$     ELSE
-$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
-$	  GOTO EXIT
-$     ENDIF
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Initialize the Menu Items
-$!------------------------------------------------------------------------------
-$!
-$ SET_MENU_DATA "View a Certificate#@SSL$COM:SSL$VIEW_CERT.COM CRT"
-$ SET_MENU_DATA "View a Certificate Signing Request#@SSL$COM:SSL$VIEW_CERT.COM CSR"
-$ SET_MENU_DATA "Create a Certificate Signing Request#@SSL$COM:SSL$RQST_CERT.COM"
-$ SET_MENU_DATA "Create a Self-Signed Certificate#@SSL$COM:SSL$SELF_CERT.COM"
-$ SET_MENU_DATA "Create a CA (Certification Authority) Certificate#@SSL$COM:SSL$AUTH_CERT.COM"
-$ SET_MENU_DATA "Sign a Certificate Signing Request#@SSL$COM:SSL$SIGN_CERT.COM"
-$ SET_MENU_DATA "Hash Certificates#@SSL$COM:SSL$HASH_CERT.COM CRT"
-$ SET_MENU_DATA "Hash Certificate Revocations#@SSL$COM:SSL$HASH_CERT.COM CRL"
-$ SET_MENU_DATA "Exit#GOTO EXIT"
-$!
-$!------------------------------------------------------------------------------
-$! Display the Page Header
-$!------------------------------------------------------------------------------
-$!
-$PAGE_LOOP:
-$!
-$ BCOLOR = BGD 
-$ FCOLOR = FGD + RED
-$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
-$!
-$ TEXT = "SSL Certificate Tool"
-$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
-$!
-$ SAY ESC + "[01;01H", CSCR
-$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
-$!
-$ TEXT = "Main Menu"
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[04;01H"
-$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
-$!
-$ CTR = 1
-$ ROW = 6
-$ COL = (TT_COLS - (SSL_MENU_ITEM_MAX + 4)) / 2
-$ TOP_ROW = ROW
-$ SEP_ROWS = 2
-$ MSG_ROW = TT_ROWS - 1
-$!
-$!------------------------------------------------------------------------------
-$! Process the menu options
-$!------------------------------------------------------------------------------
-$!
-$MENU_LOOP: 
-$!
-$ IF CTR .LE. SSL_MENU_DATA_MAX
-$ THEN
-$     OPT = F$ELEMENT (0,"#",SSL_MENU_DATA_'CTR') ! Option String
-$     CMD = F$ELEMENT (1,"#",SSL_MENU_DATA_'CTR') ! Command String
-$     IF ROW .GE. (MSG_ROW - (SEP_ROWS + 2)) .AND. SEP_ROWS .GT. 1
-$     THEN
-$         SAY ESC + "[''TOP_ROW';01H", CEOS
-$	  ROW = TOP_ROW
-$         SEP_ROWS = 1
-$         CTR = 1
-$     ELSE
-$	  NUM = F$FAO ("!2SL", CTR)
-$         SAY ESC + "[''ROW';''COL'H", BOLD, "''NUM'. ", NORM, "''OPT'"
-$         ROW = ROW + SEP_ROWS
-$         CTR = CTR + 1
-$     ENDIF	   
-$     GOTO MENU_LOOP
-$ ENDIF    
-$!
-$ ROW = ROW + 1
-$!
-$!------------------------------------------------------------------------------
-$! Prompt the user for input
-$!------------------------------------------------------------------------------
-$!
-$PROMPT_LOOP:
-$!
-$ PROMPT = ESC + "[''ROW';''COL'HEnter Option: ''CEOL'"
-$ ASK "''PROMPT'" OPT /END_OF_FILE=EXIT
-$ OPT = F$EDIT (OPT, "TRIM")
-$ IF OPT .EQS. ""  THEN GOTO PROMPT_LOOP
-$!
-$ IF F$TYPE (OPT) .NES. "INTEGER" .OR. -
-     F$INTEGER (OPT) .LE. 0 .OR. -
-     F$INTEGER (OPT) .GT. SSL_MENU_DATA_MAX
-$ THEN 
-$     CALL INVALID_OPTION
-$     GOTO PROMPT_LOOP
-$ ENDIF
-$!
-$ CMD = F$ELEMENT (1,"#",SSL_MENU_DATA_'OPT')
-$!
-$ 'CMD'
-$!
-$ GOTO PAGE_LOOP
-$!
-$!------------------------------------------------------------------------------
-$! Set the Menu Data
-$!------------------------------------------------------------------------------
-$!
-$SET_MENU_DATA: SUBROUTINE
-$!
-$ IF F$TYPE (SSL_MENU_DATA_MAX) .EQS. ""
-$ THEN
-$     SSL_MENU_DATA_MAX == 1
-$     SSL_MENU_ITEM_MAX == 0
-$ ELSE
-$     SSL_MENU_DATA_MAX == SSL_MENU_DATA_MAX + 1
-$ ENDIF
-$!
-$ SSL_MENU_DATA_'SSL_MENU_DATA_MAX' == "''P1'"
-$!
-$ MENU_ITEM = F$ELEMENT (0,"#",SSL_MENU_DATA_'SSL_MENU_DATA_MAX')
-$ IF F$LENGTH (MENU_ITEM) .GT. SSL_MENU_ITEM_MAX THEN SSL_MENU_ITEM_MAX == F$LENGTH (MENU_ITEM)
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Delete the Menu Data
-$!------------------------------------------------------------------------------
-$!
-$DEL_MENU_DATA: SUBROUTINE
-$!
-$ IF F$TYPE (SSL_MENU_DATA_MAX) .EQS. "" THEN GOTO DEL_MENU_DATA_END
-$!
-$DEL_MENU_DATA_LOOP:
-$!
-$ IF F$TYPE (SSL_MENU_DATA_'SSL_MENU_DATA_MAX') .NES. "" 
-$ THEN
-$     DELETE /SYMBOL /GLOBAL SSL_MENU_DATA_'SSL_MENU_DATA_MAX'
-$     SSL_MENU_DATA_MAX == SSL_MENU_DATA_MAX - 1
-$     GOTO DEL_MENU_DATA_LOOP
-$ ENDIF
-$!
-$ DELETE /SYMBOL /GLOBAL SSL_MENU_DATA_MAX
-$!
-$DEL_MENU_DATA_END:
-$!
-$ IF F$TYPE (SSL_MENU_ITEM_MAX) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_MENU_ITEM_MAX
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Display the invalid entry 
-$!------------------------------------------------------------------------------
-$!
-$INVALID_OPTION: SUBROUTINE
-$!
-$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Option, Try again ...''CEOL'"
-$ Wait 00:00:01.5
-$ SAY ESC + "[''MSG_ROW';01H", CEOL
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Exit
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ DEL_MENU_DATA
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$conf_util.com
+++ b/VMS/cert_tool/ssl$conf_util.com
@@ -1,220 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$CONF_UTIL.COM - SSL Configuration Utility procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure gets or sets a given key item in a SSL configuration file.
-$! The parameters used are:
-$!
-$! 	P1	- SSL Configuration File
-$! 	P2	- SSL Configuration Function (i.e. GET/SET)
-$! 	P3	- SSL Configuration Key/Item (delimited by '#')
-$! 	P4	- SSL Configuration Key/Item Value (for SET function only)
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ SSL_CONF_DATA == ""
-$ SAY := WRITE SYS$OUTPUT
-$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$!------------------------------------------------------------------------------
-$! Process parameters
-$!------------------------------------------------------------------------------
-$!
-$ KEY_FOUND = 0
-$ ITM_FOUND = 0
-$ P1 = F$EDIT (P1,"TRIM")
-$ P2 = F$EDIT (P2,"TRIM,UPCASE")
-$ KEY = F$ELEMENT (0,"#",P3)
-$ ITM = F$ELEMENT (1,"#",P3)
-$!
-$!------------------------------------------------------------------------------
-$! Process the configuration function
-$!------------------------------------------------------------------------------
-$!
-$ IF P2 .EQS. "GET" THEN GOSUB GET_CONF_DATA
-$ IF P2 .EQS. "SET" THEN GOSUB SET_CONF_DATA
-$!
-$ GOTO EXIT
-$!
-$!------------------------------------------------------------------------------
-$! Get the configuration data
-$!------------------------------------------------------------------------------
-$!
-$GET_CONF_DATA:
-$!
-$ OPEN /READ /ERROR=OPEN_ERROR IFILE 'P1'
-$!
-$GET_CONF_DATA_LOOP:
-$!
-$ READ /ERROR=READ_ERROR /END_OF_FILE=GET_CONF_DATA_END IFILE IREC
-$!
-$ SREC = IREC
-$ IPOS = F$LOCATE ("#",IREC)
-$ IF IPOS .NE. F$LENGTH (IREC) THEN IREC = F$EXTRACT (0,IPOS,IREC)
-$ IREC = F$EDIT (IREC,"COLLAPSE")
-
-$ IF IREC .EQS. "" THEN GOTO GET_CONF_DATA_LOOP
-$!
-$ IF IREC .EQS. KEY 
-$ THEN
-$     KEY_FOUND = 1
-$     GOTO GET_CONF_DATA_LOOP
-$ ENDIF
-$!
-$ IF KEY_FOUND .EQ. 1
-$ THEN 
-$     IF F$EXTRACT (0,1,IREC) .EQS. "[" .AND. F$EXTRACT (F$LENGTH (IREC)-1,1,IREC) .EQS. "]"
-$     THEN
-$         SSL_CONF_DATA == ""
-$         GOTO GET_CONF_DATA_END
-$     ENDIF
-$!
-$     IF ITM .EQS. F$EDIT (F$ELEMENT (0,"=",IREC),"TRIM")
-$     THEN 
-$         VAL = F$EDIT (F$ELEMENT (1,"=",SREC),"TRIM")
-$         SSL_CONF_DATA == "''VAL'"
-$         GOTO GET_CONF_DATA_END
-$     ENDIF
-$ ENDIF
-$!
-$ GOTO GET_CONF_DATA_LOOP
-$!
-$GET_CONF_DATA_END:
-$!
-$ CLOSE /ERROR=CLOSE_ERROR IFILE
-$!
-$ RETURN
-$!
-$!------------------------------------------------------------------------------
-$! Set the configuration data
-$!------------------------------------------------------------------------------
-$!
-$SET_CONF_DATA:
-$!
-$ IF F$SEARCH ("''P1'") .EQS. "" THEN CREATE /NOLOG 'P1'
-$!
-$ OPEN /READ  /ERROR=OPEN_ERROR IFILE 'P1'
-$ OPEN /WRITE /ERROR=OPEN_ERROR OFILE 'P1'
-$!
-$SET_CONF_DATA_LOOP:
-$!
-$ READ /ERROR=READ_ERROR /END_OF_FILE=SET_CONF_DATA_END IFILE IREC
-$!
-$ IF ITM_FOUND .EQ. 1
-$ THEN 
-$     WRITE /ERROR=WRITE_ERROR OFILE IREC
-$     GOTO SET_CONF_DATA_LOOP
-$ ENDIF
-$!
-$ SREC = IREC
-$ IPOS = F$LOCATE ("#",IREC)
-$ IF IPOS .NE. F$LENGTH (IREC) THEN IREC = F$EXTRACT (0,IPOS,IREC)
-$ IREC = F$EDIT (IREC,"COLLAPSE")
-$!
-$ IF IREC .EQS. ""
-$ THEN
-$     WRITE /ERROR=WRITE_ERROR OFILE SREC
-$     GOTO SET_CONF_DATA_LOOP
-$ ENDIF
-$!
-$ IF IREC .EQS. KEY 
-$ THEN
-$     KEY_FOUND = 1
-$     WRITE /ERROR=WRITE_ERROR OFILE SREC
-$     GOTO SET_CONF_DATA_LOOP
-$ ENDIF
-$!
-$ IF KEY_FOUND .EQ. 1
-$ THEN 
-$     IF F$EXTRACT (0,1,IREC) .EQS. "[" .AND. F$EXTRACT (F$LENGTH (IREC)-1,1,IREC) .EQS. "]"
-$     THEN
-$         WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'"
-$         WRITE /ERROR=WRITE_ERROR OFILE SREC
-$         ITM_FOUND = 1
-$         GOTO SET_CONF_DATA_LOOP
-$     ENDIF
-$!
-$     IF ITM .EQS. F$EDIT (F$ELEMENT (0,"=",IREC),"TRIM")
-$     THEN 
-$         WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'"
-$         ITM_FOUND = 1
-$         GOTO SET_CONF_DATA_LOOP
-$     ENDIF
-$ ENDIF
-$!
-$ WRITE /ERROR=WRITE_ERROR OFILE SREC
-$!
-$ GOTO SET_CONF_DATA_LOOP
-$!
-$SET_CONF_DATA_END:
-$!
-$ IF KEY_FOUND .EQ. 0 
-$ THEN
-$     WRITE /ERROR=WRITE_ERROR OFILE "''KEY'"
-$     WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'"
-$ ENDIF
-$!
-$ IF KEY_FOUND .EQ. 1 .AND. ITM_FOUND .EQ. 0
-$ THEN
-$     WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'"
-$ ENDIF
-$!
-$ CLOSE IFILE
-$ CLOSE OFILE
-$!
-$ RETURN
-$!
-$!------------------------------------------------------------------------------
-$! File Errors
-$!------------------------------------------------------------------------------
-$!
-$OPEN_ERROR:
-$!
-$ SAY "Open error for file ''P1' ... aborting ''P2'"
-$ GOTO EXIT
-$!
-$READ_ERROR:
-$!
-$ SAY "Read error for file ''P1' ... aborting ''P2'"
-$ GOTO EXIT
-$!
-$WRITE_ERROR:
-$!
-$ SAY "Write error for file ''P1' ... aborting ''P2'"
-$ GOTO EXIT
-$!
-$CLOSE_ERROR:
-$!
-$ SAY "Close error for file ''P1' ... aborting ''P2'"
-$ GOTO EXIT
-$!
-$!------------------------------------------------------------------------------
-$! Exit
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ CLOSE IFILE
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ CLOSE OFILE
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT 1
--- a/VMS/cert_tool/ssl$draw_box.com
+++ b/VMS/cert_tool/ssl$draw_box.com
@@ -1,109 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$DRAW_BOX.COM - SSL Draw Box procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure draws a box with the specified coordinates.
-$!
-$! The parameters used are:
-$!
-$! 	P1	- X1 coordinate
-$! 	P2	- Y1 coordinate
-$! 	P3	- X2 coordinate
-$! 	P4	- Y3 coordinate
-$! 	P5	- Box Header (Optional)
-$! 	P6	- Box Footer (Optional)
-$! 	P7	- Fill Box (Optional)
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ SAY := WRITE SYS$OUTPUT
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ FILL_BOX := @SSL$COM:SSL$FILL_BOX
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$ GRPH_ON[0,8] = 14	! Turn GRAPHICS mode On 
-$ GRPH_OFF[0,8] = 15	! Turn GRAPHICS mode Off
-$ NORM = ESC + "[0m"	! Turn Attributes off
-$ BOLD = ESC + "[1m"    ! Turn on BOLD Attribute
-$!
-$!------------------------------------------------------------------------------
-$! Draw the box
-$!------------------------------------------------------------------------------
-$!
-$ X1 = F$INTEGER (P1)
-$ Y1 = F$INTEGER (P2)
-$ X2 = F$INTEGER (P3)
-$ Y2 = F$INTEGER (P4)
-$!
-$ ROW = Y1 + 1
-$ COL = X1 + 1
-$ SIDE1 = X1
-$ SIDE2 = X2 + 1
-$ TOP = "l" + F$FAO("!#*q", x2 - x1) + "k"
-$ BOT = "m" + F$FAO("!#*q", x2 - x1) + "j"
-$!
-$ SAY ESC + "[''Y1';''X1'H", BOLD, GRPH_ON, TOP, GRPH_OFF, NORM
-$!
-$SIDES:
-$!
-$ SAY ESC + "[''ROW';''SIDE1'H",BOLD,GRPH_ON,"x",GRPH_OFF,NORM
-$ SAY ESC + "[''ROW';''SIDE2'H",BOLD,GRPH_ON,"x",GRPH_OFF,NORM
-$!
-$ IF ROW .LT. Y2
-$ THEN
-$     ROW = ROW + 1
-$     GOTO SIDES
-$ ENDIF  
-$!
-$ SAY ESC + "[''Y2';''X1'H", BOLD, GRPH_ON, BOT, GRPH_OFF, NORM
-$!
-$ IF P5 .NES. "" 
-$ THEN 
-$     IF F$LENGTH(P5) .GT. X2 - X1
-$     THEN 
-$	  HEADER = F$EXTRACT (0, (X2 - X1 - 4), P5)
-$     ELSE
-$	  HEADER = P5
-$     ENDIF
-$     COL = X1 + ((X2 - X1 - F$LENGTH(HEADER)) / 2)
-$     SAY ESC + "[''Y1';''COL'H''BOLD'''HEADER'''NORM'"
-$ ENDIF
-$!
-$ IF P6 .NES. "" 
-$ THEN 
-$     IF F$LENGTH(P6) .GT. X2 - X1
-$     THEN 
-$	  FOOTER = F$EXTRACT (0, (X2 - X1 - 4), P6)
-$     ELSE
-$	  FOOTER = P6
-$     ENDIF
-$     COL = X1 + ((X2 - X1 - F$LENGTH(FOOTER)) / 2)
-$     SAY ESC + "[''Y2';''COL'H''BOLD'''FOOTER'''NORM'"
-$ ENDIF
-$!
-$ IF P7 .EQS. "" .OR. P7 .EQS. "Y" THEN FILL_BOX 'X1' 'Y1' 'X2' 'Y2'
-$!
-$ GOTO EXIT
-$!
-$!------------------------------------------------------------------------------
-$! Exit 
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$exit_cmd.tpu
+++ b/VMS/cert_tool/ssl$exit_cmd.tpu
@@ -1 +0,0 @@
-EXIT
--- a/VMS/cert_tool/ssl$fill_box.com
+++ b/VMS/cert_tool/ssl$fill_box.com
@@ -1,65 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$FILL_BOX.COM - SSL Fill Box procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure draws a box with the specified coordinates.
-$!
-$! The parameters used are:
-$!
-$! 	P1	- X1 coordinate
-$! 	P2	- Y1 coordinate
-$! 	P3	- X2 coordinate
-$! 	P4	- Y2 coordinate
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ SAY := WRITE SYS$OUTPUT
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$!
-$!------------------------------------------------------------------------------
-$! Draw the box
-$!------------------------------------------------------------------------------
-$!
-$ X1 = F$INTEGER (P1)
-$ Y1 = F$INTEGER (P2)
-$ X2 = F$INTEGER (P3)
-$ Y2 = F$INTEGER (P4)
-$!
-$ ROW = Y1 + 1
-$ COL = X1 + 1
-$ FILL = F$FAO("!#* ", X2 - X1)
-$!
-$FILL_LOOP:
-$!
-$ IF ROW .LT. Y2
-$ THEN
-$     SAY ESC + "[''ROW';''COL'H",FILL
-$     ROW = ROW + 1
-$     GOTO FILL_LOOP
-$ ENDIF  
-$!
-$ GOTO EXIT
-$!
-$!------------------------------------------------------------------------------
-$! Exit 
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$hash_cert.com
+++ b/VMS/cert_tool/ssl$hash_cert.com
@@ -1,235 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$HASH_CERT.COM - SSL Hash Certificate procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure prompts the user through hashing Certificates.
-$!
-$! The parameters used are:
-$!
-$! 	P1	- Certificate or Certificate Revocation List (i.e. "CRT" or "CRL")
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ DELETE := DELETE
-$ SAY := WRITE SYS$OUTPUT
-$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
-$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
-$!
-$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$ BELL[0,8] = 7 	! Ring the terminal Bell
-$ RED = 1		! Color - Red
-$ FGD = 30		! Foreground
-$ BGD = 0		! Background
-$ CSCR = ESC + "[2J"	! Clear the Screen 
-$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
-$ CEOL = ESC + "[0K"	! Clear to the End of the Line
-$ NORM = ESC + "[0m"	! Turn Attributes off
-$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
-$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
-$!
-$!------------------------------------------------------------------------------
-$! Run the SSL setup if it hasn't been run yet
-$!------------------------------------------------------------------------------
-$!
-$ IF F$TRNLNM ("SSL$ROOT") .EQS. ""
-$ THEN
-$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
-$     THEN 
-$         @SSL$COM:SSL$INIT_ENV.COM
-$     ELSE
-$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
-$	  GOTO EXIT
-$     ENDIF
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Display the Page Header
-$!------------------------------------------------------------------------------
-$!
-$ INIT_TERM
-$ BCOLOR = BGD
-$ FCOLOR = FGD + RED
-$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
-$!
-$ TEXT = "SSL Certificate Tool"
-$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
-$!
-$ SAY ESC + "[01;01H", CSCR
-$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
-$!
-$ IF P1 .EQS. "CRT"
-$ THEN 
-$     TEXT = "Hash Certification Authorities"
-$ ELSE
-$     TEXT = "Hash Certificate Revocations"
-$ ENDIF
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[04;01H"
-$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
-$!
-$ CTR = 1
-$ ROW = 6
-$ COL = 2
-$ TOP_ROW = ROW
-$ MSG_ROW = TT_ROWS - 1
-$!
-$!------------------------------------------------------------------------------
-$! Initialize the Request Data
-$!------------------------------------------------------------------------------
-$!
-$ IF P1 .EQS. "CRT"
-$ THEN 
-$     PRM = "Certificate Path:"
-$     DEF = "SSL$CRT:*.CRT"
-$ ENDIF
-$!
-$ IF P1 .EQS. "CRL"
-$ THEN 
-$     PRM = "Certificate Revocation Path:"
-$     DEF = "SSL$CRT:*.CRL"
-$ ENDIF
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$!
-$!------------------------------------------------------------------------------
-$! Confirm/Update the SSL Configuration Data
-$!------------------------------------------------------------------------------
-$!
-$PROMPT_LOOP:
-$!
-$ PROMPT = ESC + "[''ROW';''COL'H''PRM' ? [''DEF'] ''CEOL'"
-$ ASK "''PROMPT'" _hash_path_name
-$ _hash_path_name = F$EDIT (_hash_path_name,"TRIM")
-$ IF _hash_path_name .EQS. "" THEN _hash_path_name = DEF
-$!
-$ HASH_DEV = F$PARSE (_hash_path_name,DEF,,"DEVICE")
-$ HASH_DIR = F$PARSE (_hash_path_name,DEF,,"DIRECTORY")
-$ HASH_NAM = F$PARSE (_hash_path_name,DEF,,"NAME")
-$ HASH_TYP = F$PARSE (_hash_path_name,DEF,,"TYPE")
-$ _hash_path_name = HASH_DEV + HASH_DIR + HASH_NAM + HASH_TYP
-$!
-$!------------------------------------------------------------------------------
-$! Create the Certificiate Hashes 
-$!------------------------------------------------------------------------------
-$!
-$ IF P1 .EQS. "CRT"
-$ THEN 
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Hashing Certificate Authorities ...", NORM, CEOL
-$ ENDIF
-$!
-$ IF P1 .EQS. "CRL"
-$ THEN 
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Hashing Certificate Revocations ...", NORM, CEOL
-$ ENDIF
-$!
-$ IF F$SEARCH ("''HASH_DEV'''HASH_DIR'DELETE_HASH_FILES.COM") .NES. ""
-$ THEN 
-$    @'HASH_DEV''HASH_DIR'DELETE_HASH_FILES.COM
-$    DELETE 'HASH_DEV''HASH_DIR'DELETE_HASH_FILES.COM;*
-$ ENDIF
-$!
-$ CTR = 0
-$!     
-$ OPEN /WRITE OFILE 'HASH_DEV''HASH_DIR'DELETE_HASH_FILES.COM
-$!
-$CERT_LOOP:
-$!
-$ CERT_FILE = F$SEARCH ("''_hash_path_name'", 1)
-$ IF CERT_FILE .EQS. "" THEN GOTO CERT_END
-$ CTR = CTR + 1
-$!
-$ CALL HASH_CERT 'P1' 'CERT_FILE'
-$!
-$ GOTO CERT_LOOP
-$!
-$CERT_END:
-$!
-$ CLOSE OFILE
-$!
-$ IF CTR .EQ. 0 
-$ THEN 
-$     TEXT = "No files found, Press return to continue"
-$ ELSE
-$     TEXT = "Press return to continue"
-$ ENDIF
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ IF CTR .EQ. 0 
-$ THEN 
-$     SAY BELL, ESC + "[''MSG_ROW';01H", CEOS
-$ ELSE
-$     SAY ESC + "[''MSG_ROW';01H", CEOS
-$ ENDIF
-$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'"
-$ ASK "''PROMPT'" OPT
-$!
-$ GOTO EXIT
-$!
-$!------------------------------------------------------------------------------
-$! Hash Certificate Subroutine
-$!------------------------------------------------------------------------------
-$!
-$HASH_CERT: SUBROUTINE
-$!
-$ IF P1 .EQS. "CRT"
-$ THEN 
-$     HASH_SUFF = ""
-$     HASH_FUNC = "$SSL$EXE:OPENSSL X509 -HASH -NOOUT -IN"
-$ ELSE
-$     HASH_SUFF = "R"
-$     HASH_FUNC = "$SSL$EXE:OPENSSL CRL -HASH -NOOUT -IN"
-$ ENDIF
-$!
-$ PIPE HASH_FUNC 'P2' | (READ SYS$INPUT VAL ; DEFINE/NOLOG/JOB HASH_VAL &VAL)
-$ HASH_VAL = F$TRNLNM ("HASH_VAL")
-$ DEASSIGN /JOB HASH_VAL
-$!
-$ IDX = 0
-$!
-$IDX_LOOP:
-$!
-$ HASH_FILE = "''HASH_DEV'''HASH_DIR'''HASH_VAL'.''HASH_SUFF'''IDX'"
-$ IF F$SEARCH ("''HASH_FILE'") .NES. ""
-$ THEN
-$     IDX = IDX + 1
-$     GOTO IDX_LOOP
-$ ENDIF
-$!
-$ COPY 'P2' 'HASH_FILE'
-$ WRITE OFILE "$ DELETE ''HASH_FILE';*"
-$!
-$ EXIT
-$!
-$ ENDSUBOUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Exit the procedure
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ CLOSE OFILE
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$init_env.com
+++ b/VMS/cert_tool/ssl$init_env.com
@@ -1,61 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$INIT_ENV.COM - SSL Initialize Environment
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure sets up the SSL environment logicals & symbols.
-$!
-$! P1 = Mode of the logicals (ie - "/SYSTEM/EXECUTIVE_MODE").
-$!      Note - if P1 is not passed in, P1 will default to PROCESS.
-$!
-$!------------------------------------------------------------------------------
-$! Initialization 
-$!------------------------------------------------------------------------------
-$!
-$ IF F$TRNLNM("SSL$ROOT") .EQS. ""
-$ THEN
-$    WRITE SYS$OUTPUT " "
-$    WRITE SYS$OUTPUT " SSL-E-ERROR, SSL has not been started."
-$    WRITE SYS$OUTPUT " "
-$    WRITE SYS$OUTPUT " Execute the command procedure, SYS$STARTUP:SSL$STARTUP.COM, and then try this procedure again."
-$    WRITE SYS$OUTPUT " "
-$    EXIT
-$ ENDIF
-$!
-$ IF P1 .EQS. ""
-$ THEN
-$    P1 = "/PROCESS"
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Define logicals
-$!------------------------------------------------------------------------------
-$!
-$ DEFINE 'P1 	SSL$CA_CONF	SSL$ROOT:[CONF]SSL$CA.CNF
-$ DEFINE 'P1 	SSL$CONF	SSL$ROOT:[CONF]SSL$CERT.CNF
-$ DEFINE 'P1 	SSL$COM		SSL$ROOT:[COM]
-$ DEFINE 'P1	SSL$CRT		SSL$ROOT:[CERTS]
-$ DEFINE 'P1 	SSL$CSR		SSL$ROOT:[CERTS]
-$ DEFINE 'P1 	SSL$KEY		SSL$ROOT:[CERTS]
-$ DEFINE 'P1 	SSL$DB		SSL$ROOT:[PRIVATE]
-$!
-$!------------------------------------------------------------------------------
-$! Define foreign symbols
-$!------------------------------------------------------------------------------
-$!
-$ OPENSSL	:== $ SSL$EXE:OPENSSL
-$ HOSTADDR	:== $ SSL$EXE:SSL$HOSTADDR
-$ HOSTNAME	:== $ SSL$EXE:SSL$HOSTNAME
-$!
-$!------------------------------------------------------------------------------
-$! Exit
-$!------------------------------------------------------------------------------
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$init_term.com
+++ b/VMS/cert_tool/ssl$init_term.com
@@ -1,55 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$INIT_TERM.COM - SSL Initialize Terminal procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure initializes the terminal attributes.
-$!
-$! The parameters used are:
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ EDIT := EDIT
-$!
-$!------------------------------------------------------------------------------
-$! Initialize the terminal with TPU
-$!------------------------------------------------------------------------------
-$!
-$ IF F$SEARCH ("SSL$COM:SSL$EXIT_CMD.TPU") .EQS. ""
-$ THEN 
-$     OPEN /WRITE OFILE SSL$COM:SSL$EXIT_CMD.TPU
-$     WRITE OFILE "EXIT"
-$     CLOSE OFILE
-$ ENDIF
-$!
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$INPUT  SYS$COMMAND
-$ EDIT /TPU /COMMAND=OPENSS$COM:SSL$EXIT_CMD.TPU
-$!
-$!------------------------------------------------------------------------------
-$! Exit 
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ CLOSE OFILE
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$pick_file.com
+++ b/VMS/cert_tool/ssl$pick_file.com
@@ -1,230 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$PICK_FILE.COM - SSL Pick File procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure display the contents of a given file in a box size specified.
-$!
-$! The parameters used are:
-$!
-$! 	P1	- File Spec to Parse
-$! 	P2	- X1 coordinate
-$! 	P3	- Y1 coordinate
-$! 	P4	- X2 coordinate
-$! 	P5	- Y3 coordinate
-$! 	P6	- File Pick Header (Optional)
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ SSL_FILE_NAME == ""
-$ SAY := WRITE SYS$OUTPUT
-$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ DRAW_BOX := @SSL$COM:SSL$DRAW_BOX
-$ FILL_BOX := @SSL$COM:SSL$FILL_BOX
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$ BELL[0,8] = 7 	! Ring the terminal Bell
-$ CEOL = ESC + "[0K"	! Clear to the End of the Line
-$ NORM = ESC + "[0m"	! Turn Attributes off
-$ BOLD = ESC + "[1m"    ! Turn on BOLD Attribute
-$!
-$!------------------------------------------------------------------------------
-$! Display the Page Header
-$!------------------------------------------------------------------------------
-$!
-$ P1 = F$EDIT (P1, "TRIM")
-$ P2 = F$INTEGER (P2)
-$ P3 = F$INTEGER (P3)
-$ P4 = F$INTEGER (P4)
-$ P5 = F$INTEGER (P5)
-$ FILE_MAX = 0
-$!
-$SEARCH_LOOP:
-$!
-$ FILE = F$SEARCH ("''P1'",1)
-$ IF FILE .NES. ""
-$ THEN 
-$     IF FILE_MAX .EQ. 1
-$     THEN
-$         IF FILE_1 .EQS. FILE THEN GOTO SEARCH_END
-$     ENDIF
-$     FILE_MAX = FILE_MAX + 1
-$     FILE_'FILE_MAX' = FILE
-$     GOTO SEARCH_LOOP
-$ ENDIF
-$!
-$SEARCH_END:
-$!
-$ IF FILE_MAX .EQ. 0 
-$ THEN 
-$     DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " No Files Found, Press Return to Exit "
-$     INPUT_ROW = P5 + 1
-$     PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'"
-$     ASK "''PROMPT'" OPT
-$     GOTO EXIT
-$ ENDIF
-$!
-$ COL = P2 + 2
-$ ROW = P3 + 2
-$ TOP_ROW = ROW
-$ INPUT_ROW = P5 + 1
-$ BOX_WIDTH = P4 - (P2 + 2)
-$ BOX_HEIGHT = P5 - (P3 + 3)
-$!
-$ FILE_CTR = 1
-$ PAGE_CTR = 1
-$ PAGE_'PAGE_CTR'_FILE_CTR = FILE_CTR
-$ FILES_PER_PAGE = BOX_HEIGHT
-$ PAGE_MAX = FILE_MAX / FILES_PER_PAGE
-$ IF PAGE_MAX * FILES_PER_PAGE .LT. FILE_MAX THEN PAGE_MAX = PAGE_MAX + 1
-$!
-$ DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " Enter B for Back, N for Next, Ctrl-Z to Exit or Enter a File Number "
-$ PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
-$ _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
-$ SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
-$!
-$DISPLAY_LOOP:
-$!
-$ IF FILE_CTR .LE. FILE_MAX .AND. F$TYPE (FILE_'FILE_CTR') .NES. ""
-$ THEN 
-$     FILE = FILE_'FILE_CTR'
-$ ELSE
-$     FILE = ""
-$ ENDIF
-$ WRAP_IN_PROGRESS = 0
-$!
-$WRAP_LOOP:
-$!
-$ IF ROW .LE. (P5 - 2) .AND. -
-     FILE_CTR .LE. PAGE_CTR * FILES_PER_PAGE
-$ THEN
-$     IF F$LENGTH (FILE) .GT. BOX_WIDTH 
-$     THEN 
-$ 	  IF WRAP_IN_PROGRESS .EQ. 0
-$	  THEN 
-$	      CTR_TXT = F$FAO ("!3UL. ",FILE_CTR)
-$	      WRAP_IN_PROGRESS = 1
-$	  ELSE
-$	      CTR_TXT = "     "
-$         ENDIF
-$	  FILE_SEG = F$EXTRACT (0, BOX_WIDTH - F$LENGTH (CTR_TXT), FILE)
-$         SAY ESC + "[''ROW';''COL'H''BOLD'''CTR_TXT'''NORM'''FILE_SEG'"
-$         FILE = F$EXTRACT (BOX_WIDTH - F$LENGTH (CTR_TXT), F$LENGTH (FILE) - (BOX_WIDTH + F$LENGTH (CTR_TXT)), FILE)
-$         ROW = ROW + 1
-$	  GOTO WRAP_LOOP
-$     ELSE
-$	  IF FILE .NES. ""
-$	  THEN
-$ 	      IF WRAP_IN_PROGRESS .EQ. 0
-$	      THEN 
-$	          CTR_TXT = F$FAO ("!3UL. ",FILE_CTR)
-$	      ELSE
-$	          CTR_TXT = "     "
-$             ENDIF
-$             SAY ESC + "[''ROW';''COL'H''BOLD'''CTR_TXT'''NORM'''FILE'"
-$	  ENDIF
-$     ENDIF
-$ ELSE
-$!
-$RETRY:
-$!
-$     PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'"
-$     ASK "''PROMPT'" OPT
-$     IF F$TYPE (OPT) .NES. "INTEGER" .AND. -
-         F$EDIT (OPT,"TRIM,UPCASE") .NES. "B" .AND. -
-	 F$EDIT (OPT,"TRIM,UPCASE") .NES. "N" 
-$     THEN
-$         CALL INVALID_ENTRY
-$	  GOTO RETRY
-$     ENDIF
-$     IF F$TYPE (OPT) .EQS. "INTEGER" 
-$     THEN
-$	  IF OPT .GT. 0 .AND. -
-  	     OPT .LE. FILE_MAX .AND. -
-	     OPT .LE. (FILE_CTR - 1) .AND. -
-	     OPT .GE. (FILE_CTR - 1 - FILES_PER_PAGE)
-$	  THEN 
-$	      SSL_FILE_NAME == FILE_'OPT'
-$	      GOTO EXIT
-$	  ELSE
-$             CALL INVALID_ENTRY
-$	      GOTO RETRY
-$	  ENDIF
-$     ENDIF
-$     IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "B"
-$     THEN
-$	  IF PAGE_CTR .GT. 1
-$	  THEN
-$ 	      ROW = TOP_ROW
-$	      PAGE_CTR = PAGE_CTR - 1
-$ 	      FILE_CTR = PAGE_'PAGE_CTR'_FILE_CTR
-$             PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
-$             _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
-$             SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
-$             FILL_BOX 'P2' 'P3' 'P4' 'P5'
-$	      GOTO DISPLAY_LOOP
-$	  ELSE
-$             CALL INVALID_ENTRY
-$	      GOTO RETRY
-$         ENDIF
-$     ENDIF
-$     IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "N"
-$     THEN
-$	  IF PAGE_CTR .LT. PAGE_MAX
-$	  THEN
-$	      PAGE_CTR = PAGE_CTR + 1
-$ 	      PAGE_'PAGE_CTR'_FILE_CTR = FILE_CTR
-$ 	      FILE_CTR = PAGE_'PAGE_CTR'_FILE_CTR
-$             PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
-$             _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
-$             SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
-$             FILL_BOX 'P2' 'P3' 'P4' 'P5'
-$	  ELSE
-$             CALL INVALID_ENTRY
-$	      GOTO RETRY
-$         ENDIF
-$     ENDIF
-$     FILL_BOX 'P2' 'P3' 'P4' 'P5'
-$     ROW = TOP_ROW
-$     GOTO WRAP_LOOP
-$ ENDIF
-$ FILE_CTR = FILE_CTR + 1
-$ ROW = ROW + 1
-$ GOTO DISPLAY_LOOP
-$!
-$!------------------------------------------------------------------------------
-$! Display the invalid entry 
-$!------------------------------------------------------------------------------
-$!
-$INVALID_ENTRY: SUBROUTINE
-$!
-$ SAY ESC + "[''INPUT_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
-$ Wait 00:00:01.5
-$ SAY ESC + "[''INPUT_ROW';01H", CEOL
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Exit
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$rem_env.com
+++ b/VMS/cert_tool/ssl$rem_env.com
@@ -1,62 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$REM_ENV.COM - Remove the SSL Initialize Environment
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure deletes the SSL environment logicals & symbols set up by
-$! SSL$INIT_ENV.COM.
-$!
-$! P1 = Mode of the logicals (ie - "/SYSTEM/EXECUTIVE_MODE").
-$!      Note - if P1 is not passed in, P1 will default to PROCESS.
-$!
-$!------------------------------------------------------------------------------
-$! Initialization 
-$!------------------------------------------------------------------------------
-$!
-$ IF F$TRNLNM("SSL$ROOT") .EQS. ""
-$ THEN
-$    WRITE SYS$OUTPUT " "
-$    WRITE SYS$OUTPUT " SSL-E-ERROR, SSL has not been started."
-$    WRITE SYS$OUTPUT " "
-$    WRITE SYS$OUTPUT " Execute the command procedure, SYS$STARTUP:SSL$STARTUP.COM, and then try this procedure again."
-$    WRITE SYS$OUTPUT " "
-$    EXIT
-$ ENDIF
-$!
-$ IF P1 .EQS. ""
-$ THEN
-$    P1 = "/PROCESS"
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Define logicals
-$!------------------------------------------------------------------------------
-$!
-$ DEASSIGN 'P1 	SSL$CA_CONF
-$ DEASSIGN 'P1 	SSL$CONF
-$ DEASSIGN 'P1 	SSL$COM
-$ DEASSIGN 'P1	SSL$CRT
-$ DEASSIGN 'P1 	SSL$CSR
-$ DEASSIGN 'P1 	SSL$KEY
-$ DEASSIGN 'P1 	SSL$DB
-$!
-$!------------------------------------------------------------------------------
-$! Define foreign symbols
-$!------------------------------------------------------------------------------
-$!
-$ DELETE/SYMBOL/GLOBAL OPENSSL
-$ DELETE/SYMBOL/GLOBAL HOSTADDR
-$ DELETE/SYMBOL/GLOBAL HOSTNAME
-$!
-$!------------------------------------------------------------------------------
-$! Exit
-$!------------------------------------------------------------------------------
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$rqst_cert.com
+++ b/VMS/cert_tool/ssl$rqst_cert.com
@@ -1,769 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$RQST_CERT.COM - SSL Certificate Request procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure prompts the user through creating a Certificate Request.
-$!
-$! There are no parameters used.
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ DELETE := DELETE
-$ SAY := WRITE SYS$OUTPUT
-$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
-$ PID = F$GETJPI ("","PID")
-$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO")
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
-$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
-$!
-$ GET_USER_DATA := CALL GET_USER_DATA
-$ SET_USER_DATA := CALL SET_USER_DATA
-$ DEL_USER_DATA := CALL DEL_USER_DATA
-$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
-$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE 
-$ SSL_CONF_FILE = F$TRNLNM ("SSL$CONF")
-$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET
-$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$ BELL[0,8] = 7 	! Ring the terminal Bell
-$ RED = 1		! Color - Red
-$ FGD = 30		! Foreground
-$ BGD = 0		! Background
-$ CSCR = ESC + "[2J"	! Clear the Screen 
-$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
-$ CEOL = ESC + "[0K"	! Clear to the End of the Line
-$ NORM = ESC + "[0m"	! Turn Attributes off
-$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
-$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
-$!
-$!------------------------------------------------------------------------------
-$! Run the SSL setup if it hasn't been run yet
-$!------------------------------------------------------------------------------
-$!
-$ IF F$TRNLNM ("SSL$ROOT") .EQS. ""
-$ THEN
-$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
-$     THEN 
-$         @SSL$COM:SSL$INIT_ENV.COM
-$     ELSE
-$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
-$	  GOTO EXIT
-$     ENDIF
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Display the Page Header
-$!------------------------------------------------------------------------------
-$!
-$ INIT_TERM
-$ BCOLOR = BGD
-$ FCOLOR = FGD + RED
-$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
-$!
-$ TEXT = "SSL Certificate Tool"
-$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
-$!
-$ SAY ESC + "[01;01H", CSCR
-$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
-$!
-$ TEXT = "Create Certificate Request"
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[04;01H"
-$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
-$!
-$ ROW = 6
-$ COL = 2
-$ TOP_ROW = ROW
-$ MSG_ROW = TT_ROWS - 1
-$!
-$!------------------------------------------------------------------------------
-$! Initialize the Request Data
-$!------------------------------------------------------------------------------
-$!
-$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
-$ THEN 
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM
-$ ELSE
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM
-$ ENDIF
-$!
-$ _request_name = "req"
-$!
-$ _distinguished_name = "REQ_distinguished_name"
-$ _distinguished_name_upd = "Y"
-$!
-$ _default_bits = "1024"
-$ _default_bits_upd = "Y"
-$!
-$ _default_keyfile = "SSL$KEY:SERVER.KEY"
-$ _default_keyfile_upd = "Y"
-$!
-$ _default_csrfile = "SSL$CSR:SERVER.CSR"
-$ _default_csrfile_upd = "Y"
-$!
-$ _countryName_prompt = "Country Name ?"
-$ _countryName_min = "2"
-$ _countryName_max = "2"
-$ _countryName_default = "US"
-$ _countryName_upd = "Y"
-$ _countryName_cnt = 4
-$!
-$ _stateOrProvinceName_prompt = "State or Province Name ?"
-$ _stateOrProvinceName_default = ""
-$ _stateOrProvinceName_upd = "Y"
-$ _stateOrProvinceName_cnt = 2
-$!
-$ _localityName_prompt = "City Name ?"
-$ _localityName_default = ""
-$ _localityName_upd = "Y"
-$ _localityName_cnt = 2
-$!
-$ _0organizationName_prompt = "Organization Name ?"
-$ _0organizationName_default = ""
-$ _0organizationName_upd = "Y"
-$ _0organizationName_cnt = 2
-$!
-$ _organizationalUnitName_prompt = "Organization Unit Name ?"
-$ _organizationalUnitName_default = ""
-$ _organizationalUnitName_upd = "Y"
-$ _organizationalUnitName_cnt = 2
-$!
-$ _commonName_prompt = "Common Name ?"
-$ _commonName_max = "64"
-$ HOSTNAME -s _commonName_default
-$ _commonName_upd = "Y"
-$ _commonName_cnt = 3
-$!
-$ _emailAddress_prompt = "Email Address ?"
-$ _emailAddress_max = "40"
-$ _emailAddress_default = "webmaster@''_commonName_default'"
-$ _emailAddress_upd = "Y"
-$ _emailAddress_cnt = 3
-$!
-$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
-$ THEN 
-$     GET_CONF_DATA "[''_request_name']#distinguished_name"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _distinguished_name = SSL_CONF_DATA
-$         _distinguished_name_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_request_name']#default_bits"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _default_bits = SSL_CONF_DATA
-$         _default_bits_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_request_name']#default_keyfile"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
- 		             F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + -
- 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
- 		             F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") 
-$         _default_keyfile_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_request_name']#default_csrfile"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _default_csrfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
- 		             F$PARSE (SSL_CONF_DATA,"[CSR]",,"DIRECTORY") + -
- 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
- 		             F$PARSE (SSL_CONF_DATA,".CSR",,"TYPE") 
-$         _default_csrfile_upd = "N"
-$     ENDIF
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#countryName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _countryName_prompt = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#countryName_min"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _countryName_min = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#countryName_max"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _countryName_max = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#countryName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _countryName_default = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     IF _countryName_cnt .EQ. CTR THEN _countryName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _stateOrProvinceName_prompt = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _stateOrProvinceName_default = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     IF _stateOrProvinceName_cnt .EQ. CTR THEN _stateOrProvinceName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#localityName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _localityName_prompt = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#localityName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _localityName_default = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     IF _localityName_cnt .EQ. CTR THEN _localityName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _0organizationName_prompt = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _0organizationName_default = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     IF _0organizationName_cnt .EQ. CTR THEN _0organizationName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _organizationalUnitName_prompt = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _organizationalUnitName_default = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     IF _organizationalUnitName_cnt .EQ. CTR THEN _organizationalUnitName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#commonName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _commonName_prompt = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#commonName_max"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _commonName_max = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#commonName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _commonName_default = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     IF _commonName_cnt .EQ. CTR THEN _commonName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#emailAddress"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _emailAddress_prompt = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#emailAddress_max"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _emailAddress_max = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#emailAddress_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _emailAddress_default = SSL_CONF_DATA
-$         CTR = CTR + 1
-$     ENDIF
-$     IF _emailAddress_cnt .EQ. CTR THEN _emailAddress_upd = "N"
-$ ENDIF
-$!
-$ SET_USER_DATA "[]#encrypt_key#-#N#Encrypt Private Key ?#S##1##Y#N"
-$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#Y"
-$ SET_USER_DATA "[''_request_name']#default_bits#D#''_default_bits'#Encryption Bits ?#I###''_default_bits_upd'#Y#N"
-$ SET_USER_DATA "[''_request_name']#default_keyfile#D#''_default_keyfile'#Certificate Key File ?#F###''_default_keyfile_upd'#Y#N"
-$ SET_USER_DATA "[''_request_name']#default_csrfile#D#''_default_csrfile'#Certificate Request File ?#F###''_default_csrfile_upd'#Y#N"
-$ SET_USER_DATA "[''_request_name']#distinguished_name#D#''_distinguished_name'##S###''_distinguished_name_upd'#N#N"
-$ SET_USER_DATA "[''_distinguished_name']#countryName#P#''_countryName_default'#''_countryName_prompt'#S#''_countryName_min'#''_countryName_max'#''_countryName_upd'#Y#N" 
-$ SET_USER_DATA "[''_distinguished_name']#stateOrProvinceName#P#''_stateOrProvinceName_default'#''_stateOrProvinceName_prompt'#S###''_stateOrProvinceName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#localityName#P#''_localityName_default'#''_localityName_prompt'#S###''_localityName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#0.organizationName#P#''_0organizationName_default'#''_0organizationName_prompt'#S###''_0organizationName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#organizationalUnitName#P#''_organizationalUnitName_default'#''_organizationalUnitName_prompt'#S###''_organizationUnitName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#commonName#P#''_commonName_default'#''_commonName_prompt'#S##''_commonName_max'#''_commonName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#emailAddress#P#''_emailAddress_default'#''_emailAddress_prompt'#S##''_emailAddress_max'#''_emailAddress_upd'#Y#N"
-$ SET_USER_DATA "[]#display_certificate#-#N#Display the Certificate ?#S##1##Y#N"
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$!
-$!------------------------------------------------------------------------------
-$! Confirm/Update the SSL Configuration Data
-$!------------------------------------------------------------------------------
-$!
-$ CTR = 1
-$!
-$PROMPT_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN 
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
-$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
-$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
-$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
-$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
-$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input  ?
-$!
-$! The PEM Pass Phrase prompt is dependant on the answer to encrypt the private key
-$!
-$     IF KEY .EQS. "[]" .AND. ITM .EQS. "pem_pass_phrase"
-$     THEN
-$         GET_USER_DATA "[]#encrypt_key"
-$ 	  _encrypt_key = SSL_USER_DATA
-$         IF F$EDIT (_encrypt_key,"UPCASE") .NES. "Y"
-$	  THEN
-$             CTR = CTR + 1
-$             GOTO PROMPT_LOOP
-$	  ENDIF
-$     ENDIF
-$!
-$     CONFIRMED = 0
-$     IF REQ .EQS. "N"
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO PROMPT_LOOP
-$     ENDIF
-$     IF ROW .GT. MSG_ROW - 2
-$     THEN 
-$         SAY ESC + "[''TOP_ROW';01H", CEOS
-$	  ROW = TOP_ROW
-$     ENDIF
-$!
-$CONFIRM_LOOP:
-$!
-$     IF PRM .EQS. "" 
-$     THEN 
-$         PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'"
-$     ELSE
-$         PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'"
-$     ENDIF
-$     IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO
-$     ASK "''PROMPT'" ANS /END_OF_FILE=EXIT
-$     IF TYP .EQS. "P" THEN SET TERMINAL /ECHO
-$     ANS = F$EDIT (ANS,"TRIM")
-$     IF ANS .EQS. "" THEN ANS = DEF
-$     IF TYP .EQS. "F"
-$     THEN
-$         ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY")
-$     ENDIF
-$     IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER"
-$     THEN 
-$         CALL INVALID_ENTRY
-$         SAY ESC + "[''ROW';01H", CEOS
-$         GOTO PROMPT_LOOP
-$     ENDIF
-$     IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. -
-         ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. -
-          (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX)))
-$     THEN 
-$         CALL INVALID_ENTRY
-$         SAY ESC + "[''ROW';01H", CEOS
-$	  IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP
-$         IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP
-$     ENDIF
-$     ROW = ROW + 1
-$     IF CFM .EQS. "Y"
-$     THEN
-$         IF CONFIRMED .EQ. 0
-$	  THEN
-$	      CONFIRMED = 1
-$	      CONFIRMED_ANS = ANS
-$	      PRM = "Confirm ''PRM'"
-$	      GOTO CONFIRM_LOOP
-$         ELSE
-$	      IF ANS .NES. CONFIRMED_ANS
-$	      THEN 
-$                 CALL INVALID_ENTRY
-$		  ROW = ROW - 2
-$                 SAY ESC + "[''ROW';01H", CEOS
-$                 GOTO PROMPT_LOOP
-$	      ENDIF
-$         ENDIF
-$     ENDIF
-$     IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'"
-$     CTR = CTR + 1
-$     GOTO PROMPT_LOOP
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Save the SSL Configuration Data
-$!------------------------------------------------------------------------------
-$!
-$ CTR = 1
-$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM
-$!
-$SAVE_CONF_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN 
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
-$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
-$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
-$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
-$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
-$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ?
-$     IF UPD .NES. "Y" .OR. VAL .EQS. "-"
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO SAVE_CONF_LOOP
-$     ENDIF
-$     IF VAL .EQS. "D"
-$     THEN 
-$         SET_CONF_DATA "''KEY'#''ITM'" "''DEF'"
-$     ELSE
-$         SET_CONF_DATA "''KEY'#''ITM'" "''PRM'"
-$         SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'"
-$     ENDIF
-$     IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'"
-$     IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'"
-$     CTR = CTR + 1
-$     GOTO SAVE_CONF_LOOP
-$ ENDIF
-$!
-$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE'
-$ RENAME 'SSL_CONF_FILE'; ;1
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$!
-$!------------------------------------------------------------------------------
-$! Create the Server Certificiate
-$!------------------------------------------------------------------------------
-$!
-$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Creating Certificate Request ...", NORM
-$!
-$ X1 = 2
-$ Y1 = TOP_ROW
-$ X2 = TT_COLS - 2
-$ Y2 = MSG_ROW - 1
-$!
-$ GET_USER_DATA "[]#encrypt_key"
-$ _encrypt_key = SSL_USER_DATA
-$ IF F$EDIT (_encrypt_key,"UPCASE") .EQS. "Y"
-$ THEN 
-$     GET_USER_DATA "[]#pem_pass_phrase"
-$     _pem_pass_phrase = SSL_USER_DATA
-$ ENDIF
-$ GET_USER_DATA "[req]#default_bits"
-$ _default_bits = SSL_USER_DATA
-$ GET_USER_DATA "[req]#default_keyfile"
-$ _default_keyfile = SSL_USER_DATA
-$ GET_USER_DATA "[req]#default_csrfile"
-$ _default_csrfile = SSL_USER_DATA
-$ GET_USER_DATA "[]#display_certificate"
-$ _display_certificate = SSL_USER_DATA
-$!
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_GENRSA_'PID'.RND
-$!
-$ OPEN /WRITE OFILE SYS$LOGIN:SSL_GENRSA_'PID'.COM
-$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_GENRSA_''PID'.RND"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_GENRSA_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_GENRSA_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$ IF _encrypt_key .EQS. "Y"
-$ THEN 
-$     WRITE OFILE "$ OPENSSL genrsa -des3 -out ''_default_keyfile' ''_default_bits'"
-$     WRITE OFILE "''_pem_pass_phrase'"
-$     WRITE OFILE "''_pem_pass_phrase'"
-$ ELSE
-$     WRITE OFILE "$ OPENSSL genrsa -out ''_default_keyfile' ''_default_bits'"
-$ ENDIF
-$ CLOSE OFILE
-$!
-$ @SYS$LOGIN:SSL_GENRSA_'PID'.COM
-$!
-$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.RND;*
-$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.COM;*
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SEARCH SYS$LOGIN:SSL_GENRSA_'PID'.LOG /OUT=SYS$LOGIN:SSL_GENRSA_'PID'.ERR ":error:"
-$ IF F$SEARCH ("SYS$LOGIN:SSL_GENRSA_''PID'.ERR") .NES. "" 
-$ THEN 
-$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_GENRSA_''PID'.ERR","ALQ") .NE. 0
-$     THEN 
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.ERR;*
-$         SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$         SHOW_FILE "SYS$LOGIN:SSL_GENRSA_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.LOG;*
-$         GOTO EXIT
-$     ENDIF
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.ERR;*
-$ ENDIF
-$! 
-$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.LOG;*
-$!
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_REQ_'PID'.RND
-$!
-$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM
-$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_REQ_''PID'.RND"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_REQ_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_REQ_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$ IF _encrypt_key .EQS. "Y"
-$ THEN 
-$     WRITE OFILE "$ OPENSSL req -new -config ''SSL_CONF_FILE' -key ''_default_keyfile' -out ''_default_csrfile'"
-$     WRITE OFILE "''_pem_pass_phrase'"
-$     WRITE OFILE "''_pem_pass_phrase'"
-$ ELSE
-$     WRITE OFILE "$ OPENSSL req -new -nodes -config ''SSL_CONF_FILE' -keyout ''_default_keyfile' -out ''_default_csrfile'"
-$ ENDIF
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ CLOSE OFILE
-$!
-$ @SYS$LOGIN:SSL_REQ_'PID'.COM
-$!
-$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;*
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:"
-$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" 
-$ THEN 
-$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0
-$     THEN 
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
-$         SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$         SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
-$         GOTO EXIT
-$     ENDIF
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
-$ ENDIF
-$!
-$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
-$! 
-$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y"
-$ THEN 
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL
-$!
-$     OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_REQ_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_REQ_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$     WRITE OFILE "$ OPENSSL req -noout -text -config ''SSL_CONF_FILE' -in ''_default_csrfile'"
-$     CLOSE OFILE
-$!
-$     @SYS$LOGIN:SSL_REQ_'PID'.COM
-$!
-$     DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;*
-$!
-$     DEFINE /USER /NOLOG SYS$ERROR  NL:
-$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$     SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:"
-$     IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" 
-$     THEN 
-$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0
-$         THEN 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
-$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$             SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
-$             GOTO EXIT
-$         ENDIF
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
-$     ENDIF
-$!
-$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
-$     SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_csrfile' >" 
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
-$     GOTO EXIT
-$ ENDIF
-$!
-$ TEXT = "Press return to continue"
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'"
-$ ASK "''PROMPT'" OPT
-$!
-$GOTO EXIT
-$!
-$!------------------------------------------------------------------------------
-$! Set the User Data
-$!------------------------------------------------------------------------------
-$!
-$SET_USER_DATA: SUBROUTINE
-$!
-$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. ""
-$ THEN
-$     SSL_USER_DATA_MAX == 1
-$ ELSE
-$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1
-$ ENDIF
-$!
-$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'"
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Get the User Data
-$!------------------------------------------------------------------------------
-$!
-$GET_USER_DATA: SUBROUTINE
-$!
-$ CTR = 1
-$ USER_KEY = F$ELEMENT (0,"#",P1)
-$ USER_ITM = F$ELEMENT (1,"#",P1)
-$!
-$GET_USER_DATA_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO GET_USER_DATA_LOOP
-$     ENDIF
-$     IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'"
-$     IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'"
-$     IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'"
-$ ENDIF
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Delete the User Data
-$!------------------------------------------------------------------------------
-$!
-$DEL_USER_DATA: SUBROUTINE
-$!
-$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END
-$!
-$DEL_USER_DATA_LOOP:
-$!
-$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" 
-$ THEN
-$     DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX'
-$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1
-$     GOTO DEL_USER_DATA_LOOP
-$ ENDIF
-$!
-$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX
-$!
-$DEL_USER_DATA_END:
-$!
-$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Display the invalid entry 
-$!------------------------------------------------------------------------------
-$!
-$INVALID_ENTRY: SUBROUTINE
-$!
-$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
-$ Wait 00:00:01.5
-$ SAY ESC + "[''MSG_ROW';01H", CEOL
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$!
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ CLOSE OFILE
-$!
-$ DEL_USER_DATA
-$!
-$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA
-$!
-$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO
-$!
-$ IF F$SEARCH ("SYS$LOGIN:SSL_GENRSA_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.%%%;*
-$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;*
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$self_cert.com
+++ b/VMS/cert_tool/ssl$self_cert.com
@@ -1,725 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$SELF_CERT.COM - SSL Self Signed Certificate procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure prompts the user through creating a Server Certificate.
-$!
-$! There are no parameters used.
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ DELETE := DELETE
-$ SAY := WRITE SYS$OUTPUT
-$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
-$ PID = F$GETJPI ("","PID")
-$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO")
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
-$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
-$!
-$ GET_USER_DATA := CALL GET_USER_DATA
-$ SET_USER_DATA := CALL SET_USER_DATA
-$ DEL_USER_DATA := CALL DEL_USER_DATA
-$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
-$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE 
-$ SSL_CONF_FILE = F$TRNLNM ("SSL$CONF")
-$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET
-$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$ BELL[0,8] = 7 	! Ring the terminal Bell
-$ RED = 1		! Color - Red
-$ FGD = 30		! Foreground
-$ BGD = 0		! Background
-$ CSCR = ESC + "[2J"	! Clear the Screen 
-$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
-$ CEOL = ESC + "[0K"	! Clear to the End of the Line
-$ NORM = ESC + "[0m"	! Turn Attributes off
-$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
-$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
-$!
-$!------------------------------------------------------------------------------
-$! Run the SSL setup if it hasn't been run yet
-$!------------------------------------------------------------------------------
-$!
-$ IF F$TRNLNM ("SSL$ROOT") .EQS. ""
-$ THEN
-$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
-$     THEN 
-$         @SSL$COM:SSL$INIT_ENV.COM
-$     ELSE
-$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
-$	  GOTO EXIT
-$     ENDIF
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Display the Page Header
-$!------------------------------------------------------------------------------
-$!
-$ INIT_TERM
-$ BCOLOR = BGD
-$ FCOLOR = FGD + RED
-$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
-$!
-$ TEXT = "SSL Certificate Tool"
-$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
-$!
-$ SAY ESC + "[01;01H", CSCR
-$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
-$!
-$ TEXT = "Create Self-Signed Certificate"
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[04;01H"
-$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
-$!
-$ ROW = 6
-$ COL = 2
-$ TOP_ROW = ROW
-$ MSG_ROW = TT_ROWS - 1
-$!
-$!------------------------------------------------------------------------------
-$! Initialize the Request Data
-$!------------------------------------------------------------------------------
-$!
-$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
-$ THEN 
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM
-$ ELSE
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM
-$ ENDIF
-$!
-$ _request_name = "req"
-$!
-$ _distinguished_name = "REQ_distinguished_name"
-$ _distinguished_name_upd = "Y"
-$!
-$ _default_bits = "1024"
-$ _default_bits_upd = "Y"
-$!
-$ _default_keyfile = "SSL$KEY:SERVER.KEY"
-$ _default_keyfile_upd = "Y"
-$!
-$ _default_crtfile = "SSL$CRT:SERVER.CRT"
-$ _default_crtfile_upd = "Y"
-$!
-$ _countryName_prompt = "Country Name ?"
-$ _countryName_min = "2"
-$ _countryName_max = "2"
-$ _countryName_default = "US"
-$ _countryName_upd = "Y"
-$ _countryName_cnt = 4
-$!
-$ _stateOrProvinceName_prompt = "State or Province Name ?"
-$ _stateOrProvinceName_default = ""
-$ _stateOrProvinceName_upd = "Y"
-$ _stateOrProvinceName_cnt = 2
-$!
-$ _localityName_prompt = "City Name ?"
-$ _localityName_default = ""
-$ _localityName_upd = "Y"
-$ _localityName_cnt = 2
-$!
-$ _0organizationName_prompt = "Organization Name ?"
-$ _0organizationName_default = ""
-$ _0organizationName_upd = "Y"
-$ _0organizationName_cnt = 2
-$!
-$ _organizationalUnitName_prompt = "Organization Unit Name ?"
-$ _organizationalUnitName_default = ""
-$ _organizationalUnitName_upd = "Y"
-$ _organizationalUnitName_cnt = 2
-$!
-$ _commonName_prompt = "Common Name ?"
-$ _commonName_max = "64"
-$ HOSTNAME -s _commonName_default
-$ _commonName_upd = "Y"
-$ _commonName_cnt = 3
-$!
-$ _emailAddress_prompt = "Email Address ?"
-$ _emailAddress_max = "40"
-$ _emailAddress_default = "webmaster@''_commonName_default'"
-$ _emailAddress_upd = "Y"
-$ _emailAddress_cnt = 3
-$!
-$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
-$ THEN 
-$     GET_CONF_DATA "[''_request_name']#distinguished_name"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _distinguished_name = SSL_CONF_DATA
-$         _distinguished_name_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_request_name']#default_bits"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _default_bits = SSL_CONF_DATA
-$     	  _default_bits_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_request_name']#default_keyfile"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
- 		             F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + -
- 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
- 		             F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") 
-$         _default_keyfile_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_request_name']#default_crtfile"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _default_crtfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
- 		             F$PARSE (SSL_CONF_DATA,"[CRT]",,"DIRECTORY") + -
- 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
- 		             F$PARSE (SSL_CONF_DATA,".CRT",,"TYPE") 
-$         _default_crtfile_upd = "N"
-$     ENDIF
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#countryName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _countryName_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#countryName_min"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _countryName_min = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#countryName_max"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _countryName_max = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#countryName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _countryName_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _countryName_cnt .EQS. CTR THEN _countryName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _stateOrProvinceName_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _stateOrProvinceName_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _stateOrProvinceName_cnt .EQ. CTR THEN _stateOrProvinceName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#localityName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _localityName_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#localityName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _localityName_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _localityName_cnt .EQ. CTR THEN _localityName_default_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _0organizationName_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _0organizationName_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _0organizationName_cnt .EQ. CTR THEN _0organizationName_default_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _organizationalUnitName_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _organizationalUnitName_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _organizationalUnitName_cnt .EQ. CTR THEN _organizationalUnitName_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#commonName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _commonName_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#commonName_max"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _commonName_max = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#commonName_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _commonName_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _commonName_cnt .EQ. CTR THEN _commonName_default_upd = "N"
-$!
-$     CTR = 0
-$     GET_CONF_DATA "[''_distinguished_name']#emailAddress"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _emailAddress_prompt = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#emailAddress_max"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _emailAddress_max = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     GET_CONF_DATA "[''_distinguished_name']#emailAddress_default"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _emailAddress_default = SSL_CONF_DATA
-$	  CTR = CTR + 1
-$     ENDIF
-$     IF _emailAddress_cnt .EQ. CTR THEN _emailAddress_default_upd = "N"
-$ ENDIF
-$!
-$ SET_USER_DATA "[]#encrypt_key#-#N#Encrypt Private Key ?#S##1##Y#N"
-$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#Y"
-$ SET_USER_DATA "[''_request_name']#default_bits#D#''_default_bits'#Encryption Bits ?#I###''_default_bits_upd'#Y#N"
-$ SET_USER_DATA "[''_request_name']#default_keyfile#D#''_default_keyfile'#Certificate Key File ?#F###''_default_keyfile_upd'#Y#N"
-$ SET_USER_DATA "[''_request_name']#default_crtfile#D#''_default_crtfile'#Certificate File ?#F###''_default_crtfile_upd'#Y#N"
-$ SET_USER_DATA "[''_request_name']#distinguished_name#D#''_distinguished_name'##S###''_distinguished_name_upd'#N#N"
-$ SET_USER_DATA "[''_distinguished_name']#countryName#P#''_countryName_default'#''_countryName_prompt'#S#''_countryName_min'#''#''_countryName_upd'#Y#N" 
-$ SET_USER_DATA "[''_distinguished_name']#stateOrProvinceName#P#''_stateOrProvinceName_default'#''_stateOrProvinceName_prompt'####''_stateOrProvinceName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#localityName#P#''_localityName_default'#''_localityName_prompt'#S###''_localityName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#0.organizationName#P#''_0organizationName_default'#''_0organizationName_prompt'#S###''_0organizationalName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#organizationalUnitName#P#''_organizationalUnitName_default'#''_organizationalUnitName_prompt#S###''_organizationalUnitName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#commonName#P#''_commonName_default'#''_commonName_prompt'#S##''_commonName_max'#''_commonName_upd'#Y#N"
-$ SET_USER_DATA "[''_distinguished_name']#emailAddress#P#''_emailAddress_default'#''_emailAddress_prompt'#S##''_emailAddress_max'#''_emailAddress_upd'#Y#N"
-$ SET_USER_DATA "[]#display_certificate#-#N#Display the Certificate ?#S##1##Y#N"
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$!
-$!------------------------------------------------------------------------------
-$! Confirm/Update the SSL Configuration Data
-$!------------------------------------------------------------------------------
-$!
-$ CTR = 1
-$!
-$PROMPT_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN 
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
-$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
-$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
-$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
-$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
-$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input  ?
-$!
-$! The PEM Pass Phrase prompt is dependant on the answer to encrypt the private key
-$!
-$     IF KEY .EQS. "[]" .AND. ITM .EQS. "pem_pass_phrase"
-$     THEN
-$         GET_USER_DATA "[]#encrypt_key"
-$ 	  _encrypt_key = SSL_USER_DATA
-$         IF F$EDIT (_encrypt_key,"UPCASE") .NES. "Y"
-$	  THEN
-$             CTR = CTR + 1
-$             GOTO PROMPT_LOOP
-$	  ENDIF
-$     ENDIF
-$!
-$     CONFIRMED = 0
-$     IF REQ .EQS. "N"
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO PROMPT_LOOP
-$     ENDIF
-$     IF ROW .GT. MSG_ROW - 2
-$     THEN 
-$         SAY ESC + "[''TOP_ROW';01H", CEOS
-$	  ROW = TOP_ROW
-$     ENDIF
-$!
-$CONFIRM_LOOP:
-$!
-$     IF PRM .EQS. "" 
-$     THEN 
-$         PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'"
-$     ELSE
-$         PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'"
-$     ENDIF
-$     IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO
-$     ASK "''PROMPT'" ANS /END_OF_FILE=EXIT
-$     IF TYP .EQS. "P" THEN SET TERMINAL /ECHO
-$     ANS = F$EDIT (ANS,"TRIM")
-$     IF ANS .EQS. "" THEN ANS = DEF
-$     IF TYP .EQS. "F"
-$     THEN
-$         ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY")
-$     ENDIF
-$     IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER"
-$     THEN 
-$         CALL INVALID_ENTRY
-$         SAY ESC + "[''ROW';01H", CEOS
-$         GOTO PROMPT_LOOP
-$     ENDIF
-$     IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. -
-         ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. -
-          (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX)))
-$     THEN 
-$         CALL INVALID_ENTRY
-$         SAY ESC + "[''ROW';01H", CEOS
-$	  IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP
-$         IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP
-$     ENDIF
-$     ROW = ROW + 1
-$     IF CFM .EQS. "Y"
-$     THEN
-$         IF CONFIRMED .EQ. 0
-$	  THEN
-$	      CONFIRMED = 1
-$	      CONFIRMED_ANS = ANS
-$	      PRM = "Confirm ''PRM'"
-$	      GOTO CONFIRM_LOOP
-$         ELSE
-$	      IF ANS .NES. CONFIRMED_ANS
-$	      THEN 
-$                 CALL INVALID_ENTRY
-$		  ROW = ROW - 2
-$                 SAY ESC + "[''ROW';01H", CEOS
-$                 GOTO PROMPT_LOOP
-$	      ENDIF
-$         ENDIF
-$     ENDIF
-$     IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'"
-$     CTR = CTR + 1
-$     GOTO PROMPT_LOOP
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Save the SSL Configuration Data
-$!------------------------------------------------------------------------------
-$!
-$ CTR = 1
-$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM
-$!
-$SAVE_CONF_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN 
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
-$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
-$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
-$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
-$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
-$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ?
-$     IF UPD .NES. "Y" .OR. VAL .EQS. "-"
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO SAVE_CONF_LOOP
-$     ENDIF
-$     IF VAL .EQS. "D"
-$     THEN 
-$         SET_CONF_DATA "''KEY'#''ITM'" "''DEF'"
-$     ELSE
-$         SET_CONF_DATA "''KEY'#''ITM'" "''PRM'"
-$         SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'"
-$     ENDIF
-$     IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'"
-$     IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'"
-$     CTR = CTR + 1
-$     GOTO SAVE_CONF_LOOP
-$ ENDIF
-$!
-$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE'
-$ RENAME 'SSL_CONF_FILE'; ;1
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$!
-$!------------------------------------------------------------------------------
-$! Create the Server Certificiate
-$!------------------------------------------------------------------------------
-$!
-$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Creating Self-Signed Certificate ...", NORM
-$!
-$ X1 = 2
-$ Y1 = TOP_ROW
-$ X2 = TT_COLS - 2
-$ Y2 = MSG_ROW - 1
-$!
-$ GET_USER_DATA "[]#encrypt_key"
-$ _encrypt_key = SSL_USER_DATA
-$ IF F$EDIT (_encrypt_key,"UPCASE") .EQS. "Y"
-$ THEN 
-$     GET_USER_DATA "[]#pem_pass_phrase"
-$     _pem_pass_phrase = SSL_USER_DATA
-$ ENDIF
-$ GET_USER_DATA "[''_request_name']#default_bits"
-$ _default_bits = SSL_USER_DATA
-$ GET_USER_DATA "[''_request_name']#default_keyfile"
-$ _default_keyfile = SSL_USER_DATA
-$ GET_USER_DATA "[''_request_name']#default_crtfile"
-$ _default_crtfile = SSL_USER_DATA
-$ GET_USER_DATA "[]#display_certificate"
-$ _display_certificate = SSL_USER_DATA
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_REQ_'PID'.RND
-$!
-$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM
-$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_REQ_''PID'.RND"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_REQ_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_REQ_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$ IF F$EDIT (_encrypt_key,"UPCASE") .EQS. "Y"
-$ THEN 
-$     WRITE OFILE "$ OPENSSL req -config ''SSL_CONF_FILE' -new -days 365 -x509 -keyout ''_default_keyfile' -out ''_default_crtfile'"
-$     WRITE OFILE "''_pem_pass_phrase'"
-$     WRITE OFILE "''_pem_pass_phrase'"
-$ ELSE
-$     WRITE OFILE "$ OPENSSL req -config ''SSL_CONF_FILE' -nodes -new -days 365 -x509 -keyout ''_default_keyfile' -out ''_default_crtfile'"
-$ ENDIF
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ WRITE OFILE ""
-$ CLOSE OFILE
-$!
-$ @SYS$LOGIN:SSL_REQ_'PID'.COM
-$!
-$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;*
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:"
-$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" 
-$ THEN 
-$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0
-$     THEN 
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
-$         SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$         SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >"
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
-$         GOTO EXIT
-$     ENDIF
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
-$ ENDIF
-$!
-$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
-$! 
-$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y"
-$ THEN 
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL
-$!
-$     OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_X509_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_X509_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$     WRITE OFILE "$ OPENSSL x509 -noout -text -in ''_default_crtfile'"
-$     CLOSE OFILE
-$!
-$     @SYS$LOGIN:SSL_X509_'PID'.COM
-$!
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;*
-$!
-$     DEFINE /USER /NOLOG SYS$ERROR  NL:
-$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$     SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:"
-$     IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" 
-$     THEN 
-$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0
-$         THEN 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
-$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$             SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
-$             GOTO EXIT
-$         ENDIF
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
-$     ENDIF
-$!
-$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
-$     SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_crtfile' >" 
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
-$     GOTO EXIT
-$ ENDIF
-$!
-$ TEXT = "Press return to continue"
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'"
-$ ASK "''PROMPT'" OPT
-$!
-$GOTO EXIT
-z$!
-$!------------------------------------------------------------------------------
-$! Set the User Data
-$!------------------------------------------------------------------------------
-$!
-$SET_USER_DATA: SUBROUTINE
-$!
-$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. ""
-$ THEN
-$     SSL_USER_DATA_MAX == 1
-$ ELSE
-$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1
-$ ENDIF
-$!
-$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'"
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Find the Request Data
-$!------------------------------------------------------------------------------
-$!
-$GET_USER_DATA: SUBROUTINE
-$!
-$ CTR = 1
-$ USER_KEY = F$ELEMENT (0,"#",P1)
-$ USER_ITM = F$ELEMENT (1,"#",P1)
-$!
-$GET_USER_DATA_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO GET_USER_DATA_LOOP
-$     ENDIF
-$     IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'"
-$     IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'"
-$     IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'"
-$ ENDIF
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Delete the User Data
-$!------------------------------------------------------------------------------
-$!
-$DEL_USER_DATA: SUBROUTINE
-$!
-$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END
-$!
-$DEL_USER_DATA_LOOP:
-$!
-$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" 
-$ THEN
-$     DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX'
-$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1
-$     GOTO DEL_USER_DATA_LOOP
-$ ENDIF
-$!
-$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX
-$!
-$DEL_USER_DATA_END:
-$!
-$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Display the invalid entry 
-$!------------------------------------------------------------------------------
-$!
-$INVALID_ENTRY: SUBROUTINE
-$!
-$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
-$ Wait 00:00:01.5
-$ SAY ESC + "[''MSG_ROW';01H", CEOL
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$!
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ CLOSE OFILE
-$!
-$ DEL_USER_DATA
-$!
-$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA
-$!
-$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO
-$!
-$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;*
-$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;*
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$show_file.com
+++ b/VMS/cert_tool/ssl$show_file.com
@@ -1,205 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$SHOW_FILE.COM - SSL Show File procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure display the contents of a given file in a box size specified.
-$!
-$! The parameters used are:
-$!
-$! 	P1	- File to View
-$! 	P2	- X1 coordinate
-$! 	P3	- Y1 coordinate
-$! 	P4	- X2 coordinate
-$! 	P5	- Y3 coordinate
-$! 	P6	- File Box Title (Optional)
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ SAY := WRITE SYS$OUTPUT
-$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ DRAW_BOX := @SSL$COM:SSL$DRAW_BOX
-$ FILL_BOX := @SSL$COM:SSL$FILL_BOX
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$ CEOL = ESC + "[0K"	! Clear to the End of the Line
-$ NORM = ESC + "[0m"	! Turn Attributes off
-$ BOLD = ESC + "[1m"    ! Turn on BOLD Attribute
-$!
-$!------------------------------------------------------------------------------
-$! Display the Page Header
-$!------------------------------------------------------------------------------
-$!
-$ REC_MAX = 0
-$ OPEN /READ IFILE 'P1' 
-$!
-$READ_LOOP:
-$!
-$ READ /END_OF_FILE=READ_END IFILE IREC
-$ REC_MAX = REC_MAX + 1
-$ REC_'REC_MAX' = IREC
-$ GOTO READ_LOOP
-$!
-$READ_END:
-$!
-$ CLOSE IFILE
-$!
-$ IF REC_MAX .EQ. 0
-$ THEN 
-$     DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " ** End-of-File **, Press Return to Exit "
-$     INPUT_ROW = P5 + 1
-$     PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'"
-$     ASK "''PROMPT'" OPT
-$     GOTO EXIT
-$ ENDIF
-$!
-$ COL = P2 + 2
-$ ROW = P3 + 2
-$ TOP_ROW = ROW
-$ INPUT_ROW = P5 + 1
-$ BOX_WIDTH = P4 - (P2 + 2)
-$ BOX_HEIGHT = P5 - (P3 + 3)
-$!
-$ REC_CTR = 1
-$ PAGE_CTR = 1
-$ PAGE_'PAGE_CTR'_REC_CTR = REC_CTR
-$ RECS_PER_PAGE = BOX_HEIGHT
-$ PAGE_MAX = REC_MAX / RECS_PER_PAGE
-$ IF PAGE_MAX * RECS_PER_PAGE .LT. REC_MAX THEN PAGE_MAX = PAGE_MAX + 1
-$!
-$ DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " Enter B for Back, N for Next, Ctrl-Z to Exit "
-$ PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
-$ _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
-$ SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
-$!
-$DISPLAY_LOOP:
-$!
-$ IF REC_CTR .LE. REC_MAX .AND. F$TYPE (REC_'REC_CTR') .NES. ""
-$ THEN 
-$     REC = REC_'REC_CTR'
-$ ENDIF
-$ WRAP_IN_PROGRESS = 0
-$!
-$WRAP_LOOP:
-$!
-$ IF ROW .LE. (P5 - 2) .AND. -
-     REC_CTR .LE. PAGE_CTR * RECS_PER_PAGE
-$ THEN
-$     IF F$LENGTH (REC) .GT. BOX_WIDTH  
-$     THEN 
-$ 	  IF WRAP_IN_PROGRESS .EQ. 0
-$	  THEN
-$	      WRAP_IN_PROGRESS = 1
-$	      _COL = COL
-$	  ELSE
-$	      _COL = COL - 1
-$	  ENDIF
-$	  REC_SEG = F$EXTRACT (0, BOX_WIDTH, REC)
-$         SAY ESC + "[''ROW';''_COL'H", REC_SEG
-$         REC = ">" + F$EXTRACT (BOX_WIDTH, F$LENGTH (REC)-BOX_WIDTH, REC)
-$         ROW = ROW + 1
-$	  GOTO WRAP_LOOP
-$     ELSE
-$         IF REC_CTR .LE. REC_MAX .AND. F$TYPE (REC_'REC_CTR') .NES. ""
-$         THEN 
-$ 	      IF WRAP_IN_PROGRESS .EQ. 1
-$	      THEN
-$		  _COL = COL - 1
-$	      ELSE
-$		  _COL = COL
-$	      ENDIF
-$             SAY ESC + "[''ROW';''_COL'H", REC
-$	  ENDIF
-$     ENDIF
-$ ELSE
-$!
-$RETRY:
-$!
-$     PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'"
-$     ASK "''PROMPT'" OPT
-$     IF F$EDIT (OPT,"TRIM,UPCASE") .NES. "B" .AND. -
-	 F$EDIT (OPT,"TRIM,UPCASE") .NES. "N" 
-$     THEN
-$         CALL INVALID_ENTRY
-$	  GOTO RETRY
-$     ENDIF
-$     IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "B"
-$     THEN
-$	  IF PAGE_CTR .GT. 1
-$	  THEN
-$ 	      ROW = TOP_ROW
-$	      PAGE_CTR = PAGE_CTR - 1
-$ 	      REC_CTR = PAGE_'PAGE_CTR'_REC_CTR
-$             PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
-$             _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
-$             SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
-$             FILL_BOX 'P2' 'P3' 'P4' 'P5'
-$	      GOTO DISPLAY_LOOP
-$	  ELSE
-$             CALL INVALID_ENTRY
-$	      GOTO RETRY
-$         ENDIF
-$     ENDIF
-$     IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "N"
-$     THEN
-$	  IF PAGE_CTR .LT. PAGE_MAX
-$	  THEN
-$	      PAGE_CTR = PAGE_CTR + 1
-$ 	      PAGE_'PAGE_CTR'_REC_CTR = REC_CTR
-$             PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
-$             _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
-$             SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
-$             FILL_BOX 'P2' 'P3' 'P4' 'P5'
-$	  ELSE
-$             CALL INVALID_ENTRY
-$	      GOTO RETRY
-$         ENDIF
-$     ENDIF
-$     FILL_BOX 'P2' 'P3' 'P4' 'P5'
-$     ROW = TOP_ROW
-$     GOTO WRAP_LOOP
-$ ENDIF
-$ REC_CTR = REC_CTR + 1
-$ ROW = ROW + 1
-$ GOTO DISPLAY_LOOP
-$!
-$!------------------------------------------------------------------------------
-$! Display the invalid entry 
-$!------------------------------------------------------------------------------
-$!
-$INVALID_ENTRY: SUBROUTINE
-$!
-$ SAY ESC + "[''INPUT_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
-$ Wait 00:00:01.5
-$ SAY ESC + "[''INPUT_ROW';01H", CEOL
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Exit 
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ CLOSE IFILE
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$sign_cert.com
+++ b/VMS/cert_tool/ssl$sign_cert.com
@@ -1,759 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$SIGN_CERT.COM - SSL Sign Certificate Request procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure prompts the user through creating a Server Certificate.
-$!
-$! There are no parameters used.
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ DELETE := DELETE
-$ SAY := WRITE SYS$OUTPUT
-$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
-$ PID = F$GETJPI ("","PID")
-$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO")
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
-$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
-$!
-$ GET_USER_DATA := CALL GET_USER_DATA
-$ SET_USER_DATA := CALL SET_USER_DATA
-$ DEL_USER_DATA := CALL DEL_USER_DATA
-$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
-$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE 
-$ SSL_CONF_FILE = F$TRNLMN ("SSL$CA_CONF")
-$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET
-$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$ BELL[0,8] = 7 	! Ring the terminal Bell
-$ RED = 1		! Color - Red
-$ FGD = 30		! Foreground
-$ BGD = 0		! Background
-$ CSCR = ESC + "[2J"	! Clear the Screen 
-$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
-$ CEOL = ESC + "[0K"	! Clear to the End of the Line
-$ NORM = ESC + "[0m"	! Turn Attributes off
-$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
-$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
-$!
-$!------------------------------------------------------------------------------
-$! Run the SSL setup if it hasn't been run yet
-$!------------------------------------------------------------------------------
-$!
-$ IF F$TRNLNM ("SSL$ROOT") .EQS. ""
-$ THEN
-$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
-$     THEN 
-$         @SSL$COM:SSL$INIT_ENV.COM
-$     ELSE
-$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
-$	  GOTO EXIT
-$     ENDIF
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Display the Page Header
-$!------------------------------------------------------------------------------
-$!
-$ INIT_TERM
-$ BCOLOR = BGD
-$ FCOLOR = FGD + RED
-$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
-$!
-$ TEXT = "SSL Certificate Tool"
-$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
-$!
-$ SAY ESC + "[01;01H", CSCR
-$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
-$!
-$ TEXT = "Sign Certificate Request"
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[04;01H"
-$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
-$!
-$ CTR = 1
-$ ROW = 6
-$ COL = 2
-$ TOP_ROW = ROW
-$ MSG_ROW = TT_ROWS - 1
-$!
-$!------------------------------------------------------------------------------
-$! Initialize the Request Data
-$!------------------------------------------------------------------------------
-$!
-$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
-$ THEN 
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM
-$ ELSE
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM
-$ ENDIF
-$!
-$ _ca = "ca"
-$!
-$ _default_ca = "CA_default_ca"
-$ _default_ca_upd = "Y"
-$!
-$ _default_serfile = "SSL$DB:SERIAL.TXT"
-$ _default_serfile_upd = "Y"
-$!
-$ _default_idxfile = "SSL$DB:INDEX.TXT"
-$ _default_idxfile_upd = "Y"
-$!
-$ _default_crtfile = "SSL$CRT:SERVER_CA.CRT"
-$ _default_crtfile_upd = "Y"
-$!
-$ _default_keyfile = "SSL$KEY:SERVER_CA.KEY"
-$ _default_keyfile_upd = "Y"
-$!
-$ _default_csrfile = "SSL$CSR:SERVER.CSR"
-$ _default_csrfile_upd = "Y"
-$!
-$ _default_sgnfile = "SSL$CRT:SIGNED.CRT"
-$ _default_sgnfile_upd = "Y"
-$!
-$ _default_newcert = "SSL$CRT"
-$ _default_newcert_upd = "Y"
-$!
-$ _default_md = "md5"
-$ _default_md_upd = "Y"
-$!
-$ _default_days = "365"
-$ _default_days_upd = "Y"
-$!
-$ _default_policy = "policy_anything"
-$ _default_policy_upd = "Y"
-$!
-$ _policy_countryName = "optional"
-$ _policy_countryName_upd = "Y"
-$!
-$ _policy_stateOrProvinceName = "optional"
-$ _policy_stateOrProvinceName_upd = "Y"
-$!
-$ _policy_localityName = "optional"
-$ _policy_localityName_upd = "Y"
-$!
-$ _policy_organizationName = "optional"
-$ _policy_organizationName_upd = "Y"
-$!
-$ _policy_organizationalUnitName = "optional"
-$ _policy_organizationalUnitName_upd = "Y"
-$!
-$ _policy_commonName = "supplied"
-$ _policy_commonName_upd = "Y"
-$!
-$ _policy_emailAddress = "optional"
-$ _policy_emailAddress_upd = "Y"
-$!
-$ _default_x509_extensions = "CA_x509_extensions"
-$ _default_x509_extensions_upd = "Y"
-$!
-$ _x509_basicContraints = "CA:FALSE"
-$ _x509_basicContraints_upd = "Y"
-$!
-$ _x509_nsCertType = "client,email,objsign,server"
-$ _x509_nsCertType_upd = "Y"
-$!
-$ _x509_nsComment = "SSL Generated Certificate"
-$ _x509_nsComment_upd = "Y"
-$!
-$ _x509_subjectKeyIdentifier = "hash"
-$ _x509_subjectKeyIdentifier_upd = "Y"
-$!
-$ _x509_authorityKeyIdentifier = "keyid,issuer:always"
-$ _x509_authorityKeyIdentifier_upd = "Y"
-$!
-$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
-$ THEN 
-$     GET_CONF_DATA "[''_ca']#default_ca"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN 
-$         _default_ca = SSL_CONF_DATA
-$         _default_ca_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_ca']#serial"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_serfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
- 		             F$PARSE (SSL_CONF_DATA,"[DB]",,"DIRECTORY") + -
- 		             F$PARSE (SSL_CONF_DATA,"SERIAL",,"NAME") + -
- 		             F$PARSE (SSL_CONF_DATA,".TXT",,"TYPE") 
-$         _default_serfile_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_ca']#database"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_idxfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
- 		             F$PARSE (SSL_CONF_DATA,"[DB]",,"DIRECTORY") + -
- 		             F$PARSE (SSL_CONF_DATA,"INDEX",,"NAME") + -
- 		             F$PARSE (SSL_CONF_DATA,".TXT",,"TYPE") 
-$         _default_idxfile_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_ca']#certificate"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_crtfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
- 		             F$PARSE (SSL_CONF_DATA,"[CRT]",,"DIRECTORY") + -
- 		             F$PARSE (SSL_CONF_DATA,"SERVER_CA",,"NAME") + -
- 		             F$PARSE (SSL_CONF_DATA,".CRT",,"TYPE") 
-$         _default_crtfile_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_ca']#private_key"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
- 		             F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + -
- 		             F$PARSE (SSL_CONF_DATA,"SERVER_CA",,"NAME") + -
- 		             F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") 
-$         _default_keyfile_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_ca']#new_certs_dir"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_newcert = SSL_CONF_DATA
-$         _default_newcert_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_ca']#default_md"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_md = SSL_CONF_DATA
-$         _default_md_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_ca']#default_days"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_days = SSL_CONF_DATA
-$         _default_days_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_ca']#policy"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_policy = SSL_CONF_DATA
-$         _default_policy_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_policy']#countryName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _policy_countryName = SSL_CONF_DATA
-$         _policy_countryName_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_policy']#stateOrProvinceName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _policy_stateOrProvinceName = SSL_CONF_DATA
-$         _policy_stateOrProvinceName_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_policy']#localityName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _policy_localityName = SSL_CONF_DATA
-$         _policy_localityName_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_policy']#organizationName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _policy_organizationName = SSL_CONF_DATA
-$         _policy_organizationName_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_policy']#organizationalUnitName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _policy_organizationalUnitName = SSL_CONF_DATA
-$         _policy_organizationalUnitName_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_policy']#commonName"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _policy_commonName = SSL_CONF_DATA
-$         _policy_commonName_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_policy']#emailAddress"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _policy_emailAddress = SSL_CONF_DATA
-$         _policy_emailAddress_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_ca']#x509_extensions"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _default_x509_extensions = SSL_CONF_DATA
-$         _default_x509_extensions_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_x509_extensions']#basicConstraints"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _x509_basicConstraints = SSL_CONF_DATA
-$         _x509_basicConstraints_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_x509_extensions']#nsCertType"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _x509_nsCertType = SSL_CONF_DATA
-$         _x509_nsCertType_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_x509_extensions']#nsComment"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _x509_nsComment = SSL_CONF_DATA
-$         _x509_nsComment_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_x509_extensions']#subjectKeyIdentifier"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _x509_subjectKeyIdentifier = SSL_CONF_DATA
-$         _x509_subjectKeyIdentifier_upd = "N"
-$     ENDIF
-$!
-$     GET_CONF_DATA "[''_default_x509_extensions']#authorityKeyIdentifier"
-$     IF SSL_CONF_DATA .NES. ""
-$     THEN
-$         _x509_authorityKeyIdentifier = SSL_CONF_DATA
-$         _x509_authorityKeyIdentifier_upd = "N"
-$     ENDIF
-$ ENDIF
-$!
-$ SET_USER_DATA "[''_ca']#default_ca#D#''_default_ca'##S###''_default_ca_upd'#N#N"
-$ SET_USER_DATA "[''_default_ca']#serial#D#''_default_serfile'#Serial File ?#F###''_default_serfile_upd'#N#N"
-$ SET_USER_DATA "[''_default_ca']#database#D#''_default_idxfile'#Database File ?#F###''_default_idxfile_upd'#N#N"
-$ SET_USER_DATA "[''_default_ca']#certificate#D#''_default_crtfile'#CA Certificate File ?#F###''_default_crtfile_upd'#Y#N"
-$ SET_USER_DATA "[''_default_ca']#private_key#D#''_default_keyfile'#CA Certificate Key File ?#F###''_default_keyfile_upd'#Y#N"
-$ SET_USER_DATA "[]#default_csrfile#-#''_default_csrfile'#Certificate Request File ?#F###''_default_csrfile_upd'#Y#N"
-$ SET_USER_DATA "[]#default_sgnfile#-#''_default_sgnfile'#Signed Certificate File ?#F###''_default_sgnfile_upd'#Y#N"
-$ SET_USER_DATA "[''_default_ca']#new_certs_dir#D#''_default_newcert'#New Certificate Directory ?#S###''_default_newcert_upd'#N#N"
-$ SET_USER_DATA "[''_default_ca']#default_md#D#''_default_md'#Default Digest ?#I###''_default_md_upd'#N#N"
-$ SET_USER_DATA "[''_default_ca']#default_days#D#''_default_days'#Default Days ?#I###''_default_days_upd'#Y#N"
-$ SET_USER_DATA "[''_default_ca']#policy#D#''_default_policy'#Default Policy ?#S###''_default_policy_upd'#N#N"
-$ SET_USER_DATA "[''_default_policy']#countryName#D#''_policy_countryName'#Country Name Policy ?#S###''_policy_countryName_upd'#N#N"
-$ SET_USER_DATA "[''_default_policy']#stateOrProvinceName#D#''_policy_stateOrProvinceName'#State or Province Name Policy ?#S###''_policy_stateOrProvinceName_upd'#N#N"
-$ SET_USER_DATA "[''_default_policy']#localityName#D#''_policy_localityName'#Locality Name Policy ?#S###''_policy_localityName_upd'#N#N"
-$ SET_USER_DATA "[''_default_policy']#organizationName#D#''_policy_organizationName'#Organization Name Policy ?#S###''_policy_organizationName_upd'#N#N"
-$ SET_USER_DATA "[''_default_policy']#organizationalUnitName#D#''_policy_organizationalUnitName'#Organization Unit Name Policy ?#S###''_policy_organizationalUnitName_upd'#N#N"
-$ SET_USER_DATA "[''_default_policy']#commonName#D#''_policy_commonName'#Common Name Policy ?#S###''_policy_commonName_upd'#N#N"
-$ SET_USER_DATA "[''_default_policy']#emailAddress#D#''_policy_emailAddress'#Email Address Policy ?#S###''_policy_emailAddress_upd'#N#N"
-$ SET_USER_DATA "[''_default_ca']#x509_extensions#D#''_default_x509_extensions'#X509 Extensions ?#S###''_default_x509_extensions_upd'#N#N"
-$ SET_USER_DATA "[''_default_x509_extensions']#basicConstraints#D#''_x509_basicConstraints'#X509 Basic Constraints ?#S###''_x509_basicConstraints_upd'#N#N"
-$ SET_USER_DATA "[''_default_x509_extensions']#nsCertType#D#''_x509_nsCertType'#X509 NS Cert Type ?#S###''_x509_nsCertType_upd'#N#N"
-$ SET_USER_DATA "[''_default_x509_extensions']#nsComment#D#''_x509_nsComment'#X509 NS Comment ?#S###''_x509_nsComment_upd'#N#N"
-$ SET_USER_DATA "[''_default_x509_extensions']#subjectKeyIdentifier#D#''_x509_subjectKeyIdentifier'#X509 Subject Key Identifier ?#S###''_x509_subjectKeyIdentifier_upd'#N#N"
-$ SET_USER_DATA "[''_default_x509_extensions']#authorityKeyIdentifier#D#''_x509_authorityKeyIdentifier'#X509 Authority Key Identifier ?#S###''_x509_authorityKeyIdentifier_upd'#N#N"
-$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#N"
-$ SET_USER_DATA "[]#display_certificate#-#N#Display the Certificate ?#S##1##Y#N"
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$!
-$!------------------------------------------------------------------------------
-$! Confirm/Update the SSL Configuration Data
-$!------------------------------------------------------------------------------
-$!
-$PROMPT_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN 
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
-$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
-$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
-$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
-$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
-$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input  ?
-$     CONFIRMED = 0
-$     IF REQ .EQS. "N"
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO PROMPT_LOOP
-$     ENDIF
-$     IF ROW .GT. MSG_ROW - 2
-$     THEN 
-$         SAY ESC + "[''TOP_ROW';01H", CEOS
-$	  ROW = TOP_ROW
-$     ENDIF
-$!
-$CONFIRM_LOOP:
-$!
-$     IF PRM .EQS. "" 
-$     THEN 
-$         PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'"
-$     ELSE
-$         PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'"
-$     ENDIF
-$     IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO
-$     ASK "''PROMPT'" ANS /END_OF_FILE=EXIT
-$     IF TYP .EQS. "P" THEN SET TERMINAL /ECHO
-$     ANS = F$EDIT (ANS,"TRIM")
-$     IF ANS .EQS. "" THEN ANS = DEF
-$     IF TYP .EQS. "F"
-$     THEN
-$         ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY")
-$     ENDIF
-$     IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER"
-$     THEN 
-$         CALL INVALID_ENTRY
-$         SAY ESC + "[''ROW';01H", CEOS
-$         GOTO PROMPT_LOOP
-$     ENDIF
-$     IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. -
-         ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. -
-          (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX)))
-$     THEN 
-$         CALL INVALID_ENTRY
-$         SAY ESC + "[''ROW';01H", CEOS
-$	  IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP
-$         IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP
-$     ENDIF
-$     ROW = ROW + 1
-$     IF CFM .EQS. "Y"
-$     THEN
-$         IF CONFIRMED .EQ. 0
-$	  THEN
-$	      CONFIRMED = 1
-$	      CONFIRMED_ANS = ANS
-$	      PRM = "Confirm ''PRM'"
-$	      GOTO CONFIRM_LOOP
-$         ELSE
-$	      IF ANS .NES. CONFIRMED_ANS
-$	      THEN 
-$                 CALL INVALID_ENTRY
-$		  ROW = ROW - 2
-$                 SAY ESC + "[''ROW';01H", CEOS
-$                 GOTO PROMPT_LOOP
-$	      ENDIF
-$         ENDIF
-$     ENDIF
-$     IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'"
-$     CTR = CTR + 1
-$     GOTO PROMPT_LOOP
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Save the SSL Configuration Data
-$!------------------------------------------------------------------------------
-$!
-$ CTR = 1
-$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM
-$!
-$SAVE_CONF_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN 
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
-$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
-$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
-$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
-$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
-$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ?
-$     IF UPD .NES. "Y" .OR. VAL .EQS. "-"
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO SAVE_CONF_LOOP
-$     ENDIF
-$     IF VAL .EQS. "D"
-$     THEN 
-$         SET_CONF_DATA "''KEY'#''ITM'" "''DEF'"
-$     ELSE
-$         SET_CONF_DATA "''KEY'#''ITM'" "''PRM'"
-$         SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'"
-$     ENDIF
-$     IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'"
-$     IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'"
-$     CTR = CTR + 1
-$     GOTO SAVE_CONF_LOOP
-$ ENDIF
-$!
-$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE'
-$ RENAME 'SSL_CONF_FILE'; ;1
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$!
-$!------------------------------------------------------------------------------
-$! Create the Certificiate Authority
-$!------------------------------------------------------------------------------
-$!
-$SKIP:
-$!
-$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Signing Certificate Request ...", NORM
-$!
-$ X1 = 2
-$ Y1 = TOP_ROW
-$ X2 = TT_COLS - 2
-$ Y2 = MSG_ROW - 1
-$!
-$ GET_USER_DATA "[]#pem_pass_phrase"
-$ _pem_pass_phrase = SSL_USER_DATA
-$ GET_USER_DATA "[''_default_ca']#database"
-$ _default_idxfile = SSL_USER_DATA
-$ GET_USER_DATA "[''_default_ca']#serial"
-$ _default_serfile = SSL_USER_DATA
-$ GET_USER_DATA "[]#default_csrfile"
-$ _default_csrfile = SSL_USER_DATA
-$ GET_USER_DATA "[]#default_sgnfile"
-$ _default_sgnfile = SSL_USER_DATA
-$ GET_USER_DATA "[]#display_certificate"
-$ _display_certificate = SSL_USER_DATA
-$!
-$ IF F$SEARCH ("''_default_idxfile'") .EQS. ""
-$ THEN
-$     OPEN /WRITE OFILE '_default_idxfile'
-$     CLOSE OFILE
-$ ENDIF
-$!
-$ IF F$SEARCH ("''_default_serfile'") .EQS. ""
-$ THEN
-$     OPEN /WRITE OFILE '_default_serfile'
-$     WRITE OFILE "01"
-$     CLOSE OFILE
-$ ENDIF
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_CA_'PID'.RND
-$!
-$ OPEN /WRITE OFILE SYS$LOGIN:SSL_CA_'PID'.COM
-$ WRITE OFILE "$ SET NOON"
-$ WRITE OFILE "$ SET MESSAGE /NOFACILITY /NOIDENTIFICATION /NOSEVERITY /NOTEXT"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_CA_''PID'.RND"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_CA_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_CA_''PID'.LOG"
-$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$ WRITE OFILE "$ OPENSSL ca -config ''SSL_CONF_FILE' -out ''_default_sgnfile' -infiles ''_default_csrfile'"
-$ WRITE OFILE "''_pem_pass_phrase'"
-$ WRITE OFILE "y"
-$ WRITE OFILE "y"
-$ WRITE OFILE "$ SET MESSAGE /FACILITY /IDENTIFICATION /SEVERITY /TEXT"
-$ CLOSE OFILE
-$!
-$ @SYS$LOGIN:SSL_CA_'PID'.COM
-$!
-$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.RND;*
-$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.COM;*
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ SEARCH SYS$LOGIN:SSL_CA_'PID'.LOG /OUT=SYS$LOGIN:SSL_CA_'PID'.ERR "error:"
-$ IF F$SEARCH ("SYS$LOGIN:SSL_CA_''PID'.ERR") .NES. "" 
-$ THEN 
-$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_CA_''PID'.ERR","ALQ") .NE. 0
-$     THEN 
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.ERR;*
-$         SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$         SHOW_FILE "SYS$LOGIN:SSL_CA_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.LOG;*
-$         GOTO EXIT
-$     ENDIF
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.ERR;*
-$ ENDIF
-$!
-$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.LOG;*
-$! 
-$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y"
-$ THEN 
-$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL
-$!
-$     OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_X509_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_X509_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$     WRITE OFILE "$ OPENSSL x509 -noout -text -in ''_default_sgnfile'"
-$     CLOSE OFILE
-$!
-$     @SYS$LOGIN:SSL_X509_'PID'.COM
-$!
-$     DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;*
-$!
-$     DEFINE /USER /NOLOG SYS$ERROR  NL:
-$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$     SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:"
-$     IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" 
-$     THEN 
-$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0
-$         THEN 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
-$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$             SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
-$             GOTO EXIT
-$         ENDIF
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
-$     ENDIF
-$!
-$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
-$     SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_sgnfile' >" 
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
-$     GOTO EXIT
-$ ENDIF
-$!
-$ TEXT = "Press return to continue"
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'"
-$ ASK "''PROMPT'" OPT
-$!
-$GOTO EXIT
-$!
-$!------------------------------------------------------------------------------
-$! Set the User Data
-$!------------------------------------------------------------------------------
-$!
-$SET_USER_DATA: SUBROUTINE
-$!
-$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. ""
-$ THEN
-$     SSL_USER_DATA_MAX == 1
-$ ELSE
-$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1
-$ ENDIF
-$!
-$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'"
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Find the Request Data
-$!------------------------------------------------------------------------------
-$!
-$GET_USER_DATA: SUBROUTINE
-$!
-$ CTR = 1
-$ USER_KEY = F$ELEMENT (0,"#",P1)
-$ USER_ITM = F$ELEMENT (1,"#",P1)
-$!
-$GET_USER_DATA_LOOP:
-$!
-$ IF CTR .LE. SSL_USER_DATA_MAX
-$ THEN
-$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
-$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
-$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
-$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
-$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
-$     IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM
-$     THEN 
-$         CTR = CTR + 1
-$         GOTO GET_USER_DATA_LOOP
-$     ENDIF
-$     IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'"
-$     IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'"
-$     IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'"
-$ ENDIF
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Delete the User Data
-$!------------------------------------------------------------------------------
-$!
-$DEL_USER_DATA: SUBROUTINE
-$!
-$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END
-$!
-$DEL_USER_DATA_LOOP:
-$!
-$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" 
-$ THEN
-$     DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX'
-$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1
-$     GOTO DEL_USER_DATA_LOOP
-$ ENDIF
-$!
-$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX
-$!
-$DEL_USER_DATA_END:
-$!
-$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Display the invalid entry 
-$!------------------------------------------------------------------------------
-$!
-$INVALID_ENTRY: SUBROUTINE
-$!
-$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
-$ Wait 00:00:01.5
-$ SAY ESC + "[''MSG_ROW';01H", CEOL
-$!
-$ EXIT
-$!
-$ ENDSUBROUTINE
-$!
-$!------------------------------------------------------------------------------
-$! Exit the procedure
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ DEASSIGN SYS$OUTPUT
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ DEASSIGN SYS$ERROR
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ CLOSE OFILE
-$!
-$ DEL_USER_DATA
-$!
-$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA
-$!
-$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO
-$!
-$ IF F$SEARCH ("SYS$LOGIN:SSL_CA_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.%%%;*
-$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;*
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/cert_tool/ssl$view_cert.com
+++ b/VMS/cert_tool/ssl$view_cert.com
@@ -1,245 +0,0 @@
-$!
-$!------------------------------------------------------------------------------
-$! SSL$VIEW_CERT.COM - SSL View Certificate procedure
-$!------------------------------------------------------------------------------
-$!
-$ Verify = F$VERIFY (0)
-$ Set NoOn
-$ Set NoControl=Y
-$!
-$!------------------------------------------------------------------------------
-$! Description 
-$!------------------------------------------------------------------------------
-$!
-$! This procedure prompts the user through creating a Server Certificate.
-$!
-$! The parameters used are:
-$!
-$! 	P1	- Certificate or Certificate Request (i.e. "CRT" or "CSR")
-$!
-$!------------------------------------------------------------------------------
-$! Define symbols
-$!------------------------------------------------------------------------------
-$!
-$ DELETE := DELETE
-$ SAY := WRITE SYS$OUTPUT
-$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
-$ PID = F$GETJPI ("","PID")
-$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO")
-$ On Control_Y THEN GOTO EXIT
-$ Set Control=Y
-$!
-$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
-$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
-$!
-$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
-$ PICK_FILE := @SSL$COM:SSL$PICK_FILE 
-$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE 
-$!
-$ ESC[0,8] = 27 	! Set the Escape Character
-$ BELL[0,8] = 7 	! Ring the terminal Bell
-$ RED = 1		! Color - Red
-$ FGD = 30		! Foreground
-$ BGD = 0		! Background
-$ CSCR = ESC + "[2J"	! Clear the Screen 
-$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
-$ CEOL = ESC + "[0K"	! Clear to the End of the Line
-$ NORM = ESC + "[0m"	! Turn Attributes off
-$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
-$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
-$!
-$!------------------------------------------------------------------------------
-$! Run the SSL setup if it hasn't been run yet
-$!------------------------------------------------------------------------------
-$!
-$ IF F$TRNLNM ("SSL$ROOT") .EQS. ""
-$ THEN
-$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
-$     THEN 
-$         @SSL$COM:SSL$INIT_ENV.COM
-$     ELSE
-$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
-$	  GOTO EXIT
-$     ENDIF
-$ ENDIF
-$!
-$!------------------------------------------------------------------------------
-$! Display the Page Header
-$!------------------------------------------------------------------------------
-$!
-$ INIT_TERM
-$ BCOLOR = BGD
-$ FCOLOR = FGD + RED
-$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
-$!
-$ TEXT = "SSL Certificate Tool"
-$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
-$!
-$ SAY ESC + "[01;01H", CSCR
-$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
-$!
-$ IF P1 .EQS. "CSR"
-$ THEN 
-$     TEXT = "View Certificate Request"
-$ ELSE
-$     TEXT = "View Certificate"
-$ ENDIF
-$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
-$!
-$ SAY ESC + "[04;01H"
-$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
-$!
-$ CTR = 1
-$ ROW = 6
-$ COL = 2
-$ TOP_ROW = ROW
-$ MSG_ROW = TT_ROWS - 1
-$!
-$!------------------------------------------------------------------------------
-$! Initialize the Request Data
-$!------------------------------------------------------------------------------
-$!
-$ IF P1 .NES. "CRT" .AND. P1 .NES. "CSR"
-$ THEN 
-$     PRM = "Display File:"
-$     DEF = "*.*"
-$ ENDIF
-$!
-$ IF P1 .EQS. "CRT"
-$ THEN 
-$     PRM = "Display Certificate File:"
-$     DEF = "SSL$CRT:*.CRT"
-$ ENDIF
-$!
-$ IF P1 .EQS. "CSR"
-$ THEN 
-$     PRM = "Display Certificate Request File:"
-$     DEF = "SSL$CSR:*.CSR"
-$ ENDIF
-$!
-$ SAY ESC + "[''MSG_ROW';01H", CEOS
-$!
-$!------------------------------------------------------------------------------
-$! Confirm/Update the SSL Configuration Data
-$!------------------------------------------------------------------------------
-$!
-$PROMPT_LOOP:
-$!
-$ PROMPT = ESC + "[''ROW';''COL'H''PRM' ? [''DEF'] ''CEOL'"
-$ ASK "''PROMPT'" _view_file_name
-$ _view_file_name = F$EDIT (_view_file_name,"TRIM")
-$ IF _view_file_name .EQS. "" THEN _view_file_name = DEF
-$!
-$ X1 = 2
-$ Y1 = TOP_ROW
-$ X2 = TT_COLS - 2
-$ Y2 = MSG_ROW - 1
-$!
-$PICK_FILE:
-$!
-$ PICK_FILE "''_view_file_name'" 'X1' 'Y1' 'X2' 'Y2' "< Select a File >" 
-$!
-$ SAY ESC + "[''TOP_ROW';01H", CEOS
-$! 
-$ IF SSL_FILE_NAME .EQS. "" THEN GOTO EXIT
-$!
-$!------------------------------------------------------------------------------
-$! Create the Certificiate Authority
-$!------------------------------------------------------------------------------
-$!
-$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL
-$!
-$ IF P1 .EQS. "CRT"
-$ THEN 
-$     OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_X509_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_X509_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$     WRITE OFILE "$ OPENSSL x509 -noout -text -in ''SSL_FILE_NAME'"
-$     CLOSE OFILE
-$!
-$     @SYS$LOGIN:SSL_X509_'PID'.COM
-$!
-$     DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;*
-$!
-$     DEFINE /USER /NOLOG SYS$ERROR  NL:
-$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$     SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:"
-$     IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" 
-$     THEN 
-$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0
-$         THEN 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
-$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$             SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
-$             GOTO EXIT
-$         ENDIF
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
-$     ENDIF
-$!
-$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
-$     SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''SSL_FILE_NAME' >" 
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
-$     GOTO PICK_FILE
-$ ENDIF
-$!
-$ IF P1 .EQS. "CSR"
-$ THEN 
-$     OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_REQ_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_REQ_''PID'.LOG"
-$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
-$     WRITE OFILE "$ OPENSSL req -noout -text -in ''SSL_FILE_NAME'"
-$     CLOSE OFILE
-$!
-$     @SYS$LOGIN:SSL_REQ_'PID'.COM
-$!
-$     DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;*
-$!
-$     DEFINE /USER /NOLOG SYS$ERROR  NL:
-$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$     SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:"
-$     IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" 
-$     THEN 
-$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0
-$         THEN 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
-$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
-$             SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
-$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
-$             GOTO EXIT
-$         ENDIF
-$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
-$     ENDIF
-$!
-$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
-$     SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''SSL_FILE_NAME' >" 
-$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
-$     GOTO PICK_FILE
-$ ENDIF
-$!
-$ SAY ESC + "[''MSG_ROW';01H''CEOS'"
-$ SHOW_FILE "''SYS$LOGIN:SSL_FILE_NAME'" 'X1' 'Y1' 'X2' 'Y2' "< ''SSL_FILE_NAME' >"
-$ GOTO PICK_FILE
-$!
-$!------------------------------------------------------------------------------
-$! Exit the procedure
-$!------------------------------------------------------------------------------
-$!
-$EXIT:
-$!
-$ DEFINE /USER /NOLOG SYS$ERROR  NL:
-$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
-$ CLOSE OFILE
-$!
-$ IF F$TYPE (SSL_FILE_NAME) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_FILE_NAME
-$!
-$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO
-$!
-$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;*
-$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;*
-$!
-$ Verify = F$VERIFY (Verify)
-$!
-$ EXIT
--- a/VMS/install.com
+++ b/VMS/install.com
@@ -26,129 +26,47 @@ $	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
 $	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
 $	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
 $	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
-$	DEFINE/NOLOG WRK_SSLCOM WRK_SSLROOT:[COM]
 $
 $	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
 	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
 $	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
 	   CREATE/DIR/LOG WRK_SSLINCLUDE:
-$!	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
-$!	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
-$	IF F$PARSE("WRK_SSLCOM:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[COM]
+$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
 $
 $	IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
 	   DELETE WRK_SSLINCLUDE:vms_idhacks.h;*
 $
-$	OPEN/WRITE SF WRK_SSLCOM:SSL$STARTUP.COM
-$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLCOM:SSL$STARTUP.COM")," created."
-$	WRITE SF "$! Startup file for SSL 0.9.2-RL 15-Mar-1999"
+$	OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
+$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
+$	WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999"
 $	WRITE SF "$!"
 $	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
-$	WRITE SF "$! Instead, add or change SSL$COM:SSL$SYSTARTUP.COM"
+$	WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
 $	WRITE SF "$!"
+$	WRITE SF "$! P1	a qualifier to DEFINE.  For example ""/SYSTEM"" to get the logical names"
+$	WRITE SF "$!	defined in the system logical name table."
 $	WRITE SF "$!"
 $	WRITE SF "$	ARCH = ""VAX"""
 $	WRITE SF "$	IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
-$	WRITE SF "$!"
-$	WRITE SF "$ IF F$SEARCH(""SYS$STARTUP:SSL$DEFINE_ROOT.COM"") .NES."""" THEN -"
-$	WRITE SF "$	@SYS$STARTUP:SSL$DEFINE_ROOT.COM"
-$	WRITE SF "$!"
-$	WRITE SF "$!"
-$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$CERTS	SSL$ROOT:[CERTS]"
-$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$COM		SSL$ROOT:[COM]"
-$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$EXE		SSL$ROOT:['ARCH'_EXE]"
-$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$INCLUDE	SSL$ROOT:[INCLUDE]"
-$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$KEY		SSL$ROOT:[CERTS]"
-$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$PRIVATE	SSL$ROOT:[PRIVATE]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLROOT		",ROOT,".] /TRANS=CONC"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLLIB		SSLROOT:['ARCH'_LIB]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLINCLUDE	SSLROOT:[INCLUDE]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLEXE		SSLROOT:['ARCH'_EXE]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLCERTS	SSLROOT:[CERTS]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLPRIVATE	SSLROOT:[PRIVATE]"
 $	WRITE SF "$"
 $	WRITE SF "$!	This is program can include <openssl/{foo}.h>"
-$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	OPENSSL		SSL$INCLUDE:"
-$	WRITE SF "$!"
-$	WRITE SF "$	IF F$SEARCH(""SSL$COM:SSL$SYSTARTUP.COM"") .NES."""" THEN -"
-$	WRITE SF "	   @SSL$COM:SSL$SYSTARTUP.COM"
+$	WRITE SF "$	DEFINE/NOLOG'P1	OPENSSL		SSLINCLUDE:"
+$	WRITE SF "$"
+$	WRITE SF "$	IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
+$	WRITE SF "	   @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
 $	WRITE SF "$"
 $	WRITE SF "$	EXIT"
 $	CLOSE SF
-$	SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$STARTUP.COM
-$!
-$	OPEN/WRITE SF WRK_SSLCOM:SSL$SHUTDOWN.COM
-$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLCOM:SSL$SHUTDOWN.COM")," created."
-$	WRITE SF "$! Shutdown file for SSL"
-$	WRITE SF "$!"
-$	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
-$	WRITE SF "$!"
-$	WRITE SF "$	ARCH = ""VAX"""
-$	WRITE SF "$	IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
-$	WRITE SF "$!"
-$	WRITE SF "$ IF F$SEARCH(""SSL$COM:SSL$SYSHUTDOWN.COM"") .NES."""" THEN -"
-$	WRITE SF "	@SSL$COM:SSL$SYSHUTDOWN.COM"
-$	WRITE SF "$!"
-$	WRITE SF "$ IF F$TRNLNM(""SSL$CERTS"") .NES."""" THEN -"
-$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$CERTS"
-$!
-$	WRITE SF "$ IF F$TRNLNM(""SSL$COM"") .NES."""" THEN -"
-$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$COM"
-$!
-$	WRITE SF "$ IF F$TRNLNM(""SSL$EXE"") .NES."""" THEN -"
-$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$EXE"
-$!
-$	WRITE SF "$ IF F$TRNLNM(""SSL$INCLUDE"") .NES."""" THEN -"
-$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$INCLUDE"
-$!
-$	WRITE SF "$ IF F$TRNLNM(""SSL$KEY"") .NES."""" THEN -"
-$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$KEY"
-$!
-$	WRITE SF "$ IF F$TRNLNM(""SSL$PRIVATE"") .NES."""" THEN -"
-$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$PRIVATE"
-$!
-$	WRITE SF "$!"
-$	WRITE SF "$ IF F$TRNLNM(""OPENSSL"") .NES."""" THEN -"
-$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	OPENSSL"
-$	WRITE SF "$!"
-$	WRITE SF "$ IF F$TRNLNM(""SSL$ROOT"") .NES."""" THEN -"
-$	WRITE SF "	DEASSIGN/SYSTEM/EXEC SSL$ROOT"
-$	WRITE SF "$!"
-$	WRITE SF "$	EXIT"
-$	CLOSE SF
-$	SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$SHUTDOWN.COM
-$!
-$	COPY SSL$UTILS.COM WRK_SSLCOM:/LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$UTILS.COM
-$!
-$	COPY SSL$SYSTARTUP.COM WRK_SSLCOM:/LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$SYSTARTUP.COM
-$	COPY SSL$SYSHUTDOWN.COM WRK_SSLCOM:/LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$SYSHUTDOWN.COM
-$!
-$	CERT_DIR := [.CERT_TOOL]
-$	CERT_FILES := SSL$AUTH_CERT.COM,SSL$AUTO_CERT.COM,SSL$CERT_TOOL.COM, -
-		      SSL$CONF_UTIL.COM,SSL$DRAW_BOX.COM,SSL$EXIT_CMD.TPU, -
-		      SSL$FILL_BOX.COM,SSL$HASH_CERT.COM,SSL$HOSTADDR.EXE, -
-		      SSL$HOSTNAME.EXE,SSL$INIT_ENV.COM,SSL$INIT_TERM.COM, -
-		      SSL$PICK_FILE.COM,SSL$RQST_CERT.COM,SSL$SELF_CERT.COM, -
-		      SSL$SHOW_FILE.COM,SSL$SIGN_CERT.COM,SSL$VIEW_CERT.COM, -
-		      SSL$REM_ENV.COM
-$!
-$	I = 0
-$ LOOP:
-$       CF = F$EDIT(F$ELEMENT(I, ",", CERT_FILES),"TRIM")
-$       I = I + 1
-$       IF CF .EQS. "," THEN GOTO LOOP_END
-$       SET NOON
-$       IF F$SEARCH(CERT_DIR+CF) .NES. ""
-$       THEN
-$         COPY 'CERT_DIR''CF' WRK_SSLCOM:*.*/log
-$         SET FILE/PROT=W:RE WRK_SSLCOM:'CF'
-$       ENDIF
-$       SET ON
-$       GOTO LOOP
-$ LOOP_END:
-$!
-$	SHOW SYSTEM/FULL/OUTPUT=WRK_SSLROOT:[PRIVATE]RANDFILE.
-$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[PRIVATE]RANDFILE.
-$!
-$	COPY SSL010.RELEASE_NOTES WRK_SSLROOT:[000000]/LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[000000]SSL010.RELEASE_NOTES
-$!
+$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
+$
+$	COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
+$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_UTILS.COM
+$
 $	EXIT
--- a/VMS/mkshared.com
+++ b/VMS/mkshared.com
@@ -3,94 +3,16 @@ $!
 $! No command line parameters.  This should be run at the start of the source
 $! tree (the same directory where one finds INSTALL.VMS).
 $!
-$! Input:       [.UTIL]LIBEAY.NUM,[.AXP.EXE.CRYPTO]LIBCRYPTO.OLB
-$!              [.UTIL]SSLEAY.NUM,[.AXP.EXE.SSL]LIBSSL.OLB
-$! Output:      [.AXP.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
-$!              [.AXP.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
+$! Input:	[.UTIL]LIBEAY.NUM,[.AXP.EXE.CRYPTO]LIBCRYPTO.OLB
+$!		[.UTIL]SSLEAY.NUM,[.AXP.EXE.SSL]LIBSSL.OLB
+$! Output:	[.AXP.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
+$!		[.AXP.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
 $!
 $! So far, tests have only been made on VMS for Alpha.  VAX will come in time.
-$!
-$!
-$! >>>>>
-$!	Note: Since I don't know how to put a comment into one of the .NUM
-$!	      files, I will put the comment here and hope that it is found.
-$!
-$!	      For SSLEAY.NUM, we do not expose SSL_add_dir_cert_subjs_to_stk.
-$!	      We do not expose it because it is a truncated VMS name that
-$!	      points to (via SYMHACKS.H) SSL_add_dir_cert_subjects_to_stack.
-$!	      However, SSL_add_dir_cert_subjects_to_stack is #ifndef VMS
-$!	      out of SSL_CERT.C.  So, comment them all out and we won't get
-$!	      any link errors about undefined symbols.  This all works fine
-$!	      until we need this API's functionality. 
-$!
-$!	      For LIBEAY.NUM, 
-$!		ASN1_UTCTIME_GET  #if 0         [.CRYPTO.ASN1]A_UTCTM.C
-$!								[.CRYPTO.ASN1]ASN1.H
-$!
-$!		DES_SET_WEAK_KEY_FLAG           [.CRYPTO.DES]DES.H
-$!						Not used in any .C file.
-$!
-$!		DH_GET_DEFAULT_METHOD   Not found in any .C or .H file.
-$!		DH_SET_DEFAULT_METHOD   Not found in any .C or .H file.
-$!		DSA_GET_DEFAULT_METHOD  Not found in any .C or .H file.
-$!		DSA_SET_DEFAULT_METHOD  Not found in any .C or .H file.
-$!
-$!		PEM_READ_BIO_NETSCAPE_CERT_SEQUENCE     [.CRYPTO.PEM]PEM.H
-$!							[.CRYPTO]SYMHACKS.H
-$!							PEM_read_bio_NS_CERT_SEQ is not in any .C or .H file.
-$!
-$!		PEM_READ_BIO_PKCS8_PRIV_KEY_INFO        [.CRYPTO]SYMHACKS.H
-$!			#define PEM_read_bio_PKCS8_PRIV_KEY_INFO        PEM_read_bio_P8_PRIV_KEY_INFO
-$!			PEM_read_bio_P8_PRIV_KEY_INFO is not in any .C or .H file.
-$!
-$!		PEM_READ_NETSCAPE_CERT_SEQUENCE         [.CRYPTO.PEM]PEM.H
-$!							[.CRYPTO]SYMHACKS.H
-$!			#define PEM_read_NETSCAPE_CERT_SEQUENCE         PEM_read_NS_CERT_SEQ
-$!			PEM_read_NS_CERT_SEQ is not in any .C or .H file.
-$!
-$!		PEM_READ_PKCS8_PRIV_KEY_INFO            [.CRYPTO]SYMHACKS.H
-$!			#define PEM_read_PKCS8_PRIV_KEY_INFO            PEM_read_P8_PRIV_KEY_INFO
-$!			PEM_read_P8_PRIV_KEY_INFO is not in any .C or .H file.
-$!
-$!		PEM_WRITE_BIO_NETSCAPE_CERT_SEQUENCE    [.CRYPTO.PEM]PEM.H
-$!							[.CRYPTO]SYMHACKS.H
-$!			#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE    PEM_write_bio_NS_CERT_SEQ
-$!			PEM_write_bio_NS_CERT_SEQ is not in any .C or .H file.
-$!
-$!		PEM_WRITE_BIO_PKCS8_PRIV_KEY_INFO       [.CRYPTO]SYMHACKS.H
-$!			#define PEM_write_bio_PKCS8_PRIV_KEY_INFO       PEM_write_bio_P8_PRIV_KEY_INFO
-$!			PEM_write_bio_P8_PRIV_KEY_INFO is not in any .C or .H file.
-$!
-$!		PEM_WRITE_NETSCAPE_CERT_SEQUENCE        [.CRYPTO.PEM]PEM.H
-$!							[.CRYPTO]SYMHACKS.H
-$!			#define PEM_write_NETSCAPE_CERT_SEQUENCE        PEM_write_NS_CERT_SEQ
-$!			PEM_write_NS_CERT_SEQ is not in any .C or .H file.
-$!
-$!		PEM_WRITE_PKCS8_PRIV_KEY_INFO           [.CRYPTO]SYMHACKS.H
-$!			#define PEM_write_PKCS8_PRIV_KEY_INFO           PEM_write_P8_PRIV_KEY_INFO
-$!			PEM_write_P8_PRIV_KEY_INFO is not in any .C or .H file.
-$!
-$!		RAND_EVENT                              [.CRYPTO.RAND]RAND.H RAND_event is #if windows || Win32
-$!							[.CRYPTO.RAND]RAND_WIN.C
-$!							All modules in RAND_WIN are WINDOWS or WIN32 modules.
-$!
-$!		RAND_SCREEN     if Windows or Win32 - [.CRYPTO.RAND]RAND.H
-$!
-$!		RSA_GET_DEFAULT_METHOD          is not in any .C or .H file.
-$!
-$!		RSA_SET_DEFAULT_METHOD           is not in any .C or .H file.
-$!
-$!
-$!
 $! ===========================================================================
-$!
-$! Setup VMS specific information.
-$!
-$ @vms_build_info
-$!
+$
 $! ----- Prepare info for processing: version number and file info
 $ gosub read_version_info
-$!
 $ if libver .eqs. ""
 $ then
 $   write sys$error "ERROR: Couldn't find any library version info..."
@@ -102,31 +24,20 @@ $ then
 $   libid  = "Crypto"
 $   libnum = "[.UTIL]LIBEAY.NUM"
 $   libdir = "[.AXP.EXE.CRYPTO]"
-$   libolb = "''libdir'LIBCRYPTO''build_bits'.OLB"
+$   libolb = "''libdir'LIBCRYPTO.OLB"
 $   libopt = "''libdir'LIBCRYPTO.OPT"
 $   libmap = "''libdir'LIBCRYPTO.MAP"
-$   if build_bits .eqs. "32"
-$   then 
-$      libgoal= "''libdir'SSL$LIBCRYPTO_SHR''build_bits'.EXE"
-$   else
-$      libgoal= "''libdir'SSL$LIBCRYPTO_SHR.EXE"
-$   endif
+$   libgoal= "''libdir'LIBCRYPTO.EXE"
 $   libref = ""
 $   gosub create_axp_shr
 $   libid  = "SSL"
 $   libnum = "[.UTIL]SSLEAY.NUM"
 $   libdir = "[.AXP.EXE.SSL]"
-$   libolb = "''libdir'LIBSSL''build_bits'.OLB"
+$   libolb = "''libdir'LIBSSL.OLB"
 $   libopt = "''libdir'LIBSSL.OPT"
 $   libmap = "''libdir'LIBSSL.MAP"
-$   if build_bits .eqs. "32"
-$   then 
-$      libgoal= "''libdir'SSL$LIBSSL_SHR''build_bits'.EXE"
-$      libref = "[.AXP.EXE.CRYPTO]SSL$LIBCRYPTO_SHR''build_bits'.EXE"
-$   else
-$      libgoal= "''libdir'SSL$LIBSSL_SHR.EXE"
-$      libref = "[.AXP.EXE.CRYPTO]SSL$LIBCRYPTO_SHR.EXE"
-$   endif
+$   libgoal= "''libdir'LIBSSL.EXE"
+$   libref = "[.AXP.EXE.CRYPTO]LIBCRYPTO.EXE"
 $   gosub create_axp_shr
 $ else
 $   libtit = "CRYPTO_TRANSFER_VECTOR"
@@ -134,16 +45,11 @@ $   libid  = "Crypto"
 $   libnum = "[.UTIL]LIBEAY.NUM"
 $   libdir = "[.VAX.EXE.CRYPTO]"
 $   libmar = "''libdir'LIBCRYPTO.MAR"
-$   libolb = "''libdir'LIBCRYPTO''build_bits.OLB"
+$   libolb = "''libdir'LIBCRYPTO.OLB"
 $   libopt = "''libdir'LIBCRYPTO.OPT"
 $   libobj = "''libdir'LIBCRYPTO.OBJ"
 $   libmap = "''libdir'LIBCRYPTO.MAP"
-$   if build_bits .eqs. "32"
-$   then
-$      libgoal= "''libdir'SSL$LIBCRYPTO_SHR''build_bits'.EXE"
-$   else
-$      libgoal= "''libdir'SSL$LIBCRYPTO_SHR.EXE"
-$   endif
+$   libgoal= "''libdir'LIBCRYPTO.EXE"
 $   libref = ""
 $   libvec = "LIBCRYPTO"
 $   gosub create_vax_shr
@@ -152,18 +58,12 @@ $   libid  = "SSL"
 $   libnum = "[.UTIL]SSLEAY.NUM"
 $   libdir = "[.VAX.EXE.SSL]"
 $   libmar = "''libdir'LIBSSL.MAR"
-$   libolb = "''libdir'LIBSSL''build_bits'.OLB"
+$   libolb = "''libdir'LIBSSL.OLB"
 $   libopt = "''libdir'LIBSSL.OPT"
 $   libobj = "''libdir'LIBSSL.OBJ"
 $   libmap = "''libdir'LIBSSL.MAP"
-$   if build_bits .eqs. "32"
-$   then
-$      libgoal= "''libdir'SSL$LIBSSL_SHR''build_bits'.EXE"
-$      libref = "[.VAX.EXE.CRYPTO]SSL$LIBCRYPTO_SHR''build_bits'.EXE"
-$   else
-$      libgoal= "''libdir'SSL$LIBSSL_SHR.EXE"
-$      libref = "[.VAX.EXE.CRYPTO]SSL$LIBCRYPTO_SHR.EXE"
-$   endif
+$   libgoal= "''libdir'LIBSSL.EXE"
+$   libref = "[.VAX.EXE.CRYPTO]LIBCRYPTO.EXE"
 $   libvec = "LIBSSL"
 $   gosub create_vax_shr
 $ endif
@@ -183,18 +83,18 @@ $! in the .num file, check that each line applies to VMS and the architecture,
 $! and to fill in "holes" with dummy entries.
 $!
 $! The creator routines depend on the following variables:
-$! libnum       The name of the .num file to use as input
-$! libolb       The name of the object library to build from
-$! libid        The identification string of the shareable library
-$! libopt       The name of the .opt file to write
-$! libtit       The title of the assembler transfer vector file (VAX only)
-$! libmar       The name of the assembler transfer vector file (VAX only)
-$! libmap       The name of the map file to write
-$! libgoal      The name of the shareable library to write
-$! libref       The name of a shareable library to link in
+$! libnum	The name of the .num file to use as input
+$! libolb	The name of the object library to build from
+$! libid	The identification string of the shareable library
+$! libopt	The name of the .opt file to write
+$! libtit	The title of the assembler transfer vector file (VAX only)
+$! libmar	The name of the assembler transfer vector file (VAX only)
+$! libmap	The name of the map file to write
+$! libgoal	The name of the shareable library to write
+$! libref	The name of a shareable library to link in
 $!
 $! read_func_num depends on the following variables from the creator:
-$! libwriter    The name of the writer routine to call for each .num file line
+$! libwriter	The name of the writer routine to call for each .num file line
 $! -----
 $
 $! ----- Subroutines for AXP
@@ -203,7 +103,6 @@ $! The creator routine
 $ create_axp_shr:
 $   open/write opt 'libopt'
 $   write opt "identification=""",libid," ",libverstr,""""
-$   write opt "build_ident=""",build_ident,"_",build_platform,"_",build_bits,""" "
 $   write opt libolb,"/lib"
 $   if libref .nes. "" then write opt libref,"/SHARE"
 $   write opt "SYMBOL_VECTOR=(-"
@@ -238,16 +137,14 @@ $   endif
 $   if libfirstentry
 $   then
 $     write 'libwrch' "    ",libentry,"=",pr," -"
-$!DEBUG!$     write sys$output "''libentry' = ''pr' #1"
 $   else
 $     write 'libwrch' "    ,",libentry,"=",pr," -"
-$!DEBUG!$     write sys$output ",''libentry' = ''pr'"
 $   endif
 $   libfirstentry := false
 $   textcount = textcount + textcount_this
 $   return
 $
-$! ----- Subroutines for VAX
+$! ----- Subroutines for AXP
 $! -----
 $! The creator routine
 $ create_vax_shr:
@@ -256,23 +153,23 @@ $   type sys$input:/out=mar:
 ;
 ; Transfer vector for VAX shareable image
 ;
-$   write mar " .TITLE ",libtit
-$   write mar " .IDENT /",libid,"/"
+$   write mar "	.TITLE ",libtit
+$   write mar "	.IDENT /",libid,"/"
 $   type sys$input:/out=mar:
 ;
 ; Define macro to assist in building transfer vector entries.  Each entry
 ; should take no more than 8 bytes.
 ;
-        .MACRO FTRANSFER_ENTRY routine
-        .ALIGN QUAD
-        .TRANSFER routine
-        .MASK   routine
-        JMP     routine+2
-        .ENDM TRANSFER_ENTRY
+	.MACRO FTRANSFER_ENTRY routine
+	.ALIGN QUAD
+	.TRANSFER routine
+	.MASK	routine
+	JMP	routine+2
+	.ENDM FTRANSFER_ENTRY
 ;
 ; Place entries in own program section.
 ;
-$   write mar " .PSECT $$",libvec,"QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT"
+$   write mar "	.PSECT $$",libvec,",QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT"
 $   write mar libvec,"_xfer:"
 $   libwrch   := mar
 $   libwriter := write_vax_ftransfer_entry
@@ -281,10 +178,10 @@ $   type sys$input:/out=mar:
 ;
 ; Allocate extra storage at end of vector to allow for expansion.
 ;
-$   write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total."
-$   libwriter := write_vax_vtransfer_entry
-$   gosub read_func_num
-$   write mar " .END"
+$   write mar "	.BLKB 32768-<.-",libvec,"_xfer>	; 64 pages total."
+$!   libwriter := write_vax_vtransfer_entry
+$!   gosub read_func_num
+$   write mar "	.END"
 $   close mar
 $   open/write opt 'libopt'
 $   write opt "identification=""",libid," ",libverstr,""""
@@ -305,7 +202,7 @@ $   type sys$input:/out=opt:
 PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
 $   libwrch   := opt
 $   libwriter := write_vax_psect_attr
-$   gosub read_var_num
+$   gosub read_func_num
 $   close opt
 $   macro/obj='libobj' 'libmar'
 $   link/map='libmap'/full/share='libgoal' 'libopt'/option
@@ -316,9 +213,9 @@ $ write_vax_ftransfer_entry:
 $   if info_kind .nes. "FUNCTION" then return
 $   if libentry .eqs ".dummy"
 $   then
-$     write 'libwrch' " .BLKB 8" ! Dummy is zeroes...
+$     write 'libwrch' "	.BLKB 8" ! Dummy is zeroes...
 $   else
-$     write 'libwrch' " FTRANSFER_ENTRY ",libentry
+$     write 'libwrch' "	FTRANSFER_ENTRY ",libentry
 $   endif
 $   return
 $! The record writer routine for VAX variables (should never happen!)
@@ -348,16 +245,6 @@ $     info_exist=f$element(0,":",entryinfo)
 $     info_platforms=","+f$element(1,":",entryinfo)+","
 $     info_kind=f$element(2,":",entryinfo)
 $     info_algorithms=","+f$element(3,":",entryinfo)+","
-$!
-$!DEBUG!$ write sys$output " Processing ... ", line
-$!DEBUG!$ write sys$output "Entry num = ",entrynum
-$!DEBUG!$ write sys$output "Entry info = ",entryinfo
-$!DEBUG!$ write sys$output "Cur Entry = ",curentry
-$!DEBUG!$ write sys$output "info exist = ",info_exist
-$!DEBUG!$ write sys$output "info platforms = ",info_platforms
-$!DEBUG!$ write sys$output "info kind = ",info_kind
-$!DEBUG!$ write sys$output "info algs = ",info_algorithms
-$!
 $     if info_exist .eqs. "NOEXIST" then goto loop
 $     truesum = 0
 $     falsesum = 0
@@ -365,15 +252,10 @@ $     negatives = 1
 $     plat_i = 0
 $     loop1:
 $       plat_entry = f$element(plat_i,",",info_platforms)
-$!DEBUG!$ write sys$output "plat entry = ",plat_entry
-$! 
 $       plat_i = plat_i + 1
-$!DEBUG!$ write sys$output "plat i = ", plat_i
 $       if plat_entry .eqs. "" then goto loop1
-$       if plat_entry .eqs. ","
+$       if plat_entry .nes. ","
 $       then
-$	  goto endloop1
-$       else
 $         if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
 $         if f$getsyi("CPU") .lt. 128
 $         then
@@ -382,48 +264,30 @@ $             truesum = truesum + 1
 $           if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
 $             falsesum = falsesum + 1
 $         endif
-$         if plat_entry .eqs. "VMS" 
-$	  then 
-$		truesum = truesum + 1
-$!DEBUG!$		write sys$output "plat_entry = VMS"
-$         endif
-$!
-$         if plat_entry .eqs. "!VMS" 
-$	  then 
-$		falsesum = falsesum + 1
-$!DEBUG!$		write sys$output "plat_entry <> VMS"
-$         endif
+$         if plat_entry .eqs. "VMS" then truesum = truesum + 1
+$         if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1
+$	  goto loop1
 $       endif
-$       goto loop1
-$! 
 $     endloop1:
 $!DEBUG!$     if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
 $!DEBUG!$     then
 $!DEBUG!$       write sys$output line
 $!DEBUG!$       write sys$output "        truesum = ",truesum,-
-$!DEBUG!                ", negatives = ",negatives,", falsesum = ",falsesum
+$!DEBUG!		", negatives = ",negatives,", falsesum = ",falsesum
 $!DEBUG!$     endif
 $     if falsesum .ne. 0 then goto loop
-$     if truesum+negatives .eq. 0 
-$     then
-$!DEBUG!$	write sys$output "truesum+negatives .eq. 0. Going to loop." 
-$	goto loop
-$     endif
+$     if truesum+negatives .eq. 0 then goto loop
 $     alg_i = 0
 $     loop2:
 $       alg_entry = f$element(alg_i,",",info_algorithms)
-$!DEBUG!$ write sys$output "alg entry = ",alg_entry
-$       alg_i = alg_i + 1
+$	alg_i = alg_i + 1
 $       if alg_entry .eqs. "" then goto loop2
-$       if alg_entry .eqs. ","
+$       if alg_entry .nes. ","
 $       then
-$	  goto endloop2
-$       else
 $         if alg_entry .eqs. "KRB5" then goto loop ! Special for now
 $         if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
+$	  goto loop2
 $       endif
-$	goto loop2
-$!
 $     endloop2:
 $     if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
 $     then
@@ -459,16 +323,15 @@ $     goto 'next'
 $   loop_end:
 $   close libnum
 $   return
-$!
+$
 $! The version number reader
-$!
-$read_version_info:
+$ read_version_info:
 $   libver = ""
 $   open/read vf [.CRYPTO]OPENSSLV.H
 $   loop_rvi:
 $     read/err=endloop_rvi/end=endloop_rvi vf rvi_line
 $     if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -
-        goto loop_rvi
+	goto loop_rvi
 $     libverstr = f$element(1,"""",rvi_line)
 $     libvmajor = f$element(0,".",libverstr)
 $     libvminor = f$element(1,".",libverstr)
@@ -476,7 +339,7 @@ $     libvedit = f$element(2,".",libverstr)
 $     libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@")
 $     libvedit = f$extract(0,1,libvedit)
 $     libver = f$string(f$int(libvmajor)*100)+","+-
-        f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch))
+	f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch))
 $     if libvmajor .eqs. "0"
 $     then
 $       libvmatch = "EQUAL"
--- a/VMS/ssl$syshutdown.com
+++ b/VMS/ssl$syshutdown.com
@@ -1,8 +0,0 @@
-$!
-$! SSL$SYSHUTDOWN.COM - This command procedure is used for site specific SSL
-$!			shutdown tasks.  Anything setup in SSL$SYSTARTUP.COM
-$!			should be cleaned up in this command procedure.
-$!
-$ DEASSIGN/SYSTEM/EXEC  RANDFILE
-$ DEASSIGN/SYSTEM/EXEC  SSL$RANDFILE
-$!
--- a/VMS/ssl$systartup.com
+++ b/VMS/ssl$systartup.com
@@ -1,7 +0,0 @@
-$!
-$!
-$!  Add logical to aid random number generators.  --  http://www.free.lp.se/openssl/docs/openssl3.html#ss3.1
-$!
-$ DEFINE/SYSTEM/EXEC  RANDFILE		SSL$ROOT:[PRIVATE]RANDFILE.;
-$ DEFINE/SYSTEM/EXEC  SSL$RANDFILE	SSL$ROOT:[PRIVATE]RANDFILE.;
-$!
--- a/VMS/ssl$utils.com
+++ b/VMS/ssl$utils.com
@@ -1,76 +0,0 @@
-$!
-$!  APPS.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!
-$! Slightly modified by Richard Levitte <richard@levitte.org>
-$!
-$ IF P1 .NES. "" THEN GOTO 'P1
-$!
-$DEFINE:
-$!
-$ OPENSSL  :== $SSL$EXE:OPENSSL
-$ VERIFY   :== $SSL$EXE:OPENSSL VERIFY
-$ ASN1PARSE:== $SSL$EXE:OPENSSL ASN1PARS
-$ REQ      :== $SSL$EXE:OPENSSL REQ
-$ DGST     :== $SSL$EXE:OPENSSL DGST
-$ DH       :== $SSL$EXE:OPENSSL DH
-$ ENC      :== $SSL$EXE:OPENSSL ENC
-$ GENDH    :== $SSL$EXE:OPENSSL GENDH
-$ ERRSTR   :== $SSL$EXE:OPENSSL ERRSTR
-$ CA       :== $SSL$EXE:OPENSSL CA
-$ CRL      :== $SSL$EXE:OPENSSL CRL
-$ RSA      :== $SSL$EXE:OPENSSL RSA
-$ DSA      :== $SSL$EXE:OPENSSL DSA
-$ DSAPARAM :== $SSL$EXE:OPENSSL DSAPARAM
-$ X509     :== $SSL$EXE:OPENSSL X509
-$ GENRSA   :== $SSL$EXE:OPENSSL GENRSA
-$ GENDSA   :== $SSL$EXE:OPENSSL GENDSA
-$ S_SERVER :== $SSL$EXE:OPENSSL S_SERVER
-$ S_CLIENT :== $SSL$EXE:OPENSSL S_CLIENT
-$ SPEED    :== $SSL$EXE:OPENSSL SPEED
-$ S_TIME   :== $SSL$EXE:OPENSSL S_TIME
-$ VERSION  :== $SSL$EXE:OPENSSL VERSION
-$ PKCS7    :== $SSL$EXE:OPENSSL PKCS7
-$ CRL2PKCS7:== $SSL$EXE:OPENSSL CRL2P7
-$ SESS_ID  :== $SSL$EXE:OPENSSL SESS_ID
-$ CIPHERS  :== $SSL$EXE:OPENSSL CIPHERS
-$ NSEQ     :== $SSL$EXE:OPENSSL NSEQ
-$ PKCS12   :== $SSL$EXE:OPENSSL PKCS12
-$!
-$EXIT
-$!
-$REMOVE:
-$ DELETE/SYMBOL/GLOBAL OPENSSL
-$ DELETE/SYMBOL/GLOBAL VERIFY
-$ DELETE/SYMBOL/GLOBAL ASN1PARSE
-$ DELETE/SYMBOL/GLOBAL REQ
-$ DELETE/SYMBOL/GLOBAL DGST
-$ DELETE/SYMBOL/GLOBAL DH
-$ DELETE/SYMBOL/GLOBAL ENC
-$ DELETE/SYMBOL/GLOBAL GENDH
-$ DELETE/SYMBOL/GLOBAL ERRSTR
-$ DELETE/SYMBOL/GLOBAL CA
-$ DELETE/SYMBOL/GLOBAL CRL
-$ DELETE/SYMBOL/GLOBAL RSA
-$ DELETE/SYMBOL/GLOBAL DSA
-$ DELETE/SYMBOL/GLOBAL DSAPARAM
-$ DELETE/SYMBOL/GLOBAL X509
-$ DELETE/SYMBOL/GLOBAL GENRSA
-$ DELETE/SYMBOL/GLOBAL GENDSA
-$ DELETE/SYMBOL/GLOBAL S_SERVER
-$ DELETE/SYMBOL/GLOBAL S_CLIENT
-$ DELETE/SYMBOL/GLOBAL SPEED
-$ DELETE/SYMBOL/GLOBAL S_TIME
-$ DELETE/SYMBOL/GLOBAL VERSION
-$ DELETE/SYMBOL/GLOBAL PKCS7
-$ DELETE/SYMBOL/GLOBAL CRL2PKCS7
-$ DELETE/SYMBOL/GLOBAL SESS_ID
-$ DELETE/SYMBOL/GLOBAL CIPHERS
-$ DELETE/SYMBOL/GLOBAL NSEQ
-$ DELETE/SYMBOL/GLOBAL PKCS12
-$!
-$EXIT
--- a/VMS/ssl010.release_notes
+++ b/VMS/ssl010.release_notes
@@ -1,25 +0,0 @@
-
-      Compaq SSL for OpenVMS Alpha
-
-      Field Test Release Notes
-
-      February 2002
-
-      Based on OpenSSL 0.9.6B
-
-      Compaq SSL T1.0 for OpenVMS Alpha
-      CPQ-AXPVMS-SSL-T0100--1.PCSI-DCX-AXPEXE
-
-      ----------------------------------------------
-
-      Compaq is pleased to provide you with the first release of Compaq
-      SSL for OpenVMS Alpha.  Compaq SSL (Secure Sockets Layer)
-      is based on the 0.9.6B release from the Open Group.  See
-      http://www.openssl.org for more information about OpenSSL.
-
-      Documentation for this kit, including installation and configuration
-      information, release notes, a programming tutorial and API reference,
-      is included in "Open Source Security for OpenVMS Alpha
-      Volume 2: SSL" in HTML, PDF, and PostScript format. This document
-      is included on the OpenVMS field test documentation CD-ROM.
-
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -129,7 +129,11 @@
 #ifdef OPENSSL_SYS_WINDOWS
 #define strcasecmp _stricmp
 #else
-#include <strings.h>
+#  ifdef NO_STRINGS_H
+    int	strcasecmp();
+#  else
+#    include <strings.h>
+#  endif /* NO_STRINGS_H */
 #endif

 #ifdef OPENSSL_SYS_WINDOWS
@@ -310,9 +314,16 @@ void program_name(char *in, char *out, int size)

 	q=strrchr(p,'.');
 	if (q == NULL)
-		q = in+size;
-	strncpy(out,p,q-p);
-	out[q-p]='\0';
+		q = p + strlen(p);
+	strncpy(out,p,size-1);
+	if (q-p >= size)
+		{
+		out[size-1]='\0';
+		}
+	else
+		{
+		out[q-p]='\0';
+		}
 	}
 #else
 void program_name(char *in, char *out, int size)
@@ -483,7 +494,7 @@ static int ui_close(UI *ui)
 	{
 	return UI_method_get_closer(UI_OpenSSL())(ui);
 	}
-int setup_ui_method()
+int setup_ui_method(void)
 	{
 	ui_method = UI_create_method("OpenSSL application user interface");
 	UI_method_set_opener(ui_method, ui_open);
@@ -492,7 +503,7 @@ int setup_ui_method()
 	UI_method_set_closer(ui_method, ui_close);
 	return 0;
 	}
-void destroy_ui_method()
+void destroy_ui_method(void)
 	{
 	if(ui_method)
 		{
@@ -918,7 +929,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
 	}

 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-EVP_PKEY *
+static EVP_PKEY *
 load_netscape_key(BIO *err, BIO *key, const char *file,
 		const char *key_descrip, int format)
 	{
@@ -1206,7 +1217,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T

 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 {
-	char buf[256];
+	char *buf;
 	char mline = 0;
 	int indent = 0;
 	if(title) BIO_puts(out, title);
@@ -1215,9 +1226,10 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 		indent = 4;
 	}
 	if(lflags == XN_FLAG_COMPAT) {
-		X509_NAME_oneline(nm,buf,256);
-		BIO_puts(out,buf);
+		buf = X509_NAME_oneline(nm, 0, 0);
+		BIO_puts(out, buf);
 		BIO_puts(out, "\n");
+		OPENSSL_free(buf);
 	} else {
 		if(mline) BIO_puts(out, "\n");
 		X509_NAME_print_ex(out, nm, indent, lflags);
@@ -1256,7 +1268,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
 }

 /* Try to load an engine in a shareable library */
-ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
 	{
 	ENGINE *e = ENGINE_by_id("dynamic");
 	if (e)
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -134,10 +134,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
                                       * (see e_os.h).  The string is
                                       * destroyed! */

-#ifdef OPENSSL_NO_STDIO
-BIO_METHOD *BIO_s_file();
-#endif
-
 #ifdef OPENSSL_SYS_WIN32
 #define rename(from,to) WIN32_rename((from),(to))
 int WIN32_rename(char *oldname,char *newname);
@@ -217,8 +213,8 @@ typedef struct pw_cb_data
 int password_callback(char *buf, int bufsiz, int verify,
 	PW_CB_DATA *cb_data);

-int setup_ui_method();
-void destroy_ui_method();
+int setup_ui_method(void);
+void destroy_ui_method(void);

 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -184,7 +184,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
+		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   length of section in file\n");
@@ -195,7 +195,6 @@ bad:
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
-		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}

--- a/apps/ca.c
+++ b/apps/ca.c
@@ -80,7 +80,11 @@
 #ifdef OPENSSL_SYS_WINDOWS
 #define strcasecmp _stricmp
 #else
-#include <strings.h>
+#  ifdef NO_STRINGS_H
+    int	strcasecmp();
+#  else
+#    include <strings.h>
+#  endif /* NO_STRINGS_H */
 #endif

 #ifndef W_OK
@@ -1450,13 +1454,13 @@ bad:
 			}
 		if ((crldays == 0) && (crlhours == 0))
 			{
-			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
+			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
 			goto err;
 			}

 		if (verbose) BIO_printf(bio_err,"making CRL\n");
 		if ((crl=X509_CRL_new()) == NULL) goto err;
-		if (!X509_CRL_set_issuer_name(crl, X509_get_issuer_name(x509))) goto err;
+		if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;

 		tmptm = ASN1_TIME_new();
 		if (!tmptm) goto err;
@@ -1509,11 +1513,6 @@ bad:
 			if (pkey->type == EVP_PKEY_DSA) 
 				dgst=EVP_dss1();
 			else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey->type == EVP_PKEY_ECDSA)
-				dgst=EVP_ecdsa();
-			else
 #endif
 				dgst=EVP_md5();
 			}
@@ -1573,6 +1572,10 @@ bad:
 				}
 			j=TXT_DB_write(out,db);
 			if (j <= 0) goto err;
+			BIO_free_all(out);
+			out = NULL;
+			BIO_free_all(in);
+			in = NULL;
 			strncpy(buf[1],dbfile,BSIZE-4);
 			buf[1][BSIZE-4]='\0';
 #ifndef OPENSSL_SYS_VMS
@@ -1580,10 +1583,6 @@ bad:
 #else
 			strcat(buf[1],"-old");
 #endif
-			BIO_free(in);
-			in = NULL;
-			BIO_free(out);
-			out = NULL;
 			if (rename(dbfile,buf[1]) < 0)
 				{
 				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
@@ -2289,16 +2288,6 @@ again2:
 		EVP_PKEY_copy_parameters(pktmp,pkey);
 	EVP_PKEY_free(pktmp);
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	if (pkey->type == EVP_PKEY_ECDSA)
-		dgst = EVP_ecdsa();
-	pktmp = X509_get_pubkey(ret);
-	if (EVP_PKEY_missing_parameters(pktmp) &&
-		!EVP_PKEY_missing_parameters(pkey))
-		EVP_PKEY_copy_parameters(pktmp, pkey);
-	EVP_PKEY_free(pktmp);
-#endif
-

 	if (!X509_sign(ret,pkey,dgst))
 		goto err;
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -73,8 +73,9 @@
 #undef PROG
 #define PROG	dgst_main

-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-		EVP_PKEY *key, unsigned char *sigin, int siglen);
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+	  const char *file);

 int MAIN(int, char **);

@@ -319,22 +320,36 @@ int MAIN(int argc, char **argv)
 	if (argc == 0)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
+		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
+			  siglen,"","(stdin)");
 		}
 	else
 		{
 		name=OBJ_nid2sn(md->type);
 		for (i=0; i<argc; i++)
 			{
+			char *tmp,*tofree=NULL;
+			int r;
+
 			if (BIO_read_filename(in,argv[i]) <= 0)
 				{
 				perror(argv[i]);
 				err++;
 				continue;
 				}
-			if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
-			do_fp(out, buf,inp,separator, out_bin, sigkey, 
-								sigbuf, siglen);
+			if(!out_bin)
+				{
+				tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
+				sprintf(tmp,"%s(%s)= ",name,argv[i]);
+				}
+			else
+				tmp="";
+			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
+				siglen,tmp,argv[i]);
+			if(r)
+			    err=r;
+			if(tofree)
+				OPENSSL_free(tofree);
 			(void)BIO_reset(bmd);
 			}
 		}
@@ -353,8 +368,9 @@ end:
 	EXIT(err);
 	}

-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-			EVP_PKEY *key, unsigned char *sigin, int siglen)
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+	  const char *file)
 	{
 	int len;
 	int i;
@@ -362,21 +378,33 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
-		if (i <= 0) break;
+		if(i < 0)
+			{
+			BIO_printf(bio_err, "Read Error in %s\n",file);
+			ERR_print_errors(bio_err);
+			return 1;
+			}
+		if (i == 0) break;
 		}
 	if(sigin)
 		{
 		EVP_MD_CTX *ctx;
 		BIO_get_md_ctx(bp, &ctx);
 		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 
-		if(i > 0) BIO_printf(out, "Verified OK\n");
-		else if(i == 0) BIO_printf(out, "Verification Failure\n");
+		if(i > 0)
+			BIO_printf(out, "Verified OK\n");
+		else if(i == 0)
+			{
+			BIO_printf(out, "Verification Failure\n");
+			return 1;
+			}
 		else
 			{
 			BIO_printf(bio_err, "Error Verifying Data\n");
 			ERR_print_errors(bio_err);
+			return 1;
 			}
-		return;
+		return 0;
 		}
 	if(key)
 		{
@@ -386,7 +414,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			{
 			BIO_printf(bio_err, "Error Signing Data\n");
 			ERR_print_errors(bio_err);
-			return;
+			return 1;
 			}
 		}
 	else
@@ -395,6 +423,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	if(binout) BIO_write(out, buf, len);
 	else 
 		{
+		BIO_write(out,title,strlen(title));
 		for (i=0; i<len; i++)
 			{
 			if (sep && (i != 0))
@@ -403,5 +432,6 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			}
 		BIO_printf(out, "\n");
 		}
+	return 0;
 	}

--- a/apps/ecdsa.c
+++ b/apps/ecdsa.c
@@ -1,445 +0,0 @@
-/* apps/ecdsa.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_ECDSA
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/ecdsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	ecdsa_main
-
-/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- * -des		- encrypt output if PEM format with DES in cbc mode
- * -des3	- encrypt output if PEM format
- * -idea	- encrypt output if PEM format
- * -aes128	- encrypt output if PEM format
- * -aes192	- encrypt output if PEM format
- * -aes256	- encrypt output if PEM format
- * -text	- print a text version
- * -pub		- print the ECDSA public key
- * -compressed  - print the public key in compressed form ( default )   
- * -hybrid 	- print the public key in hybrid form
- * -uncompressed - print the public key in uncompressed form
- *		  the last three options ( compressed, hybrid and uncompressed )
- *		  are only used if the "-pub" option is also selected.
- *	  	  For a precise description of the the meaning of compressed,
- *		  hybrid and uncompressed please refer to the X9.62 standart.
- *		  All three forms represents ways to express the ecdsa public
- *		  key ( a point on a elliptic curve ) as octet string. Let len be
- *		  the length ( in bytes ) of an element of the field over which
- *		  the curve is defined, then a compressed octet string has the form
- *		  0x02 + result of BN_bn2bin() of the x coordinate of the public key
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-	ENGINE 	*e = NULL;
-	int 	ret = 1;
-	ECDSA 	*ecdsa = NULL;
-	int 	i, badops = 0;
-	const EVP_CIPHER *enc = NULL;
-	BIO 	*in = NULL, *out = NULL;
-	int 	informat, outformat, text=0, noout=0;
-	int  	pubin = 0, pubout = 0;
-	char 	*infile, *outfile, *prog, *engine;
-	char 	*passargin = NULL, *passargout = NULL;
-	char 	*passin = NULL, *passout = NULL;
-	int 	pub = 0, point_form = 0;
-	unsigned char *buffer = NULL;
-	unsigned int  buf_len = 0;
-	BIGNUM	*tmp_bn = NULL;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	engine = NULL;
-	infile = NULL;
-	outfile = NULL;
-	informat = FORMAT_PEM;
-	outformat = FORMAT_PEM;
-
-	prog = argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-	{
-		if (strcmp(*argv,"-inform") == 0)
-		{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-		}
-		else if (strcmp(*argv,"-outform") == 0)
-		{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-		}
-		else if (strcmp(*argv,"-in") == 0)
-		{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-		}
-		else if (strcmp(*argv,"-out") == 0)
-		{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-		}
-		else if (strcmp(*argv,"-passin") == 0)
-		{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-		}
-		else if (strcmp(*argv,"-passout") == 0)
-		{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-		}
-		else if (strcmp(*argv, "-engine") == 0)
-		{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-		}
-		else if (strcmp(*argv, "-noout") == 0)
-			noout = 1;
-		else if (strcmp(*argv, "-text") == 0)
-			text = 1;
-		else if (strcmp(*argv, "-pub") == 0)
-		{
-			pub = 1;
-			buffer = (unsigned char *)(*(argv+1));
-			if (strcmp((char *)buffer, "compressed") == 0)
-				point_form = POINT_CONVERSION_COMPRESSED;
-			else if (strcmp((char *)buffer, "hybrid") == 0)
-				point_form = POINT_CONVERSION_HYBRID;
-			else if (strcmp((char *)buffer, "uncompressed") == 0)
-				point_form = POINT_CONVERSION_UNCOMPRESSED;
-			if (point_form)
-			{
-				argc--;
-				argv++;
-			}
-		}
-		else if (strcmp(*argv, "-pubin") == 0)
-			pubin=1;
-		else if (strcmp(*argv, "-pubout") == 0)
-			pubout=1;
-		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
-		{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-		}
-		argc--;
-		argv++;
-	}
-
-	if (badops)
-	{
-bad:
-		BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, " -inform arg     input format - DER or PEM\n");
-		BIO_printf(bio_err, " -outform arg    output format - DER or PEM\n");
-		BIO_printf(bio_err, " -in arg         input file\n");
-		BIO_printf(bio_err, " -passin arg     input file pass phrase source\n");
-		BIO_printf(bio_err, " -out arg        output file\n");
-		BIO_printf(bio_err, " -passout arg    output file pass phrase source\n");
-		BIO_printf(bio_err, " -engine e       use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err, " -des            encrypt PEM output with cbc des\n");
-		BIO_printf(bio_err, " -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
-		BIO_printf(bio_err, " -idea           encrypt PEM output with cbc idea\n");
-#endif
-#ifndef OPENSSL_NO_AES
-		BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
-		BIO_printf(bio_err, "                 encrypt PEM output with cbc aes\n");
-#endif
-		BIO_printf(bio_err, " -text           print the key in text\n");
-		BIO_printf(bio_err, " -noout          don't print key out\n");
-		BIO_printf(bio_err, " -pub [compressed | hybrid | uncompressed] \n");
-		BIO_printf(bio_err, "         compressed     print the public key in compressed form ( default )\n");   
-		BIO_printf(bio_err, "         hybrid         print the public key in hybrid form\n");
- 		BIO_printf(bio_err, "         uncompressed   print the public key in uncompressed form\n");
-		goto end;
-	}
-
-	ERR_load_crypto_strings();
-
-        e = setup_engine(bio_err, engine, 0);
-
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
-	{
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-	}
-
-	in = BIO_new(BIO_s_file());
-	out = BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-	{
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-	{
-		if (BIO_read_filename(in,infile) <= 0)
-		{
-			perror(infile);
-			goto end;
-		}
-	}
-
-	BIO_printf(bio_err,"read ECDSA key\n");
-	if (informat == FORMAT_ASN1) 
-	{
-		if (pubin) 
-			ecdsa = d2i_ECDSA_PUBKEY_bio(in, NULL);
-		else 
-			ecdsa = d2i_ECDSAPrivateKey_bio(in, NULL);
-	} else if (informat == FORMAT_PEM) 
-	{
-		if (pubin) 
-			ecdsa = PEM_read_bio_ECDSA_PUBKEY(in, NULL, NULL, NULL);
-		else 
-			ecdsa = PEM_read_bio_ECDSAPrivateKey(in, NULL, NULL, passin);
-	} else
-	{
-		BIO_printf(bio_err, "bad input format specified for key\n");
-		goto end;
-	}
-	if (ecdsa == NULL)
-	{
-		BIO_printf(bio_err,"unable to load Key\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if (outfile == NULL)
-	{
-		BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-	else
-	{
-		if (BIO_write_filename(out, outfile) <= 0)
-		{
-			perror(outfile);
-			goto end;
-		}
-	}
-
-	if (text) 
-		if (!ECDSA_print(out, ecdsa, 0))
-		{
-			perror(outfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-
-	if (pub)
-	{
-		fprintf(stdout, "Public Key (");
-		if (point_form == POINT_CONVERSION_COMPRESSED)
-			fprintf(stdout, "COMPRESSED");
-		else if (point_form == POINT_CONVERSION_UNCOMPRESSED)
-			fprintf(stdout, "UNCOMPRESSED");
-		else if (point_form == POINT_CONVERSION_HYBRID)
-			fprintf(stdout, "HYBRID");
-		fprintf(stdout, ")=");
-		buf_len = EC_POINT_point2oct(ecdsa->group, EC_GROUP_get0_generator(ecdsa->group),
-					     point_form, NULL, 0, NULL);
-		if (!buf_len)
-		{
-			BIO_printf(bio_err,"invalid public key length\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		if ((tmp_bn = BN_new()) == NULL ||
-		    (buffer = OPENSSL_malloc(buf_len)) == NULL) goto end;
-		if (!EC_POINT_point2oct(ecdsa->group, EC_GROUP_get0_generator(ecdsa->group),
-					     point_form, buffer, buf_len, NULL) ||
-		    !BN_bin2bn(buffer, buf_len, tmp_bn))
-		{
-			BIO_printf(bio_err,"can not encode public key\n");
-			ERR_print_errors(bio_err);
-			OPENSSL_free(buffer);
-			goto end;
-		}
-		BN_print(out, tmp_bn);
-		fprintf(stdout,"\n");
-	}
-
-	if (noout) 
-		goto end;
-	BIO_printf(bio_err, "writing ECDSA key\n");
-	if (outformat == FORMAT_ASN1) 
-	{
-		if(pubin || pubout) 
-			i = i2d_ECDSA_PUBKEY_bio(out, ecdsa);
-		else 
-			i = i2d_ECDSAPrivateKey_bio(out, ecdsa);
-	} else if (outformat == FORMAT_PEM) 
-	{
-		if(pubin || pubout)
-			i = PEM_write_bio_ECDSA_PUBKEY(out, ecdsa);
-		else 
-			i = PEM_write_bio_ECDSAPrivateKey(out, ecdsa, enc,
-							NULL, 0, NULL, passout);
-	} else 
-	{
-		BIO_printf(bio_err, "bad output format specified for outfile\n");
-		goto end;
-	}
-	if (!i)
-	{
-		BIO_printf(bio_err, "unable to write private key\n");
-		ERR_print_errors(bio_err);
-	}
-	else
-		ret=0;
-end:
-	if (in) 	BIO_free(in);
-	if (out)	BIO_free_all(out);
-	if (ecdsa) 	ECDSA_free(ecdsa);
-	if (tmp_bn)	BN_free(tmp_bn);
-	if (passin) 	OPENSSL_free(passin);
-	if (passout) 	OPENSSL_free(passout);
-	apps_shutdown();
-	EXIT(ret);
-}
-#endif
--- a/apps/ecdsaparam.c
+++ b/apps/ecdsaparam.c
@@ -1,660 +0,0 @@
-/* apps/ecdsaparam.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_ECDSA
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	ecdsaparam_main
-
-/* -inform arg	  	- input format - default PEM (DER or PEM)
- * -outform arg 	- output format - default PEM
- * -in arg		- input file  - default stdin
- * -out arg		- output file - default stdout
- * -noout
- * -text
- * -check               - validate the ec parameters
- * -C
- * -noout
- * -genkey		- generate a private public keypair based on the supplied curve
- * -named_curve		- use the curve oid instead of the parameters
- * -NIST_192		- use the NIST recommended curve parameters over a 192 bit prime field
- * -NIST_224		- use the NIST recommended curve parameters over a 224 bit prime field
- * -NIST_256		- use the NIST recommended curve parameters over a 256 bit prime field
- * -NIST_384		- use the NIST recommended curve parameters over a 384 bit prime field
- * -NIST_521		- use the NIST recommended curve parameters over a 521 bit prime field
- * -X9_62_192v1		- use the X9_62 192v1 example curve over a 192 bit prime field
- * -X9_62_192v2		- use the X9_62 192v2 example curve over a 192 bit prime field
- * -X9_62_192v3		- use the X9_62 192v3 example curve over a 192 bit prime field
- * -X9_62_239v1		- use the X9_62 239v1 example curve over a 239 bit prime field
- * -X9_62_239v2		- use the X9_62 239v2 example curve over a 239 bit prime field
- * -X9_62_239v3		- use the X9_62 239v3 example curve over a 239 bit prime field
- * -X9_62_256v1		- use the X9_62 239v1 example curve over a 256 bit prime field
- * -SECG_PRIME_112R1    - use the SECG 112r1 recommended curve over a 112 bit prime field
- * -SECG_PRIME_112R2    - use the SECG 112r2 recommended curve over a 112 bit prime field
- * -SECG_PRIME_128R1    - use the SECG 128r1 recommended curve over a 128 bit prime field
- * -SECG_PRIME_128R2    - use the SECG 128r2 recommended curve over a 128 bit prime field
- * -SECG_PRIME_160K1    - use the SECG 160k1 recommended curve over a 160 bit prime field
- * -SECG_PRIME_160R1    - use the SECG 160r1 recommended curve over a 160 bit prime field
- * -SECG_PRIME_160R2    - use the SECG 160r2 recommended curve over a 160 bit prime field
- * -SECG_PRIME_192K1    - use the SECG 192k1 recommended curve over a 192 bit prime field
- * -SECG_PRIME_192R1    - use the SECG 192r1 recommended curve over a 192 bit prime field
- * -SECG_PRIME_224K1    - use the SECG 224k1 recommended curve over a 224 bit prime field
- * -SECG_PRIME_224R1    - use the SECG 224r1 recommended curve over a 224 bit prime field
- * -SECG_PRIME_256K1    - use the SECG 256k1 recommended curve over a 256 bit prime field
- * -SECG_PRIME_256R1    - use the SECG 256r1 recommended curve over a 256 bit prime field
- * -SECG_PRIME_384R1    - use the SECG 384r1 recommended curve over a 384 bit prime field
- * -SECG_PRIME_521R1    - use the SECG 521r1 recommended curve over a 521 bit prime field
- * -WTLS_6              - use the WAP/WTLS recommended curve number 6 over a 112 bit field
- * -WTLS_8              - use the WAP/WTLS recommended curve number 8 over a 112 bit field
- * -WTLS_9              - use the WAP/WTLS recommended curve number 9 over a 160 bit field
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-	ENGINE 	*e = NULL;
-	ECDSA 	*ecdsa = NULL;
-	int 	i, badops = 0, text = 0;
-	BIO 	*in = NULL, *out = NULL;
-	int 	informat, outformat, noout = 0, C = 0, ret = 1;
-	char 	*infile, *outfile, *prog, *inrand = NULL;
-	int 	genkey = 0;
-	int	check = 0;
-	int 	need_rand = 0;
-	char 	*engine=NULL;
-	int	curve_type = EC_GROUP_NO_CURVE;
-	int	named_curve = 0;
-	BIGNUM	*tmp_1 = NULL, *tmp_2 = NULL, *tmp_3 = NULL, *tmp_4 = NULL, *tmp_5 = NULL,
-		*tmp_6 = NULL, *tmp_7 = NULL;
-	BN_CTX	*ctx = NULL;
-	EC_POINT *point = NULL;
-	unsigned char *data = NULL;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-		{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-		}
-		else if (strcmp(*argv,"-outform") == 0)
-		{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-		}
-		else if (strcmp(*argv,"-in") == 0)
-		{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-		}
-		else if (strcmp(*argv,"-out") == 0)
-		{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-		}
-		else if(strcmp(*argv, "-engine") == 0)
-		{
-			if (--argc < 1) goto bad;
-			engine = *(++argv);
-		}
-		else if (strcmp(*argv,"-text") == 0)
-			text = 1;
-		else if (strcmp(*argv,"-C") == 0)
-			C = 1;
-		else if (strcmp(*argv,"-check") == 0)
-			check = 1;
-		else if (strcmp(*argv,"-genkey") == 0)
-		{
-			genkey = 1;
-			need_rand = 1;
-		}
-		else if (strcmp(*argv,"-rand") == 0)
-		{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			need_rand=1;
-		}
-		else if (strcmp(*argv, "-named_curve") == 0)
-			named_curve = 1;
-		else if (strcmp(*argv, "-NIST_192") == 0)
-			curve_type = EC_GROUP_NIST_PRIME_192;
-		else if (strcmp(*argv, "-NIST_224") == 0)
-			curve_type = EC_GROUP_NIST_PRIME_224;
-		else if (strcmp(*argv, "-NIST_256") == 0)
-			curve_type = EC_GROUP_NIST_PRIME_256;
-		else if (strcmp(*argv, "-NIST_384") == 0)
-			curve_type = EC_GROUP_NIST_PRIME_384;
-		else if (strcmp(*argv, "-NIST_521") == 0)
-			curve_type = EC_GROUP_NIST_PRIME_521;
-		else if (strcmp(*argv, "-X9_62_192v1") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_192V1;
-		else if (strcmp(*argv, "-X9_62_192v2") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_192V2;
-		else if (strcmp(*argv, "-X9_62_192v3") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_192V3;
-		else if (strcmp(*argv, "-X9_62_239v1") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_239V1;
-		else if (strcmp(*argv, "-X9_62_239v2") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_239V2;
-		else if (strcmp(*argv, "-X9_62_239v3") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_239V3;
-		else if (strcmp(*argv, "-X9_62_256v1") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_256V1;
-		else if (strcmp(*argv, "-SECG_PRIME_112R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_112R1;
-		else if (strcmp(*argv, "-SECG_PRIME_112R2") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_112R2;
-		else if (strcmp(*argv, "-SECG_PRIME_128R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_128R1;
-		else if (strcmp(*argv, "-SECG_PRIME_128R2") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_128R2;
-		else if (strcmp(*argv, "-SECG_PRIME_160K1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_160K1;
-		else if (strcmp(*argv, "-SECG_PRIME_160R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_160R1;
-		else if (strcmp(*argv, "-SECG_PRIME_160R2") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_160R2;
-		else if (strcmp(*argv, "-SECG_PRIME_192K1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_192K1;
-		else if (strcmp(*argv, "-SECG_PRIME_192R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_192R1;
-		else if (strcmp(*argv, "-SECG_PRIME_224K1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_224K1;
-		else if (strcmp(*argv, "-SECG_PRIME_224R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_224R1;
-		else if (strcmp(*argv, "-SECG_PRIME_256K1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_256K1;
-		else if (strcmp(*argv, "-SECG_PRIME_256R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_256R1;
-		else if (strcmp(*argv, "-SECG_PRIME_384R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_384R1;
-		else if (strcmp(*argv, "-SECG_PRIME_521R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_521R1;
-		else if (strcmp(*argv, "-WTLS_6") == 0)
-			curve_type = EC_GROUP_WTLS_6;
-		else if (strcmp(*argv, "-WTLS_8") == 0)
-			curve_type = EC_GROUP_WTLS_8;
-		else if (strcmp(*argv, "-WTLS_9") == 0)
-			curve_type = EC_GROUP_WTLS_9;
-		else if (strcmp(*argv, "-noout") == 0)
-			noout=1;
-		else
-		{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-		}
-		argc--;
-		argv++;
-	}
-
-	if (badops)
-	{
-bad:
-		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg        input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg       output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg            input file\n");
-		BIO_printf(bio_err," -out arg           output file\n");
-		BIO_printf(bio_err," -text              print as text\n");
-		BIO_printf(bio_err," -C                 Output C code\n");
-		BIO_printf(bio_err," -check             validate the ec parameters\n");
-		BIO_printf(bio_err," -noout             no output\n");
-		BIO_printf(bio_err," -rand              files to use for random number input\n");
-		BIO_printf(bio_err," -engine e          use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -named_curve       use the curve oid instead of the parameters\n");
-		BIO_printf(bio_err," -NIST_192          use the NIST recommended curve parameters over a 192 bit prime field\n");
-		BIO_printf(bio_err," -NIST_224          use the NIST recommended curve parameters over a 224 bit prime field\n");
-		BIO_printf(bio_err," -NIST_256          use the NIST recommended curve parameters over a 256 bit prime field\n");
-		BIO_printf(bio_err," -NIST_384          use the NIST recommended curve parameters over a 384 bit prime field\n");
-		BIO_printf(bio_err," -NIST_521          use the NIST recommended curve parameters over a 521 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_192v1       use the X9_62 192v1 example curve over a 192 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_192v2       use the X9_62 192v2 example curve over a 192 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_192v3       use the X9_62 192v3 example curve over a 192 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_239v1       use the X9_62 239v1 example curve over a 239 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_239v2       use the X9_62 239v2 example curve over a 239 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_239v3       use the X9_62 239v3 example curve over a 239 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_256v1       use the X9_62 239v1 example curve over a 256 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_112R1  use the SECG 112r1 recommended curve over a 112 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_112R2  use the SECG 112r2 recommended curve over a 112 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_128R1  use the SECG 128r1 recommended curve over a 128 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_128R2  use the SECG 128r2 recommended curve over a 128 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_160K1  use the SECG 160k1 recommended curve over a 160 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_160R1  use the SECG 160r1 recommended curve over a 160 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_160R2  use the SECG 160r2 recommended curve over a 160 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_192K1  use the SECG 192k1 recommended curve over a 192 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_192R1  use the SECG 192r1 recommended curve over a 192 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_224K1  use the SECG 224k1 recommended curve over a 224 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_224R1  use the SECG 224r1 recommended curve over a 224 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_256K1  use the SECG 256k1 recommended curve over a 256 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_256R1  use the SECG 256r1 recommended curve over a 256 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_384R1  use the SECG 384r1 recommended curve over a 384 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_521R1  use the SECG 521r1 recommended curve over a 521 bit prime field\n");
-		BIO_printf(bio_err," -WTLS_6            use the WAP/WTLS recommended curve number 6 over a 112 bit field\n");
-		BIO_printf(bio_err," -WTLS_8            use the WAP/WTLS recommended curve number 8 over a 112 bit field\n");
-		BIO_printf(bio_err," -WTLS_9            use the WAP/WTLS recommended curve number 9 over a 112 bit field\n");
-		goto end;
-	}
-
-	ERR_load_crypto_strings();
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-	{
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-	{
-		if (BIO_read_filename(in,infile) <= 0)
-		{
-			perror(infile);
-			goto end;
-		}
-	}
-	if (outfile == NULL)
-	{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-	else
-	{
-		if (BIO_write_filename(out,outfile) <= 0)
-		{
-			perror(outfile);
-			goto end;
-		}
-	}
-
-        e = setup_engine(bio_err, engine, 0);
-
-	if (need_rand)
-	{
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-	}
-
-	if (curve_type != EC_GROUP_NO_CURVE)
-	{
-		if ((ecdsa = ECDSA_new()) == NULL)
-			goto end;
-		ecdsa->group = EC_GROUP_new_by_name(curve_type);
-		if (named_curve)
-			ECDSA_set_parameter_flags(ecdsa, ECDSA_FLAG_NAMED_CURVE);
-	}
-	else if (informat == FORMAT_ASN1)
-		ecdsa = d2i_ECDSAParameters_bio(in,NULL);
-	else if (informat == FORMAT_PEM)
-		ecdsa = PEM_read_bio_ECDSAParameters(in, NULL, NULL, NULL);
-	else
-	{
-		BIO_printf(bio_err, "bad input format specified\n");
-		goto end;
-	}
-	if (ecdsa == NULL)
-	{
-		BIO_printf(bio_err, "unable to load ECDSA parameters\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if (text)
-	{
-		ECDSAParameters_print(out, ecdsa);
-	}
-
-	if (check)
-	{
-		if (ecdsa == NULL)
-			BIO_printf(bio_err, "no elliptic curve parameters\n");
-		BIO_printf(bio_err, "checking elliptic curve parameters: ");
-		if (!EC_GROUP_check(ecdsa->group, NULL))
-		{
-			BIO_printf(bio_err, "failed\n");
-			ERR_print_errors(bio_err);
-		}
-		else
-			BIO_printf(bio_err, "ok\n");
-			
-	}
-	
-	if (C)
-	{	/* TODO: characteristic two */
-		int 	l, len, bits_p;
-		if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL ||
-		    (tmp_3 = BN_new()) == NULL || (tmp_4 = BN_new()) == NULL ||
-		    (tmp_5 = BN_new()) == NULL || (tmp_6 = BN_new()) == NULL ||
-                    (tmp_7 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL)
-		{
-			perror("OPENSSL_malloc");
-			goto end;
-		}
-		if (!EC_GROUP_get_curve_GFp(ecdsa->group, tmp_1, tmp_2, tmp_3, ctx))
-			goto end;
-		if ((point = EC_GROUP_get0_generator(ecdsa->group)) == NULL)
-			goto end;
-		if (!EC_POINT_get_affine_coordinates_GFp(ecdsa->group, point, tmp_4, tmp_5, ctx))
-			goto end;
-		if (!EC_GROUP_get_order(ecdsa->group, tmp_6, ctx))
-			goto end;
-		if (!EC_GROUP_get_cofactor(ecdsa->group, tmp_7, ctx))
-			goto end;
-		
-		len    = BN_num_bytes(tmp_1);
-		bits_p = BN_num_bits(tmp_1);
-		data=(unsigned char *)OPENSSL_malloc(len+20);
-		if (data == NULL)
-		{
-			perror("OPENSSL_malloc");
-			goto end;
-		}
-		l = BN_bn2bin(tmp_1, data);
-		printf("static unsigned char ecdsa%d_p[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n\n");
-
-		l = BN_bn2bin(tmp_2, data);
-		printf("static unsigned char ecdsa%d_a[]={",bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n");
-
-		l = BN_bn2bin(tmp_3, data);
-		printf("static unsigned char ecdsa%d_b[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n\n");
-
-		l = BN_bn2bin(tmp_4, data);
-		printf("static unsigned char ecdsa%d_x[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n");
-
-		l = BN_bn2bin(tmp_5, data);
-		printf("static unsigned char ecdsa%d_y[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n");
-
-		l = BN_bn2bin(tmp_6, data);
-		printf("static unsigned char ecdsa%d_o[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n");
-
-		l = BN_bn2bin(tmp_7, data);
-		printf("static unsigned char ecdsa%d_c[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n\n");
-
-		/* FIXME:
-		 * generated code should check for errors
-		 */
-
-		printf("ECDSA *get_ecdsa%d(void)\n\t{\n",bits_p);
-		printf("\tint ok=0;\n");
-		printf("\tECDSA    *ecdsa=NULL;\n");
-		printf("\tEC_POINT *point=NULL;\n");
-		printf("\tBIGNUM   *tmp_1=NULL,*tmp_2=NULL,*tmp_3=NULL;\n\n");
-		printf("\tif ((ecdsa=ECDSA_new()) == NULL)\n");
-		printf("\t\treturn(NULL);\n\n");
-		printf("\t/* generate EC_GROUP structure */\n");
-		printf("\tif ((tmp_1 = BN_bin2bn(ecdsa%d_p, sizeof(ecdsa%d_p), NULL)) == NULL) goto err;\n", bits_p, bits_p);
-		printf("\tif ((tmp_2 = BN_bin2bn(ecdsa%d_a, sizeof(ecdsa%d_a), NULL)) == NULL) goto err;\n", bits_p, bits_p);
-		printf("\tif ((tmp_3 = BN_bin2bn(ecdsa%d_b, sizeof(ecdsa%d_b), NULL)) == NULL) goto err;\n", bits_p, bits_p);
-		printf("\tif ((ecdsa->group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL) goto err;\n\n");
-		printf("\t/* build generator */\n");
-		printf("\tif (!BN_bin2bn(ecdsa%d_x, sizeof(ecdsa%d_x), tmp_1)) goto err;\n", bits_p, bits_p);
-		printf("\tif (!BN_bin2bn(ecdsa%d_y, sizeof(ecdsa%d_y), tmp_2)) goto err;\n", bits_p, bits_p);
-		printf("\tif ((point = EC_POINT_new(ecdsa->group)) == NULL) goto err;\n");
-		printf("\tif (!EC_POINT_set_affine_coordinates_GFp(ecdsa->group, point, tmp_1, tmp_2, NULL)) goto err;\n");
-		printf("\t/* set generator, order and cofactor */\n");
-		printf("\tif (!BN_bin2bn(ecdsa%d_o, sizeof(ecdsa%d_o), tmp_1)) goto err;\n", bits_p, bits_p);
-		printf("\tif (!BN_bin2bn(ecdsa%d_c, sizeof(ecdsa%d_c), tmp_2)) goto err;\n", bits_p, bits_p);
-		printf("\tif (!EC_GROUP_set_generator(ecdsa->group, point, tmp_1, tmp_2)) goto err;\n");
-		printf("\n\tok=1;\n");
-		printf("err:\n");
-		printf("\tif (tmp_1) BN_free(tmp_1);\n");
-		printf("\tif (tmp_2) BN_free(tmp_2);\n");
-		printf("\tif (tmp_3) BN_free(tmp_3);\n");
-		printf("\tif (point) EC_POINT_free(point);\n");
-		printf("\tif (!ok)\n");
-		printf("\t\t{\n");
-		printf("\t\tECDSA_free(ecdsa);\n");
-		printf("\t\tecdsa = NULL;\n");
-		printf("\t\t}\n");
-		printf("\treturn(ecdsa);\n\t}\n");
-	}
-
-
-	if (!noout)
-	{
-		if (outformat == FORMAT_ASN1)
-			i = i2d_ECDSAParameters_bio(out, ecdsa);
-		else if (outformat == FORMAT_PEM)
-			i = PEM_write_bio_ECDSAParameters(out, ecdsa);
-		else	
-		{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-		}
-		if (!i)
-		{
-			BIO_printf(bio_err, "unable to write ECDSA parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-	if (genkey)
-	{
-		ECDSA *ecdsakey;
-
-		assert(need_rand);
-		if ((ecdsakey = ECDSAParameters_dup(ecdsa)) == NULL) goto end;
-		if (!ECDSA_generate_key(ecdsakey)) goto end;
-		if (outformat == FORMAT_ASN1)
-			i = i2d_ECDSAPrivateKey_bio(out, ecdsakey);
-		else if (outformat == FORMAT_PEM)
-			i = PEM_write_bio_ECDSAPrivateKey(out, ecdsakey, NULL, NULL, 0, NULL, NULL);
-		else	
-		{
-			BIO_printf(bio_err, "bad output format specified for outfile\n");
-			goto end;
-		}
-		ECDSA_free(ecdsakey);
-	}
-	if (need_rand)
-		app_RAND_write_file(NULL, bio_err);
-	ret=0;
-end:
-	if (in != NULL) 	BIO_free(in);
-	if (out != NULL) 	BIO_free_all(out);
-	if (ecdsa != NULL) 	ECDSA_free(ecdsa);
-	if (tmp_1)		BN_free(tmp_1);
-	if (tmp_2)		BN_free(tmp_2);
-	if (tmp_3)		BN_free(tmp_3);
-	if (tmp_3)		BN_free(tmp_4);
-	if (tmp_3)		BN_free(tmp_5);
-	if (tmp_3)		BN_free(tmp_6);
-	if (tmp_3)		BN_free(tmp_7);
-	if (ctx)		BN_CTX_free(ctx);
-	if (data)		OPENSSL_free(data);
-	apps_shutdown();
-	EXIT(ret);
-}
-#endif
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -78,7 +78,7 @@ int set_hex(char *in,unsigned char *out,int size);
 #define BSIZE	(8*1024)
 #define	PROG	enc_main

-void show_ciphers(const OBJ_NAME *name,void *bio_)
+static void show_ciphers(const OBJ_NAME *name,void *bio_)
 	{
 	BIO *bio=bio_;
 	static int n;
@@ -485,6 +485,11 @@ bad:
 			else
 				memset(str,0,strlen(str));
 			}
+		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
+			{
+			BIO_printf(bio_err,"invalid hex iv value\n");
+			goto end;
+			}
 		if ((hiv == NULL) && (str == NULL))
 			{
 			/* No IV was explicitly set and no IV was generated
@@ -493,11 +498,6 @@ bad:
 			BIO_printf(bio_err, "iv undefined\n");
 			goto end;
 			}
-		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
-			{
-			BIO_printf(bio_err,"invalid hex iv value\n");
-			goto end;
-			}
 		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
 			{
 			BIO_printf(bio_err,"invalid hex key value\n");
--- a/apps/install.com
+++ b/apps/install.com
@@ -62,9 +62,7 @@ $	COPY CA.COM WRK_SSLAEXE:CA.COM/LOG
 $	SET FILE/PROT=W:RE WRK_SSLAEXE:CA.COM
 $	COPY CA.COM WRK_SSLVEXE:CA.COM/LOG
 $	SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
-$	COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL-VMS.CNF/LOG
-$	SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL-VMS.CNF
-$	COPY OPENSSL.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
+$	COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
 $	SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
 $	SET ON
 $
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -51,12 +51,6 @@ $!
 $!  P6, if defined, sets a choice of programs to compile.
 $!
 $!
-$!
-$! Define USER_CCFLAGS
-$!
-$ @[-]vms_build_info.com
-$ WRITE SYS$OUTPUT " Using USER_CCFLAGS = ", USER_CCFLAGS
-$!
 $! Define A TCP/IP Library That We Will Need To Link To.
 $! (That Is, If We Need To Link To One.)
 $!
@@ -105,15 +99,15 @@ $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
 $!
 $! Define The CRYPTO Library.
 $!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'build_bits'.OLB
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
 $!
 $! Define The RSAREF Library.
 $!
-$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE'build_bits'.OLB
+$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB
 $!
 $! Define The SSL Library.
 $!
-$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'build_bits'.OLB
+$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
 $!
 $! Define The OBJ Directory.
 $!
@@ -132,23 +126,6 @@ $! End The OBJ Directory Check.
 $!
 $ ENDIF
 $!
-$! Define The LIS Directory.
-$!
-$ LIS_DIR := SYS$DISK:[-.'ARCH'.LIS.APPS]
-$!
-$! Check To See If The OBJ Directory Exists.
-$!
-$ IF (F$PARSE(LIS_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIRECTORY 'LIS_DIR'
-$!
-$! End The LIS Directory Check.
-$!
-$ ENDIF
-$!
 $! Define The EXE Directory.
 $!
 $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS]
@@ -179,13 +156,13 @@ $!
 $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "CA;PKCS7;CRL2P7;CRL;"+-
 	      "RSA;RSAUTL;DSA;DSAPARAM;"+-
-	      "X509;GENRSA;GENDSA;TERM_SOCK;S_SERVER;S_CLIENT;SPEED;"+-
+	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
 	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
 	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
-	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,TERM_SOCK.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
+	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
 	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ
 $ TCPIP_PROGRAMS = ",,"
@@ -258,10 +235,6 @@ $! Create The Object File Name.
 $!
 $ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
 $!
-$! Create The Listing File Name.
-$!
-$ LIST_FILE = LIS_DIR + FILE_NAME + ".LIS"
-$!
 $! Create The Executable File Name.
 $!
 $ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE"
@@ -275,7 +248,7 @@ $!
 $!  Tell The User That The File Dosen't Exist.
 $!
 $   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT F$MESSAGE("%X10018290") + ".  The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
 $   WRITE SYS$OUTPUT ""
 $!
 $!  Exit The Build.
@@ -300,9 +273,9 @@ $!
 $ ON ERROR THEN GOTO NEXT_FILE
 $ IF COMPILEWITH_CC2 - FILE_NAME .NES. COMPILEWITH_CC2
 $ THEN
-$   CC2/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE'
+$   CC2/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $ ELSE
-$   CC/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE'
+$   CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $ ENDIF
 $!
 $ ON WARNING THEN GOTO NEXT_FILE
@@ -332,14 +305,10 @@ $   THEN
 $!
 $!    Link With The RSAREF Library And A Specific TCP/IP Library.
 $!
-$     LINK /'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS -
+$     LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
 	  'OBJECT_FILE''EXTRA_OBJ', -
-          'SSL_LIB'/LIBRARY,-
-	  'CRYPTO_LIB'/LIBRARY, -
-	  'RSAREF_LIB'/LIBRARY, -
-          'TCPIP_LIB', -
-	  'OPT_FILE'/OPTION, -
-	  SYS$DISK:[-]SSL_IDENT.OPT/OPTION
+          'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, -
+          'TCPIP_LIB','OPT_FILE'/OPTION
 $!
 $!  Else...
 $!
@@ -347,13 +316,10 @@ $   ELSE
 $!
 $!    Link With The RSAREF Library And NO TCP/IP Library.
 $!
-$     LINK /'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS -
+$     LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
 	  'OBJECT_FILE''EXTRA_OBJ', -
-          'SSL_LIB'/LIBRARY, -
-	  'CRYPTO_LIB'/LIBRARY, -
-	  'RSAREF_LIB'/LIBRARY, -
-          'OPT_FILE'/OPTION, -
-	  SYS$DISK:[-]SSL_IDENT.OPT/OPTION
+          'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, -
+          'OPT_FILE'/OPTION
 $!
 $!  End The TCP/IP Library Check.
 $!
@@ -373,14 +339,10 @@ $   THEN
 $!
 $!    Don't Link With The RSAREF Routines And TCP/IP Library.
 $!
-$       LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS -
+$       LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
 	    'OBJECT_FILE''EXTRA_OBJ', -
-            'SSL_LIB'/LIBRARY, -
-	    'CRYPTO_LIB'/LIBRARY, -
-            'TCPIP_LIB', -
-	    'OPT_FILE'/OPTION, -
-	  SYS$DISK:[-]SSL_IDENT.OPT/OPTION
-
+            'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+            'TCPIP_LIB','OPT_FILE'/OPTION
 $!
 $!  Else...
 $!
@@ -388,13 +350,10 @@ $   ELSE
 $!
 $!    Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
 $!
-$       LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS -
+$       LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
 	    'OBJECT_FILE''EXTRA_OBJ', -
-            'SSL_LIB'/LIBRARY, -
-	    'CRYPTO_LIB'/LIBRARY, -
-            'OPT_FILE'/OPTION, -
-	  SYS$DISK:[-]SSL_IDENT.OPT/OPTION
-$!
+            'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+            'OPT_FILE'/OPTION
 $!
 $!  End The TCP/IP Library Check.
 $!
@@ -531,7 +490,6 @@ $!  End The Option File Search.
 $!
 $   ENDIF
 $!
-$!
 $! End The DEC C Check.
 $!
 $ ENDIF
@@ -881,12 +839,12 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/PREFIX=ALL" + -
+           "/NOLIST/PREFIX=ALL" + -
 	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]''arch'_DECC_OPTIONS.OPT"
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -913,7 +871,7 @@ $	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'" + -
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
 	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
@@ -923,7 +881,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]''arch'_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -945,12 +903,12 @@ $!
 $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
-$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'" + -
+$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
 	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]''arch'_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -1006,7 +964,8 @@ $ ENDIF
 $!
 $! Time to check the contents, and to make sure we get the correct library.
 $!
-$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
+     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
 $ THEN
 $!
 $!  Check to see if SOCKETSHR was chosen
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -58,9 +58,9 @@

 #include <stdio.h>
 #include <string.h>
+#include "apps.h"
 #include <openssl/pem.h>
 #include <openssl/err.h>
-#include "apps.h"

 #undef PROG
 #define PROG nseq_main
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -58,11 +58,11 @@

 #include <stdio.h>
 #include <string.h>
+#include "apps.h"
 #include <openssl/pem.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
-#include "apps.h"

 /* Maximum leeway in validity period: default 5 minutes */
 #define MAX_VALIDITY_PERIOD	(5 * 60)
@@ -553,8 +553,8 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-port num		 port to run responder on\n");
 		BIO_printf (bio_err, "-index file	 certificate status index file\n");
 		BIO_printf (bio_err, "-CA file		 CA certificate\n");
-		BIO_printf (bio_err, "-rsigner file	 responder certificate to sign requests with\n");
-		BIO_printf (bio_err, "-rkey file	 responder key to sign requests with\n");
+		BIO_printf (bio_err, "-rsigner file	 responder certificate to sign responses with\n");
+		BIO_printf (bio_err, "-rkey file	 responder key to sign responses with\n");
 		BIO_printf (bio_err, "-rother file	 other certificates to include in response\n");
 		BIO_printf (bio_err, "-resp_no_certs     don't include any certificates in response\n");
 		BIO_printf (bio_err, "-nmin n	 	 number of minutes before next update\n");
@@ -676,6 +676,18 @@ int MAIN(int argc, char **argv)

 	if (req_text && req) OCSP_REQUEST_print(out, req, 0);

+	if (reqout)
+		{
+		derbio = BIO_new_file(reqout, "wb");
+		if(!derbio)
+			{
+			BIO_printf(bio_err, "Error opening file %s\n", reqout);
+			goto end;
+			}
+		i2d_OCSP_REQUEST_bio(derbio, req);
+		BIO_free(derbio);
+		}
+
 	if (ridx_filename && (!rkey || !rsigner || !rca_cert))
 		{
 		BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
@@ -809,6 +821,8 @@ int MAIN(int argc, char **argv)

 	if (!store)
 		store = setup_verify(bio_err, CAfile, CApath);
+	if (!store)
+		goto end;
 	if (verify_certfile)
 		{
 		verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -3,8 +3,8 @@
 # This is mostly being used for generation of certificate requests.
 #

-RANDFILE		= ${ENV::HOME}/.rnd
-oid_file		= ${ENV::HOME}/.oid
+RANDFILE		= $ENV::HOME/.rnd
+oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids

 # To use this configuration file with the "-extfile" option of the
@@ -29,17 +29,17 @@ default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]

-dir		= ssl$root:[000000		# Where everything is kept
-certs		= ${dir}.certs]			# Where the issued certs are kept
-crl_dir		= ${dir}.certs]			# Where the issued crl are kept
-database	= ${dir}.private]index.txt	# database index file.
-new_certs_dir	= ${dir}.certs]			# default place for new certs.
+dir		= sys\$disk:[.demoCA	# Where everything is kept
+certs		= $dir.certs]		# Where the issued certs are kept
+crl_dir		= $dir.crl]		# Where the issued crl are kept
+database	= $dir]index.txt	# database index file.
+new_certs_dir	= $dir.newcerts]	# default place for new certs.

-certificate	= ${dir}]cacert.pem		# The CA certificate
-serial		= ${dir}.private]serial.txt	# The current serial number
-crl		= ${dir}]crl.pem 		# The current CRL
-private_key	= ${dir}.private]cakey.pem	# The private key
-RANDFILE	= ${dir}.private].rand		# private random number file
+certificate	= $dir]cacert.pem 	# The CA certificate
+serial		= $dir]serial.		# The current serial number
+crl		= $dir]crl.pem 		# The current CRL
+private_key	= $dir.private]cakey.pem# The private key
+RANDFILE	= $dir.private].rand	# private random number file

 x509_extensions	= usr_cert		# The extentions to add to the cert

@@ -60,8 +60,8 @@ policy		= policy_match
 # For the CA policy
 [ policy_match ]
 countryName		= match
-stateOrProvinceName	= supplied
-organizationName	= supplied
+stateOrProvinceName	= match
+organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -114,6 +114,7 @@
 #include <string.h>
 #include <stdlib.h>
 #define OPENSSL_C /* tells apps.h to use complete apps_startup() */
+#include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
@@ -123,7 +124,6 @@
 #include <openssl/ssl.h>
 #include <openssl/engine.h>
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#include "apps.h"
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
@@ -138,18 +138,6 @@ static unsigned long MS_CALLBACK hash(const void *a_void);
 /* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
 static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
 static LHASH *prog_init(void );
-
-#ifdef OPENSSL_SYS_VMS
-#if __INITIAL_POINTER_SIZE == 64
-#pragma __required_pointer_size __save
-#pragma __required_pointer_size 32
-#endif
-typedef char ** Argv_32;
-#if __INITIAL_POINTER_SIZE == 64
-#pragma __required_pointer_size __restore
-#endif
-#endif
-
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
 CONF *config=NULL;
 char *default_config_file=NULL;
@@ -224,11 +212,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
 	}


-#ifdef OPENSSL_SYS_VMS
-int main(int Argc, Argv_32 argv32)
-#else
 int main(int Argc, char *Argv[])
-#endif
 	{
 	ARGS arg;
 #define PROG_NAME_SIZE	39
@@ -238,16 +222,8 @@ int main(int Argc, char *Argv[])
 	int n,i,ret=0;
 	int argc;
 	char **argv,*p;
-
-#ifdef OPENSSL_SYS_VMS
-#if __INITIAL_POINTER_SIZE == 64
-	char **argv64;
-#endif
-#endif
-
 	LHASH *prog=NULL;
 	long errline;
-	int loop;  /* For checking if it's first round in the OpenSSL commandline loop */
 
 	arg.data=NULL;
 	arg.count=0;
@@ -308,23 +284,14 @@ int main(int Argc, char *Argv[])
 	prog=prog_init();

 	/* first check the program name */
-#ifdef OPENSSL_SYS_VMS
-	program_name(argv32[0],pname,PROG_NAME_SIZE);
-#else
 	program_name(Argv[0],pname,PROG_NAME_SIZE);
-#endif

 	f.name=pname;
 	fp=(FUNCTION *)lh_retrieve(prog,&f);
 	if (fp != NULL)
 		{
-#ifdef OPENSSL_SYS_VMS
-		argv32[0]=pname;
-		ret=fp->func(Argc,argv32);
-#else
 		Argv[0]=pname;
 		ret=fp->func(Argc,Argv);
-#endif
 		goto end;
 		}

@@ -333,32 +300,14 @@ int main(int Argc, char *Argv[])
 	if (Argc != 1)
 		{
 		Argc--;
-#ifdef OPENSSL_SYS_VMS
-		argv32++;
- #if __INITIAL_POINTER_SIZE == 64
-		argv64=(char **)_malloc64(sizeof(char *)*Argc);  /* memory allocation in 64-bit address */
-
-        	for (i=0;i<Argc;i++)
-        	{
-                	argv64[i]=argv32[i];  /* copying 32-bit Argv to 64-bit argv*/
-        	}
-
-		ret=do_cmd(prog,Argc,argv64);
-		free(argv64);
- #else
-		ret=do_cmd(prog,Argc,argv32);
- #endif
-#else
 		Argv++;
 		ret=do_cmd(prog,Argc,Argv);
-#endif
-
 		if (ret < 0) ret=0;
 		goto end;
 		}

 	/* ok, lets enter the old 'OpenSSL>' mode */
-	loop=0;
+	
 	for (;;)
 		{
 		ret=0;
@@ -370,14 +319,7 @@ int main(int Argc, char *Argv[])
 			p[0]='\0';
 			if (i++)
 				prompt=">";
-			else 
-			   if(loop == 0){  /* first round in this loop*/
-				prompt="OpenSSL> ";
-				loop++;
-			   }
-			   else 
-				prompt="\nOpenSSL> ";
-
+			else	prompt="OpenSSL> ";
 			fputs(prompt,stdout);
 			fflush(stdout);
 			fgets(p,n,stdin);
@@ -427,7 +369,6 @@ end:
 #define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
 #define LIST_CIPHER_COMMANDS "list-cipher-commands"

-
 static int do_cmd(LHASH *prog, int argc, char *argv[])
 	{
 	FUNCTION f,*fp;
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -6,15 +6,7 @@
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
-
-#
-# From the instructions at http://www.free.lp.se/openssl/docs/openssl3.html#ss3.1,
-# change the value of RANDFILE.  Also moved definition of dir up since RANDFILE
-# depends on it.
-#
-#RANDFILE               = $ENV::HOME/.rnd
-dir             = SSLROOT:[000000       # Where everything is kept
-RANDFILE                = $dir.private]RANDFILE.;
+RANDFILE		= $ENV::HOME/.rnd

 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
@@ -41,12 +33,8 @@ default_ca	= CA_default		# The default ca section

 ####################################################################
 [ CA_default ]
-#
-# From the instructions at http://www.free.lp.se/openssl/docs/openssl3.html#ss3.1,
-# change the value of dir.
-#
-#dir            = sys\$disk:[.demoCA    # Where everything is kept
-dir             = SSLROOT:[000000       # Where everything is kept
+
+dir		= ./demoCA		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
@@ -186,11 +174,6 @@ basicConstraints=CA:FALSE

 # and for everything including object signing:
 # nsCertType = client, email, objsign
-#
-# From the instructions at http://www.free.lp.se/openssl/docs/openssl3.html#ss3.1,
-# include server in the nsCertType.
-#
-nsCertType = client, email, objsign, server

 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -89,7 +89,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
-	int ret=0;
+	int ret=1;
 	char *engine=NULL;

 	apps_startup();
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -17,8 +17,6 @@ extern int rsa_main(int argc,char *argv[]);
 extern int rsautl_main(int argc,char *argv[]);
 extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
-extern int ecdsa_main(int argc,char *argv[]);
-extern int ecdsaparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
 extern int genrsa_main(int argc,char *argv[]);
 extern int gendsa_main(int argc,char *argv[]);
@@ -80,12 +78,6 @@ FUNCTION functions[] = {
 #endif
 #ifndef OPENSSL_NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	{FUNC_TYPE_GENERAL,"ecdsa",ecdsa_main},
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	{FUNC_TYPE_GENERAL,"ecdsaparam",ecdsaparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
 #ifndef OPENSSL_NO_RSA
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -33,8 +33,6 @@ foreach (@ARGV)
 		{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
 		{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^ecdsa$/) || ($_ =~ /^ecdsaparam$/))
-		{ print "#ifndef OPENSSL_NO_ECDSA\n${str}#endif\n";}
 	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
 		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^pkcs12$/))
--- a/apps/req.c
+++ b/apps/req.c
@@ -142,7 +142,6 @@ static int batch=0;
 #define TYPE_RSA	1
 #define TYPE_DSA	2
 #define TYPE_DH		3
-#define TYPE_ECDSA	4

 int MAIN(int, char **);

@@ -151,9 +150,6 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 #ifndef OPENSSL_NO_DSA
 	DSA *dsa_params=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	ECDSA *ecdsa_params = NULL;
 #endif
 	unsigned long nmflag = 0;
 	int ex=1,x509=0,days=30;
@@ -322,63 +318,11 @@ int MAIN(int argc, char **argv)
 						}
 					}
 				BIO_free(in);
-				in=NULL;
 				newkey=BN_num_bits(dsa_params->p);
+				in=NULL;
 				}
 			else 
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (strncmp("ecdsa:",p,4) == 0)
-				{
-				X509 *xtmp=NULL;
-				EVP_PKEY *dtmp;
-
-				pkey_type=TYPE_ECDSA;
-				p+=6;
-				if ((in=BIO_new_file(p,"r")) == NULL)
-					{
-					perror(p);
-					goto end;
-					}
-				if ((ecdsa_params = PEM_read_bio_ECDSAParameters(in, NULL, NULL, NULL)) == NULL)
-					{
-					ERR_clear_error();
-					(void)BIO_reset(in);
-					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
-						{	
-						BIO_printf(bio_err,"unable to load ECDSA parameters from file\n");
-						goto end;
-						}
-
-					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
-					if (dtmp->type == EVP_PKEY_ECDSA)
-						ecdsa_params = ECDSAParameters_dup(dtmp->pkey.ecdsa);
-					EVP_PKEY_free(dtmp);
-					X509_free(xtmp);
-					if (ecdsa_params == NULL)
-						{
-						BIO_printf(bio_err,"Certificate does not contain ECDSA parameters\n");
-						goto end;
-						}
-					}
-
-				BIO_free(in);
-				in=NULL;
-				
-				{
-				BIGNUM *order = BN_new();
-				
-				if (!order)
-					goto end;
-				if (!EC_GROUP_get_order(ecdsa_params->group, order, NULL))
-					goto end;
-				newkey = BN_num_bits(order);
-				BN_free(order);
-				}
-
-				}
-			else
-#endif
 #ifndef OPENSSL_NO_DH
 				if (strncmp("dh:",p,4) == 0)
 				{
@@ -490,7 +434,6 @@ bad:
 		BIO_printf(bio_err,"                the random number generator\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-		BIO_printf(bio_err," -newkey ecdsa:file generate a new ECDSA key, parameters taken from CA in 'file'\n");
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
 		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
@@ -687,7 +630,7 @@ bad:
 			   message */
 			goto end;
 			}
-		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || EVP_PKEY_type(pkey->type) == EVP_PKEY_ECDSA)
+		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
 			{
 			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 			if (randfile == NULL)
@@ -711,15 +654,14 @@ bad:
 				newkey=DEFAULT_KEY_LENGTH;
 			}

-		if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
-		/* TODO: appropriate minimal keylength for the different algorithm (esp. ECDSA) */
+		if (newkey < MIN_KEY_LENGTH)
 			{
 			BIO_printf(bio_err,"private key length is too short,\n");
 			BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey);
 			goto end;
 			}
 		BIO_printf(bio_err,"Generating a %d bit %s private key\n",
-			newkey,(pkey_type == TYPE_RSA)?"RSA":(pkey_type == TYPE_DSA)?"DSA":"ECDSA");
+			newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA");

 		if ((pkey=EVP_PKEY_new()) == NULL) goto end;

@@ -741,14 +683,6 @@ bad:
 			dsa_params=NULL;
 			}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey_type == TYPE_ECDSA)
-			{
-			if (!ECDSA_generate_key(ecdsa_params)) goto end;
-			if (!EVP_PKEY_assign_ECDSA(pkey, ecdsa_params)) goto end;
-			ecdsa_params = NULL;
-			}
-#endif

 		app_RAND_write_file(randfile, bio_err);

@@ -854,10 +788,6 @@ loop:
 #ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_ECDSA)
-			digest=EVP_ecdsa();
 #endif
 		if (req == NULL)
 			{
@@ -1139,9 +1069,6 @@ end:
 	OBJ_cleanup();
 #ifndef OPENSSL_NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	if (ecdsa_params != NULL) ECDSA_free(ecdsa_params);
 #endif
 	apps_shutdown();
 	EXIT(ex);
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -239,18 +239,16 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,

 	if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
 		{
-		BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n\n",
+		BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n",
 			bio,argp,argi,ret,ret);
 		BIO_dump(out,argp,(int)ret);
-		BIO_printf(out,"\n");
 		return(ret);
 		}
 	else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
 		{
-		BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n\n",
+		BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n",
 			bio,argp,argi,ret,ret);
 		BIO_dump(out,argp,(int)ret);
-		BIO_printf(out,"\n");
 		}
 	return(ret);
 	}
@@ -268,7 +266,7 @@ void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)

 	if (where & SSL_CB_LOOP)
 		{
-		BIO_printf(bio_err,"%s:%s\n\n",str,SSL_state_string_long(s));
+		BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
 		}
 	else if (where & SSL_CB_ALERT)
 		{
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -141,10 +141,6 @@ typedef unsigned int u_int;
 #endif


-#ifdef OPENSSL_SYS_VMS
-#include "term_sock.h"
-#endif
-      
 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
@@ -255,10 +251,6 @@ int MAIN(int argc, char **argv)
 #ifdef OPENSSL_SYS_WINDOWS
 	struct timeval tv;
 #endif
-#ifdef OPENSSL_SYS_VMS
-        int stdin_sock;
-        TerminalSocket (TERM_SOCK_CREATE, &stdin_sock);
-#endif

 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_client_method();
@@ -441,13 +433,18 @@ bad:
 		goto end;
 		}

+	OpenSSL_add_ssl_algorithms();
+	SSL_load_error_strings();
+
+        e = setup_engine(bio_err, engine_id, 1);
+
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
 		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n\n");
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n\n",
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));

 	if (bio_c_out == NULL)
@@ -463,11 +460,6 @@ bad:
 			}
 		}

-	OpenSSL_add_ssl_algorithms();
-	SSL_load_error_strings();
-
-        e = setup_engine(bio_err, engine_id, 1);
-
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -524,7 +516,7 @@ re_start:
 		SHUTDOWN(s);
 		goto end;
 		}
-	BIO_printf(bio_c_out,"CONNECTED(%08X)\n\n",s);
+	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);

 #ifdef FIONBIO
 	if (c_nbio)
@@ -565,11 +557,6 @@ re_start:
 	SSL_set_connect_state(con);

 	/* ok, lets connect */
-#ifdef OPENSSL_SYS_VMS
-        if (stdin_sock > SSL_get_fd(con))
-            width=stdin_sock+1;
-        else
-#endif
 	width=SSL_get_fd(con)+1;

 	read_tty=1;
@@ -636,12 +623,8 @@ re_start:
 #ifndef OPENSSL_SYS_WINDOWS
 			if (tty_on)
 				{
-#ifdef OPENSSL_SYS_VMS
-                                if (read_tty)  FD_SET(stdin_sock,&readfds);
-#else
-                                if (read_tty)  FD_SET(fileno(stdin),&readfds);
-                                if (write_tty) FD_SET(fileno(stdout),&writefds);
-#endif
+				if (read_tty)  FD_SET(fileno(stdin),&readfds);
+				if (write_tty) FD_SET(fileno(stdout),&writefds);
 				}
 			if (read_ssl)
 				FD_SET(SSL_get_fd(con),&readfds);
@@ -763,7 +746,7 @@ re_start:
 				goto shut;
 				}
 			}
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS)
+#ifdef OPENSSL_SYS_WINDOWS
 		/* Assume Windows can always write */
 		else if (!ssl_pending && write_tty)
 #else
@@ -822,7 +805,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 				read_tty=0;
 				break;
 			case SSL_ERROR_WANT_READ:
-				BIO_printf(bio_c_out,"read R BLOCK\n\n");
+				BIO_printf(bio_c_out,"read R BLOCK\n");
 				write_tty=0;
 				read_ssl=1;
 				if ((read_tty == 0) && (write_ssl == 0))
@@ -847,22 +830,14 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 #ifdef OPENSSL_SYS_WINDOWS
 		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
 #else
-#ifdef OPENSSL_SYS_VMS
-                else if (FD_ISSET(stdin_sock,&readfds))
-#else
-                else if (FD_ISSET(fileno(stdin),&readfds))
-#endif
+		else if (FD_ISSET(fileno(stdin),&readfds))
 #endif
 			{
 			if (crlf)
 				{
 				int j, lf_num;

-#ifdef OPENSSL_SYS_VMS
-                                i=recv(stdin_sock,cbuf,BUFSIZZ/2,0);
-#else
-                                i=read(fileno(stdin),cbuf,BUFSIZZ/2);
-#endif
+				i=read(fileno(stdin),cbuf,BUFSIZZ/2);
 				lf_num = 0;
 				/* both loops are skipped when i <= 0 */
 				for (j = 0; j < i; j++)
@@ -881,11 +856,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 				assert(lf_num == 0);
 				}
 			else
-#ifdef OPENSSL_SYS_VMS
-                                i=recv(stdin_sock,cbuf,BUFSIZZ,0);
-#else
-                                i=read(fileno(stdin),cbuf,BUFSIZZ);
-#endif
+				i=read(fileno(stdin),cbuf,BUFSIZZ);

 			if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
 				{
@@ -930,9 +901,6 @@ end:
 		bio_c_out=NULL;
 		}
 	apps_shutdown();
-#ifdef OPENSSL_SYS_VMS
-        TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
-#endif
 	EXIT(ret);
 	}

@@ -966,7 +934,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 				BIO_printf(bio,"%2d s:%s\n",i,buf);
 				X509_NAME_oneline(X509_get_issuer_name(
 					sk_X509_value(sk,i)),buf,BUFSIZ);
-				BIO_printf(bio,"   i:%s\n\n",buf);
+				BIO_printf(bio,"   i:%s\n",buf);
 				if (c_showcerts)
 					PEM_write_bio_X509(bio,sk_X509_value(sk,i));
 				}
@@ -1040,7 +1008,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 		}
 	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
 	c=SSL_get_current_cipher(s);
-	BIO_printf(bio,"%s, Cipher is %s\n\n",
+	BIO_printf(bio,"%s, Cipher is %s\n",
 		SSL_CIPHER_get_version(c),
 		SSL_CIPHER_get_name(c));
 	if (peer != NULL) {
@@ -1051,7 +1019,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 		EVP_PKEY_free(pktmp);
 	}
 	SSL_SESSION_print(bio,SSL_get_session(s));
-	BIO_printf(bio,"---\n\n");
+	BIO_printf(bio,"---\n");
 	if (peer != NULL)
 		X509_free(peer);
 	/* flush, or debugging output gets mixed with http response */
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -144,10 +144,6 @@ typedef unsigned int u_int;
 #include <conio.h>
 #endif

-#ifdef OPENSSL_SYS_VMS
-#include "term_sock.h"
-#endif
-       
 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
@@ -687,6 +683,11 @@ bad:
 		goto end;
 		}

+	SSL_load_error_strings();
+	OpenSSL_add_ssl_algorithms();
+
+        e = setup_engine(bio_err, engine_id, 1);
+
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
 		{
@@ -709,7 +710,7 @@ bad:
 			}
 		}

-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
 	if (nocert)
 #endif
 		{
@@ -719,11 +720,6 @@ bad:
 		s_dkey_file=NULL;
 		}

-	SSL_load_error_strings();
-	OpenSSL_add_ssl_algorithms();
-
-        e = setup_engine(bio_err, engine_id, 1);
-
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -831,7 +827,7 @@ bad:
 			goto end;
 			}
 		RSA_free(rsa);
-		BIO_printf(bio_s_out,"\n\n");
+		BIO_printf(bio_s_out,"\n");
 		}
 #endif
 #endif
@@ -887,7 +883,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
 	BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
 	BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
 	BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
-	BIO_printf(bio,"%4d cache full overflows (%d allowed)\n\n",
+	BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
 		SSL_CTX_sess_cache_full(ssl_ctx),
 		SSL_CTX_sess_get_cache_size(ssl_ctx));
 	}
@@ -904,12 +900,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 #ifdef OPENSSL_SYS_WINDOWS
 	struct timeval tv;
 #endif
-#ifdef OPENSSL_SYS_VMS
-        int stdin_sock;

-        TerminalSocket (TERM_SOCK_CREATE, &stdin_sock);
-#endif
-         
 	if ((buf=OPENSSL_malloc(bufsize)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
@@ -968,12 +959,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		SSL_set_msg_callback_arg(con, bio_s_out);
 		}

-#ifdef OPENSSL_SYS_VMS
-        if (stdin_sock > s)
-            width = stdin_sock + 1;
-        else
-#endif
-        width=s+1;
+	width=s+1;
 	for (;;)
 		{
 		int read_from_terminal;
@@ -986,11 +972,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 			{
 			FD_ZERO(&readfds);
 #ifndef OPENSSL_SYS_WINDOWS
-#ifdef OPENSSL_SYS_VMS
-                        FD_SET(stdin_sock,&readfds);
-#else
 			FD_SET(fileno(stdin),&readfds);
-#endif
 #endif
 			FD_SET(s,&readfds);
 			/* Note: under VMS with SOCKETSHR the second parameter is
@@ -1014,12 +996,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 #else
 			i=select(width,(void *)&readfds,NULL,NULL,NULL);
 			if (i <= 0) continue;
-#ifdef OPENSSL_SYS_VMS
-                        if (FD_ISSET(stdin_sock,&readfds))
-#else
-                        if (FD_ISSET(fileno(stdin),&readfds))
-#endif
-                                read_from_terminal = 1;
+			if (FD_ISSET(fileno(stdin),&readfds))
+				read_from_terminal = 1;
 #endif
 			if (FD_ISSET(s,&readfds))
 				read_from_sslcon = 1;
@@ -1030,11 +1008,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 				{
 				int j, lf_num;

-#ifdef OPENSSL_SYS_VMS
-                                i=recv(stdin_sock, buf, bufsize/2, 0);
-#else
-                                i=read(fileno(stdin), buf, bufsize/2);
-#endif
+				i=read(fileno(stdin), buf, bufsize/2);
 				lf_num = 0;
 				/* both loops are skipped when i <= 0 */
 				for (j = 0; j < i; j++)
@@ -1053,11 +1027,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 				assert(lf_num == 0);
 				}
 			else
-#ifdef OPENSSL_SYS_VMS
-                                i=recv(stdin_sock,buf,bufsize, 0);
-#else
-                                i=read(fileno(stdin),buf,bufsize);
-#endif
+				i=read(fileno(stdin),buf,bufsize);
 			if (!s_quiet)
 				{
 				if ((i <= 0) || (buf[0] == 'Q'))
@@ -1126,7 +1096,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 				case SSL_ERROR_WANT_WRITE:
 				case SSL_ERROR_WANT_READ:
 				case SSL_ERROR_WANT_X509_LOOKUP:
-					BIO_printf(bio_s_out,"Write BLOCK\n\n");
+					BIO_printf(bio_s_out,"Write BLOCK\n");
 					break;
 				case SSL_ERROR_SYSCALL:
 				case SSL_ERROR_SSL:
@@ -1136,7 +1106,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 					goto err;
 					/* break; */
 				case SSL_ERROR_ZERO_RETURN:
-					BIO_printf(bio_s_out,"DONE\n\n");
+					BIO_printf(bio_s_out,"DONE\n");
 					ret=1;
 					goto err;
 					}
@@ -1174,13 +1144,12 @@ again:
 #endif
 					write(fileno(stdout),buf,
 						(unsigned int)i);
-					BIO_printf(bio_s_out,"\n");
 					if (SSL_pending(con)) goto again;
 					break;
 				case SSL_ERROR_WANT_WRITE:
 				case SSL_ERROR_WANT_READ:
 				case SSL_ERROR_WANT_X509_LOOKUP:
-					BIO_printf(bio_s_out,"Read BLOCK\n\n");
+					BIO_printf(bio_s_out,"Read BLOCK\n");
 					break;
 				case SSL_ERROR_SYSCALL:
 				case SSL_ERROR_SSL:
@@ -1212,9 +1181,6 @@ err:
 		}
 	if (ret >= 0)
 		BIO_printf(bio_s_out,"ACCEPT\n");
-#ifdef OPENSSL_SYS_VMS
-        TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
-#endif
 	return(ret);
 	}

@@ -1272,7 +1238,7 @@ static int init_ssl_connection(SSL *con)
 	if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
 		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
 	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
-	BIO_printf(bio_s_out,"CIPHER is %s\n\n",(str != NULL)?str:"(NONE)");
+	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
 	if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
 	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
 		TLS1_FLAGS_TLS_PADDING_BUG)
@@ -1428,7 +1394,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				}
 			else
 				{
-				BIO_printf(bio_s_out,"read R BLOCK\n\n");
+				BIO_printf(bio_s_out,"read R BLOCK\n");
 #ifndef OPENSSL_SYS_MSDOS
 				sleep(1);
 #endif
@@ -1654,7 +1620,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 							goto write_error;
 						else
 							{
-							BIO_printf(bio_s_out,"rwrite W BLOCK\n\n");
+							BIO_printf(bio_s_out,"rwrite W BLOCK\n");
 							}
 						}
 					else
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -85,7 +85,7 @@
 #include OPENSSL_UNISTD
 #endif

-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
 #define TIMES
 #endif

@@ -109,10 +109,6 @@
 #include <sys/timeb.h>
 #endif

-#ifdef _AIX
-#include <sys/select.h>
-#endif
-
 #if defined(sun) || defined(__ultrix)
 #define _POSIX_SOURCE
 #include <limits.h>
--- a/apps/term_sock.c
+++ b/apps/term_sock.c
@@ -1,581 +0,0 @@
-#ifdef VMS
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <inet.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <errno.h>
-#include <starlet.h>
-#include <iodef.h>
-#ifdef __alpha
-#include <iosbdef.h>
-#else
-typedef struct _iosb {			/* Copied from IOSBDEF.H for Alpha  */
-#pragma __nomember_alignment
-    __union  {
-        __struct  {
-            unsigned short int iosb$w_status; /* Final I/O status           */
-            __union  {
-                __struct  {             /* 16-bit byte count variant        */
-                    unsigned short int iosb$w_bcnt; /* 16-bit byte count    */
-                    __union  {
-                        unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */
-                        unsigned int iosb$l_pid; /* 32-bit pid              */
-                        } iosb$r_l;
-                    } iosb$r_bcnt_16;
-                __struct  {             /* 32-bit byte count variant        */
-                    unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */
-                    unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */
-                    } iosb$r_bcnt_32;
-                } iosb$r_devdepend;
-            } iosb$r_io_64;
-        __struct  {
-            __union  {
-                unsigned int iosb$l_getxxi_status; /* Final GETxxI status   */
-                unsigned int iosb$l_reg_status; /* Final $Registry status   */
-                } iosb$r_l_status;
-            unsigned int iosb$l_reserved; /* Reserved field                 */
-            } iosb$r_get_64;
-        } iosb$r_io_get;
-    } IOSB;
-
-#if !defined(__VAXC)
-#define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status
-#define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt
-#define iosb$r_l        iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l
-#define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend
-#define iosb$l_pid iosb$r_l.iosb$l_pid
-#define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt
-#define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high
-#define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status
-#define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status
-#endif          /* #if !defined(__VAXC) */
-
-#endif					/* End of IOSBDEF */
-
-#include <efndef.h>
-#include <stdlib.h>
-#include <ssdef.h>
-#include <time.h>
-#include <stdarg.h>
-#include <descrip.h>
-
-#include "term_sock.h"
-
-#ifdef __alpha
-static struct _iosb TerminalDeviceIosb;
-#else
-IOSB TerminalDeviceIosb;
-#endif
-
-static char TerminalDeviceBuff[255 + 2];
-static int TerminalSocketPair[2] = {0, 0};
-static unsigned short TerminalDeviceChan = 0;
-
-static int CreateSocketPair (int, int, int, int *);
-static void SocketPairTimeoutAst (int);
-static int TerminalDeviceAst (int);
-static void LogMessage (char *, ...);
-
-/*
-** Socket Pair Timeout Value (must be 0-59 seconds)
-*/
-#define SOCKET_PAIR_TIMEOUT_VALUE 20
-
-/*
-** Socket Pair Timeout Block which is passed to timeout AST
-*/
-typedef struct _SocketPairTimeoutBlock {
-    unsigned short SockChan1;
-    unsigned short SockChan2;
-    } SPTB;
-
-#ifdef TERM_SOCK_TEST
-
-/*----------------------------------------------------------------------------*/
-/*                                                                            */
-/*----------------------------------------------------------------------------*/
-int main (int argc, char *argv[], char *envp[])
-{
-char TermBuff[80];
-int TermSock,
-    status,
-    len;
-
-LogMessage ("Enter 'q' or 'Q' to quit ...");
-while (strcasecmp (TermBuff, "Q"))
-    {
-    /*
-    ** Create the terminal socket
-    */
-    status = TerminalSocket (TERM_SOCK_CREATE, &TermSock);
-    if (status != TERM_SOCK_SUCCESS)
-	exit (1);
-
-    /*
-    ** Process the terminal input
-    */
-    LogMessage ("Waiting on terminal I/O ...\n");
-    len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ;
-    TermBuff[len] = '\0';
-    LogMessage ("Received terminal I/O [%s]", TermBuff);
-
-    /*
-    ** Delete the terminal socket
-    */
-    status = TerminalSocket (TERM_SOCK_DELETE, &TermSock);
-    if (status != TERM_SOCK_SUCCESS)
-	exit (1);
-    }
-
-return 1;
-
-}
-#endif 
-
-/*----------------------------------------------------------------------------*/
-/*                                                                            */
-/*----------------------------------------------------------------------------*/
-int TerminalSocket (int FunctionCode, int *ReturnSocket)
-{
-int status;
-$DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND");
-
-/*
-** Process the requested function code
-*/
-switch (FunctionCode)
-   {
-   case TERM_SOCK_CREATE:
-	/*
-	** Create a socket pair
-	*/
-	status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair);
-	if (status == -1)
-	    {
-	    LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status);
-	    if (TerminalSocketPair[0])
-		close (TerminalSocketPair[0]);
-	    if (TerminalSocketPair[1])
-		close (TerminalSocketPair[1]);
-	    return (TERM_SOCK_FAILURE);
-	    }
-
-	/*
-	** Assign a channel to the terminal device
-	*/
-	status = sys$assign (&TerminalDeviceDesc,
-			     &TerminalDeviceChan, 
-			     0, 0, 0);
-	if (! (status & 1))
-	    {
-	    LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status);
-	    close (TerminalSocketPair[0]);
-	    close (TerminalSocketPair[1]);
-	    return (TERM_SOCK_FAILURE);
-	    }
-
-	/*
-	** Queue an async IO to the terminal device
-	*/
-	status = sys$qio (EFN$C_ENF,
-			  TerminalDeviceChan,
-	                  IO$_READVBLK,
-	                  &TerminalDeviceIosb, 
-			  TerminalDeviceAst, 
-			  0, 
-	                  TerminalDeviceBuff,
-	                  sizeof (TerminalDeviceBuff) - 2,
-	                  0, 0, 0, 0);
-	if (! (status & 1))
-	    {
-	    LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
-	    close (TerminalSocketPair[0]);
-	    close (TerminalSocketPair[1]);
-	    return (TERM_SOCK_FAILURE);
-	    }
-
-	/*
-	** Return the input side of the socket pair
-	*/
-	*ReturnSocket = TerminalSocketPair[1];
-        break;
-
-   case TERM_SOCK_DELETE:
-	/*
-	** Cancel any pending IO on the terminal channel
-	*/
-	status = sys$cancel (TerminalDeviceChan);
-	if (! (status & 1))
-	    {
-	    LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status);
-	    close (TerminalSocketPair[0]);
-	    close (TerminalSocketPair[1]);
-	    return (TERM_SOCK_FAILURE);
-	    }
-
-	/*
-	** Deassign the terminal channel
-	*/
-	status = sys$dassgn (TerminalDeviceChan);
-	if (! (status & 1))
-	    {
-	    LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status);
-	    close (TerminalSocketPair[0]);
-	    close (TerminalSocketPair[1]);
-	    return (TERM_SOCK_FAILURE);
-	    }
-
-	/*
-	** Close the terminal socket pair
-	*/
-	close (TerminalSocketPair[0]);
-	close (TerminalSocketPair[1]);
-
-	/*
-	** Return the initialized socket
-	*/
-	*ReturnSocket = 0;
-	break;
-
-    default:
-	/*
-	** Invalid function code
-	*/
-	LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode);
-	return (TERM_SOCK_FAILURE);
-	break;
-    }	
-
-/*
-** Return success
-*/
-return (TERM_SOCK_SUCCESS);
-
-}
-
-/*----------------------------------------------------------------------------*/
-/*                                                                            */
-/*----------------------------------------------------------------------------*/
-static int CreateSocketPair (
-    int		SocketFamily,
-    int		SocketType,
-    int		SocketProtocol,
-    int		*SocketPair)
-{
-struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL};
-static const char* LocalHostAddr = {"127.0.0.1"};
-unsigned short TcpAcceptChan = 0,
-	       TcpDeviceChan = 0;
-unsigned long BinTimeBuff[2];
-struct sockaddr_in sin;
-char AscTimeBuff[32];
-short LocalHostPort;
-unsigned int status,
-	     slen;
-
-#ifdef __alpha
-struct _iosb iosb;
-#else
-IOSB iosb;
-#endif
-
-int SockDesc1 = 0,
-    SockDesc2 = 0;
-SPTB sptb;
-$DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE");
-
-/*
-** Create a socket
-*/
-SockDesc1 = socket (SocketFamily, SocketType, 0);
-if (SockDesc1 < 0)
-    {
-    LogMessage ("CreateSocketPair: socket () - %d", errno);
-    return (-1);
-    }
-
-/*
-** Initialize the socket information
-*/
-slen = sizeof (sin);
-memset ((char *) &sin, 0, slen);
-sin.sin_family = SocketFamily;
-sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
-sin.sin_port = 0;
-
-/*
-** Bind the socket to the local IP
-*/
-status = bind (SockDesc1, (struct sockaddr *) &sin, slen);
-if (status < 0)
-    {
-    LogMessage ("CreateSocketPair: bind () - %d", errno);
-    close (SockDesc1);   
-    return (-1);
-    }
-
-/*
-** Get the socket name so we can save the port number
-*/
-status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen);
-if (status < 0)
-    {
-    LogMessage ("CreateSocketPair: getsockname () - %d", errno);
-    close (SockDesc1); 
-    return (-1);
-    }
-else
-    LocalHostPort = sin.sin_port;			
-
-/*
-** Setup a listen for the socket
-*/
-listen (SockDesc1, 5);
-
-/*
-** Get the binary (64-bit) time of the specified timeout value
-*/
-sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
-AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
-AscTimeDesc.dsc$a_pointer = AscTimeBuff;
-status = sys$bintim (&AscTimeDesc, BinTimeBuff);
-if (! (status & 1))
-    {
-    LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status);
-    close (SockDesc1);
-    return (-1);
-    }
-
-/*
-** Assign another channel to the TCP/IP device for the accept.
-** This is the channel that ends up being connected to.
-*/
-status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0);
-if (! (status & 1))
-    {
-    LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status);
-    close (SockDesc1);
-    return (-1);
-    }
-
-/*
-** Get the channel of the first socket for the accept
-*/
-TcpAcceptChan = decc$get_sdc (SockDesc1);		
-
-/*
-** Perform the accept using $QIO so we can do this asynchronously
-*/
-status = sys$qio (EFN$C_ENF, 
-		  TcpAcceptChan,
-                  IO$_ACCESS | IO$M_ACCEPT,
-                  &iosb,
-		  0, 0, 0, 0, 0,
-                  &TcpDeviceChan,
-                  0, 0);
-if (! (status & 1))
-    {
-    LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status);
-    close (SockDesc1);
-    sys$dassgn (TcpDeviceChan);
-    return (-1);
-    }
-
-/*
-** Create the second socket to do the connect
-*/
-SockDesc2 = socket (SocketFamily, SocketType, 0);
-if (SockDesc2 < 0)
-    {
-    LogMessage ("CreateSocketPair: socket () - %d", errno);
-    sys$cancel (TcpAcceptChan);
-    close (SockDesc1);
-    sys$dassgn (TcpDeviceChan);
-    return (-1) ;
-    } 
-
-/*
-** Setup the Socket Pair Timeout Block
-*/
-sptb.SockChan1 = TcpAcceptChan;
-sptb.SockChan2 = decc$get_sdc (SockDesc2);
-
-/*
-** Before we block on the connect, set a timer that can cancel I/O on our two 
-** sockets if it never connects.
-*/
-status = sys$setimr (EFN$C_ENF, 
-		     BinTimeBuff, 
-		     SocketPairTimeoutAst, 
-		     &sptb, 
-		     0);
-if (! (status & 1))
-    {
-    LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status);
-    sys$cancel (TcpAcceptChan);
-    close (SockDesc1);
-    close (SockDesc2);
-    sys$dassgn (TcpDeviceChan);
-    return (-1);
-    }
-
-/*
-** Now issue the connect
-*/
-memset ((char *) &sin, 0, sizeof (sin)) ;
-sin.sin_family = SocketFamily;
-sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
-sin.sin_port = LocalHostPort ;
-
-status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin));
-if (status < 0 )
-    {
-    LogMessage ("CreateSocketPair: connect () - %d", errno);
-    sys$cantim (&sptb, 0);
-    sys$cancel (TcpAcceptChan);
-    close (SockDesc1);
-    close (SockDesc2);
-    sys$dassgn (TcpDeviceChan);
-    return (-1);
-    }
-
-/*
-** Wait for the asynch $QIO to finish.  Note that if the I/O was aborted 
-** (SS$_ABORT), then we probably canceled it from the AST routine - so log a 
-** timeout.
-*/
-status = sys$synch (EFN$C_ENF, &iosb);
-if (! (iosb.iosb$w_status & 1))
-    {
-    if (iosb.iosb$w_status == SS$_ABORT)
-	LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout");
-    else 
-	{
-        LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d", iosb.iosb$w_status);
-        sys$cantim (&sptb, 0);
-        }
-    close (SockDesc1);
-    close (SockDesc2);
-    sys$dassgn (TcpDeviceChan);
-    return (-1);
-    }
-
-/*
-** Here we're successfully connected, so cancel the timer, convert the I/O 
-** channel to a socket fd, close the listener socket and return the connected 
-** pair.
-*/
-sys$cantim (&sptb, 0);
-
-close (SockDesc1) ;
-SocketPair[0] = SockDesc2 ;
-SocketPair[1] = socket_fd (TcpDeviceChan);
-
-return (0) ;
-
-}
-
-/*----------------------------------------------------------------------------*/
-/*                                                                            */
-/*----------------------------------------------------------------------------*/
-static void SocketPairTimeoutAst (int astparm)
-{
-SPTB *sptb = (SPTB *) astparm;
-
-sys$cancel (sptb->SockChan2);			/* Cancel the connect() */
-sys$cancel (sptb->SockChan1);			/* Cancel the accept() 	*/
-
-return;
-
-}
-
-/*----------------------------------------------------------------------------*/
-/*                                                                            */
-/*----------------------------------------------------------------------------*/
-static int TerminalDeviceAst (int astparm)
-{
-int status;
-
-/*
-** Terminate the terminal buffer
-*/
-TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0';
-strcat (TerminalDeviceBuff, "\n");
-
-/*
-** Send the data read from the terminal device throught the socket pair
-*/
-send (TerminalSocketPair[0], TerminalDeviceBuff, TerminalDeviceIosb.iosb$w_bcnt + 1, 0);
-
-/*
-** Queue another async IO to the terminal device
-*/
-status = sys$qio (EFN$C_ENF,
-         	  TerminalDeviceChan,
-         	  IO$_READVBLK,
-         	  &TerminalDeviceIosb, 
-	 	  TerminalDeviceAst, 
-	 	  0, 
-         	  TerminalDeviceBuff,
-         	  sizeof (TerminalDeviceBuff) - 1,
-         	  0, 0, 0, 0);
-
-/*
-** Return status
-*/
-return status;
-
-}
-
-/*----------------------------------------------------------------------------*/
-/*                                                                            */
-/*----------------------------------------------------------------------------*/
-static void LogMessage (char *msg, ...)
-{
-char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", 
-                 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
-static unsigned int pid = 0;
-va_list args;
-time_t CurTime;
-struct tm *LocTime;
-char MsgBuff[256];
-
-/*
-** Get the process pid
-*/
-if (pid == 0)
-    pid = getpid ();
-
-/*
-** Convert the current time into local time
-*/
-CurTime = time (NULL);
-LocTime = localtime (&CurTime);
-
-/*
-** Format the message buffer
-*/
-sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
-         LocTime->tm_mday, Month[LocTime->tm_mon], (LocTime->tm_year + 1900),
-         LocTime->tm_hour, LocTime->tm_min, LocTime->tm_sec, pid, msg);
-
-/*
-** Get any variable arguments and add them to the print of the message buffer 
-*/
-va_start (args, msg);
-vfprintf (stderr, MsgBuff, args);
-va_end (args);
-
-/*
-** Flush standard error output
-*/
-fsync (fileno (stderr));
-
-return;
-
-}
-#endif
--- a/apps/term_sock.h
+++ b/apps/term_sock.h
@@ -1,21 +0,0 @@
-#ifndef TERM_SOCK_H
-#define TERM_SOCK_H
-
-/*
-** Terminal Socket Function Codes
-*/
-#define TERM_SOCK_CREATE	1
-#define TERM_SOCK_DELETE	2
-
-/*
-** Terminal Socket Status Codes
-*/
-#define TERM_SOCK_FAILURE	0
-#define TERM_SOCK_SUCCESS	1
-
-/*
-** Terminal Socket Prototype
-*/
-int TerminalSocket (int FunctionCode, int *ReturnSocket);
-
-#endif
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -245,7 +245,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-CAkeyform") == 0)
 			{
 			if (--argc < 1) goto bad;
-			CAformat=str2fmt(*(++argv));
+			CAkeyformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
@@ -869,10 +869,6 @@ bad:
 		                if (Upkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (Upkey->type == EVP_PKEY_ECDSA)
-					digest=EVP_ecdsa();
-#endif

 				assert(need_rand);
 				if (!sign(x,Upkey,days,clrext,digest,
@@ -892,10 +888,6 @@ bad:
 		                if (CApkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (CApkey->type == EVP_PKEY_ECDSA)
-					digest = EVP_ecdsa();
-#endif
 				
 				assert(need_rand);
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
@@ -923,10 +915,10 @@ bad:

 				BIO_printf(bio_err,"Generating certificate request\n");

+#ifndef OPENSSL_NO_DSA
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
-				else if (pk->type == EVP_PKEY_ECDSA)
-					digest=EVP_ecdsa();
+#endif

 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
--- a/31
+++ b/31
@@ -390,18 +390,30 @@ exit 0

 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`(gcc --version) 2>/dev/null`
+GCCVER=`(gcc -dumpversion) 2>/dev/null`
 if [ "$GCCVER" != "" ]; then
  CC=gcc
-  # then strip off whatever prefix Cygnus prepends the number with...
-  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
+  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
+  # does give us what we want though, so we use that.  We just just the
+  # major and minor version numbers.
  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
  CC=cc
 fi
 GCCVER=${GCCVER:-0}
-
+if [ "$SYSTEM" = "HP-UX" ];then
+  # By default gcc is a ILP32 compiler (with long long == 64).
+  GCC_BITS="32"
+  if [ $GCCVER -ge 30 ]; then
+    # PA64 support only came in with gcc 3.0.x.
+    # We look for the preprocessor symbol __LP64__ indicating
+    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
+    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
+      GCC_BITS="64"
+    fi
+  fi
+fi
 if [ "$SYSTEM" = "SunOS" ]; then
  if [ $GCCVER -ge 30 ]; then
    # 64-bit ABI isn't officially supported in gcc 3.0, but it appears
@@ -659,7 +671,16 @@ EOF
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
  *-hpux1*)
-	OUT="hpux-parisc-$CC"
+	if [ $CC = "gcc" ];
+	then
+	  if [ $GCC_BITS = "64" ]; then
+	    OUT="hpux64-parisc-gcc"
+	  else
+	    OUT="hpux-parisc-gcc"
+	  fi
+	else
+	  OUT="hpux-parisc-$CC"
+	fi
 	KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
 	KERNEL_BITS=${KERNEL_BITS:-32}
 	CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
--- a/cpq-axpvms-ssl-t0100--1.pcsi$desc
+++ b/cpq-axpvms-ssl-t0100--1.pcsi$desc
@@ -1,259 +0,0 @@
--
--      CPQ-AXPVMS-SSL-T0100--1.PCSI$DESCRIPTION
--
--      KSG00141     Kevin Greaney		21-Jun-2001
--	Using the ENCRYPT file as a template, create a 
--	.PCSI$DESCRIPTION file for the OpenSSL port.
--
--
--  First, make sure we are running on correct operating system.
--
-product CPQ AXPVMS SSL T1.0 full ;
-    if (not <software DEC AXPVMS VMS version minimum V7.2>) ;
-        error NOAXPVMS;
-    end if;
-
--
--  Now, perform the installation.
--
--
-- Define the SSL root logical name.  This is done by
-- SSL$PCSI.COM.  It defines SSL$ROOT to be the 
-- equivalence name of the PCSI$DESTINATION logical when
-- installing, and deassigns the logical when removing.
-
-    execute 
-	install "@pcsi$destination:[ssl.com]ssl$pcsi.com install" 
-	remove "@pcsi$destination:[ssl.com]ssl$pcsi.com remove";
-
--
-- SSL$STARTUP.COM defines a handfull of logicals and
-- then executes SSL$SYSTARTUP.COM.
--
-- SSL$SHUTDOWN deassigns the logicals defined in the
-- startup file and then executes SSL$SYSHUTDOWN.COM 
--
-- Note : If this kit is installed to a disk other than
--	  the system disk, these two files will not end
--	  up on the system disk.  They will have to be
--	  moved over manually.
-
-    execute 
-	start "@sys$startup:ssl$startup.com" 
-	stop "@sys$startup:ssl$shutdown.com";
-
--
--  Now, perform the testing, if it was requested.
--
-- Find out if the IVP should be run ...
-- Note : If the user specified /NOTEST on the command
--        line, the user will still be asked about running
--	  the IVP, but no matter what they answer, the IVP
--	  will NOT be run.  This is because /NOTEST
--	  overrides the option here.
-
-    option run_ivp default yes;
-       execute test "@pcsi$destination:[systest]ssl$ivp.com/output=pcsi$destination:[systest]ssl$ivp.log";
-    end option;
--
-    information POST_INSTALL phase after with helptext;
-    information RELEASE_NOTES phase after ;
-    information START_INSTRUCTION phase after ;
--    information REINSTALL_PROBLEM phase after ;
-
--
--  And finally, define where all the files should be placed.
--
-    directory [ssl] ;
-    file [ssl.com]ssl$pcsi.com protection private;
--
-    file [syshlp]ssl010.release_notes release notes;
-
-    if (<software DEC AXPVMS VMS>) ;
-       directory [ssl.alpha_exe] ;
-
-       file [ssl.alpha_exe]ca.com ;
-       file [ssl.alpha_exe]openssl.exe ;
-       file [ssl.alpha_exe]ssl_task.exe ;
--
-    end if;
-
-    if (<software DEC VAXVMS VMS>) ;
-       directory [ssl.vax_exe] ;
-       file [ssl.vax_exe]ca.com;
--
-       directory [ssl.vax_lib] ;
-
-    end if;
-
-    file [syslib]ssl$libssl_shr.exe ;    
-    file [syslib]ssl$libcrypto_shr.exe ;    
-
-    file [syslib]ssl$libssl_shr32.exe ;    
-    file [syslib]ssl$libcrypto_shr32.exe ;    
-
-    file [ssl.alpha_exe]ssl$hostname.exe;
-    file [ssl.alpha_exe]ssl$hostaddr.exe;
--
-    directory [ssl.conf] ;
-
-    file [ssl]openssl.cnf ;
-    file [ssl]openssl-vms.cnf ;
-
--
-    directory [ssl.certs] ;
--
-    directory [syshlp.examples.ssl] ;
-
-    file [syshlp.examples.ssl]ssl$bio_cli.c ;
-    file [syshlp.examples.ssl]ssl$bio_serv.c ;
-    file [syshlp.examples.ssl]ssl$cli_sess_renego.c ;
-    file [syshlp.examples.ssl]ssl$cli_sess_renego_cli_ver.c ;
-    file [syshlp.examples.ssl]ssl$cli_sess_reuse.c ;
-    file [syshlp.examples.ssl]ssl$cli_sess_reuse_cli_ver.c ;
-    file [syshlp.examples.ssl]ssl$cli_verify_client.c ;
-    file [syshlp.examples.ssl]ssl$serv_sess_renego.c ;
-    file [syshlp.examples.ssl]ssl$serv_sess_renego_cli_ver.c ;
-    file [syshlp.examples.ssl]ssl$serv_sess_reuse.c ;
-    file [syshlp.examples.ssl]ssl$serv_sess_reuse_cli_ver.c ;
-    file [syshlp.examples.ssl]ssl$serv_verify_client.c ;
-    file [syshlp.examples.ssl]ssl$simple_cli.c ;
-    file [syshlp.examples.ssl]ssl$simple_serv.c ;
-    file [syshlp.examples.ssl]ssl$examples_setup.com ;
-
--
-    directory [ssl.include] ;
--
-    file [ssl.include]asn1.h ;
-    file [ssl.include]asn1_mac.h;
-    file [ssl.include]bio.h;
-    file [ssl.include]blowfish.h;
-    file [ssl.include]bn.h;
-    file [ssl.include]buffer.h;
-    file [ssl.include]cast.h;
-    file [ssl.include]comp.h;
-    file [ssl.include]conf.h;
-    file [ssl.include]conf_api.h;
-    file [ssl.include]crypto.h;
-    file [ssl.include]des.h;
-    file [ssl.include]dh.h;
-    file [ssl.include]dsa.h;
-    file [ssl.include]dso.h;
-    file [ssl.include]ebcdic.h;
-    file [ssl.include]engine.h;
-    file [ssl.include]err.h;
-    file [ssl.include]evp.h;
-    file [ssl.include]e_os.h;
-    file [ssl.include]e_os2.h;
-    file [ssl.include]hmac.h;
-    file [ssl.include]idea.h;
-    file [ssl.include]lhash.h;
-    file [ssl.include]md2.h;
-    file [ssl.include]md4.h;
-    file [ssl.include]md5.h;
-    file [ssl.include]mdc2.h;
-    file [ssl.include]objects.h;
-    file [ssl.include]obj_mac.h;
-    file [ssl.include]opensslconf.h;
-    file [ssl.include]opensslv.h;
-    file [ssl.include]pem.h;
-    file [ssl.include]pem2.h;
-    file [ssl.include]pkcs12.h;
-    file [ssl.include]pkcs7.h;
-    file [ssl.include]rand.h;
-    file [ssl.include]rc2.h;
-    file [ssl.include]rc4.h;
-    file [ssl.include]rc5.h;
-    file [ssl.include]ripemd.h;
-    file [ssl.include]rsa.h;
-    file [ssl.include]safestack.h;
-    file [ssl.include]sha.h;
-    file [ssl.include]ssl.h;
-    file [ssl.include]ssl2.h;
-    file [ssl.include]ssl23.h;
-    file [ssl.include]ssl3.h;
-    file [ssl.include]stack.h;
-    file [ssl.include]symhacks.h;
-    file [ssl.include]tls1.h;
-    file [ssl.include]tmdiff.h;
-    file [ssl.include]txt_db.h;
-    file [ssl.include]x509.h;
-    file [ssl.include]x509v3.h;
-    file [ssl.include]x509_vfy.h;
--
-    directory [ssl.lib] ;
--
-    directory [ssl.private] ;
-
-    file [ssl.private]randfile.;
--
-    directory [ssl.test] ;
-
-    file [ssl.test]tcrl.com;
-    file [ssl.test]testca.com; 
-    file [ssl.test]testenc.com; 
-    file [ssl.test]testgen.com; 
-    file [ssl.test]testss.com; 
-    file [ssl.test]testssl.com; 
-    file [ssl.test]tests_share.com; 
-    file [ssl.test]tpkcs7.com; 
-    file [ssl.test]tpkcs7d.com; 
-    file [ssl.test]treq.com; 
-    file [ssl.test]trsa.com; 
-    file [ssl.test]tsid.com; 
-    file [ssl.test]tverify.com; 
-    file [ssl.test]tx509.com;
--
-    file [ssl.test]bftest.exe; 
-    file [ssl.test]bntest.exe; 
-    file [ssl.test]casttest.exe; 
-    file [ssl.test]destest.exe;
-    file [ssl.test]dhtest.exe; 
-    file [ssl.test]dsatest.exe; 
-    file [ssl.test]exptest.exe; 
-    file [ssl.test]hmactest.exe;
-    file [ssl.test]ideatest.exe; 
-    file [ssl.test]md2test.exe; 
-    file [ssl.test]md4test.exe; 
-    file [ssl.test]md5test.exe;
-    file [ssl.test]mdc2test.exe; 
-    file [ssl.test]randtest.exe; 
-    file [ssl.test]rc2test.exe; 
-    file [ssl.test]rc4test.exe;
-    file [ssl.test]rc5test.exe; 
-    file [ssl.test]rmdtest.exe; 
-    file [ssl.test]rsa_test.exe; 
-    file [ssl.test]sha1test.exe;
-    file [ssl.test]shatest.exe; 
-    file [ssl.test]ssltest.exe;
--
-    file [systest]ssl$ivp.com;
--
-    directory [ssl.com] ;
-
-    file [sys$startup]ssl$startup.com;
-    file [sys$startup]ssl$shutdown.com;
-
-    file [ssl.com]ssl$systartup.com;
-    file [ssl.com]ssl$syshutdown.com;
-    file [ssl.com]ssl$utils.com;
--
-    file [ssl.com]ssl$auth_cert.com;
-    file [ssl.com]ssl$auto_cert.com;
-    file [ssl.com]ssl$cert_tool.com;
-    file [ssl.com]ssl$conf_util.com;
-    file [ssl.com]ssl$draw_box.com;
-    file [ssl.com]ssl$exit_cmd.tpu;
-    file [ssl.com]ssl$fill_box.com;
-    file [ssl.com]ssl$hash_cert.com;
-    file [ssl.com]ssl$init_env.com;
-    file [ssl.com]ssl$init_term.com;
-    file [ssl.com]ssl$pick_file.com;
-    file [ssl.com]ssl$rem_env.com;
-    file [ssl.com]ssl$rqst_cert.com;
-    file [ssl.com]ssl$self_cert.com;
-    file [ssl.com]ssl$show_file.com;
-    file [ssl.com]ssl$sign_cert.com;
-    file [ssl.com]ssl$view_cert.com;
--
-end product ;
--- a/cpq-axpvms-ssl-t0100--1.pcsi$text
+++ b/cpq-axpvms-ssl-t0100--1.pcsi$text
@@ -1,82 +0,0 @@
-=product CPQ AXPVMS SSL T1.0 full
-1 'PRODUCT
-=prompt SSL for OpenVMS Alpha T1.0 (Based on OpenSSL 0.9.6B).
-SSL for OpenVMS provides a toolkit that implements SSL V2/V3, TLS V1,
-and a general purpose cryptography library.
-
-1 'PRODUCER
-
-1 'NOTICE
-=prompt (c) Compaq Computer Corporation 2002. All rights reserved.
-
-COMPAQ Registered in U.S. Patent and Trademark Office.
-
-Confidential computer software. Valid license from Compaq or
-authorized sublicensor required for possession, use or copying.
-Consistent with FAR 12.211 and 12.212, Commercial Computer Software,
-Computer Software Documentation, and Technical Data for Commercial
-Items are licensed to the U.S. Government under vendor's standard
-commercial license.
-
-This software is installable on OpenVMS processors using the POLYCENTER
-Software Installation utility.
-
-IMPORTANT LEGAL NOTICE:
-
-        Exports of this product are subject to U.S. Export Administration
-        Regulations pertaining to encryption items and may require that 
-        individual export authorization be obtained from the U.S. 
-        Department of Commerce.
-
-1 START_INSTRUCTION
-=prompt @SYS$STARTUP:SSL$STARTUP.COM should be run at system startup.
-Once the installation is complete, adding the following line to
-SYS$MANAGER:SYSTARTUP_VMS.COM will define the SSL$ logicals 
-in the SYSTEM logical name table:
-
-        $ @SYS$STARTUP:SSL$STARTUP.COM "/SYSTEM"
-
-It is also possible to have the logicals placed in other logical 
-name tables - EXEC,USER, etc - by replacing the SYSTEM parameter
-above with the alternate table name.
-
-
-1 RELEASE_NOTES
-=prompt Refer to SYS$HELP:SSL010.RELEASE_NOTES for more information.
-The SSL product release notes contain up to date information regarding 
-bug fixes, known problems, and general installation information.
-
-1 RUN_IVP
-=prompt Run the installation verification procedure (IVP)?
-This option determines if the installation verification
-procedure will be run as part of the installation.  The procedure 
-should take few minutes to run, depending on the processor
-speed.  If it is not run during the installation, then it
-should be run as part of the post installation procedure.
-
-1 POST_INSTALL
-=prompt There are post installation activities that need to be performed.
-This includes things like defining logical names and running SSL$UTIL.COM 
-to define some foreign symbols, and running the IVP if it was not done
-as part of the installation.  Refer the to Release Notes for more 
-information about activities that should be performed once the installation 
-has finished.  
-
-SSL has created the following directory structure in
-PCSI$DESTINATION, which defaults to SYS$SYSDEVICE:[VMS$COMMON]:
-
- [SSL] - 
- [SSL.ALPHA_EXE] - Contains the images for the Alpha platform. 
- [SSL.ALPHA_LIB] - Contains the .OLBs for the Alpha platform. 
- [SSL.CERTS] -     Directory to hold certificates 
- [SSL.COM] -	   Directory to hold the various command procedures.
- [SSL.CONF] -	   Contains the configuration files.
- [SSL.INCLUDE] -   Contains the C Header (.H) files.
- [SSL.PRIVATE] -   Files specifically for SSL use such as RANDFILE.
- [SSL.TEST] -	   Contains the files used during the IVP.
-
- 
-1 NOAXPVMS
-=prompt Minimum OpenVMS Alpha software not found on system, abort installation
-This kit requires a minimum OpenVMS Alpha version of V7.2.
-
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -28,7 +28,7 @@ LIBS=

 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa dh dso engine aes \
+	bn ec rsa dsa dh dso engine aes \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

@@ -54,11 +54,11 @@ all: buildinf.h lib subdirs shared

 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
-	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
-	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
-	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
+	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
+	echo '  #define PLATFORM "$(PLATFORM)"'; \
 	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
-	echo "#endif" ) >buildinf.h
+	echo '#endif' ) >buildinf.h

 testapps:
 	if echo ${SDIRS} | fgrep ' des '; \
@@ -136,12 +136,12 @@ lint:

 depend:
 	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
-	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(CFLAG) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
 	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i && echo "making depend in crypto/$$i..." && \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
 	done;

 clean:
@@ -180,7 +180,7 @@ cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
 cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c
-ebcdic.o: ../include/openssl/opensslconf.h ebcdic.c
+ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
 ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
--- a/crypto/aes/Makefile.ssl
+++ b/crypto/aes/Makefile.ssl
@@ -75,7 +75,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@@ -137,7 +137,7 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 	} else {
 		while (l--) {
 			if (n == 0) {
-				AES_decrypt(ivec, ivec, key);
+				AES_encrypt(ivec, ivec, key);
 			}
 			c = *(in);
 			*(out++) = *(in++) ^ ivec[n];
--- a/crypto/aes/aes_ctr.c
+++ b/crypto/aes/aes_ctr.c
@@ -106,8 +106,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,

 	while (l--) {
 		if (n == 0) {
-			AES_ctr128_inc(counter);
 			AES_encrypt(counter, tmp, key);
+			AES_ctr128_inc(counter);
 		}
 		*(out++) = *(in++) ^ tmp[n];
 		n = (n+1) % AES_BLOCK_SIZE;
--- a/crypto/aes/aes_locl.h
+++ b/crypto/aes/aes_locl.h
@@ -60,10 +60,7 @@

 #include <stdio.h>
 #include <stdlib.h>
-
-#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
 #include <string.h>
-#endif

 #ifdef _MSC_VER
 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -71,8 +71,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	if (a == NULL) return(0);

 	len=a->length;
-	ret=1+len;
-	if (pp == NULL) return(ret);

 	if (len > 0)
 		{
@@ -100,6 +98,10 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 		}
 	else
 		bits=0;
+
+	ret=1+len;
+	if (pp == NULL) return(ret);
+
 	p= *pp;

 	*(p++)=(unsigned char)bits;
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -151,7 +151,17 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+	if (ret->length < len+4)
+		{
+		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+		if (!new_data)
+			{
+			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		ret->data=new_data;
+		}
+
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -397,7 +397,16 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+	if (ret->length < len+4)
+		{
+		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+		if (!new_data)
+			{
+			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		ret->data=new_data;
+		}
 	ret->length=BN_bn2bin(bn,ret->data);
 	/* Correct zero case */
 	if(!ret->length)
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -118,7 +118,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
 		}

        pStart  = p; /* Catch the beg of Setblobs*/
-        rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
+        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
 we will store the SET blobs */

        for (i=0; i<sk_num(a); i++)
@@ -135,7 +135,7 @@ SetBlob
 /* Now we have to sort the blobs. I am using a simple algo.
    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-        pTempMem = OPENSSL_malloc(totSize);
+        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;

 /* Copy to temp mem */
        p = pTempMem;
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -77,8 +77,8 @@
 /* Three IO functions for sending data to memory, a BIO and
 * and a FILE pointer.
 */
-
-int send_mem_chars(void *arg, const void *buf, int len)
+#if 0				/* never used */
+static int send_mem_chars(void *arg, const void *buf, int len)
 {
 	unsigned char **out = arg;
 	if(!out) return 1;
@@ -86,15 +86,16 @@ int send_mem_chars(void *arg, const void *buf, int len)
 	*out += len;
 	return 1;
 }
+#endif

-int send_bio_chars(void *arg, const void *buf, int len)
+static int send_bio_chars(void *arg, const void *buf, int len)
 {
 	if(!arg) return 1;
 	if(BIO_write(arg, buf, len) != len) return 0;
 	return 1;
 }

-int send_fp_chars(void *arg, const void *buf, int len)
+static int send_fp_chars(void *arg, const void *buf, int len)
 {
 	if(!arg) return 1;
 	if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
@@ -240,7 +241,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen
 * #01234 format.
 */

-int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
 {
 	/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
 	 * the DER encoding to readily obtained
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -222,6 +222,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	{
 	struct tm *tm;
+	struct tm data;
 	int offset;
 	int year;

@@ -238,7 +239,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)

 	t -= offset*60; /* FIXME: may overflow in extreme cases */

-	{ struct tm data; tm = OPENSSL_gmtime(&t, &data); }
+	tm = OPENSSL_gmtime(&t, &data);
 	
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
 	year = g2(s->data);
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -773,6 +773,7 @@ int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
 int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);

 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
 DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
 DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
 DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
@@ -1008,13 +1009,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509_PKEY				 159
 #define ASN1_F_I2D_ASN1_TIME				 160
 #define ASN1_F_I2D_DSA_PUBKEY				 161
-#define ASN1_F_I2D_ECDSA_PUBKEY				 174
 #define ASN1_F_I2D_NETSCAPE_RSA				 162
 #define ASN1_F_I2D_PRIVATEKEY				 163
 #define ASN1_F_I2D_PUBLICKEY				 164
 #define ASN1_F_I2D_RSA_PUBKEY				 165
 #define ASN1_F_LONG_C2I					 166
-#define ASN1_F_OID_MODULE_INIT				 175
+#define ASN1_F_OID_MODULE_INIT				 174
 #define ASN1_F_PKCS5_PBE2_SET				 167
 #define ASN1_F_X509_CINF_NEW				 168
 #define ASN1_F_X509_CRL_ADD0_REVOKED			 169
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -128,7 +128,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
 {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"I2D_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),	"i2d_DSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_ECDSA_PUBKEY,0),	"i2d_ECDSA_PUBKEY"},
 {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
 {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>

 static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);
@@ -123,15 +124,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
 		(int)(omax+ *pp));

 #endif
-#if 0
-	if ((p+ *plength) > (omax+ *pp))
+	if (*plength > (omax - (*pp - p)))
 		{
 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
 		/* Set this so that even if things are not long enough
 		 * the values are set correctly */
 		ret|=0x80;
 		}
-#endif
 	*pp=p;
 	return(ret|inf);
 err:
@@ -158,6 +157,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		i= *p&0x7f;
 		if (*(p++) & 0x80)
 			{
+			if (i > sizeof(long))
+				return 0;
 			if (max-- == 0) return(0);
 			while (i-- > 0)
 				{
@@ -169,6 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		else
 			ret=i;
 		}
+	if (ret < 0)
+		return 0;
 	*pp=p;
 	*rl=ret;
 	return(1);
@@ -406,7 +409,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)

 void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[16],buf2[16];
+	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];

 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -68,9 +68,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif

 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
@@ -110,16 +107,6 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 			goto err;
 			}
 		break;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	case EVP_PKEY_ECDSA:
-		if ((ret->pkey.ecdsa = d2i_ECDSAPrivateKey(NULL, 
-			(const unsigned char **)pp, length)) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
 #endif
 	default:
 		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
@@ -151,10 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
 	/* Since we only need to discern "traditional format" RSA and DSA
 	 * keys we can just count the elements.
         */
-	if(sk_ASN1_TYPE_num(inkey) == 6) 
-		keytype = EVP_PKEY_DSA;
-	else if (sk_ASN1_TYPE_num(inkey) == 4)
-		keytype = EVP_PKEY_ECDSA;
+	if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA;
 	else keytype = EVP_PKEY_RSA;
 	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
 	return d2i_PrivateKey(keytype, a, pp, length);
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -68,9 +68,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif

 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
@@ -103,23 +100,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 #endif
 #ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPublicKey(&(ret->pkey.dsa),
+		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,
 			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	case EVP_PKEY_ECDSA:
-		if ((ret->pkey.ecdsa = ECDSAPublicKey_set_octet_string(&(ret->pkey.ecdsa), 
-			(const unsigned char **)pp, length)) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-	break;
 #endif
 	default:
 		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
--- a/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c
@@ -67,9 +67,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif

 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 	{
@@ -86,12 +83,6 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
 		}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	if (a->type == EVP_PKEY_ECDSA)
-		{
-		return(i2d_ECDSAPrivateKey(a->pkey.ecdsa, pp));
-		}
-#endif

 	ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
 	return(-1);
--- a/crypto/asn1/i2d_pu.c
+++ b/crypto/asn1/i2d_pu.c
@@ -67,9 +67,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif

 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 	{
@@ -82,10 +79,6 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 #ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	case EVP_PKEY_ECDSA:
-		return(ECDSAPublicKey_get_octet_string(a->pkey.ecdsa, pp));
 #endif
 	default:
 		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -92,6 +92,8 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
 	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
 } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)

+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)

 ASN1_SEQUENCE(NETSCAPE_PKEY) = {
@@ -100,6 +102,8 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
 	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(NETSCAPE_PKEY)

+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)

 static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -69,29 +69,26 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif

 static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
 #ifndef OPENSSL_NO_RSA
 #ifndef OPENSSL_NO_FP_API
 int RSA_print_fp(FILE *fp, const RSA *x, int off)
-	{
-	BIO *b;
-	int ret;
+        {
+        BIO *b;
+        int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)
+        if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
+                return(0);
 		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=RSA_print(b,x,off);
-	BIO_free(b);
-	return(ret);
-	}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=RSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
 #endif

 int RSA_print(BIO *bp, const RSA *x, int off)
@@ -99,10 +96,34 @@ int RSA_print(BIO *bp, const RSA *x, int off)
 	char str[128];
 	const char *s;
 	unsigned char *m=NULL;
-	int i,ret=0;
+	int ret=0;
+	size_t buf_len=0, i;

-	i=RSA_size(x);
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+	if (x->n)
+		buf_len = (size_t)BN_num_bytes(x->n);
+	if (x->e)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
+			buf_len = i;
+	if (x->d)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
+			buf_len = i;
+	if (x->p)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
+			buf_len = i;
+	if (x->q)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+			buf_len = i;
+	if (x->dmp1)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
+			buf_len = i;
+	if (x->dmq1)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
+			buf_len = i;
+	if (x->iqmp)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
+			buf_len = i;
+
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -164,22 +185,25 @@ int DSA_print(BIO *bp, const DSA *x, int off)
 	{
 	char str[128];
 	unsigned char *m=NULL;
-	int i,ret=0;
-	BIGNUM *bn=NULL;
+	int ret=0;
+	size_t buf_len=0,i;

-	if (x->p != NULL)
-		bn=x->p;
-	else if (x->priv_key != NULL)
-		bn=x->priv_key;
-	else if (x->pub_key != NULL)
-		bn=x->pub_key;
-		
-	/* larger than needed but what the hell :-) */
-	if (bn != NULL)
-		i=BN_num_bytes(bn)*2;
-	else
-		i=256;
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+	if (x->p)
+		buf_len = (size_t)BN_num_bytes(x->p);
+	if (x->q)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+			buf_len = i;
+	if (x->g)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+			buf_len = i;
+	if (x->priv_key)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
+			buf_len = i;
+	if (x->pub_key)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
+			buf_len = i;
+
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -212,150 +236,6 @@ err:
 	}
 #endif /* !OPENSSL_NO_DSA */

-#ifndef OPENSSL_NO_ECDSA
-#ifndef OPENSSL_NO_FP_API
-int ECDSA_print_fp(FILE *fp, const ECDSA *x, int off)
-{
-	BIO *b;
-	int ret;
- 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_PRINT_FP, ERR_R_BIO_LIB);
-		return(0);
-	}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = ECDSA_print(b, x, off);
-	BIO_free(b);
-	return(ret);
-}
-#endif
-
-int ECDSA_print(BIO *bp, const ECDSA *x, int off)
-	{
-	char str[128];
-	unsigned char *buffer=NULL;
-	int     i, buf_len=0, ret=0, reason=ERR_R_BIO_LIB;
-	BIGNUM  *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL,
-		*tmp_4=NULL, *tmp_5=NULL, *tmp_6=NULL,
-		*tmp_7=NULL;
-	BN_CTX  *ctx=NULL;
-	EC_POINT *point=NULL;
- 
-	/* TODO: fields other than prime fields */
-       
-	if (!x || !x->group)
-		{
-		reason = ECDSA_R_MISSING_PARAMETERS;
-		goto err;
-		}
-	if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL ||
-		(tmp_3 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL ||
-		(tmp_6 = BN_new()) == NULL || (tmp_7 = BN_new()) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-	if (!EC_GROUP_get_curve_GFp(x->group, tmp_1, tmp_2, tmp_3, ctx))
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
-	if ((point = EC_GROUP_get0_generator(x->group)) == NULL)
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
-	if (!EC_GROUP_get_order(x->group, tmp_6, NULL) || !EC_GROUP_get_cofactor(x->group, tmp_7, NULL))
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
-	if ((buf_len = EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), NULL, 0, ctx)) == 0)
-		{
-		reason = ECDSA_R_UNEXPECTED_PARAMETER_LENGTH;
-		goto err;
-		}
-	if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-	if (!EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), 
-				buffer, buf_len, ctx)) goto err;
-	if ((tmp_4 = BN_bin2bn(buffer, buf_len, NULL)) == NULL)
-		{
-		reason = ERR_R_BN_LIB;
-		goto err;
-		}
-	if ((i = EC_POINT_point2oct(x->group, x->pub_key, ECDSA_get_conversion_form(x), NULL, 0, ctx)) == 0)
-		{
-		reason = ECDSA_R_UNEXPECTED_PARAMETER_LENGTH;
-		goto err;
-		}
-	if (i > buf_len && (buffer = OPENSSL_realloc(buffer, i)) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		buf_len = i;
-		goto err;
-		}
-	if (!EC_POINT_point2oct(x->group, x->pub_key, ECDSA_get_conversion_form(x), 
-				buffer, buf_len, ctx))
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
-	if ((tmp_5 = BN_bin2bn(buffer, buf_len, NULL)) == NULL)
-		{
-		reason = ERR_R_BN_LIB;
-		goto err;
-		}
-	if (tmp_1 != NULL)
-		i = BN_num_bytes(tmp_1)*2;
-	else
-		i=256;
-	if ((i + 10) > buf_len && (buffer = OPENSSL_realloc(buffer, i+10)) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		buf_len = i;
-		goto err;
-		}
-	if (off)
-		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		}
-	if (x->priv_key != NULL)
-		{
-		if (off && (BIO_write(bp, str, off) <= 0)) goto err;
-		if (BIO_printf(bp, "Private-Key: (%d bit)\n", BN_num_bits(tmp_1)) <= 0) goto err;
-		}
-  
-	if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, buffer, off)) goto err;
-	if ((tmp_5 != NULL) && !print(bp, "pub: ", tmp_5, buffer, off)) goto err;
-	if ((tmp_1 != NULL) && !print(bp, "P:   ", tmp_1, buffer, off)) goto err;
-	if ((tmp_2 != NULL) && !print(bp, "A:   ", tmp_2, buffer, off)) goto err;
-	if ((tmp_3 != NULL) && !print(bp, "B:   ", tmp_3, buffer, off)) goto err;
-	if ((tmp_4 != NULL) && !print(bp, "Gen: ", tmp_4, buffer, off)) goto err;
-	if ((tmp_6 != NULL) && !print(bp, "Order: ", tmp_6, buffer, off)) goto err;
-	if ((tmp_7 != NULL) && !print(bp, "Cofactor: ", tmp_7, buffer, off)) goto err;
-	ret=1;
-err:
-	if (!ret)
- 		ECDSAerr(ECDSA_F_ECDSA_PRINT, reason);
-	if (tmp_1) BN_free(tmp_1);
-	if (tmp_2) BN_free(tmp_2);
-	if (tmp_3) BN_free(tmp_3);
-	if (tmp_4) BN_free(tmp_4);
-	if (tmp_5) BN_free(tmp_5);
-	if (tmp_6) BN_free(tmp_6);
-	if (tmp_7) BN_free(tmp_7);
-	if (ctx)   BN_CTX_free(ctx);
-	if (buffer != NULL) OPENSSL_free(buffer);
-	return(ret);
-	}
-#endif
-
 static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 	     int off)
 	{
@@ -409,29 +289,34 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 #ifndef OPENSSL_NO_DH
 #ifndef OPENSSL_NO_FP_API
 int DHparams_print_fp(FILE *fp, const DH *x)
-	{
-	BIO *b;
-	int ret;
+        {
+        BIO *b;
+        int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)
+        if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
+                return(0);
 		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=DHparams_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DHparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
 #endif

 int DHparams_print(BIO *bp, const DH *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,i,ret=0;
+	int reason=ERR_R_BUF_LIB,ret=0;
+	size_t buf_len=0, i;

-	i=BN_num_bytes(x->p);
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+	if (x->p)
+		buf_len = (size_t)BN_num_bytes(x->p);
+	if (x->g)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+			buf_len = i;
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
@@ -462,29 +347,37 @@ err:
 #ifndef OPENSSL_NO_DSA
 #ifndef OPENSSL_NO_FP_API
 int DSAparams_print_fp(FILE *fp, const DSA *x)
-	{
-	BIO *b;
-	int ret;
+        {
+        BIO *b;
+        int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)
+        if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
+                return(0);
 		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=DSAparams_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSAparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
 #endif

 int DSAparams_print(BIO *bp, const DSA *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,i,ret=0;
+	int reason=ERR_R_BUF_LIB,ret=0;
+	size_t buf_len=0,i;

-	i=BN_num_bytes(x->p);
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+	if (x->p)
+		buf_len = (size_t)BN_num_bytes(x->p);
+	if (x->q)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+			buf_len = i;
+	if (x->g)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+			buf_len = i;
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
@@ -506,95 +399,3 @@ err:

 #endif /* !OPENSSL_NO_DSA */

-#ifndef OPENSSL_NO_ECDSA
-#ifndef OPENSSL_NO_FP_API
-int ECDSAParameters_print_fp(FILE *fp, const ECDSA *x)
-	{
-	BIO *b;
-	int ret;
- 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSAPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-		return(0);
-	}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = ECDSAParameters_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
-
-int ECDSAParameters_print(BIO *bp, const ECDSA *x)
-       {
-       unsigned char *buffer=NULL;
-       int     buf_len;
-       int     reason=ERR_R_EC_LIB, i, ret=0;
-       BIGNUM  *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL, *tmp_4=NULL,
-               *tmp_5=NULL, *tmp_6=NULL;
-       BN_CTX  *ctx=NULL;
-       EC_POINT *point=NULL;
- 
-       /* TODO: fields other than prime fields */
-       if (!x || !x->group)
-       {
-		reason = ECDSA_R_MISSING_PARAMETERS;
-		goto err;
-       }
-       if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL ||
-	   (tmp_3 = BN_new()) == NULL || (tmp_5 = BN_new()) == NULL ||
-           (tmp_6 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL)
-       {
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-	}
-	if (!EC_GROUP_get_curve_GFp(x->group, tmp_1, tmp_2, tmp_3, ctx)) goto err;
-	if ((point = EC_GROUP_get0_generator(x->group)) == NULL) goto err;
-	if (!EC_GROUP_get_order(x->group, tmp_5, ctx)) goto err;
-	if (!EC_GROUP_get_cofactor(x->group, tmp_6, ctx)) goto err;	
-	buf_len = EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), NULL, 0, ctx);
-	if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL)
-	{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-	}
-	if (!EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), buffer, buf_len, ctx))
-	{
-		reason = ERR_R_EC_LIB;
-		goto err;
-	}
-	if ((tmp_4 = BN_bin2bn(buffer, buf_len, NULL)) == NULL)
-	{
-		reason = ERR_R_BN_LIB;
-		goto err;
-	}
-  
-	i = BN_num_bits(tmp_1) + 10;
-	if (i > buf_len && (buffer = OPENSSL_realloc(buffer, i)) == NULL)
-	{
-		reason=ERR_R_MALLOC_FAILURE;
-		goto err;
-	}
- 
-	if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", BN_num_bits(tmp_1)) <= 0) goto err;
-	if (!print(bp, "Prime p:", tmp_1, buffer, 4)) goto err;
-	if (!print(bp, "Curve a:", tmp_2, buffer, 4)) goto err;
-	if (!print(bp, "Curve b:", tmp_3, buffer, 4)) goto err;
-	if (!print(bp, "Generator (compressed):", tmp_4, buffer, 4)) goto err; 
-	if (!print(bp, "Order:", tmp_5, buffer, 4)) goto err;
-	if (!print(bp, "Cofactor:", tmp_6, buffer, 4)) goto err;
-	ret=1;
-err:
-	if (tmp_1)  BN_free(tmp_1);
-	if (tmp_2)  BN_free(tmp_2);
-	if (tmp_3)  BN_free(tmp_3);
-	if (tmp_4)  BN_free(tmp_4);
-	if (tmp_5)  BN_free(tmp_5);
-	if (tmp_6)  BN_free(tmp_6);
-	if (ctx)    BN_CTX_free(ctx);
-	if (buffer) OPENSSL_free(buffer);
-	ECDSAerr(ECDSA_F_ECDSAPARAMETERS_PRINT, reason);
-	return(ret);
-	}
-  
-#endif
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -134,15 +134,6 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
 		}
 	else
 #endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey != NULL && pkey->type == EVP_PKEY_ECDSA)
-		{
-			BIO_printf(bp, "%12sECDSA Public Key: \n","");
-			ECDSA_print(bp, pkey->pkey.ecdsa, 16);
-		}
-	else
-#endif
-
 		BIO_printf(bp,"%12sUnknown Public Key:\n","");

 	if (pkey != NULL)
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
@@ -93,15 +93,6 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 		}
 		else
 #endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_ECDSA)
-		{
-			BIO_printf(out, "  ECDSA Public Key:\n");
-			ECDSA_print(out, pkey->pkey.ecdsa,2);
-		}
-		else
-#endif
-
 			BIO_printf(out,"  Unknown Public Key:\n");
 		EVP_PKEY_free(pkey);
 	}
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -66,9 +66,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
@@ -231,14 +228,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 			DSA_print(bp,pkey->pkey.dsa,16);
 			}
 		else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_ECDSA)
-			{
-			BIO_printf(bp, "%12sECDSA Public Key:\n","");
-			ECDSA_print(bp, pkey->pkey.ecdsa, 16);
-			}
-		else
 #endif
 			BIO_printf(bp,"%12sUnknown Public Key:\n","");

--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -63,14 +63,13 @@

 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	if (operation == ASN1_OP_FREE_POST)
-		{
+{
+	if(operation == ASN1_OP_FREE_POST) {
 		X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
 		EVP_PKEY_free(pubkey->pkey);
-		}
-	return 1;
 	}
+	return 1;
+}

 ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
 	ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
@@ -109,17 +108,18 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 			a->parameter->type=V_ASN1_NULL;
 			}
 		}
+	else
 #ifndef OPENSSL_NO_DSA
-	else if (pkey->type == EVP_PKEY_DSA)
+		if (pkey->type == EVP_PKEY_DSA)
 		{
 		unsigned char *pp;
 		DSA *dsa;
-		
+
 		dsa=pkey->pkey.dsa;
 		dsa->write_params=0;
 		ASN1_TYPE_free(a->parameter);
 		i=i2d_DSAparams(dsa,NULL);
-		p=(unsigned char *)OPENSSL_malloc(i);
+		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
 		pp=p;
 		i2d_DSAparams(dsa,&pp);
 		a->parameter=ASN1_TYPE_new();
@@ -128,68 +128,19 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		ASN1_STRING_set(a->parameter->value.sequence,p,i);
 		OPENSSL_free(p);
 		}
+	else
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	else if (pkey->type == EVP_PKEY_ECDSA)
-		{
-		int nid=0;
-		unsigned char *pp;
-		ECDSA *ecdsa;
-		
-		ecdsa = pkey->pkey.ecdsa;
-		ASN1_TYPE_free(a->parameter);
-
-		if ((a->parameter = ASN1_TYPE_new()) == NULL)
-			{
-			X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-			goto err;
-			}
-
-		if ((ECDSA_get_parameter_flags(ecdsa) & ECDSA_FLAG_NAMED_CURVE) && (nid = EC_GROUP_get_nid(ecdsa->group)))
-			{
-			/* just set the OID */
-			a->parameter->type = V_ASN1_OBJECT;
-			a->parameter->value.object = OBJ_nid2obj(nid);
-			}
-		else /* explicit parameters */
-			{
-			if ((i = i2d_ECDSAParameters(ecdsa, NULL)) == 0)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB);
-				goto err;
-				}
-			if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}	
-			pp = p;
-			if (!i2d_ECDSAParameters(ecdsa, &pp))
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB);
-				OPENSSL_free(p);
-				goto err;
-				}
-			a->parameter->type = V_ASN1_SEQUENCE;
-			if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-				OPENSSL_free(p);
-				goto err;
-				}
-			ASN1_STRING_set(a->parameter->value.sequence, p, i);
-			OPENSSL_free(p);
-			}
-		}
-#endif
-	else if (1)
 		{
 		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
 		goto err;
 		}

 	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err;
+	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
+		{
+		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
 	p=s;
 	i2d_PublicKey(pkey,&p);
 	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
@@ -222,7 +173,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	long j;
 	int type;
 	unsigned char *p;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#ifndef OPENSSL_NO_DSA
 	const unsigned char *cp;
 	X509_ALGOR *a;
 #endif
@@ -230,97 +181,40 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	if (key == NULL) goto err;

 	if (key->pkey != NULL)
-		{
-		CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-		return(key->pkey);
-		}
+	    {
+	    CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+	    return(key->pkey);
+	    }

 	if (key->public_key == NULL) goto err;

 	type=OBJ_obj2nid(key->algor->algorithm);
-	if ((ret = EVP_PKEY_new()) == NULL)
+	p=key->public_key->data;
+        j=key->public_key->length;
+        if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
 		{
-		X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+		X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB);
 		goto err;
 		}
-	ret->type = EVP_PKEY_type(type);
+	ret->save_parameters=0;

-	/* the parameters must be extracted before the public key (ECDSA!) */
-	
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-	a=key->algor;
-#endif
-
-	if (0)
-		;
 #ifndef OPENSSL_NO_DSA
-	else if (ret->type == EVP_PKEY_DSA)
+	a=key->algor;
+	if (ret->type == EVP_PKEY_DSA)
 		{
 		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
 			{
-			if ((ret->pkey.dsa = DSA_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
 			ret->pkey.dsa->write_params=0;
 			cp=p=a->parameter->value.sequence->data;
 			j=a->parameter->value.sequence->length;
-			if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
+			if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j))
 				goto err;
 			}
 		ret->save_parameters=1;
 		}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	else if (ret->type == EVP_PKEY_ECDSA)
-		{
-		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
-			{
-			/* type == V_ASN1_SEQUENCE => we have explicit parameters
-                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
-			 */
-			if ((ret->pkey.ecdsa= ECDSA_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			cp = p = a->parameter->value.sequence->data;
-			j = a->parameter->value.sequence->length;
-			if (!d2i_ECDSAParameters(&ret->pkey.ecdsa, &cp, (long)j))
-				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_ECDSA_LIB);
-				goto err;
-				}
-			}
-		else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
-			{
-			/* type == V_ASN1_OBJECT => the parameters are given
-			 * by an asn1 OID
-			 */
-			if (ret->pkey.ecdsa == NULL)
-				ret->pkey.ecdsa = ECDSA_new();
-			if (ret->pkey.ecdsa->group)
-				EC_GROUP_free(ret->pkey.ecdsa->group);
-			ret->pkey.ecdsa->parameter_flags |= ECDSA_FLAG_NAMED_CURVE;
-			if ((ret->pkey.ecdsa->group = EC_GROUP_new_by_name(OBJ_obj2nid(a->parameter->value.object))) == NULL)
-				goto err;
-			}
-			/* the case implicitlyCA is currently not implemented */
-		ret->save_parameters = 1;
-		}
-#endif
-
-	p=key->public_key->data;
-        j=key->public_key->length;
-        if ((ret = d2i_PublicKey(type, &ret, &p, (long)j)) == NULL)
-		{
-		X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
-		goto err;
-		}
-
-	key->pkey = ret;
-	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+	key->pkey=ret;
+	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY);
 	return(ret);
 err:
 	if (ret != NULL)
@@ -334,7 +228,7 @@ err:

 EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
 	     long length)
-	{
+{
 	X509_PUBKEY *xpk;
 	EVP_PKEY *pktmp;
 	xpk = d2i_X509_PUBKEY(NULL, pp, length);
@@ -342,16 +236,15 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
 	pktmp = X509_PUBKEY_get(xpk);
 	X509_PUBKEY_free(xpk);
 	if(!pktmp) return NULL;
-	if(a)
-		{
+	if(a) {
 		EVP_PKEY_free(*a);
 		*a = pktmp;
-		}
-	return pktmp;
 	}
+	return pktmp;
+}

 int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
-	{
+{
 	X509_PUBKEY *xpk=NULL;
 	int ret;
 	if(!a) return 0;
@@ -359,7 +252,7 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 	ret = i2d_X509_PUBKEY(xpk, pp);
 	X509_PUBKEY_free(xpk);
 	return ret;
-	}
+}

 /* The following are equivalents but which return RSA and DSA
 * keys
@@ -367,117 +260,75 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 #ifndef OPENSSL_NO_RSA
 RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
 	     long length)
-	{
+{
 	EVP_PKEY *pkey;
 	RSA *key;
 	unsigned char *q;
 	q = *pp;
 	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return NULL;
+	if(!pkey) return NULL;
 	key = EVP_PKEY_get1_RSA(pkey);
 	EVP_PKEY_free(pkey);
-	if (!key) return NULL;
+	if(!key) return NULL;
 	*pp = q;
-	if (a)
-		{
+	if(a) {
 		RSA_free(*a);
 		*a = key;
-		}
-	return key;
 	}
+	return key;
+}

 int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
-	{
+{
 	EVP_PKEY *pktmp;
 	int ret;
-	if (!a) return 0;
+	if(!a) return 0;
 	pktmp = EVP_PKEY_new();
-	if (!pktmp)
-		{
+	if(!pktmp) {
 		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
+	}
 	EVP_PKEY_set1_RSA(pktmp, a);
 	ret = i2d_PUBKEY(pktmp, pp);
 	EVP_PKEY_free(pktmp);
 	return ret;
-	}
+}
 #endif

 #ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
 	     long length)
-	{
+{
 	EVP_PKEY *pkey;
 	DSA *key;
 	unsigned char *q;
 	q = *pp;
 	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return NULL;
+	if(!pkey) return NULL;
 	key = EVP_PKEY_get1_DSA(pkey);
 	EVP_PKEY_free(pkey);
-	if (!key) return NULL;
+	if(!key) return NULL;
 	*pp = q;
-	if (a)
-		{
+	if(a) {
 		DSA_free(*a);
 		*a = key;
-		}
-	return key;
 	}
+	return key;
+}

 int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
-	{
+{
 	EVP_PKEY *pktmp;
 	int ret;
 	if(!a) return 0;
 	pktmp = EVP_PKEY_new();
-	if(!pktmp)
-		{
+	if(!pktmp) {
 		ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
+	}
 	EVP_PKEY_set1_DSA(pktmp, a);
 	ret = i2d_PUBKEY(pktmp, pp);
 	EVP_PKEY_free(pktmp);
 	return ret;
-	}
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-ECDSA *d2i_ECDSA_PUBKEY(ECDSA **a, unsigned char **pp, long length)
-	{
-	EVP_PKEY *pkey;
-	ECDSA *key;
-	unsigned char *q;
-	q = *pp;
-	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return(NULL);
-	key = EVP_PKEY_get1_ECDSA(pkey);
-	EVP_PKEY_free(pkey);
-	if (!key)  return(NULL);
-	*pp = q;
-	if (a)
-		{
-		ECDSA_free(*a);
-		*a = key;
-		}
-	return(key);
-	}
-
-int i2d_ECDSA_PUBKEY(ECDSA *a, unsigned char **pp)
-	{
-	EVP_PKEY *pktmp;
-	int ret;
-	if (!a)	return(0);
-	if ((pktmp = EVP_PKEY_new()) == NULL)
-		{
-		ASN1err(ASN1_F_I2D_ECDSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	EVP_PKEY_set1_ECDSA(pktmp, a);
-	ret = i2d_PUBKEY(pktmp, pp);
-	EVP_PKEY_free(pktmp);
-	return(ret);
-	}
+}
 #endif
--- a/crypto/bf/Makefile.ssl
+++ b/crypto/bf/Makefile.ssl
@@ -96,7 +96,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- a/crypto/bio/Makefile.ssl
+++ b/crypto/bio/Makefile.ssl
@@ -78,7 +78,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -86,17 +86,6 @@ static int wsa_init_done=0;
 static unsigned long BIO_ghbn_hits=0L;
 static unsigned long BIO_ghbn_miss=0L;

-/* For 64-bit API */
-#if __INITIAL_POINTER_SIZE == 64
-#pragma __required_pointer_size __save
-#pragma __required_pointer_size 32
-#endif
-typedef char ** char_32pp;
-typedef char * char_32p;
-#if __INITIAL_POINTER_SIZE == 64
-#pragma __required_pointer_size __restore
-#endif
-
 #define GHBN_NUM	4
 static struct ghbn_cache_st
 	{
@@ -293,34 +282,18 @@ static struct hostent *ghbn_dup(struct hostent *a)
 	for (i=0; a->h_aliases[i] != NULL; i++)
 		;
 	i++;
-#ifdef OPENSSL_SYS_VMS
-	ret->h_aliases = (char_32pp)_malloc32(i*sizeof(char_32p));  /* changed for both 32-bit & 64-bit */
-#else
 	ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *));
-#endif
 	if (ret->h_aliases == NULL)
 		goto err;
-#ifdef OPENSSL_SYS_VMS
-	_memset32(ret->h_aliases, 0, i*sizeof(char_32p)); /* changed for both 32-bit & 64-bit */
-#else
 	memset(ret->h_aliases, 0, i*sizeof(char *));
-#endif

 	for (i=0; a->h_addr_list[i] != NULL; i++)
 		;
 	i++;
-#ifdf OPENSSL_SYS_VMS
-	ret->h_addr_list=(char_32pp)_malloc32(i*sizeof(char_32p)); /* changed for both 32-bit & 64-bit */
-#else
 	ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *));
-#endif
 	if (ret->h_addr_list == NULL)
 		goto err;
-#ifdef OPENSSL_SYS_VMS
-	_memset32(ret->h_addr_list, 0, i*sizeof(char_32p)); /* changed for both 32-bit & 64-bit */
-#else
 	memset(ret->h_addr_list, 0, i*sizeof(char *));
-#endif

 	j=strlen(a->h_name)+1;
 	if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err;
@@ -328,24 +301,15 @@ static struct hostent *ghbn_dup(struct hostent *a)
 	for (i=0; a->h_aliases[i] != NULL; i++)
 		{
 		j=strlen(a->h_aliases[i])+1;
-#ifdef OPENSSL_SYS_VMS
-		if ((ret->h_aliases[i]=(char_32p)_malloc32(j)) == NULL) goto err;  /* changed for both 32-bit & 64-bit */
-#else
 		if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err;
-#endif
 		memcpy(ret->h_aliases[i],a->h_aliases[i],j);
 		}
 	ret->h_length=a->h_length;
 	ret->h_addrtype=a->h_addrtype;
 	for (i=0; a->h_addr_list[i] != NULL; i++)
 		{
-#ifdef OPENSSL_SYS_VMS
-		if ((ret->h_addr_list[i]=(char_32p)_malloc32(a->h_length)) == NULL)  /* changed for both 32-bit & 64-bit */
-			goto err;
-#else
 		if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL)
 			goto err;
-#endif
 		memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
 		}
 	if (0)
@@ -368,27 +332,15 @@ static void ghbn_free(struct hostent *a)

 	if (a->h_aliases != NULL)
 		{
-#ifdef OPENSSL_SYS_VMS
-		for (i=0; a->h_aliases[i] != NULL; i++)
-			free(a->h_aliases[i]);
-		free(a->h_aliases);
-#else
 		for (i=0; a->h_aliases[i] != NULL; i++)
 			OPENSSL_free(a->h_aliases[i]);
 		OPENSSL_free(a->h_aliases);
-#endif
 		}
 	if (a->h_addr_list != NULL)
 		{
-#ifdef OPENSSL_SYS_VMS
-		for (i=0; a->h_addr_list[i] != NULL; i++)
-			free(a->h_addr_list[i]);
-		free(a->h_addr_list);
-#else
 		for (i=0; a->h_addr_list[i] != NULL; i++)
 			OPENSSL_free(a->h_addr_list[i]);
 		OPENSSL_free(a->h_addr_list);
-#endif
 		}
 	if (a->h_name != NULL) OPENSSL_free(a->h_name);
 	OPENSSL_free(a);
@@ -528,11 +480,15 @@ void BIO_sock_cleanup(void)

 #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000

-int BIO_socket_ioctl(int fd, long type, UINT_L32p arg)  /* changed for 64-bit API */
+int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
 	{
 	int i;

+#ifdef __DJGPP__
+	i=ioctlsocket(fd,type,(char *)arg);
+#else
 	i=ioctlsocket(fd,type,arg);
+#endif /* __DJGPP__ */
 	if (i < 0)
 		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
 	return(i);
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -103,7 +103,7 @@ static int nbiof_new(BIO *bi)
 	{
 	NBIO_TEST *nt;

-	nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
+	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
 	nt->lrn= -1;
 	nt->lwn= -1;
 	bi->ptr=(char *)nt;
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -554,7 +554,9 @@ BIO_METHOD *BIO_s_socket(void);
 BIO_METHOD *BIO_s_connect(void);
 BIO_METHOD *BIO_s_accept(void);
 BIO_METHOD *BIO_s_fd(void);
+#ifndef OPENSSL_SYS_OS2
 BIO_METHOD *BIO_s_log(void);
+#endif
 BIO_METHOD *BIO_s_bio(void);
 BIO_METHOD *BIO_s_null(void);
 BIO_METHOD *BIO_f_null(void);
@@ -573,20 +575,6 @@ int BIO_dump(BIO *b,const char *bytes,int len);
 int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);

 struct hostent *BIO_gethostbyname(const char *name);
-
-#ifdef OPENSSL_SYS_VMS
-/* For 64-bit API */
-#if __INITIAL_POINTER_SIZE == 64
-#pragma __required_pointer_size __save
-#pragma __required_pointer_size 32
-#endif
-typedef unsigned long * UINT_L32p;
-#if __INITIAL_POINTER_SIZE == 64
-#pragma __required_pointer_size __restore
-#endif
-#endif
-/* OPENSSL_SYS_VMS */
-
 /* We might want a thread-safe interface too:
 * struct hostent *BIO_gethostbyname_r(const char *name,
 *     struct hostent *result, void *buffer, size_t buflen);
@@ -595,13 +583,8 @@ typedef unsigned long * UINT_L32p;
 * substructures; if the buffer does not suffice, NULL is returned
 * and an appropriate error code is set).
 */
-
 int BIO_sock_error(int sock);
-#ifdef OPENSSL_SYS_VMS
-int BIO_socket_ioctl(int fd, long type, UINT_L32p arg);
-#else
 int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
-#endif
 int BIO_socket_nbio(int fd,int mode);
 int BIO_get_port(const char *str, unsigned short *port_ptr);
 int BIO_get_host_ip(const char *str, unsigned char *ip);
@@ -666,6 +649,7 @@ void ERR_load_BIO_strings(void);
 #define BIO_F_CONN_CTRL					 127
 #define BIO_F_CONN_STATE				 115
 #define BIO_F_FILE_CTRL					 116
+#define BIO_F_FILE_READ					 130
 #define BIO_F_LINEBUFFER_CTRL				 129
 #define BIO_F_MEM_READ					 128
 #define BIO_F_MEM_WRITE					 117
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -91,6 +91,7 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_PACK(0,BIO_F_CONN_CTRL,0),	"CONN_CTRL"},
 {ERR_PACK(0,BIO_F_CONN_STATE,0),	"CONN_STATE"},
 {ERR_PACK(0,BIO_F_FILE_CTRL,0),	"FILE_CTRL"},
+{ERR_PACK(0,BIO_F_FILE_READ,0),	"FILE_READ"},
 {ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0),	"LINEBUFFER_CTRL"},
 {ERR_PACK(0,BIO_F_MEM_READ,0),	"MEM_READ"},
 {ERR_PACK(0,BIO_F_MEM_WRITE,0),	"MEM_WRITE"},
--- a/Show More
+++ b/Show More