Merge the version changes from 0.9.6-stable.

The tag for this branch will be OpenSSL-engine-0_9_6d
Merge in recent changes from 0.9.6-stable.
2002-05-09 23:12:12 +00:00 · 2002-05-09 21:55:50 +00:00 · 2002-05-09 19:38:34 +00:00 · 2002-05-08 15:54:01 +00:00 · 2002-04-21 17:54:04 +00:00 · 2002-04-21 17:54:03 +00:00
24 changed files with 243 additions and 47 deletions
--- a/6
+++ b/6
@@ -2,7 +2,11 @@
 OpenSSL CHANGES
 _______________
- Changes between 0.9.6c and 0.9.6d  [XX xxx XXXX]
+ Changes between 0.9.6c and 0.9.6d  [9 May 2002]
  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
     encoded as NULL) with id-dsa-with-sha1.
     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
  *) Check various X509_...() return values in apps/req.c.
     [Nils Larsch <nla@trustcenter.de>]
--- a/2
+++ b/2
@@ -445,7 +445,7 @@ my %table=(
 "sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 "sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
-"sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC",
+"sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
--- a/2
+++ b/2
@@ -59,7 +59,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6c was released on December 21st, 2001.
+OpenSSL 0.9.6d was released on 9 May, 2002.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
--- a/Makefile.org
+++ b/Makefile.org
@@ -646,7 +646,7 @@ install: all install_docs
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-		fi \
+		fi; \
 	done
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
@@ -664,7 +664,7 @@ install: all install_docs
 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
-			fi \
+			fi; \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
--- a/6
+++ b/6
@@ -5,12 +5,12 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
-  Changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
      o Various SSL/TLS library bugfixes.
      o Fix DH parameter generation for 'non-standard' generators.
-  Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
      o Various SSL/TLS library bugfixes.
      o BIGNUM library fixes.
@@ -23,7 +23,7 @@
        Broadcom and Cryptographic Appliance's keyserver
        [in 0.9.6c-engine release].
-  Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
      o Security fix: PRNG improvements.
      o Security fix: RSA OAEP check.
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
- OpenSSL 0.9.6d-beta1 [engine] 17 Apr 2002
+ OpenSSL 0.9.6d [engine] 9 May 2002
 Copyright (c) 1998-2002 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/04/17 12:52:31 $
+  ______________                           $Date: 2002/05/08 15:53:53 $
  DEVELOPMENT STATE
--- a/19
+++ b/19
@@ -1,4 +1,3 @@
 Output of `Configure TABLE':
 *** BC-16
 $cc           = bcc
@@ -2790,15 +2789,15 @@ $unistd       =
 $thread_cflag = 
 $lflags       = -lsocket -lresolv -lnsl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$bn_obj       = 
-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$des_obj      = 
-$bf_obj       = asm/bx86-elf.o
+$bf_obj       = 
-$md5_obj      = asm/mx86-elf.o
+$md5_obj      = 
-$sha1_obj     = asm/sx86-elf.o
+$sha1_obj     = 
-$cast_obj     = asm/cx86-elf.o
+$cast_obj     = 
-$rc4_obj      = asm/rx86-elf.o
+$rc4_obj      = 
-$rmd160_obj   = asm/rm86-elf.o
+$rmd160_obj   = 
-$rc5_obj      = asm/r586-elf.o
+$rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= svr3-shared
 $shared_cflag = -fPIC
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -176,7 +176,7 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         print the key in text\n");
+		BIO_printf(bio_err," -text         print as text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -772,7 +772,10 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
 				return 0;
-		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) {
 			PKCS8_PRIV_KEY_INFO_free(p8);
 			return 0;
 		}
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PKCS8_PRIV_KEY_INFO_free(p8);
 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -441,7 +441,10 @@ int MAIN(int argc, char **argv)
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
 	} else if(operation == SMIME_SIGN) {
 		p7 = PKCS7_sign(signer, key, other, in, flags);
-		BIO_reset(in);
+		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
 		  BIO_printf(bio_err, "Can't rewind input file\n");
 		  goto end;
 		}
 	} else {
 		if(informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -54,7 +54,7 @@ buildinf.h: ../Makefile.ssl
 	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
 	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
 	echo "  #define PLATFORM \"$(PLATFORM)\""; \
-	echo "  #define DATE \"`date`\""; \
+	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
 	echo "#endif" ) >buildinf.h
 testapps:
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <time.h>
@@ -87,7 +140,14 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 		else
 			a=algor2;
 		if (a == NULL) continue;
-		if (	(a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
 			{
 			/* special case: RFC 2459 tells us to omit 'parameters'
 			 * with id-dsa-with-sha1 */
 			ASN1_TYPE_free(a->parameter);
 			a->parameter = NULL;
 			}
 		else if ((a->parameter == NULL) || 
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -716,12 +716,13 @@ doapr_outch(
    if (buffer) {
 	while (*currlen >= *maxlen) {
 	    if (*buffer == NULL) {
 		assert(*sbuffer != NULL);
 		if (*maxlen == 0)
 		    *maxlen = 1024;
 		*buffer = OPENSSL_malloc(*maxlen);
-		if (*currlen > 0)
+		if (*currlen > 0) {
 		    assert(*sbuffer != NULL);
 		    memcpy(*buffer, *sbuffer, *currlen);
 		}
 		*sbuffer = NULL;
 	    } else {
 		*maxlen += 1024;
@@ -761,7 +762,9 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args)
 	{
 	int ret;
 	size_t retlen;
-	MS_STATIC char hugebuf[1024*10];
+	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable
 				   in small-stack environments, like threads
 				   or DOS programs. */
 	char *hugebufp = hugebuf;
 	size_t hugebufsize = sizeof(hugebuf);
 	char *dynbuf = NULL;
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -5,7 +5,7 @@
 DIR=	conf
 TOP=	../..
 CC=	cc
-INCLUDES= -I../../include
+INCLUDES= -I.. -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -437,8 +437,7 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
 		return(0);
 	}
-	nid=OBJ_obj2nid(a);
+	if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
 	if ((nid == NID_undef) || no_name) {
 		len=a->length;
 		p=a->data;
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,8 +25,8 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x00906041L
+#define OPENSSL_VERSION_NUMBER	0x0090604fL
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6d-beta1 [engine] 17 Apr 2002"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6d [engine] 9 May 2002"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -346,7 +346,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 		}
 	/* if we have a certificate then write it out now */
-	if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0))
+	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
 		goto err;
 	/* we are ignoring anything else that is loaded into the X509_INFO
--- a/doc/crypto/EVP_EncryptInit.pod
+++ b/doc/crypto/EVP_EncryptInit.pod
@@ -192,7 +192,7 @@ EVP_DecryptInit() and EVP_DecryptUpdate() return 1 for success and 0 for failure
 EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
 EVP_CipherInit() and EVP_CipherUpdate() return 1 for success and 0 for failure.
-EVP_CipherFinal() returns 1 for a decryption failure or 1 for success.
+EVP_CipherFinal() returns 0 for a decryption failure or 1 for success.
 EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,7 +1,7 @@
 %define libmaj 0
 %define libmin 9
 %define librel 6
-%define librev c
+%define librev d
 Release: 1
 %define openssldir /var/ssl
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -236,7 +236,8 @@ static int ssl3_get_record(SSL *s)
 	unsigned char md[EVP_MAX_MD_SIZE];
 	short version;
 	unsigned int mac_size;
-	int clear=0,extra;
+	int clear=0;
 	size_t extra;
 	rr= &(s->s3->rrec);
 	sess=s->session;
@@ -245,7 +246,7 @@ static int ssl3_get_record(SSL *s)
 		extra=SSL3_RT_MAX_EXTRA;
 	else
 		extra=0;
-	if (extra != (s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE))
+	if (extra != s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE)
 		{
 		/* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
 		 * set after ssl3_setup_buffers() was done */
@@ -295,8 +296,7 @@ again:
 			goto err;
 			}
-		if (rr->length > 
+		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
 			(unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
 			{
 			al=SSL_AD_RECORD_OVERFLOW;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
@@ -308,7 +308,7 @@ again:
 	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-	if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
+	if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
 		{
 		/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
 		i=rr->length;
@@ -336,7 +336,7 @@ again:
 	 * rr->length bytes of encrypted compressed stuff. */
 	/* check is not needed I believe */
-	if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
 		{
 		al=SSL_AD_RECORD_OVERFLOW;
 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
@@ -405,8 +405,7 @@ printf("\n");
 	/* r->length is now just compressed */
 	if (s->expand != NULL)
 		{
-		if (rr->length > 
+		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
 			(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
 			{
 			al=SSL_AD_RECORD_OVERFLOW;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
@@ -420,7 +419,7 @@ printf("\n");
 			}
 		}
-	if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
+	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
 		{
 		al=SSL_AD_RECORD_OVERFLOW;
 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
@@ -605,7 +604,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 			if (prefix_len <= 0)
 				goto err;
-			if (s->s3->wbuf_len < prefix_len + SSL3_RT_MAX_PACKET_SIZE)
+			if (s->s3->wbuf_len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
 				{
 				/* insufficient space */
 				SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR);
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -751,6 +751,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 	ret = 1;
 err:	
 	if (d) closedir(d);
 	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
 	return ret;
 	}
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -850,7 +850,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
 					r = BIO_nwrite0(io1, &dataptr);
 					assert(r > 0);
-					if (r < num)
+					if (r < (int)num)
 						num = r;
 					r = BIO_read(io2, dataptr, (int)num);
 					if (r != (int)num) /* can't happen */
--- a/util/cygwin.sh
+++ b/util/cygwin.sh
@@ -0,0 +1,125 @@
 #!/bin/bash
 #
 # This script configures, builds and packs the binary package for
 # the Cygwin net distribution version of OpenSSL
 #
 # Uncomment when debugging
 #set -x
 CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2"
 INSTALL_PREFIX=/tmp/install
 VERSION=
 SUBVERSION=$1
 function cleanup()
 {
  rm -rf ${INSTALL_PREFIX}/etc
  rm -rf ${INSTALL_PREFIX}/usr
 }
 function get_openssl_version()
 {
  eval `grep '^VERSION=' Makefile.ssl`
  if [ -z "${VERSION}" ]
  then
    echo "Error: Couldn't retrieve OpenSSL version from Makefile.ssl."
    echo "       Check value of variable VERSION in Makefile.ssl."
    exit 1
  fi
 }
 function base_install()
 {
  mkdir -p ${INSTALL_PREFIX}
  cleanup
  make install INSTALL_PREFIX="${INSTALL_PREFIX}"
 }
 function doc_install()
 {
  DOC_DIR=${INSTALL_PREFIX}/usr/doc/openssl
  mkdir -p ${DOC_DIR}
  cp CHANGES CHANGES.SSLeay INSTALL LICENSE NEWS README ${DOC_DIR}
  create_cygwin_readme
 }
 function create_cygwin_readme()
 {
  README_DIR=${INSTALL_PREFIX}/usr/doc/Cygwin
  README_FILE=${README_DIR}/openssl-${VERSION}.README
  mkdir -p ${README_DIR}
  cat > ${README_FILE} <<- EOF
 	The Cygwin version has been built using the following configure:
 	  ./config ${CONFIG_OPTIONS}
 	The IDEA, RC5 and MDC2 algorithms are disabled due to patent and/or
 	licensing issues.
 	EOF
 }
 function create_profile_files()
 {
  PROFILE_DIR=${INSTALL_PREFIX}/etc/profile.d
  mkdir -p $PROFILE_DIR
  cat > ${PROFILE_DIR}/openssl.sh <<- "EOF"
 	export MANPATH="${MANPATH}:/usr/ssl/man"
 	EOF
  cat > ${PROFILE_DIR}/openssl.csh <<- "EOF"
 	if ( $?MANPATH ) then
 	  setenv MANPATH "${MANPATH}:/usr/ssl/man"
 	else
 	  setenv MANPATH ":/usr/ssl/man"
 	endif
 	EOF
 }
 if [ -z "${SUBVERSION}" ]
 then
  echo "Usage: $0 subversion"
  exit 1
 fi
 if [ ! -f config ]
 then
  echo "You must start this script in the OpenSSL toplevel source dir."
  exit 1
 fi
 ./config ${CONFIG_OPTIONS}
 get_openssl_version
 make || exit 1
 base_install
 doc_install
 create_cygwin_readme
 create_profile_files
 cd ${INSTALL_PREFIX}
 strip usr/bin/*.exe usr/bin/*.dll
 # Runtime package
 find etc usr/bin usr/doc usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc \
     usr/ssl/openssl.cnf usr/ssl/private -empty -o \! -type d |
 tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 -
 # Development package
 find usr/include usr/lib usr/ssl/man/man3 -empty -o \! -type d |
 tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 -
 ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2
 ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2
 cleanup
 exit 0