Oops!

Submitted by: strube@physik3.gwdg.de (Hans Werner Strube)

.cvsignore

@@ -1 +1,6 @@
 Makefile.ssl
+MINFO
+makefile.one
+tmp
+out
+outinc

CHANGES

@@ -3,7 +3,437 @@
  _______________
 
 
- Changes between 0.9.1c and 0.9.2b
+ Changes between 0.9.3 and 0.9.3a  [29 May 1999]
+
+  *) New configuration variant "sco5-gcc".
+
+  *) Updated some demos.
+     [Sean O Riordain, Wade Scholine]
+
+  *) Add missing BIO_free at exit of pkcs12 application.
+     [Wu Zhigang]
+
+  *) Fix memory leak in conf.c.
+     [Steve Henson]
+
+  *) Updates for Win32 to assembler version of MD5.
+     [Steve Henson]
+
+  *) Set #! path to perl in apps/der_chop to where we found it
+     instead of using a fixed path.
+     [Bodo Moeller]
+
+  *) SHA library changes for irix64-mips4-cc.
+     [Andy Polyakov]
+
+  *) Improvements for VMS support.
+     [Richard Levitte]
+
+ Changes between 0.9.2b and 0.9.3  [24 May 1999]
+
+  *) Bignum library bug fix. IRIX 6 passes "make test" now!
+     This also avoids the problems with SC4.2 and unpatched SC5.  
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) New functions sk_num, sk_value and sk_set to replace the previous macros.
+     These are required because of the typesafe stack would otherwise break 
+     existing code. If old code used a structure member which used to be STACK
+     and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
+     sk_num or sk_value it would produce an error because the num, data members
+     are not present in STACK_OF. Now it just produces a warning. sk_set
+     replaces the old method of assigning a value to sk_value
+     (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
+     that does this will no longer work (and should use sk_set instead) but
+     this could be regarded as a "questionable" behaviour anyway.
+     [Steve Henson]
+
+  *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
+     correctly handle encrypted S/MIME data.
+     [Steve Henson]
+
+  *) Change type of various DES function arguments from des_cblock
+     (which means, in function argument declarations, pointer to char)
+     to des_cblock * (meaning pointer to array with 8 char elements),
+     which allows the compiler to do more typechecking; it was like
+     that back in SSLeay, but with lots of ugly casts.
+
+     Introduce new type const_des_cblock.
+     [Bodo Moeller]
+
+  *) Reorganise the PKCS#7 library and get rid of some of the more obvious
+     problems: find RecipientInfo structure that matches recipient certificate
+     and initialise the ASN1 structures properly based on passed cipher.
+     [Steve Henson]
+
+  *) Belatedly make the BN tests actually check the results.
+     [Ben Laurie]
+
+  *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
+     to and from BNs: it was completely broken. New compilation option
+     NEG_PUBKEY_BUG to allow for some broken certificates that encode public
+     key elements as negative integers.
+     [Steve Henson]
+
+  *) Reorganize and speed up MD5.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) VMS support.
+     [Richard Levitte <richard@levitte.org>]
+
+  *) New option -out to asn1parse to allow the parsed structure to be
+     output to a file. This is most useful when combined with the -strparse
+     option to examine the output of things like OCTET STRINGS.
+     [Steve Henson]
+
+  *) Make SSL library a little more fool-proof by not requiring any longer
+     that SSL_set_{accept,connect}_state be called before
+     SSL_{accept,connect} may be used (SSL_set_..._state is omitted
+     in many applications because usually everything *appeared* to work as
+     intended anyway -- now it really works as intended).
+     [Bodo Moeller]
+
+  *) Move openssl.cnf out of lib/.
+     [Ulf M<>ller]
+
+  *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
+     -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
+     -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ 
+     [Ralf S. Engelschall]
+
+  *) Various fixes to the EVP and PKCS#7 code. It may now be able to
+     handle PKCS#7 enveloped data properly.
+     [Sebastian Akerman <sak@parallelconsulting.com>, modified by Steve]
+
+  *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
+     copying pointers.  The cert_st handling is changed by this in
+     various ways (and thus what used to be known as ctx->default_cert
+     is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
+     any longer when s->cert does not give us what we need).
+     ssl_cert_instantiate becomes obsolete by this change.
+     As soon as we've got the new code right (possibly it already is?),
+     we have solved a couple of bugs of the earlier code where s->cert
+     was used as if it could not have been shared with other SSL structures.
+
+     Note that using the SSL API in certain dirty ways now will result
+     in different behaviour than observed with earlier library versions:
+     Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
+     does not influence s as it used to.
+     
+     In order to clean up things more thoroughly, inside SSL_SESSION
+     we don't use CERT any longer, but a new structure SESS_CERT
+     that holds per-session data (if available); currently, this is
+     the peer's certificate chain and, for clients, the server's certificate
+     and temporary key.  CERT holds only those values that can have
+     meaningful defaults in an SSL_CTX.
+     [Bodo Moeller]
+
+  *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+     from the internal representation. Various PKCS#7 fixes: remove some
+     evil casts and set the enc_dig_alg field properly based on the signing
+     key type.
+     [Steve Henson]
+
+  *) Allow PKCS#12 password to be set from the command line or the
+     environment. Let 'ca' get its config file name from the environment
+     variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
+     and 'x509').
+     [Steve Henson]
+
+  *) Allow certificate policies extension to use an IA5STRING for the
+     organization field. This is contrary to the PKIX definition but
+     VeriSign uses it and IE5 only recognises this form. Document 'x509'
+     extension option.
+     [Steve Henson]
+
+  *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
+     without disallowing inline assembler and the like for non-pedantic builds.
+     [Ben Laurie]
+
+  *) Support Borland C++ builder.
+     [Janez Jere <jj@void.si>, modified by Ulf M<>ller]
+
+  *) Support Mingw32.
+     [Ulf M<>ller]
+
+  *) SHA-1 cleanups and performance enhancements.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Sparc v8plus assembler for the bignum library.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Accept any -xxx and +xxx compiler options in Configure.
+     [Ulf M<>ller]
+
+  *) Update HPUX configuration.
+     [Anonymous]
+  
+  *) Add missing sk_<type>_unshift() function to safestack.h
+     [Ralf S. Engelschall]
+
+  *) New function SSL_CTX_use_certificate_chain_file that sets the
+     "extra_cert"s in addition to the certificate.  (This makes sense
+     only for "PEM" format files, as chains as a whole are not
+     DER-encoded.)
+     [Bodo Moeller]
+
+  *) Support verify_depth from the SSL API.
+     x509_vfy.c had what can be considered an off-by-one-error:
+     Its depth (which was not part of the external interface)
+     was actually counting the number of certificates in a chain;
+     now it really counts the depth.
+     [Bodo Moeller]
+
+  *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+     instead of X509err, which often resulted in confusing error
+     messages since the error codes are not globally unique
+     (e.g. an alleged error in ssl3_accept when a certificate
+     didn't match the private key).
+
+  *) New function SSL_CTX_set_session_id_context that allows to set a default
+     value (so that you don't need SSL_set_session_id_context for each
+     connection using the SSL_CTX).
+     [Bodo Moeller]
+
+  *) OAEP decoding bug fix.
+     [Ulf M<>ller]
+
+  *) Support INSTALL_PREFIX for package builders, as proposed by
+     David Harris.
+     [Bodo Moeller]
+
+  *) New Configure options "threads" and "no-threads".  For systems
+     where the proper compiler options are known (currently Solaris
+     and Linux), "threads" is the default.
+     [Bodo Moeller]
+
+  *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
+     [Bodo Moeller]
+
+  *) Install various scripts to $(OPENSSLDIR)/misc, not to
+     $(INSTALLTOP)/bin -- they shouldn't clutter directories
+     such as /usr/local/bin.
+     [Bodo Moeller]
+
+  *) "make linux-shared" to build shared libraries.
+     [Niels Poppe <niels@netbox.org>]
+
+  *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
+     [Ulf M<>ller]
+
+  *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
+     extension adding in x509 utility.
+     [Steve Henson]
+
+  *) Remove NOPROTO sections and error code comments.
+     [Ulf M<>ller]
+
+  *) Partial rewrite of the DEF file generator to now parse the ANSI
+     prototypes.
+     [Steve Henson]
+
+  *) New Configure options --prefix=DIR and --openssldir=DIR.
+     [Ulf M<>ller]
+
+  *) Complete rewrite of the error code script(s). It is all now handled
+     by one script at the top level which handles error code gathering,
+     header rewriting and C source file generation. It should be much better
+     than the old method: it now uses a modified version of Ulf's parser to
+     read the ANSI prototypes in all header files (thus the old K&R definitions
+     aren't needed for error creation any more) and do a better job of
+     translating function codes into names. The old 'ASN1 error code imbedded
+     in a comment' is no longer necessary and it doesn't use .err files which
+     have now been deleted. Also the error code call doesn't have to appear all
+     on one line (which resulted in some large lines...).
+     [Steve Henson]
+
+  *) Change #include filenames from <foo.h> to <openssl/foo.h>.
+     [Bodo Moeller]
+
+  *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
+     0 (which usually indicates a closed connection), but continue reading.
+     [Bodo Moeller]
+
+  *) Fix some race conditions.
+     [Bodo Moeller]
+
+  *) Add support for CRL distribution points extension. Add Certificate
+     Policies and CRL distribution points documentation.
+     [Steve Henson]
+
+  *) Move the autogenerated header file parts to crypto/opensslconf.h.
+     [Ulf M<>ller]
+
+  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+     8 of keying material. Merlin has also confirmed interop with this fix
+     between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+     [Merlin Hughes <merlin@baltimore.ie>]
+
+  *) Fix lots of warnings.
+     [Richard Levitte <levitte@stacken.kth.se>]
+ 
+  *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
+     the directory spec didn't end with a LIST_SEPARATOR_CHAR.
+     [Richard Levitte <levitte@stacken.kth.se>]
+ 
+  *) Fix problems with sizeof(long) == 8.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Change functions to ANSI C.
+     [Ulf M<>ller]
+
+  *) Fix typos in error codes.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf M<>ller]
+
+  *) Remove defunct assembler files from Configure.
+     [Ulf M<>ller]
+
+  *) SPARC v8 assembler BIGNUM implementation.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Support for Certificate Policies extension: both print and set.
+     Various additions to support the r2i method this uses.
+     [Steve Henson]
+
+  *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
+     return a const string when you are expecting an allocated buffer.
+     [Ben Laurie]
+
+  *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
+     types DirectoryString and DisplayText.
+     [Steve Henson]
+
+  *) Add code to allow r2i extensions to access the configuration database,
+     add an LHASH database driver and add several ctx helper functions.
+     [Steve Henson]
+
+  *) Fix an evil bug in bn_expand2() which caused various BN functions to
+     fail when they extended the size of a BIGNUM.
+     [Steve Henson]
+
+  *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
+     support typesafe stack.
+     [Steve Henson]
+
+  *) Fix typo in SSL_[gs]et_options().
+     [Nils Frostberg <nils@medcom.se>]
+
+  *) Delete various functions and files that belonged to the (now obsolete)
+     old X509V3 handling code.
+     [Steve Henson]
+
+  *) New Configure option "rsaref".
+     [Ulf M<>ller]
+
+  *) Don't auto-generate pem.h.
+     [Bodo Moeller]
+
+  *) Introduce type-safe ASN.1 SETs.
+     [Ben Laurie]
+
+  *) Convert various additional casted stacks to type-safe STACK_OF() variants.
+     [Ben Laurie, Ralf S. Engelschall, Steve Henson]
+
+  *) Introduce type-safe STACKs. This will almost certainly break lots of code
+     that links with OpenSSL (well at least cause lots of warnings), but fear
+     not: the conversion is trivial, and it eliminates loads of evil casts. A
+     few STACKed things have been converted already. Feel free to convert more.
+     In the fullness of time, I'll do away with the STACK type altogether.
+     [Ben Laurie]
+
+  *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
+     specified in <certfile> by updating the entry in the index.txt file.
+     This way one no longer has to edit the index.txt file manually for
+     revoking a certificate. The -revoke option does the gory details now.
+     [Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]
+
+  *) Fix `openssl crl -noout -text' combination where `-noout' killed the
+     `-text' option at all and this way the `-noout -text' combination was
+     inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
+     [Ralf S. Engelschall]
+
+  *) Make sure a corresponding plain text error message exists for the
+     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+     verify callback function determined that a certificate was revoked.
+     [Ralf S. Engelschall]
+
+  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
+     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
+     all available cipers including rc5, which was forgotten until now.
+     In order to let the testing shell script know which algorithms
+     are available, a new (up to now undocumented) command
+     "openssl list-cipher-commands" is used.
+     [Bodo Moeller]
+
+  *) Bugfix: s_client occasionally would sleep in select() when
+     it should have checked SSL_pending() first.
+     [Bodo Moeller]
+
+  *) New functions DSA_do_sign and DSA_do_verify to provide access to
+     the raw DSA values prior to ASN.1 encoding.
+     [Ulf M<>ller]
+
+  *) Tweaks to Configure
+     Niels Poppe <niels@netbox.org>
+
+  *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+     yet...
+     [Steve Henson]
+
+  *) New variables $(RANLIB) and $(PERL) in the Makefiles.
+     [Ulf M<>ller]
+
+  *) New config option to avoid instructions that are illegal on the 80386.
+     The default code is faster, but requires at least a 486.
+     [Ulf M<>ller]
+  
+  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+     SSL2_SERVER_VERSION (not used at all) macros, which are now the
+     same as SSL2_VERSION anyway.
+     [Bodo Moeller]
+
+  *) New "-showcerts" option for s_client.
+     [Bodo Moeller]
+
+  *) Still more PKCS#12 integration. Add pkcs12 application to openssl
+     application. Various cleanups and fixes.
+     [Steve Henson]
+
+  *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
+     modify error routines to work internally. Add error codes and PBE init
+     to library startup routines.
+     [Steve Henson]
+
+  *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+     packing functions to asn1 and evp. Changed function names and error
+     codes along the way.
+     [Steve Henson]
+
+  *) PKCS12 integration: and so it begins... First of several patches to
+     slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
+     objects to objects.h
+     [Steve Henson]
+
+  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+     and display support for Thawte strong extranet extension.
+     [Steve Henson]
+
+  *) Add LinuxPPC support.
+     [Jeff Dubrule <igor@pobox.org>]
+
+  *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
+     bn_div_words in alpha.s.
+     [Hannes Reinecke <H.Reinecke@hw.ac.uk> and Ben Laurie]
+
+  *) Make sure the RSA OAEP test is skipped under -DRSAref because
+     OAEP isn't supported when OpenSSL is built with RSAref.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h 
+     so they no longer are missing under -DNOPROTO. 
+     [Soren S. Jorvang <soren@t.dk>]
+
+
+ Changes between 0.9.1c and 0.9.2b  [22 Mar 1999]
 
   *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
      doesn't work when the session is reused. Coming soon!
@@ -670,7 +1100,8 @@
   *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
      [Ben Laurie]
 
- Changes between 0.9.1b and 0.9.1c
+
+ Changes between 0.9.1b and 0.9.1c  [23-Dec-1998]
 
   *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and 
      changed SSLeay to OpenSSL in version strings.
@@ -730,7 +1161,8 @@
      summer 1998.
      [The OpenSSL Project]
  
- Changes between 0.9.0b and 0.9.1b
+
+ Changes between 0.9.0b and 0.9.1b  [not released]
 
   *) Updated a few CA certificates under certs/
      [Eric A. Young]

Configure

@@ -8,19 +8,30 @@ eval 'exec perl -S $0 ${1+"$@"}'
 require 5.000;
 use strict;
 
+# see INSTALL for instructions.
+
+my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+
+# Options:
 #
-# see PROBLEMS for instructions on what sort of things to do when 
-# tracking a bug --tjh
+# --openssldir  install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
+#               --prefix option is given; /usr/local/ssl otherwise)
+# --prefix      prefix for the OpenSSL include, lib and bin directories
+#               (Default: the OPENSSLDIR directory)
 #
-# extra options
-# -DRSAref	build to use RSAref
-# -DNO_IDEA	build with no IDEA algorithm
-# -DNO_RC4	build with no RC4 algorithm
-# -DNO_RC2	build with no RC2 algorithm
-# -DNO_BF	build with no Blowfish algorithm
-# -DNO_DES	build with no DES/3DES algorithm
-# -DNO_MD2	build with no MD2 algorithm
+# --install_prefix  Additional prefix for package builders (empty by
+#               default).  This needn't be set in advance, you can
+#               just as well use "make INSTALL_PREFIX=/whatever install".
 #
+# rsaref        use RSAref
+# [no-]threads  [don't] try to create a library that is suitable for
+#               multithreaded applications (default is "threads" if we
+#               know how to do it)
+# no-asm        do not use assembler
+# 386           generate 80386 code
+# no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
+# -<xxx> +<xxx> compiler options are passed through 
+# 
 # DES_PTR	use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
 # DES_RISC1	use different DES_ENCRYPT macro that helps reduce register
 #		dependancies but needs to more registers, good for RISC CPU's
@@ -41,7 +52,7 @@ use strict;
 # RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
 #		array lookups instead of pointer use.
 # BF_PTR	use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
-# BF_PTR2	use a pentium/intel specific version.
+# BF_PTR2	intel specific version (generic version is more efficient).
 # MD5_ASM	use some extra md5 assember,
 # SHA1_ASM	use some extra sha1 assember, must define L_ENDIAN for x86
 # RMD160_ASM	use some extra ripemd160 assember,
@@ -49,7 +60,7 @@ use strict;
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
 
 # MD2_CHAR slags pentium pros
-my $x86_gcc_opts="RC4_INDEX MD2_INT BF_PTR2";
+my $x86_gcc_opts="RC4_INDEX MD2_INT";
 
 # MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
 # Don't worry about these normally
@@ -74,43 +85,44 @@ my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:as
 #config-string	CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \
 # des_asm:bf_asm
 my %table=(
-#"b",		"$tcc:$tflags:$tlib:$bits1:$tbn_mul::",
-#"bl-4c-2c",	"$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
-#"bl-4c-ri",	"$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
-#"b2-is-ri-dp",	"$tcc:$tflags:$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
+#"b",		"$tcc:$tflags::$tlib:$bits1:$tbn_mul::",
+#"bl-4c-2c",	"$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
+#"bl-4c-ri",	"$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
+#"b2-is-ri-dp",	"$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
 
-# A few of my development configs
-"purify",	"purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
-"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
-"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -O2 -Wall -Wshadow -Werror -pipe:::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"dist",		"cc:-O -DNOPROTO::::",
+# Our development configs
+"purify",	"purify gcc:-g -DPURIFY -Wall:(unknown):-lsocket -lnsl::::",
+"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:(unknown):-lefence::::",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe:(unknown):::::",
+"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe:(unknown):::::",
+"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe:(unknown):::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-bodo",	"gcc:-DL_ENDIAN -O3 -g -m486 -Wall:-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dist",		"cc:-O:(unknown):::::",
 
 # Basic configs that should work on any box
-"gcc",		"gcc:-O3::BN_LLONG:::",
-"cc",		"cc:-O -DNOPROTO -DNOCONST:::::",
+"gcc",		"gcc:-O3:(unknown)::BN_LLONG:::",
+"cc",		"cc:-O:(unknown):::::",
 
+# Solaris setups
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
+"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-usparc-gcc","gcc:-O3 -fomit-frame-pointer -mcpu=ultrasparc -Wall -DB_ENDIAN -DULTRASPARC:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc.o:::asm/md5-sparcv8plus.o:",
+"solaris-usparc-oldgcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN -DULTRASPARC:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc.o:::asm/md5-sparcv8plus.o:",
+"debug-solaris-sparc-gcc","gcc:-O3 -g -mv8 -Wall -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
+"debug-solaris-usparc-gcc","gcc:-O3 -g -mcpu=ultrasparc -Wall -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc.o::",
 
-# My solaris setups
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
-"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
-# DO NOT use /xO[34] on sparc with SC3.0. 
-# It is broken, and will not pass the tests
-"solaris-sparc-cc","cc:-fast -O -Xa -DB_ENDIAN:\
-	-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:asm/sparc.o::",
-# SC4.0 is ok, better than gcc, except for the bignum stuff.
+# DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:::",
+# SC4 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # -fast slows things like DES down quite a lot
-"solaris-sparc-sc4","cc:-xO5 -Xa -DB_ENDIAN:-lsocket -lnsl:\
-	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
-"solaris-usparc-sc4","cc:-xtarget=ultra -xarch=v8plus -Xa -xO5 -DB_ENDIAN:\
-	-lsocket -lnsl:\
-	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
-"solaris-sparc-sc4-pic","cc:-xO5 -Xa -DB_ENDIAN -KPIC:-lsocket -lnsl:\
-	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
+"solaris-sparc-cc","cc:-xarch=v8 -xstrconst -xO5 -xdepend -Xa -DB_ENDIAN -DBN_DIV2W:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-usparc-cc","cc:-xtarget=ultra -xarch=v8plus -xstrconst -xO5 -xdepend -Xa -DB_ENDIAN -DULTRASPARC -DBN_DIV2W:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"solaris64-usparc-cc","cc:-xtarget=ultra -xarch=v9 -xstrconst -xO5 -xdepend -Xa -DB_ENDIAN -DULTRASPARC:-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
 
 # Sunos configs, assuming sparc for the gcc one.
-"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
+##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST:(unknown)::DES_UNROLL:::",
+"sunos-gcc","gcc:-O3 -mv8:(unknown)::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
 
 # SGI configurations.  If the box is rather old (r3000 cpu), you will
 # probably have to remove the '-mips2' flag.  I've only been using
@@ -118,59 +130,65 @@ my %table=(
 # I've recently done 32 and 64 bit mips assember, it make this RSA
 # 3 times faster, use if at all possible.
 #"irix-gcc","gcc:-O2 -mips2::SIXTY_FOUR_BIT BN_LLONG RC4_INDEX RC4_CHAR:::",
-"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:asm/mips1.o::",
-"irix64-gcc","gcc:-mips3 -O2 -DTERMIOS -DB_ENDIAN::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:asm/mips1.o::",
-"irix64-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
-"debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:::asm/r3000.o::",
+"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN:(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN:(unknown)::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+"irix-mips3-gcc","gcc:-mips3 -O2 -DTERMIOS -DB_ENDIAN:(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:::",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN:(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:::",
+"debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:(unknown):::::",
 # This is the n64 mode build.
-"irix-n64-cc", "cc:-64 -O2 -use_readonly_const -DTERMIOS::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT:asm/mips3_64.o::",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN:(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:::",
 
-# HPUX config.  I've been building on HPUX 9, so the options may be
-# different on version 10.  The pa-risc2.o assember file is 2 times
-# faster than the old asm/pa-risc.o version but it may not run on old
-# PA-RISC CPUs.  If you have problems, swap back to the old one.
-# Both were generated by gcc, so use the C version with the PA-RISC specific
-# options turned on if you are using gcc.
-"hpux-cc",	"cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
-"hpux-kr-cc",	"cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
-"hpux-gcc",	"gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-# HPUX from www.globus.org
-"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::DES_PTR DES_UNROLL DES_RISC1:::",
-"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
+# HPUX 9.X config.
+# Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or gcc.
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z:(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3:(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# HPUX 10.X config.  Supports threads.
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z:-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3:-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# HPUX 11.X from www.globus.org.
+# Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
+"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit:-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit:-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
-"alpha-cc", "cc:-tune host -O4 -readonly_strings::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
-"alpha164-cc", "cc:-tune host -fast -readonly_strings::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+"alpha-gcc","gcc:-O3:(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:::",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:::",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:::",
+"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
+
+# assembler versions -- currently defunct:
+##"alpha-gcc","gcc:-O3:(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
+##"alpha-cc", "cc:-tune host -O4 -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+##"alpha164-cc", "cc:-tune host -fast -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"linux-mips",    "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
--Wuninitialized:::BN_LLONG:",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",	"gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-#"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
-"nextstep",	"cc:-O3 -Wall::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall:-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall:(unknown)::BN_LLONG:::",
+"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall:(unknown)::::",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN:(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-x86",	"gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+#"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486:(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
+"nextstep",	"cc:-O3 -Wall:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
 
 # UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H:-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.0","cc:-O -DFILIO_H:(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
 # IBM's AIX.
-"aix-cc",   "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
+"aix-cc",   "cc:-O -DAIX -DB_ENDIAN:(unknown)::BN_LLONG RC4_CHAR:::",
+"aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN:(unknown)::BN_LLONG RC4_CHAR:::",
 
 #
 # Cray T90 (SDSC)
@@ -183,7 +201,7 @@ my %table=(
 #'Taking the address of a bit field is not allowed. '
 #'An expression with bit field exists as the operand of "sizeof" '
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
-"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
 
 #
 # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
@@ -193,66 +211,65 @@ my %table=(
 # for some st_addr stuff, and then sizeof and address-of fails
 # I could not use the ams/alpha.o option because the Cray assembler, 'cam'
 # did not like it.
-"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
 
 # DGUX, 88100.
-"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer:(unknown)::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer:(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
-"sco5-cc",  "cc::-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
+"sco5-cc",  "cc::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer:(unknown):-lsocket:BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 
-# Sinix RM400
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned:-lucb:RC4_INDEX RC4_CHAR:::",
+# Sinix/ReliantUNIX RM400
+# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
+"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN:-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+"SINIX","cc:-O -DSNI:(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned:(unknown):-lucb:RC4_INDEX RC4_CHAR:::",
 
 # Windows NT, Microsoft Visual C++ 4.0
 
-"VC-NT","cl:::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
-"VC-WIN32","cl:::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
-"VC-WIN16","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-W31-16","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
-"VC-W31-32","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-MSDOS","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-NT","cl::(unknown)::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
+"VC-WIN32","cl::(unknown)::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
+"VC-WIN16","cl::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-W31-16","cl::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-W31-32","cl::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-MSDOS","cl::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # Borland C++ 4.5
-"BC-32","bcc32:::DES_PTR RC4_INDEX:::",
-"BC-16","bcc:::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"BC-32","bcc32::(unknown)::BN_LLONG DES_PTR RC4_INDEX:::",
+"BC-16","bcc::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # CygWin32
-"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown):BN_LLONG $x86_gcc_des $x86_gcc_opts:",
 
-# Our old Ultrix box :-). -O2 breaks some of the bignum stuff (now fixed,
-# it is a compiler bug, look in bug/ultrixcc.c for example code.
-"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN:::asm/mips1.o:::",
+# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN:(unknown)::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN:(unknown)::::::",
+# K&R C is no longer supported; you need gcc on old Ultrix installations
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN:(unknown)::::::",
 
 # Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN:BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
-);
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
+"OpenBSD-mips","gcc:-O2 -DL_ENDIAN:(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
 
-# Miscellaneous hacks: this is designed to allow environments where the "one
-# makefile" option does not auto build all files.
-# The first six fields are the hard coded versions of the stuff generated by
-# ctx_size for pem.h: that is EVP_ENCODE_CTX_SIZE, EVP_MD_SIZE EVP_MD_CTX_SIZE,
-# EVP_CIPHER_SIZE, EVP_CIPHER_CTX_SIZE and EVP_MAX_MD_SIZE respectively.
-# If the seventh field is 1 then auto generate
-# crypto/date.h
-# Need to add Win16 and others here.
-
-my %misc_table = (
-"VC-WIN32", 	"96:60:152:40:4212:20:1",
-"VC-NT", 	"96:60:152:40:4212:20:1"
 );
 
 my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
-	BC-16 CygWin32);
+	BC-16 CygWin32 Mingw32);
 
+my $prefix="";
+my $openssldir="";
+my $install_prefix="";
+my $no_threads=0;
+my $threads=0;
 my $no_asm=0;
-my $postfix="org";
+my @skip=();
 my $Makefile="Makefile.ssl";
 my $des_locl="crypto/des/des_locl.h";
 my $des	="crypto/des/des.h";
@@ -272,69 +289,130 @@ my $rc5_enc="rc5_enc.o";
 my $md5_obj="";
 my $sha1_obj="";
 my $rmd160_obj="";
+my $processor="";
+my $ranlib;
+my $perl;
 
-if ($#ARGV < 0)
-	{
-	&bad_target;
-	exit(1);
-	}
+$ranlib=&which("ranlib") or $ranlib="true";
+$perl=&which("perl5") or $perl=&which("perl") or $perl="perl";
+
+&usage if ($#ARGV < 0);
 
 my $flags="";
+my $depflags="";
 my $libs="";
 my $target="";
+my $options="";
 foreach (@ARGV)
 	{
-	if ($_ =~ /^no-asm$/)
+	if (/^no-asm$/)
 		{ $no_asm=1; }
-	elsif ($_ =~ /^-/)
+	elsif (/^no-threads$/)
+		{ $no_threads=1; }
+	elsif (/^threads$/)
+		{ $threads=1; }
+	elsif (/^no-(.+)$/)
 		{
-		if ($_ =~ /^-[lL](.*)$/)
+		my $algo=$1;
+		push @skip,$algo;
+		$algo =~ tr/[a-z]/[A-Z]/;
+		$flags .= "-DNO_$algo ";
+		$depflags .= "-DNO_$algo ";
+		}
+	elsif (/^386$/)
+		{ $processor=386; }
+	elsif (/^rsaref$/)
+		{
+		$libs.= "-lRSAglue -lrsaref ";
+		$flags.= "-DRSAref ";
+		}
+	elsif (/^[-+]/)
+		{
+		if (/^-[lL](.*)$/)
 			{
 			$libs.=$_." ";
 			}
-		elsif ($_ =~ /^-D(.*)$/)
+		elsif (/^-[^-]/ or /^\+/)
 			{
 			$flags.=$_." ";
 			}
-		elsif ($_ =~ /^-[fK](.*)$/)
+		elsif (/^--prefix=(.*)$/)
 			{
-			$flags.=$_." ";
+			$prefix=$1;
+			}
+		elsif (/^--openssldir=(.*)$/)
+			{
+			$openssldir=$1;
+			}
+		elsif (/^--install.prefix=(.*)$/)
+			{
+			$install_prefix=$1;
 			}
 		else
 			{
-			die "unknown options, only -Dxxx, -Lxxx, -lxxx, -fxxx and -Kxxx are supported\n";
+			print STDERR $usage;
+			exit(1);
 			}
 		}
-	elsif ($_ =~ /^([^:]+):(.+)$/) {
+	elsif ($_ =~ /^([^:]+):(.+)$/)
+		{
 		eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
 		$target=$1;
-	}
+		}
 	else
 		{
 		die "target already defined - $target\n" if ($target ne "");
 		$target=$_;
-		if (!defined($table{$target}))
-			{
-			&bad_target;
-			exit(1);
-			}
 		}
-	}
+	$options .= $_ unless $_ eq $target;
+}
 
-if (!defined($table{$target}))
-	{
-	&bad_target;
-	exit(1);
+if ($target eq "TABLE") {
+	foreach $target (sort keys %table) {
+		print_table_entry($target);
 	}
+	print "\n";
+	exit 0;
+}
+
+&usage if (!defined($table{$target}));
 
 my $IsWindows=scalar grep /^$target$/,@WinTargets;
 
+$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
+$prefix=$openssldir if $prefix eq "";
+
+chop $openssldir if $openssldir =~ /\/$/;
+chop $prefix if $prefix =~ /\/$/;
+
+$openssldir=$prefix . "/ssl" if $openssldir eq "";
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
+
+
 print "IsWindows=$IsWindows\n";
 
-(my $cc,my $cflags,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+(my $cc,my $cflags,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
  $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
 	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
 $cflags="$flags$cflags" if ($flags ne "");
+
+my $thread_cflags;
+if ($thread_cflag ne "(unknown)" && !$no_threads)
+	{
+	# If we know how to do it, support threads by default.
+	$threads = 1;
+	}
+if ($thread_cflag eq "(unknown)")
+	{
+	# If the user asked for "threads", hopefully they also provided
+	# any system-dependent compiler options that are necessary.
+	$thread_cflags="-DTHREADS $cflags" 
+	}
+else
+	{
+	$thread_cflags="-DTHREADS $thread_cflag $cflags" 
+	}	
+
 $lflags="$libs$lflags"if ($libs ne "");
 
 if ($no_asm)
@@ -343,6 +421,11 @@ if ($no_asm)
 	$sha1_obj=$md5_obj=$rmd160_obj="";
 	}
 
+if ($threads)
+	{
+		$cflags=$thread_cflags;
+	}
+
 #my ($bn1)=split(/\s+/,$bn_obj);
 #$bn1 = "" unless defined $bn1;
 #$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
@@ -371,14 +454,48 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}
 
+my $version = "unknown";
+my $major = "unknown";
+my $minor = "unknown";
+
+open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
+while (<IN>)
+	{
+	$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
+	}
+close(IN);
+
+if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
+	{
+	$major=$1;
+	$minor=$2;
+	}
+
 open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
 open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
+my $sdirs=0;
 while (<IN>)
 	{
 	chop;
+	$sdirs = 1 if /^SDIRS=/;
+	$sdirs = 0 unless /\\$/;
+	if ($sdirs) {
+		my $dir;
+		foreach $dir (@skip) {
+			s/$dir//;
+			}
+		}
+	s/^VERSION=.*/VERSION=$version/;
+	s/^MAJOR=.*/MAJOR=$major/;
+	s/^MINOR=.*/MINOR=$minor/;
+	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
 	s/^PLATFORM=.*$/PLATFORM=$target/;
+	s/^OPTIONS=.*$/OPTIONS=$options/;
 	s/^CC=.*$/CC= $cc/;
 	s/^CFLAG=.*$/CFLAG= $cflags/;
+	s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
 	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
@@ -389,6 +506,9 @@ while (<IN>)
 	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
 	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
 	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
+	s/^PROCESSOR=.*/PROCESSOR= $processor/;
+	s/^RANLIB=.*/RANLIB= $ranlib/;
+	s/^PERL=.*/PERL= $perl/;
 	print OUT $_."\n";
 	}
 close(IN);
@@ -406,6 +526,9 @@ print "RC5_ENC       =$rc5_obj\n";
 print "MD5_OBJ_ASM   =$md5_obj\n";
 print "SHA1_OBJ_ASM  =$sha1_obj\n";
 print "RMD160_OBJ_ASM=$rmd160_obj\n";
+print "PROCESSOR     =$processor\n";
+print "RANLIB        =$ranlib\n";
+print "PERL          =$perl\n";
 
 my $des_ptr=0;
 my $des_risc1=0;
@@ -450,13 +573,13 @@ foreach (sort split(/\s+/,$bn_ops))
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
 	}
 
-((my $in=$bn) =~ s/\.([^.]+)/.$postfix/);
-my $n=&file_new($bn);
-open(IN,"<".$in) || die "unable to read $bn:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
+open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
+open(OUT,'>crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n";
 while (<IN>)
 	{
-	if	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
+	if	(/^#define\s+OPENSSLDIR/)
+		{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
 		{ printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
 		{ printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
@@ -468,38 +591,10 @@ while (<IN>)
 		{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+BN_LLONG\s*$/)
 		{ printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($bn,&file_old($bn));
-&Rename($n,$bn);
-
-(($in=$des) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($des);
-open(IN,"<".$in) || die "unable to read $des:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^\#define\s+DES_LONG\s+.*/)
+	elsif	(/^\#define\s+DES_LONG\s+.*/)
 		{ printf OUT "#define DES_LONG unsigned %s\n",
 			($des_int)?'int':'long'; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($des,&file_old($des));
-&Rename($n,$des);
-
-(($in=$des_locl) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($des_locl);
-open(IN,"<".$in) || die "unable to read $des_locl:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^\#(define|undef)\s+DES_PTR/)
+	elsif	(/^\#(define|undef)\s+DES_PTR/)
 		{ printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
 	elsif	(/^\#(define|undef)\s+DES_RISC1/)
 		{ printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
@@ -507,158 +602,33 @@ while (<IN>)
 		{ printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
 	elsif	(/^\#(define|undef)\s+DES_UNROLL/)
 		{ printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($des_locl,&file_old($des_locl));
-&Rename($n,$des_locl);
-
-(($in=$rc4) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc4);
-open(IN,"<".$in) || die "unable to read $rc4:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+RC4_INT\s/)
+	elsif	(/^#define\s+RC4_INT\s/)
 		{ printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($rc4,&file_old($rc4));
-&Rename($n,$rc4);
-
-(($in=$rc4_locl) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc4_locl);
-open(IN,"<".$in) || die "unable to read $rc4_locl:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#((define)|(undef))\s+RC4_INDEX/)
+	elsif	(/^#((define)|(undef))\s+RC4_INDEX/)
 		{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($rc4_locl,&file_old($rc4_locl));
-&Rename($n,$rc4_locl);
-
-(($in=$md2) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($md2);
-open(IN,"<".$in) || die "unable to read $bn:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+MD2_INT\s/)
+	elsif (/^#(define|undef)\s+I386_ONLY/)
+		{ printf OUT "#%s I386_ONLY\n", ($processor == 386)?
+			"define":"undef"; }
+	elsif	(/^#define\s+MD2_INT\s/)
 		{ printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($md2,&file_old($md2));
-&Rename($n,$md2);
-
-(($in=$idea) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($idea);
-open(IN,"<".$in) || die "unable to read $idea:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+IDEA_INT\s/)
+	elsif	(/^#define\s+IDEA_INT\s/)
 		{printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($idea,&file_old($idea));
-&Rename($n,$idea);
-
-(($in=$rc2) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc2);
-open(IN,"<".$in) || die "unable to read $rc2:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+RC2_INT\s/)
+	elsif	(/^#define\s+RC2_INT\s/)
 		{printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($rc2,&file_old($rc2));
-&Rename($n,$rc2);
-
-(($in=$bf) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($bf);
-open(IN,"<".$in) || die "unable to read $bf:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if (/^#(define|undef)\s+BF_PTR/)
+	elsif (/^#(define|undef)\s+BF_PTR/)
 		{
 		printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
 		printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
 		printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
-		}
+	        }
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
-&Rename($bf,&file_old($bf));
-&Rename($n,$bf);
-
-# Now the miscellaneous fixups
-
-if(defined $misc_table{$target}) {
-	my ($enc_ctx, $md_size, $md_ctx_size, $cipher_size, $cipher_ctx_size,
-		$max_md_size, $date_fix) = 
-		split(/\s*:\s*/,$misc_table{$target} . ":", -1);
-
-#print "EVP_ENCODE_CTX_SIZE $enc_ctx\n";
-#print "EVP_MD_SIZE $md_size\n";
-#print "EVP_MD_CTX_SIZE $md_ctx_size\n";
-#print "EVP_CIPHER_SIZE $cipher_size\n";
-#print "EVP_CIPHER_CTX_SIZE $cipher_ctx_size\n";
-#print "EVP_MAX_MD_SIZE $max_md_size\n";
-#printf "Date fix: %s\n", $date_fix ? "Yes" : "No";
 
 # Fix the date
 
-if($date_fix) {
-	open (OUT,">crypto/date.h") || die "Can't open date.h";
-	printf OUT "#define DATE \"%s\"\n", scalar gmtime();
-	close(OUT);
-}
-
-open (IN, "crypto/pem/pem.org") || die "Can't open crypto/pem/pem.org";
-open (OUT, ">crypto/pem/pem.h") || die "Can't create crypto/pem/pem.h";
-
-# Now fix up pem.h
-while(<IN>) {
-	chop;
-	s/^(#define EVP_ENCODE_CTX_SIZE).*$/$1 $enc_ctx/;
-	s/^(#define EVP_MD_SIZE).*$/$1 $md_size/;
-	s/^(#define EVP_MD_CTX_SIZE).*$/$1 $md_ctx_size/;
-	s/^(#define EVP_CIPHER_SIZE).*$/$1 $cipher_size/;
-	s/^(#define EVP_CIPHER_CTX_SIZE).*$/$1 $cipher_ctx_size/;
-	s/^(#define EVP_MAX_MD_SIZE).*$/$1 $max_md_size/;
-	print OUT "$_\n";
-}
-
-close (IN);
-close (OUT);
-
-
-}
-
 print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
 print "SIXTY_FOUR_BIT mode\n" if $b64;
 print "THIRTY_TWO_BIT mode\n" if $b32;
@@ -678,33 +648,149 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
 print "BF_PTR used\n" if $bf_ptr == 1; 
 print "BF_PTR2 used\n" if $bf_ptr == 2; 
 
-system 'make -f Makefile.ssl links' if !$IsWindows;
+if($IsWindows) {
+	open (OUT,">crypto/date.h") || die "Can't open date.h";
+	printf OUT "#define DATE \"%s\"\n", scalar gmtime();
+	close(OUT);
+	system "perl crypto/objects/obj_dat.pl <crypto/objects/objects.h >crypto/objects/obj_dat.h";
+} else {
+	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
+	### (system 'make depend') == 0 or exit $? if $depflags ne "";
+	# Run "make depend" manually if you want to be able to delete
+	# the source code files of ciphers you left out.
+	&dofile("tools/c_rehash",$openssldir,'^DIR=',	'DIR=%s',);
+	if ( $perl =~ m@^/@) {
+	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+	} else {
+	    # No path for Perl known ...
+	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+	}	    
+}
+
+my $pwd;
+
+if($IsWindows) {
+	$pwd="(current directory)";
+} else {
+	$pwd =`pwd`;
+	chop($pwd);
+}
+print <<EOF;
+
+NOTE: The OpenSSL header files have been moved from include/*.h
+to include/openssl/*.h.  To include OpenSSL header files, now
+directives of the form
+     #include <openssl/foo.h>
+should be used instead of #include <foo.h>.
+These new file locations allow installing the OpenSSL header
+files in /usr/local/include/openssl/ and should help avoid
+conflicts with other libraries.
+
+To compile programs that use the old form <foo.h>,
+usually an additional compiler option will suffice: E.g., add
+     -I$prefix/include/openssl
+or
+     -I$pwd/include/openssl
+to the CFLAGS in the Makefile of the program that you want to compile
+(and leave all the original -I...'s in place!).
+
+Please make sure that no old OpenSSL header files are around:
+The include directory should now be empty except for the openssl
+subdirectory.
+
+EOF
+
+print <<\EOF if (!$no_threads && !$threads);
+
+The library could not be configured for supporting multi-threaded
+applications as the compiler options required on this system are not known.
+See file INSTALL for details.
+
+EOF
 
 exit(0);
 
-sub bad_target
+sub usage
 	{
-	print STDERR "Usage: Configure [-Dxxx] [-Lxxx] [-lxxx] os/compiler\n";
+	print STDERR $usage;
 	print STDERR "pick os/compiler from:";
 	my $j=0;
 	my $i;
 	foreach $i (sort keys %table)
 		{
+		next if $i =~ /^debug/;
+		print STDERR "\n" if ($j++ % 4) == 0;
+		printf(STDERR "%-18s ",$i);
+		}
+	foreach $i (sort keys %table)
+		{
+		next if $i !~ /^debug/;
 		print STDERR "\n" if ($j++ % 4) == 0;
 		printf(STDERR "%-18s ",$i);
 		}
 	print STDERR "\n";
+	exit(1);
 	}
 
-sub Rename
+sub which
 	{
-	my($from,$to)=@_;
-	unlink($to);
-	if(!rename($from,$to))
-	    {
-	     -e $from && die "unable to rename $from to $to:$!\n";
-	    }
+	my($name)=@_;
+	my $path;
+	foreach $path (split /:/, $ENV{PATH})
+		{
+		if (-x "$path/$name")
+			{
+			return "$path/$name" unless ($name eq "perl" and
+			 system("$path/$name -e " . '\'exit($]<5.0);\''));
+			}
+		}
 	}
 
-sub file_new { my($a)=@_; $a =~ s/(\.[^.]+$|$)/.new/; $a; }
-sub file_old { my($a)=@_; $a =~ s/(\.[^.]+$|$)/.old/; $a; }
+sub dofile
+	{
+	my $f; my $p; my %m; my @a; my $k; my $ff;
+	($f,$p,%m)=@_;
+
+	open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
+	@a=<IN>;
+	close(IN);
+	foreach $k (keys %m)
+		{
+		grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
+		}
+	($ff=$f) =~ s/\..*$//;
+	open(OUT,">$ff.new") || die "unable to open $f:$!\n";
+	print OUT @a;
+	close(OUT);
+	rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f;
+	rename("$ff.new",$f) || die "unable to rename $ff.new\n";
+	}
+
+sub print_table_entry
+	{
+	my $target = shift;
+
+	(my $cc,my $cflags,my $thread_cflag,my $lflags,my $bn_ops,
+	my $bn_obj,my $des_obj,my $bf_obj,
+	$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
+	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
+			
+	print <<EOF
+
+*** $target
+\$cc           = $cc
+\$cflags       = $cflags
+\$thread_cflag = $thread_cflag
+\$lflags       = $lflags
+\$bn_ops       = $bn_ops
+\$bn_obj       = $bn_obj
+\$des_obj      = $des_obj
+\$bf_obj       = $bf_obj
+\$md5_obj      = $md5_obj
+\$sha1_obj     = $sha1_obj
+\$cast_obj     = $cast_obj
+\$rc4_obj      = $rc4_obj
+\$rmd160_obj   = $rmd160_obj
+\$rc5_obj      = $rc5_obj
+EOF
+	}

INSTALL

@@ -2,47 +2,88 @@
  INSTALLATION ON THE UNIX PLATFORM
  ---------------------------------
 
- [For instructions for compiling OpenSSL on Windows systems, see INSTALL.W32].
+ [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
+  and INSTALL.VMS for installing on OpenVMS systems.]
 
  To install OpenSSL, you will need:
 
-  * Perl
-  * C compiler
-  * A supported Unix operating system
+  * Perl 5
+  * an ANSI C compiler
+  * a supported Unix operating system
 
  Quick Start
  -----------
 
  If you want to just get on with it, do:
 
-  $ ./config                  [if this fails, go to step 1b below]
+  $ ./config
   $ make
-  $ make rehash
   $ make test
   $ make install
 
+ [If any of these steps fails, see section Installation in Detail below.]
+
  This will build and install OpenSSL in the default location, which is (for
  historical reasons) /usr/local/ssl. If you want to install it anywhere else,
- do this after running `sh config':
+ run config like this:
 
-  $ perl util/ssldir.pl /new/install/path
+  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
+
+
+ Configuration Options
+ ---------------------
+
+ There are several options to ./config to customize the build:
+
+  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
+	        Configuration files used by OpenSSL will be in DIR/ssl
+                or the directory specified by --openssldir.
+
+  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+                the library files and binaries are also installed there.
+
+  rsaref        Build with RSADSI's RSAREF toolkit (this assumes that
+                librsaref.a is in the library search path).
+
+  no-threads    Don't try to build with support for multi-threaded
+                applications.
+
+  threads       Build with support for multi-threaded applications.
+                This will usually require additional system-dependent options!
+                See "Note on multi-threading" below.
+
+  no-asm        Do not use assembler code.
+
+  386           Use the 80386 instruction set only (the default x86 code is
+                more efficient, but requires at least a 486).
+
+  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
+                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
+                The crypto/<cipher> directory can be removed after running
+                "make depend".
+
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
+                be passed through to the compiler to allow you to
+                define preprocessor symbols, specify additional libraries,
+                library directories or other compiler options.
 
- If anything goes wrong, follow the detailed instructions below. If your
- operating system is not (yet) supported by OpenSSL, see the section on
- porting to a new system.
 
  Installation in Detail
  ----------------------
 
  1a. Configure OpenSSL for your operation system automatically:
 
-       $ ./config
+       $ ./config [options]
 
      This guesses at your operating system (and compiler, if necessary) and
-     configures OpenSSL based on this guess. Check the first line of output to
-     see if it guessed correctly. If it did not get it correct or you want to
+     configures OpenSSL based on this guess. Run ./config -t to see
+     if it guessed correctly. If it did not get it correct or you want to
      use a different compiler then go to step 1b. Otherwise go to step 2.
 
+     On some systems, you can include debugging information as follows:
+
+       $ ./config -d [options]
+
  1b. Configure OpenSSL for your operating system manually
 
      OpenSSL knows about a range of different operating system, hardware and
@@ -56,42 +97,17 @@
      as the argument to ./Configure. For example, a "linux-elf" user would
      run:
 
-       $ ./Configure linux-elf
+       $ ./Configure linux-elf [options]
 
      If your system is not available, you will have to edit the Configure
-     program and add the correct configuration for your system.
+     program and add the correct configuration for your system. The
+     generic configurations "cc" or "gcc" should usually work.
 
-     Configure configures various files by converting an existing .org file
-     into the real file. If you edit any files, remember that if a
-     corresponding .org file exists them the next time you run ./Configure
-     your changes will be lost when the file gets re-created from the .org
-     file. The files that are created from .org files are:
+     Configure creates the file Makefile.ssl from Makefile.org and
+     defines various macros in crypto/opensslconf.h (generated from
+     crypto/opensslconf.h.in).
 
-       Makefile.ssl
-       crypto/des/des.h
-       crypto/des/des_locl.h
-       crypto/md2/md2.h
-       crypto/rc4/rc4.h
-       crypto/rc4/rc4_enc.c
-       crypto/rc2/rc2.h
-       crypto/bf/bf_locl.h
-       crypto/idea/idea.h
-       crypto/bn/bn.h
-
-  2. Set the install directory
-
-     If the install directory will be the default of /usr/local/ssl, skip to
-     the next stage. Otherwise, run
-
-        $ perl util/ssldir.pl /new/install/path
-
-     This configures the installation location into the "install" target of
-     the top-level Makefile, and also updates some defines in an include file
-     so that the default certificate directory is under the proper
-     installation directory. It also updates a few utility files used in the
-     build process.
-
-  3. Build OpenSSL by running:
+  2. Build OpenSSL by running:
 
        $ make
 
@@ -99,31 +115,137 @@
      OpenSSL binary ("openssl"). The libraries will be built in the top-level
      directory, and the binary will be in the "apps" directory.
 
-  4. After a successful build, the libraries should be tested. Run:
+     If "make" fails, please report the problem to <openssl-bugs@openssl.org>.
+     Include the output of "./config -t" and the OpenSSL version
+     number in your message.
+
+     [If you encounter assembler error messages, try the "no-asm"
+     configuration option as an immediate fix.  Note that on Solaris x86
+     (not on Sparcs!) you may have to install the GNU assembler to use
+     OpenSSL assembler code -- /usr/ccs/bin/as won't do.]
+
+  3. After a successful build, the libraries should be tested. Run:
 
-       $ make rehash
        $ make test
 
-     (The first line makes the test certificates in the "certs" directory
-     accessable via an hash name, which is required for some of the tests).
+    If a test fails, try removing any compiler optimization flags from
+    the CFLAGS line in Makefile.ssl and run "make clean; make". Please
+    send a bug report to <openssl-bugs@openssl.org>, including the
+    output of "openssl version -a" and of the failed test.
 
-  5. If everything tests ok, install OpenSSL with
+  4. If everything tests ok, install OpenSSL with
 
        $ make install
 
      This will create the installation directory (if it does not exist) and
-     then create the following subdirectories:
+     then the following subdirectories:
 
-       bin            Contains the openssl binary and a few other 
-                      utility programs. 
-       include        Contains the header files needed if you want to
-                      compile programs with libcrypto or libssl.
-       lib            Contains the library files themselves and the
-                      OpenSSL configuration file "openssl.cnf".
-       certs          Initially empty, this is the default location
-                      for certificate files.
-       private        Initially empty, this is the default location
-                      for private key files.
+       certs           Initially empty, this is the default location
+                       for certificate files.
+       misc            Various scripts.
+       private         Initially empty, this is the default location
+                       for private key files.
+
+     If you didn't chose a different installation prefix, the
+     following additional subdirectories will be created:
+
+       bin             Contains the openssl binary and a few other 
+                       utility programs. 
+       include/openssl Contains the header files needed if you want to
+                       compile programs with libcrypto or libssl.
+       lib             Contains the OpenSSL library files themselves.
+
+     Package builders who want to configure the library for standard
+     locations, but have the package installed somewhere else so that
+     it can easily be packaged, can use
+
+       $ make INSTALL_PREFIX=/tmp/package-root install
+
+     (or specify "--install_prefix=/tmp/package-root" as a configure
+     option).  The specified prefix will be prepended to all
+     installation target filenames.
+
+
+  NOTE: The header files used to reside directly in the include
+  directory, but have now been moved to include/openssl so that
+  OpenSSL can co-exist with other libraries which use some of the
+  same filenames.  This means that applications that use OpenSSL
+  should now use C preprocessor directives of the form
+
+       #include <openssl/ssl.h>
+
+  instead of "#include <ssl.h>", which was used with library versions
+  up to OpenSSL 0.9.2b.
+
+  If you install a new version of OpenSSL over an old library version,
+  you should delete the old header files in the include directory.
+
+  Compatibility issues:
+
+  *  COMPILING existing applications
+
+     To compile an application that uses old filenames -- e.g.
+     "#include <ssl.h>" --, it will usually be enough to find
+     the CFLAGS definition in the application's Makefile and
+     add a C option such as
+
+          -I/usr/local/ssl/include/openssl
+
+     to it.
+
+     But don't delete the existing -I option that points to
+     the ..../include directory!  Otherwise, OpenSSL header files
+     could not #include each other.
+
+  *  WRITING applications
+
+     To write an application that is able to handle both the new
+     and the old directory layout, so that it can still be compiled
+     with library versions up to OpenSSL 0.9.2b without bothering
+     the user, you can proceed as follows:
+
+     -  Always use the new filename of OpenSSL header files,
+        e.g. #include <openssl/ssl.h>.
+
+     -  Create a directory "incl" that contains only a symbolic
+        link named "openssl", which points to the "include" directory
+        of OpenSSL.
+        For example, your application's Makefile might contain the
+        following rule, if OPENSSLDIR is a pathname (absolute or
+        relative) of the directory where OpenSSL resides:
+
+        incl/openssl:
+        	-mkdir incl
+        	cd $(OPENSSLDIR) # Check whether the directory really exists
+        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
+
+        You will have to add "incl/openssl" to the dependencies
+        of those C files that include some OpenSSL header file.
+
+     -  Add "-Iincl" to your CFLAGS.
+
+     With these additions, the OpenSSL header files will be available
+     under both name variants if an old library version is used:
+     Your application can reach them under names like <openssl/foo.h>,
+     while the header files still are able to #include each other
+     with names of the form <foo.h>.
+
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications.  On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.)  The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
 
 
 --------------------------------------------------------------------------------

INSTALL.VMS

@@ -0,0 +1,245 @@
+			VMS Installation instructions
+			written by Richard Levitte
+			<richard@levitte.org>
+
+
+Intro:
+======
+
+This file is divided in the following parts:
+
+  Compilation			- Mandatory reading.
+  Test				- Mandatory reading.
+  Installation			- Mandatory reading.
+  Backward portability		- Read if it's an issue.
+  Possible bugs or quirks	- A few warnings on things that
+				  may go wrong or may surprise you.
+  Report			- How to get in touch with me.
+
+Compilation:
+============
+
+I've used the very good command procedures written by Robert Byer
+<byer@mail.all-net.net>, and just slightly modified them, making
+them slightly more general and easier to maintain.
+
+You can actually compile in almost any directory separately.  Look
+for a command procedure name xxx-LIB.COM (in the library directories)
+or MAKExxx.COM (in the program directories) and read the comments at
+the top to understand how to use them.  However, if you want to
+compile all you can get, the simplest is to use MAKEVMS.COM in the top
+directory.  The syntax is trhe following:
+
+  @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
+
+<option> must be one of the following:
+
+      ALL       Just build "everything".
+      DATE      Just build the "[.INCLUDE]DATE.H" file.
+      SOFTLINKS Just copies some files, to simulate Unix soft links.
+      RSAREF    Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
+      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
+      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
+      SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
+      TEST      Just build the "test" programs for OpenSSL.
+      APPS      Just build the "application" programs for OpenSSL.
+
+<rsaref-p> must be one of the following:
+
+      RSAREF    compile using the RSAREF Library
+      NORSAREF  compile without using RSAREF
+
+Note: The RSAREF libraries are NOT INCLUDED and you have to
+      download it from "ftp://ftp.rsa.com/rsaref".  You have to
+      get the ".tar-Z" file as the ".zip" file dosen't have the
+      directory structure stored.  You have to extract the file
+      into the [.RSAREF] directory as that is where the scripts
+      will look for the files.
+
+Note 2: I have never done this, so I've no idea if it works or not.
+
+<debug-p> must be one of the following:
+
+      DEBUG     compile with debugging info (will not optimize)
+      NODEBUG   compile without debugging info (will optimize)
+
+<compiler> must be one of the following:
+
+      VAXC      For VAX C.
+      DECC      For DEC C.
+      GNUC      For GNU C.
+
+
+You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
+where xxx is VAX or AXP.  You will find the SSL library in [.xxx.EXE.SSL],
+named LIBSSL.OLB, and you will find a bunch of useful programs in
+[.xxx.EXE.APPS].  However, these shouldn't be used right off unless it's
+just to test them.  For production use, make sure you install first, see
+Installation below.
+
+Note: Some programs in this package require a TCP/IP library.
+
+Note 2: if you want to compile the crypto library only, please make sure
+        you have at least done a @MAKEVMS DATE and a @MAKEVMS SOFTLINKS.
+        A lot of things will break if you don't.
+
+Note 3: Alpha users will get a number of informational messages when
+        compiling the [.asm]vms.mar file in the BN (bignum) part of
+        the crypto library.  These can be safely ignored.
+
+Test:
+=====
+
+Testing is very simple, just do the following:
+
+  @[.TEST]TESTS
+
+If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
+it's an ugly hack!) and rebuild. Please send a bug report to
+<openssl-bugs@openssl.org>, including the output of "openssl version -a"
+and of the failed test.
+
+Installation:
+=============
+
+Installation is easy, just do the following:
+
+  @INSTALL <root>
+
+<root> is the directory in which everything will be installed,
+subdirectories, libraries, header files, programs and startup command
+procedures.
+
+N.B.: INSTALL.COM builds a new directory structure, different from
+the directory tree where you have now build OpenSSL.
+
+In the [.VMS] subdirectory of the installation, you will find the
+following command procedures:
+
+  OPENSSL_STARTUP.COM
+
+        defines all needed logical names.  Takes one argument that
+        tells it in what logical name table to insert the logical
+        names.  If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
+        call should look like this: 
+
+          @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
+
+  OPENSSL_UTILS.COM
+
+        sets up the symbols to the applications.  Should be called
+        from for example SYS$MANAGER:SYLOGIN.COM 
+
+The logical names that are set up are the following:
+
+  SSLROOT       a dotted concealed logical name pointing at the
+                root directory.
+
+  SSLCERTS      Initially an empty directory, this is the default
+		location for certificate files.
+  SSLMISC	Various scripts.
+  SSLPRIVATE	Initially an empty directory, this is the default
+		location for private key files.
+
+  SSLEXE        Contains the openssl binary and a few other utility
+		programs.
+  SSLINCLUDE    Contains the header files needed if you want to
+		compile programs with libcrypto or libssl.
+  SSLLIB        Contains the OpenSSL library files (LIBCRYPTO.OLB
+		and LIBSSL.OLB) themselves.
+
+  OPENSSL	Same as SSLINCLUDE.  This is because the standard
+		way to include OpenSSL header files from version
+		0.9.3 and on is:
+
+			#include <openssl/header.h>
+
+		For more info on this issue, see the INSTALL. file
+		(the NOTE in section 4 of "Installation in Detail").
+		You don't need to "deleting old header files"!!!
+
+Backward portability:
+=====================
+
+One great problem when you build a library is making sure it will work
+on as many versions of VMS as possible.  Especially, code compiled on
+OpenVMS version 7.x and above tend to be unusable in version 6.x or
+lower, because some C library routines have changed names internally
+(the C programmer won't usually see it, because the old name is
+maintained through C macros).  One obvious solution is to make sure
+you have a development machine with an old enough version of OpenVMS.
+However, if you are stuck with a bunch of Alphas running OpenVMS version
+7.1, you seem to be out of luck.  Fortunately, the DEC C header files
+are cluttered with conditionals that make some declarations and definitions
+dependent on the OpenVMS version or the C library version, *and* you
+can use those macros to simulate older OpenVMS or C library versions,
+by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
+correct values.  In the compilation scripts, I've provided the possibility
+for the user to influense the creation of such macros, through a bunch of
+symbols, all having names starting with USER_.  Here's the list of them:
+
+  USER_CCFLAGS		 - Used to give additional qualifiers to the
+			   compiler.  It can't be used to define macros
+			   since the scripts will do such things as well.
+			   To do such things, use USER_CCDEFS.
+  USER_CCDEFS		 - Used to define macros on the command line.  The
+			   value of this symbol will be inserted inside a
+			   /DEFINE=(...).
+  USER_CCDISABLEWARNINGS - Used to disable some warnings.  The value is
+			   inserted inside a /DISABLE=WARNING=(...).
+
+So, to maintain backward compatibility with older VMS versions, do the
+following before you start compiling:
+
+  $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
+  $ USER_CCDISABLEWARNINGS := PREOPTW
+
+The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
+that those macros have been changed.
+
+Note: Currently, this is only usefull for library compilation.  The
+      programs will still be linked with the current version of the
+      C library shareable image, and will thus complain if they are
+      faced with an older version of the same C library shareable image.
+      This will probably be fixed in a future revision of OpenSSL.
+
+
+Possible bugs or quirks:
+========================
+
+I'm not perfectly sure all the programs will use the SSLCERTS:
+directory by default, it may very well be that you have to give them
+extra arguments.  Please experiment.
+
+
+Report:
+=======
+
+I maintain a few mailinglists for bug reports and such on software that
+I develop/port/enhance/destroy.  Please look at http://www.free.lp.se/
+for further info.
+
+
+-- 
+Richard Levitte <richard@levitte.org>
+1999-03-09
+
+
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users@openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard@levitte.org>
+1999-05-24

INSTALL.W32

@@ -6,24 +6,24 @@
  this is tested on Win32 but it may also work in Win 3.1 with some
  modification.  See the end of this file for Eric's original comments.
 
- Note: the default Win32 environment is to leave out any Windows NT specific
- features: (currently only BIO_s_log()) if you want NT specific features see
- the "Tweaks" section later.
+ You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
+ and one of the following C compilers:
 
- You will need perl for Win32 (which can be got from various sources) and
- Visual C++. 
+  * Visual C++
+  * Borland C
+  * GNU C (Mingw32 or Cygwin32)
 
  If you are compiling from a tarball or a CVS snapshot then the Win32 files
  may well be not up to date. This may mean that some "tweaking" is required to
  get it all to work. See the trouble shooting section later on for if (when?)
  it goes wrong.
 
- Firstly you should run Configure:
+ Visual C++
+ ----------
+
+ Firstly you should run Configure and build the Win32 Makefiles:
 
  > perl Configure VC-WIN32
-
- Then rebuild the Win32 Makefiles and friends:
-
  > ms\do_ms
 
  If you get errors about things not having numbers assigned then check the
@@ -40,6 +40,64 @@
  > cd out32dll
  > ..\ms\test
 
+ Tweaks:
+
+ There are various changes you can make to the Win32 compile environment. If
+ you have the MASM assembler 'ml' then you can try the assembly language code.
+ To do this remove the 'no-asm' part from do_ms.bat. You can also add 'debug'
+ here to make a debugging version of the library.
+
+ The default Win32 environment is to leave out any Windows NT specific
+ features.
+
+ If you want to enable the NT specific features of OpenSSL (currently only the
+ logging BIO) follow the instructions above but call the batch file do_nt.bat
+ instead of do_ms.bat.
+
+ You can also build a static version of the library using the Makefile
+ ms\nt.mak
+
+ Borland C++ builder 3 and 4
+ ---------------------------
+
+ * Setup PATH. First must be GNU make then bcb4/bin 
+
+ * Run ms\bcb4.bat
+
+ * Run make:
+   > make -f bcb.mak
+
+ GNU C (Mingw32)
+ ---------------
+
+ To build OpenSSL, you need the Mingw32 package and GNU make.
+
+ * Compiler installation:
+
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
+   mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
+   <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
+   make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
+   C:\egcs-1.1.2\mingw32.bat to set the PATH.
+
+ * Compile OpenSSL:
+
+   > perl Configure Mingw32
+   > ms\mw.bat
+
+   This will create the library and binaries in out.
+
+   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
+   link with libeay32.a and libssl32.a instead.
+
+   See troubleshooting if you get error messages about functions not having
+   a number assigned.
+
+ * You can now try the tests:
+
+   > cd out
+   > ..\ms\test
+
  Troubleshooting
  ---------------
 
@@ -60,10 +118,7 @@
  someone forgot to add a function to the header file.
 
  In this latter case check out the header file to see if the function is
- defined in the header file: it should be defined twice: once with ANSI
- prototypes and once without. If its missing from the non ASNI section then
- add an entry for it: check that ms\do_ms now reports missing numbers and
- update the numbers as above.
+ defined in the header file.
 
  If you get warnings in the code then the compilation will halt.
 
@@ -81,24 +136,11 @@
  program will almost certainly crash: see the original SSLeay description
  below for more details.
 
- Tweaks
- ------
-
- There are various changes you can make to the Win32 compile environment. If
- you have the MASM assembler 'ml' then you can try the assembly language code.
- To do this remove the 'no-asm' part from do_ms.bat. You can also add 'debug'
- here to make a debugging version of the library.
-
- If you want to enable the NT specific features of OpenSSL (currently only the
- logging BIO) follow the instructions above but call the batch file do_nt.bat
- instead of do_ms.bat.
-
- You can also build a static version of the library using the Makefile
- ms\nt.mak
-
 --------------------------------------------------------------------------------
 The orignal Windows build instructions from SSLeay follow. 
-Note: some of this may be out of date and no longer applicable
+Note: some of this may be out of date and no longer applicable. In particular
+the Crypto_malloc_init() comment appears to be wrong: you always need to use
+the same runtime library as the DLL itself.
 --------------------------------------------------------------------------------
 
 The Microsoft World.

Makefile.org

@@ -2,11 +2,20 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION = 0.9.2b
+VERSION=
+MAJOR=
+MINOR=
 PLATFORM=dist
+OPTIONS=
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
 
-# NOCONST - Define for C compilers that don't like the const key word.
-# NOPROTO - Define in if your compiler does not support prototypes.
 # RSAref  - Define if we are to link with RSAref.
 # NO_IDEA - Define to build without the IDEA algorithm
 # NO_RC4  - Define to build without the RC4 algorithm
@@ -21,7 +30,7 @@ PLATFORM=dist
 #           number generator is initalised.
 # SSL_ALLOW_ADH - define if you want the server to be able to use the
 #           SSLv3 anon-DH ciphers.
-# SSL_ALLOW_ENULL - define if you want the server to be able to use the
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
 #           NULL encryption ciphers.
 #
 # LOCK_DEBUG - turns on lots of lock debug output :-)
@@ -41,9 +50,12 @@ PLATFORM=dist
 CC= gcc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+DEPFLAG= 
 PEX_LIBS= -L. -L.. -L../.. -L../../..
 EX_LIBS= 
 AR=ar r
+RANLIB= ranlib
+PERL= perl
 
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -60,6 +72,10 @@ BN_ASM= bn_asm.o
 #BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
 #BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
 
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
 # Set DES_ENC to des_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 DES_ENC= asm/dx86-out.o asm/yx86-out.o
@@ -127,16 +143,15 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
 
 DIRS=   crypto ssl rsaref apps test tools
+SHLIBDIRS= crypto ssl
+
 # dirs in crypto to build
 SDIRS=  \
 	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 comp
-
-# Do not edit this manually. Use util/ssldir.pl do change this!
-INSTALLTOP=/usr/local/ssl
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
 MAKEFILE= Makefile.ssl
 MAKE=     make -f Makefile.ssl
@@ -147,7 +162,7 @@ SHELL=/bin/sh
 
 TOP=    .
 ONEDIRS=out tmp
-EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
 LIBS=   libcrypto.a libssl.a 
 
@@ -156,21 +171,38 @@ BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
 TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os.h
+EXHEADER=       e_os.h e_os2.h
 HEADER=         e_os.h
 
 all: Makefile.ssl
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making all in $$i..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ) || exit 1; \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
 	done;
 
 sub_all:
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making all in $$i..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ) || exit 1; \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+	done;
+
+linux-shared:
+	for i in ${SHLIBDIRS}; do \
+	rm -f lib$$i.a lib$$i.so \
+		lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
+	${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
+	( set -x; ${CC}  -shared -o lib$$i.so.${MAJOR}.${MINOR} \
+		-Wl,-S,-soname=lib$$i.so.${MAJOR} \
+		-Wl,--whole-archive lib$$i.a \
+		-Wl,--no-whole-archive -lc ) || exit 1; \
+	rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
+	done;
+	@set -x; \
+	for i in ${SHLIBDIRS}; do \
+	ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
+	ln -s lib$$i.so.${MAJOR} lib$$i.so; \
 	done;
 
 Makefile.ssl: Makefile.org
@@ -198,32 +230,32 @@ clean:
 	done
 
 makefile.one: files
-	perl util/mk1mf.pl >makefile.one; \
+	$(PERL) util/mk1mf.pl >makefile.one; \
 	sh util/do_ms.sh
 
-files:  MINFO
-	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making 'files' in $$i..." && \
-	$(MAKE) SDIRS='${SDIRS}' files ) || exit 1; \
+	$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
 	done;
 
 links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(TOP)/util/mklink.sh include $(EXHEADER)
+	@-mkdir -p include/openssl 2>/dev/null
+	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
 	@for i in $(DIRS); do \
 	(cd $$i && echo "making links in $$i..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' links ) || exit 1; \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
 	done;
-	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 
 dclean:
 	rm -f *.bak
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making dclean in $$i..." && \
-	$(MAKE) SDIRS='${SDIRS}' dclean ) || exit 1; \
+	$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
 	done;
 
 rehash:
@@ -231,7 +263,7 @@ rehash:
 
 test:   tests
 
-tests:
+tests: rehash
 	@(cd test && echo "testing..." && \
 	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
 	@apps/openssl version -a
@@ -240,7 +272,7 @@ depend:
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making dependancies $$i..." && \
-	$(MAKE) SDIRS='${SDIRS}' depend ) || exit 1; \
+	$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
 	done;
 
 lint:
@@ -258,15 +290,11 @@ tags:
 	done;
 
 errors:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i && echo "making errors in $$i..." && \
-	$(MAKE) SDIRS='${SDIRS}' errors ) || exit 1; \
-	done;
+	perl util/mkerr.pl -recurse -write
 
 tar:
-	@gtar --no-recursion -cvf - \
-		`find * -depth -print | grep -v CVS | grep -v .cvsignore | grep -v STATUS | sort` |\
+	@tar --norecurse -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS | sort` |\
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
@@ -274,31 +302,38 @@ tar:
 	ls -l ../$(TARFILE).gz
 
 dist:   
-	perl Configure dist
+	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='${SDIRS}' clean
 	@$(MAKE) tar
 
 dist_pem_h:
-	(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
 
 install: all
-	@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/bin 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/lib 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/misc 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/certs 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/private 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/lib 2>/dev/null
+	@for i in $(EXHEADER) ;\
+	do \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i; echo "installing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
 	done
 	@for i in $(LIBS) ;\
 	do \
 	(       echo installing $$i; \
-		cp $$i $(INSTALLTOP)/lib; \
-		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
-		chmod 644 $(INSTALLTOP)/lib/$$i ); \
+		cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+		$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+		chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 	done
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.

NEWS

@@ -5,7 +5,21 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between SSLeay 0.9.1c and OpenSSL 0.9.2b:
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
+      o Lots of enhancements and cleanups to the Configuration mechanism
+      o RSA OEAP related fixes
+      o Added `openssl ca -revoke' option for revoking a certificate
+      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+      o Source tree cleanups: removed lots of obsolete files
+      o Thawte SXNet, certificate policies and CRL distribution points
+        extension support
+      o Preliminary (experimental) S/MIME support
+      o Support for ASN.1 UTF8String and VisibleString
+      o Full integration of PKCS#12 code
+      o Sparc assembler bignum implementation, optimized hash functions
+      o Option to disable selected ciphers
+
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
       o Fixed a security hole related to session resumption
       o Fixed RSA encryption routines for the p < q case
       o "ALL" in cipher lists now means "everything except NULL ciphers"

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.2b 22-Mar-1999
+ OpenSSL 0.9.3 24 May 1999
 
  Copyright (c) 1998-1999 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -13,13 +13,13 @@
  Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
  protocols with full-strength cryptography world-wide. The project is managed
  by a worldwide community of volunteers that use the Internet to communicate,
- plan, and develop the OpenSSL tookit and its related documentation. 
+ plan, and develop the OpenSSL toolkit and its related documentation. 
 
  OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
  and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
  OpenSSL license plus the SSLeay license) situation, which basically means
  that you are free to get and use it for commercial and non-commercial
- purposes as long as you fullfill the conditions of both licenses. 
+ purposes as long as you fulfill the conditions of both licenses. 
 
  OVERVIEW
  --------
@@ -49,7 +49,7 @@
      Digests
         MD5 and MD2 message digest algorithms, fast implementations,
         SHA (SHA-0) and SHA-1 message digest algorithms,
-        MDC2 message digest. A DES based hash that is polular on smart cards.
+        MDC2 message digest. A DES based hash that is popular on smart cards.
 
      Public Key
         RSA encryption/decryption/generation.  
@@ -120,13 +120,13 @@
 
  Various companies hold various patents for various algorithms in various
  locations around the world. _YOU_ are responsible for ensuring that your use
- of any algorithms is legel by checking if there are any patents in your
+ of any algorithms is legal by checking if there are any patents in your
  country.  The file contains some of the patents that we know about or are
  rumoured to exist. This is not a definitive list.
 
  RSA Data Security holds software patents on the RSA and RC5 algorithms.  If
  their ciphers are used used inside the USA (and Japan?), you must contact RSA
- Data Security for licencing conditions. Their web page is
+ Data Security for licensing conditions. Their web page is
  http://www.rsa.com/.
 
  RC4 is a trademark of RSA Data Security, so use of this label should perhaps
@@ -141,11 +141,11 @@
  ------------
 
  To install this package under a Unix derivative, read the INSTALL file.  For
- a Win32 platform, read the INSTALL.W32 file.
+ a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
+ INSTALL.VMS.
 
  For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
- public key library, RSAref. Read doc/ssleay.txt under 'rsaref.doc' on how to
- build with RSAref.
+ public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
 
  Read the documentation in the doc/ directory.  It is quite rough, but it
  lists the functions, you will probably have to look at the code to work out
@@ -169,8 +169,8 @@
     - Version, most of these details can be got from the
       'openssl version -a' command.
     Operating System Details
-    - OS Name
-    - OS Version
+    - On Unix systems: Output of './config -t'
+    - OS Name, Version
     - Hardware platform
     Compiler Details
     - Name
@@ -184,5 +184,22 @@
 
  Report the bug to the OpenSSL project at:
 
-    openssl-users@openssl.org
+    openssl-bugs@openssl.org
 
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-dev@openssl.org.
+ Please be sure to include a textual explanation of what your patch
+ does.
+
+ The preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -urN openssl-orig openssl-work > mydiffs.patch

STATUS

@@ -1,54 +1,36 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/03/14 01:16:42 $
+  ______________                           $Date: 1999/05/20 01:42:57 $
 
   DEVELOPMENT STATE
 
-    o  OpenSSL 0.9.2: Freezed!
-       - No more feature commits, please. 
-       - Commit bugfixes and cleanups only, please.
-       - Already successfully tested platform:
-         o  FreeBSD 2.2.7    Ben Laurie            OK
-         o  FreeBSD 3.1      Ralf S. Engelschall   OK
-         o  Solaris 2.6      Ralf S. Engelschall   OK except for ctype warns
-         o  Linux RH 5.1     Steve Henson          OK
-         o  Linux 2.0 RH 5.2 Ralf S. Engelschall   OK
-         o  Linux 2.2 RH 5.2 Peter 'Luna' Altberg  OK
-         o  WinNT,95 VC++ 5  Steve Henson          OK
-
-       Proposed release time: Monday, March 15th 1999
+    o  OpenSSL 0.9.3:  Freezed... only bugfixes and cleanups allowed!
+                       Proposed release date: Mon May 24th, 1999
+                       Release manager: Ben Laurie <ben@openssl.org>
+                       !! Important: Any non-bugfix, non-cleanup
+                       !! and non-documentation commits should
+                       !! be approved by Ben, first.
 
+    o  OpenSSL 0.9.2b: Released on March    22th, 1999
     o  OpenSSL 0.9.1c: Released on December 23th, 1998
 
   RELEASE SHOWSTOPPERS
 
-    o Compilation warnings: ctype-related int vs. char
-    o Compilation error: "unsigned long*" and "int*" under AIX
-    o Why are NULL ciphers in front of the cipher spec?
-      (see my posting "Bug?!: Cipher Suite and NULL Ciphers" in openssl-dev)
-    o A Linux alpha user reported: "alpha.s does not have bn_div_word()"
-      (see posting "ALPHA error" in openssl-dev)
-    o Undefined BN symbols in assembler stuff on Solaris
-      (see posting "openssl-SNAP-19990308-2130 on Solaris-2.6 SC4" in openssl-dev)
+    o BSD/OS: assembler functions must not have leading underscores
 
   AVAILABLE PATCHES
 
-    o Solaris AS error (kenji@miyake.org)
+    o OCSP (titchenert@certco.com) 
     o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)
-    o s3_lib.c - export clients (levitte@stacken.kth.se)
-    o linux dynamic libs (colin@field.medicine.adelaide.edu.au)
-    o MingW support (niklas@canit.se)
-    o crypto/des/enc_read.c bugfix (mike@cs.mun.ca)
 
   IN PROGRESS
 
-    o Steve is currently working on:
-        X509 V3 extension code including:
-        1. Support for the more common PKIX extensions.
-        2. Proper (or at least usable) certificate chain verification.
-        3. Support in standard applications (req, x509, ca).
-        4. Documentation on how all the above works.
-        Next on the list is probably PKCS#12 integration.
+    o Steve is currently working on (in no particular order):
+        Proper (or at least usable) certificate chain verification.
+        Documentation on X509 V3 extension code.
+	PKCS #8 and PKCS#5 v2.0 support.
+	Private key, certificate and CRL API and implementation.
+	Checking and bugfixing PKCS#7 (S/MIME code).
 
     o Mark is currently working on:
         Folding in any changes that are in the C2Net code base that were
@@ -80,6 +62,18 @@
 
   NEEDS PATCH
 
+    o  broken demos
+    o  salzr@certco.com (Rich Salz): Bug in X509_name_print
+       <29E0A6D39ABED111A36000A0C99609CA2C2BA4@macertco-srv1.ma.certco.com>
+    o  [ Compilation warnings: ctype-related int vs. char ]
+       => now casts (unsigned char), maybe those arrays should have
+          members of that type rather than plain char (i.e.
+          unsigned char *p; ....; if (isspace(*p)) ...; where it's now
+          char *p; ....; if (isspace((unsigned char)*p)) ...;)
+    o  $(PERL) in */Makefile.ssl
+    o  "Sign the certificate?" - "n" creates empty certificate file
+    o  dubious declaration of crypt() in des.h
+
   OPEN ISSUES
 
     o  The Makefile hierarchy and build mechanism is still not a round thing:
@@ -93,31 +87,6 @@
                       itself. Then we can avoid a lot of those platform checks
                       which are currently in Configure.
 
-       2. The xxx.org -> xxx.h generation:
-          It's not obvious for which file xxx.org is the source.
-          Suggestion: Rename xxx.org to xxx.h.in (Autoconf style), this way
-                      one sees that xxx.h.in is the input for xxx.h
-
-          Status: Mark +1
-
-    o  The installation under "make install" produces a very
-       installation layout: $prefix/certs and $prefix/private dirs.  That's
-       not nice. Ralf suggests to move the two certs and private dirs either
-       to $prefix/etc/, $prefix/lib/ or $prefix/share. Alternatively
-       we could also not install the certs at all.
-
-       Status: Ralf +1 for both not installing the certs at all and
-                       moving it to $prefix/etc/. +0 for $prefix/lib/
-                       and $prefix/share.
-               Paul: why is it not nice?
-               Ralf: because it messes up the install dir when
-                     $prefix is not a dedicated area like /usr/local/ssl.
-                     When we move them to a standard subdir like
-                     etc/ lib/ or share/ we don't mess up things
-                     when $prefix is /usr or /usr/local, etc.
-                     Additionally it makes package vendors life
-                     easier....
-
     o  Support for Shared Libraries has to be added at least
        for the major Unix platforms. The details we can rip from the stuff
        Ralf has done for the Apache src/Configure script. Ben wants the
@@ -154,23 +123,12 @@
 
     o Properly initialize the PRNG in the absence of /dev/random.
 
-    o > NO_RSA (ejs@bfd.com)
-      > ./Configure -DNO_IDEA -DNO_RC5 -DNO_RC4 -DNO_RC2 -DNO_RSA -DNO_ERR linux-elf
-      > I tried for a whole day to do this and could not get it to work.  Linux
-      > machine, kernel 2.0.36 and 2.2.1, redhat 5.2 latest, gcc and egcs , no
-      > go.  I also noticed the even with -DNO_IDEA, _DNO_RC2, etc. the make
-      > still goes into those subdirectories and 'makes'.
+    o ERR_error_string(..., buf) does not know how large buf is,
+      there should be ERR_error_string_n(..., buf, bufsize)
+      or similar.
 
   WISHES
 
-    o  Damien Miller:
-       "How about making the each of the locations compile-time defined. I
-       would like to (for example) put binaries in /usr/bin, configuration
-       data, certs and keys in /etc/openssl/certs and /etc/openssl/keys, etc.
-       This would also be a great boon to binary package makers.  The
-       SSLeay-0.9.1b RPM already includes some patches which do some of this.
-       I can forward them if you wish."
-
     o  Mats Nilsson <mats.nilsson@xware.se>:
        "Add reference counting to all substructures of X509 etc. For instance,
        X509_NAME lacks a reference counter, while EVP_PKEY has one.  I'm

VMS/WISHLIST.TXT

@@ -0,0 +1,4 @@
+* Have the building procedure contain a LINK-only possibility.
+  Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
+
+  One way to enable that is also to go over to DESCRIP.MMS files.

VMS/install.com

@@ -0,0 +1,65 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 23-MAY-1998 19:22
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
+$	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
+$
+$	OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
+$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
+$	WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999"
+$	WRITE SF "$!"
+$	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
+$	WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
+$	WRITE SF "$!"
+$	WRITE SF "$! P1	a qualifier to DEFINE.  For example ""/SYSTEM"" to get the logical names"
+$	WRITE SF "$!	defined in the system logical name table."
+$	WRITE SF "$!"
+$	WRITE SF "$	ARCH = ""VAX"""
+$	WRITE SF "$	IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLROOT		",ROOT,".] /TRANS=CONC"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLLIB		SSLROOT:['ARCH'_LIB]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLINCLUDE	SSLROOT:[INCLUDE]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLEXE		SSLROOT:['ARCH'_EXE]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLCERTS	SSLROOT:[CERTS]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLPRIVATE	SSLROOT:[PRIVATE]"
+$	WRITE SF "$"
+$	WRITE SF "$!	This is program can include <openssl/{foo}.h>"
+$	WRITE SF "$	DEFINE/NOLOG'P1	OPENSSL		SSLINCLUDE:"
+$	WRITE SF "$"
+$	WRITE SF "$	IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
+$	WRITE SF "	   @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
+$	WRITE SF "$"
+$	WRITE SF "$	EXIT"
+$	CLOSE SF
+$
+$	COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
+$
+$	EXIT

VMS/multinet_shr.opt

@@ -0,0 +1 @@
+multinet:multinet_socket_library.exe/share

VMS/openssl_utils.com

@@ -0,0 +1,38 @@
+$!
+$!  APPS.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!
+$! Slightly modified by Richard Levitte <richard@levitte.org>
+$!
+$ OPENSSL  :== $SSLEXE:OPENSSL
+$ VERIFY   :== $SSLEXE:OPENSSL VERIFY
+$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
+$ REQ      :== $SSLEXE:OPENSSL REQ
+$ DGST     :== $SSLEXE:OPENSSL DGST
+$ DH       :== $SSLEXE:OPENSSL DH
+$ ENC      :== $SSLEXE:OPENSSL ENC
+$ GENDH    :== $SSLEXE:OPENSSL GENDH
+$ ERRSTR   :== $SSLEXE:OPENSSL ERRSTR
+$ CA       :== $SSLEXE:OPENSSL CA
+$ CRL      :== $SSLEXE:OPENSSL CRL
+$ RSA      :== $SSLEXE:OPENSSL RSA
+$ DSA      :== $SSLEXE:OPENSSL DSA
+$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
+$ X509     :== $SSLEXE:OPENSSL X509
+$ GENRSA   :== $SSLEXE:OPENSSL GENRSA
+$ GENDSA   :== $SSLEXE:OPENSSL GENDSA
+$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
+$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
+$ SPEED    :== $SSLEXE:OPENSSL SPEED
+$ S_TIME   :== $SSLEXE:OPENSSL S_TIME
+$ VERSION  :== $SSLEXE:OPENSSL VERSION
+$ PKCS7    :== $SSLEXE:OPENSSL PKCS7
+$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
+$ SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
+$ CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
+$ NSEQ     :== $SSLEXE:OPENSSL NSEQ
+$ PKCS12   :== $SSLEXE:OPENSSL PKCS12

VMS/socketshr_shr.opt

@@ -0,0 +1 @@
+socketshr/share

VMS/ucx_shr_decc.opt

@@ -0,0 +1 @@
+sys$share:ucx$ipc_shr.exe/share

VMS/ucx_shr_decc_log.opt

@@ -0,0 +1 @@
+ucx$ipc_shr/share

VMS/ucx_shr_vaxc.opt

@@ -0,0 +1 @@
+sys$library:ucx$ipc.olb/library

apps/.cvsignore

@@ -1 +1,4 @@
 openssl
+Makefile.save
+der_chop
+der_chop.bak

apps/CA.com

@@ -0,0 +1,200 @@
+$! CA - wrapper around ca to make it easier to use ... basically ca requires
+$!      some setup stuff to be done before you can use it and this makes
+$!      things easier between now and when Eric is convinced to fix it :-)
+$!
+$! CA -newca ... will setup the right stuff
+$! CA -newreq ... will generate a certificate request 
+$! CA -sign ... will sign the generated request and output 
+$!
+$! At the end of that grab newreq.pem and newcert.pem (one has the key 
+$! and the other the certificate) and cat them together and that is what
+$! you want/need ... I'll make even this a little cleaner later.
+$!
+$!
+$! 12-Jan-96 tjh    Added more things ... including CA -signcert which
+$!                  converts a certificate to a request and then signs it.
+$! 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+$!                 environment variable so this can be driven from
+$!                 a script.
+$! 25-Jul-96 eay    Cleaned up filenames some more.
+$! 11-Jun-96 eay    Fixed a few filename missmatches.
+$! 03-May-96 eay    Modified to use 'openssl cmd' instead of 'cmd'.
+$! 18-Apr-96 tjh    Original hacking
+$!
+$! Tim Hudson
+$! tjh@cryptsoft.com
+$!
+$!
+$! default ssleay.cnf file has setup as per the following
+$! demoCA ... where everything is stored
+$
+$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
+$
+$ DAYS   = "-days 365"
+$ REQ    = openssl + " req " + SSLEAY_CONFIG
+$ CA     = openssl + " ca " + SSLEAY_CONFIG
+$ VERIFY = openssl + " verify"
+$ X509   = openssl + " x509"
+$ echo   = "write sys$Output"
+$!
+$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
+$ CATOP  := 's'.demoCA
+$ CAKEY  := ]cakey.pem
+$ CACERT := ]cacert.pem
+$
+$ __INPUT := SYS$COMMAND
+$ RET = 1
+$!
+$ i = 1
+$opt_loop:
+$ if i .gt. 8 then goto opt_loop_end
+$
+$ prog_opt = F$EDIT(P'i',"lowercase")
+$
+$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
+$ THEN
+$   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
+$   exit
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-input")
+$ THEN
+$   ! Get input from somewhere other than SYS$COMMAND
+$   i = i + 1
+$   __INPUT = P'i'
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newcert")
+$ THEN
+$   ! Create a certificate.
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
+$   RET=$STATUS
+$   echo "Certificate (and private key) is in newreq.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newreq")
+$ THEN
+$   ! Create a certificate request
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
+$   RET=$STATUS
+$   echo "Request (and private key) is in newreq.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newca")
+$ THEN
+$   ! If explicitly asked for or it doesn't exist then setup the directory
+$   ! structure that Eric likes to manage things.
+$   IF F$SEARCH(CATOP+"]serial.") .EQS. ""
+$   THEN
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
+$     OPEN   /WRITE ser_file 'CATOP']serial. 
+$     WRITE ser_file "01"
+$     CLOSE ser_file
+$     APPEND/NEW NL: 'CATOP']index.txt
+$   ENDIF
+$!
+$   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
+$   THEN
+$     READ '__INPUT' FILE -
+	   /PROMT="CA certificate filename (or enter to create)"
+$     IF F$SEARCH(FILE) .NES. ""
+$     THEN
+$       COPY 'FILE' 'CATOP'.private'CAKEY'
+$	RET=$STATUS
+$     ELSE
+$       echo "Making CA certificate ..."
+$       DEFINE/USER SYS$INPUT '__INPUT'
+$       REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
+		       -out 'CATOP''CACERT' 'DAYS'
+$	RET=$STATUS
+$     ENDIF
+$   ENDIF
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-xsign")
+$ THEN
+$!
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -infiles newreq.pem
+$   RET=$STATUS
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
+$ THEN
+$!   
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+$   RET=$STATUS
+$   type newcert.pem
+$   echo "Signed certificate is in newcert.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-signcert")
+$  THEN
+$!   
+$   echo "Cert passphrase will be requested twice - bug?"
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+y
+y
+$   type newcert.pem
+$   echo "Signed certificate is in newcert.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-verify")
+$ THEN
+$!   
+$   i = i + 1
+$   IF (p'i' .EQS. "")
+$   THEN
+$     DEFINE/USER SYS$INPUT '__INPUT'
+$     VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
+$   ELSE
+$     j = i
+$    verify_opt_loop:
+$     IF j .GT. 8 THEN GOTO verify_opt_loop_end
+$     IF p'j' .NES. ""
+$     THEN 
+$       DEFINE/USER SYS$INPUT '__INPUT'
+$       __tmp = p'j'
+$       VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
+$       tmp=$STATUS
+$       IF tmp .NE. 0 THEN RET=tmp
+$     ENDIF
+$     j = j + 1
+$     GOTO verify_opt_loop
+$    verify_opt_loop_end:
+$   ENDIF
+$   
+$   GOTO opt_loop_end
+$ ENDIF
+$!
+$ IF (prog_opt .NES. "")
+$ THEN
+$!   
+$   echo "Unknown argument ''prog_opt'"
+$   
+$   EXIT 3
+$ ENDIF
+$
+$opt_loop_continue:
+$ i = i + 1
+$ GOTO opt_loop
+$
+$opt_loop_end:
+$ EXIT 'RET'

apps/CA.pl

@@ -68,7 +68,7 @@ foreach (@ARGV) {
 		# if explictly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
 	    $NEW="1";
-	    if ( "$NEW" || ! -f ${CATOP}/serial ) {
+	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
 		# create the directory hierarchy
 		mkdir $CATOP, $DIRMODE;
 		mkdir "${CATOP}/certs", $DIRMODE;

apps/Makefile.ssl

@@ -7,7 +7,9 @@ TOP=		..
 CC=		cc
 INCLUDES=	-I../include
 CFLAG=		-g -static
+INSTALL_PREFIX=
 INSTALLTOP=	/usr/local/ssl
+OPENSSLDIR=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
 MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
@@ -18,7 +20,7 @@ EX_LIBS=
 
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
 
-GENERAL=Makefile
+GENERAL=Makefile makeapps.com install.com
 
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
@@ -34,7 +36,7 @@ EXE= $(PROGRAM)
 E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
 	rsa dsa dsaparam \
 	x509 genrsa gendsa s_server s_client speed \
-	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq
+	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12
 
 PROGS= $(PROGRAM).c
 
@@ -48,7 +50,7 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
 	rsa.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
-	ciphers.o nseq.o
+	ciphers.o nseq.o pkcs12.o
 
 #	pem_mail.o
 
@@ -84,17 +86,23 @@ sreq.o: req.c
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 install:
-	@for i in $(EXE) $(SCRIPTS); \
+	@for i in $(EXE); \
 	do  \
 	(echo installing $$i; \
-	 cp $$i $(INSTALLTOP)/bin/$$i; \
-	 chmod 755 $(INSTALLTOP)/bin/$$i ); \
-	 done; \
-	cp openssl.cnf $(INSTALLTOP)/lib; \
-	chmod 644 $(INSTALLTOP)/lib/openssl.cnf
+	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	 done;
+	@for i in $(SCRIPTS); \
+	do  \
+	(echo installing $$i; \
+	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+	 done
+	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
+	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 
 tags:
 	ctags $(SRC)
@@ -108,14 +116,12 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
-errors:
-
 clean:
 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
 	rm -f req
@@ -132,320 +138,551 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 
 progs.h:
-	perl ./progs.pl $(E_EXE) >progs.h
+	$(PERL) ./progs.pl $(E_EXE) >progs.h
 	$(RM) $(PROGRAM).o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-apps.o: ../include/bio.h ../include/buffer.h ../include/crypto.h
-apps.o: ../include/e_os.h ../include/opensslv.h ../include/stack.h apps.h
-apps.o: progs.h
-asn1pars.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-asn1pars.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-asn1pars.o: ../include/crypto.h ../include/des.h ../include/dh.h
-asn1pars.o: ../include/dsa.h ../include/e_os.h ../include/err.h
-asn1pars.o: ../include/evp.h ../include/idea.h ../include/md2.h
-asn1pars.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
-asn1pars.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
-asn1pars.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
-asn1pars.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h
-asn1pars.o: ../include/sha.h ../include/stack.h ../include/x509.h
-asn1pars.o: ../include/x509_vfy.h apps.h progs.h
-ca.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
-ca.o: ../include/buffer.h ../include/cast.h ../include/conf.h
-ca.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-ca.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-ca.o: ../include/lhash.h ../include/md2.h ../include/md5.h ../include/mdc2.h
-ca.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-ca.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
-ca.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
-ca.o: ../include/stack.h ../include/txt_db.h ../include/x509.h
-ca.o: ../include/x509_vfy.h ../include/x509v3.h apps.h progs.h
-ciphers.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-ciphers.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-ciphers.o: ../include/crypto.h ../include/des.h ../include/dh.h
-ciphers.o: ../include/dsa.h ../include/e_os.h ../include/err.h ../include/evp.h
-ciphers.o: ../include/idea.h ../include/lhash.h ../include/md2.h
-ciphers.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
-ciphers.o: ../include/opensslv.h ../include/pkcs7.h ../include/rc2.h
-ciphers.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
-ciphers.o: ../include/rsa.h ../include/sha.h ../include/ssl.h ../include/ssl2.h
-ciphers.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
-ciphers.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
+apps.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+apps.o: ../include/openssl/e_os2.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/stack.h apps.h progs.h
+asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h
+asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: progs.h
+ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
+ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ca.o: ../include/openssl/x509v3.h apps.h progs.h
+ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 ciphers.o: progs.h
-crl.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
-crl.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
-crl.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
-crl.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
-crl.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
-crl.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
-crl.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
-crl.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
-crl.o: ../include/x509.h ../include/x509_vfy.h ../include/x509v3.h apps.h
-crl.o: progs.h
-crl2p7.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-crl2p7.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-crl2p7.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-crl2p7.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-crl2p7.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-crl2p7.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-crl2p7.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
-crl2p7.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
-crl2p7.o: ../include/rsa.h ../include/sha.h ../include/stack.h
-crl2p7.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
-dgst.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-dgst.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-dgst.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-dgst.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-dgst.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-dgst.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-dgst.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
-dgst.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
-dgst.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
-dgst.o: progs.h
-dh.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
-dh.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
-dh.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
-dh.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
-dh.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
-dh.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
-dh.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
-dh.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
-dh.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
-dsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
-dsa.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
-dsa.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
-dsa.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
-dsa.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
-dsa.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
-dsa.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
-dsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
-dsa.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
-dsaparam.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-dsaparam.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-dsaparam.o: ../include/crypto.h ../include/des.h ../include/dh.h
-dsaparam.o: ../include/dsa.h ../include/e_os.h ../include/err.h
-dsaparam.o: ../include/evp.h ../include/idea.h ../include/md2.h
-dsaparam.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
-dsaparam.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
-dsaparam.o: ../include/pkcs7.h ../include/rand.h ../include/rc2.h
-dsaparam.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
-dsaparam.o: ../include/rsa.h ../include/sha.h ../include/stack.h
-dsaparam.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
-enc.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
-enc.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
-enc.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
-enc.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
-enc.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
-enc.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
-enc.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
-enc.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
-enc.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
-errstr.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-errstr.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-errstr.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-errstr.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-errstr.o: ../include/lhash.h ../include/md2.h ../include/md5.h
-errstr.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h
-errstr.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
-errstr.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
-errstr.o: ../include/ssl.h ../include/ssl2.h ../include/ssl23.h
-errstr.o: ../include/ssl3.h ../include/stack.h ../include/tls1.h
-errstr.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
-gendh.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-gendh.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-gendh.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-gendh.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-gendh.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-gendh.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-gendh.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h
-gendh.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h ../include/ripemd.h
-gendh.o: ../include/rsa.h ../include/sha.h ../include/stack.h ../include/x509.h
-gendh.o: ../include/x509_vfy.h apps.h progs.h
-gendsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-gendsa.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-gendsa.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-gendsa.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-gendsa.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-gendsa.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-gendsa.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h
-gendsa.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
-gendsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
-gendsa.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
-gendsa.o: progs.h
-genrsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-genrsa.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-genrsa.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-genrsa.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-genrsa.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-genrsa.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-genrsa.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h
-genrsa.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
-genrsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
-genrsa.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
-genrsa.o: progs.h
-nseq.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-nseq.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-nseq.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-nseq.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-nseq.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-nseq.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-nseq.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
-nseq.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
-nseq.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
-nseq.o: progs.h
-openssl.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-openssl.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-openssl.o: ../include/conf.h ../include/crypto.h ../include/des.h
-openssl.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h
-openssl.o: ../include/evp.h ../include/idea.h ../include/lhash.h
-openssl.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-openssl.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-openssl.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
-openssl.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
-openssl.o: ../include/rsa.h ../include/sha.h ../include/ssl.h ../include/ssl2.h
-openssl.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
-openssl.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
-openssl.o: progs.h s_apps.h
-pkcs7.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-pkcs7.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-pkcs7.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-pkcs7.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-pkcs7.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-pkcs7.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-pkcs7.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
-pkcs7.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
-pkcs7.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
-pkcs7.o: progs.h
-req.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
-req.o: ../include/buffer.h ../include/cast.h ../include/conf.h
-req.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-req.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-req.o: ../include/lhash.h ../include/md2.h ../include/md5.h ../include/mdc2.h
-req.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-req.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h ../include/rc2.h
-req.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h ../include/rsa.h
-req.o: ../include/sha.h ../include/stack.h ../include/x509.h
-req.o: ../include/x509_vfy.h ../include/x509v3.h apps.h progs.h
-rsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
-rsa.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
-rsa.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
-rsa.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
-rsa.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
-rsa.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
-rsa.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
-rsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
-rsa.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
-s_cb.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-s_cb.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-s_cb.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-s_cb.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-s_cb.o: ../include/lhash.h ../include/md2.h ../include/md5.h ../include/mdc2.h
-s_cb.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h
-s_cb.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h ../include/ripemd.h
-s_cb.o: ../include/rsa.h ../include/sha.h ../include/ssl.h ../include/ssl2.h
-s_cb.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
-s_cb.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
-s_cb.o: progs.h s_apps.h
-s_client.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-s_client.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-s_client.o: ../include/crypto.h ../include/des.h ../include/dh.h
-s_client.o: ../include/dsa.h ../include/e_os.h ../include/err.h
-s_client.o: ../include/evp.h ../include/idea.h ../include/lhash.h
-s_client.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-s_client.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-s_client.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
-s_client.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
-s_client.o: ../include/rsa.h ../include/sha.h ../include/ssl.h
-s_client.o: ../include/ssl2.h ../include/ssl23.h ../include/ssl3.h
-s_client.o: ../include/stack.h ../include/tls1.h ../include/x509.h
-s_client.o: ../include/x509_vfy.h apps.h progs.h s_apps.h
-s_server.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-s_server.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-s_server.o: ../include/crypto.h ../include/des.h ../include/dh.h
-s_server.o: ../include/dsa.h ../include/e_os.h ../include/err.h
-s_server.o: ../include/evp.h ../include/idea.h ../include/lhash.h
-s_server.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-s_server.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-s_server.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
-s_server.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
-s_server.o: ../include/rsa.h ../include/sha.h ../include/ssl.h
-s_server.o: ../include/ssl2.h ../include/ssl23.h ../include/ssl3.h
-s_server.o: ../include/stack.h ../include/tls1.h ../include/x509.h
-s_server.o: ../include/x509_vfy.h apps.h progs.h s_apps.h
-s_socket.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-s_socket.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-s_socket.o: ../include/crypto.h ../include/des.h ../include/dh.h
-s_socket.o: ../include/dsa.h ../include/e_os.h ../include/evp.h
-s_socket.o: ../include/idea.h ../include/lhash.h ../include/md2.h
-s_socket.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
-s_socket.o: ../include/opensslv.h ../include/pkcs7.h ../include/rc2.h
-s_socket.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
-s_socket.o: ../include/rsa.h ../include/sha.h ../include/ssl.h
-s_socket.o: ../include/ssl2.h ../include/ssl23.h ../include/ssl3.h
-s_socket.o: ../include/stack.h ../include/tls1.h ../include/x509.h
-s_socket.o: ../include/x509_vfy.h apps.h progs.h s_apps.h
-s_time.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-s_time.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-s_time.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-s_time.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-s_time.o: ../include/lhash.h ../include/md2.h ../include/md5.h
-s_time.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h
-s_time.o: ../include/pem.h ../include/pem2.h ../include/pkcs7.h
-s_time.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
-s_time.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
-s_time.o: ../include/ssl.h ../include/ssl2.h ../include/ssl23.h
-s_time.o: ../include/ssl3.h ../include/stack.h ../include/tls1.h
-s_time.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h s_apps.h
-sess_id.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-sess_id.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-sess_id.o: ../include/crypto.h ../include/des.h ../include/dh.h
-sess_id.o: ../include/dsa.h ../include/e_os.h ../include/err.h ../include/evp.h
-sess_id.o: ../include/idea.h ../include/lhash.h ../include/md2.h
-sess_id.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
-sess_id.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
-sess_id.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
-sess_id.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h
-sess_id.o: ../include/sha.h ../include/ssl.h ../include/ssl2.h
-sess_id.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
-sess_id.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
+crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+crl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl.o: ../include/openssl/idea.h ../include/openssl/md2.h
+crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h progs.h
+crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: progs.h
+dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/x509_vfy.h apps.h progs.h
+enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/idea.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+errstr.o: progs.h
+gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h progs.h
+gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
+gendsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
+genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
+nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h
+nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/dh.h
+openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+req.o: ../include/openssl/des.h ../include/openssl/dh.h
+req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
+rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+s_cb.o: s_apps.h
+s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_client.o: progs.h s_apps.h
+s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_server.o: progs.h s_apps.h
+s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_time.o: progs.h s_apps.h
+sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 sess_id.o: progs.h
-speed.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-speed.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-speed.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-speed.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/hmac.h
-speed.o: ../include/idea.h ../include/md2.h ../include/md5.h ../include/mdc2.h
-speed.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h
-speed.o: ../include/rand.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
-speed.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
-speed.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ./testdsa.h
+speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/md2.h ../include/openssl/md5.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
 speed.o: ./testrsa.h apps.h progs.h
-verify.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-verify.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-verify.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-verify.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-verify.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-verify.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-verify.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
-verify.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
-verify.o: ../include/rsa.h ../include/sha.h ../include/stack.h
-verify.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
-version.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-version.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-version.o: ../include/crypto.h ../include/des.h ../include/dh.h
-version.o: ../include/dsa.h ../include/e_os.h ../include/evp.h
-version.o: ../include/idea.h ../include/md2.h ../include/md5.h
-version.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h
-version.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
-version.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
-version.o: ../include/stack.h apps.h progs.h
-x509.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
-x509.o: ../include/bn.h ../include/buffer.h ../include/cast.h
-x509.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
-x509.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
-x509.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
-x509.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
-x509.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
-x509.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
-x509.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h
-x509.o: ../include/x509v3.h apps.h progs.h
+verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
+verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/err.h ../include/openssl/evp.h
+verify.o: ../include/openssl/idea.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+verify.o: progs.h
+version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/md2.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h apps.h progs.h
+x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+x509.o: ../include/openssl/crypto.h ../include/openssl/des.h
+x509.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/err.h ../include/openssl/evp.h
+x509.o: ../include/openssl/idea.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h progs.h

apps/apps.c

@@ -69,17 +69,9 @@
 #  include "bss_file.c"
 #endif
 
-#ifndef NOPROTO
 int app_init(long mesgwin);
-#else
-int app_init();
-#endif
-
 #ifdef undef /* never finished - probably never will be :-) */
-int args_from_file(file,argc,argv)
-char *file;
-int *argc;
-char **argv[];
+int args_from_file(char *file, int *argc, char **argv[])
 	{
 	FILE *fp;
 	int num,i;
@@ -157,8 +149,7 @@ char **argv[];
 	}
 #endif
 
-int str2fmt(s)
-char *s;
+int str2fmt(char *s)
 	{
 	if 	((*s == 'D') || (*s == 'd'))
 		return(FORMAT_ASN1);
@@ -173,10 +164,7 @@ char *s;
 	}
 
 #if defined(MSDOS) || defined(WIN32) || defined(WIN16)
-void program_name(in,out,size)
-char *in;
-char *out;
-int size;
+void program_name(char *in, char *out, int size)
 	{
 	int i,n;
 	char *p=NULL;
@@ -213,10 +201,28 @@ int size;
 	out[n]='\0';
 	}
 #else
-void program_name(in,out,size)
-char *in;
-char *out;
-int size;
+#ifdef VMS
+void program_name(char *in, char *out, int size)
+	{
+	char *p=in, *q;
+	char *chars=":]>";
+
+	while(*chars != '\0')
+		{
+		q=strrchr(p,*chars);
+		if (q > p)
+			p = q + 1;
+		chars++;
+		}
+
+	q=strrchr(p,'.');
+	if (q == NULL)
+		q = in+size;
+	strncpy(out,p,q-p);
+	out[q-p]='\0';
+	}
+#else
+void program_name(char *in, char *out, int size)
 	{
 	char *p;
 
@@ -229,24 +235,25 @@ int size;
 	out[size-1]='\0';
 	}
 #endif
+#endif
 
 #ifdef WIN32
-int WIN32_rename(from,to)
-char *from;
-char *to;
+int WIN32_rename(char *from, char *to)
 	{
+#ifdef WINNT
 	int ret;
+/* Note: MoveFileEx() doesn't work under Win95, Win98 */
 
 	ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
 	return(ret?0:-1);
+#else
+        unlink(to);
+        return MoveFile(from, to);
+#endif
 	}
 #endif
 
-int chopup_args(arg,buf,argc,argv)
-ARGS *arg;
-char *buf;
-int *argc;
-char **argv[];
+int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
 	char *p;
@@ -312,8 +319,7 @@ char **argv[];
 	}
 
 #ifndef APP_INIT
-int app_init(mesgwin)
-long mesgwin;
+int app_init(long mesgwin)
 	{
 	return(1);
 	}

apps/apps.h

@@ -59,11 +59,11 @@
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
 
-#include "e_os.h"
+#include "openssl/e_os.h"
 
-#include "buffer.h"
-#include "bio.h"
-#include "crypto.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
 #include "progs.h"
 
 #ifdef NO_STDIO
@@ -88,7 +88,7 @@ extern BIO *bio_err;
 #else
 
 #define MAIN(a,v)	PROG(a,v)
-#include "conf.h"
+#include <openssl/conf.h>
 extern LHASH *config;
 extern char *default_config_file;
 extern BIO *bio_err;
@@ -127,20 +127,11 @@ typedef struct args_st
 	int count;
         } ARGS;
 
-#ifndef NOPROTO
 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#else
-int should_retry();
-int args_from_file();
-int str2fmt();
-void program_name();
-int chopup_args();
-#endif
-
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2

apps/asn1pars.c

@@ -64,10 +64,10 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "err.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 /* -inform arg	- input format - default PEM (DER or PEM)
  * -in arg	- input file - default stdin
@@ -80,16 +80,14 @@
 #undef PROG
 #define PROG	asn1parse_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,badops=0,offset=0,ret=1,j;
 	unsigned int length=0;
 	long num,tmplen;
-	BIO *in=NULL,*out=NULL,*b64=NULL;
+	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
 	int informat,indent=0;
-	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL;
+	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
 	unsigned char *tmpbuf;
 	BUF_MEM *buf=NULL;
 	STACK *osk=NULL;
@@ -123,6 +121,11 @@ char **argv;
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			derfile= *(++argv);
+			}
 		else if (strcmp(*argv,"-i") == 0)
 			{
 			indent=1;
@@ -172,6 +175,7 @@ bad:
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}
 
@@ -208,6 +212,14 @@ bad:
 			}
 		}
 
+	if (derfile) {
+		if(!(derout = BIO_new_file(derfile, "wb"))) {
+			BIO_printf(bio_err,"problems opening %s\n",derfile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+
 	if ((buf=BUF_MEM_new()) == NULL) goto end;
 	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
 
@@ -241,6 +253,7 @@ bad:
 		tmplen=num;
 		for (i=0; i<sk_num(osk); i++)
 			{
+			ASN1_TYPE *atmp;
 			j=atoi(sk_value(osk,i));
 			if (j == 0)
 				{
@@ -249,7 +262,10 @@ bad:
 				}
 			tmpbuf+=j;
 			tmplen-=j;
-			if (d2i_ASN1_TYPE(&at,&tmpbuf,tmplen) == NULL)
+			atmp = at;
+			at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
+			ASN1_TYPE_free(atmp);
+			if(!at)
 				{
 				BIO_printf(bio_err,"Error parsing structure\n");
 				ERR_print_errors(bio_err);
@@ -264,6 +280,13 @@ bad:
 		}
 
 	if (length == 0) length=(unsigned int)num;
+	if(derout) {
+		if(BIO_write(derout, str + offset, length) != (int)length) {
+			BIO_printf(bio_err, "Error writing output\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
 	if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
 		{
 		ERR_print_errors(bio_err);
@@ -271,6 +294,7 @@ bad:
 		}
 	ret=0;
 end:
+	BIO_free(derout);
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (b64 != NULL) BIO_free(b64);

apps/bss_file.c

@@ -1,324 +0,0 @@
-/* crypto/bio/bss_file.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define APPS_WIN16
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "bio.h"
-#include "err.h"
-
-#ifndef NOPROTO
-static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
-static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
-static int MS_CALLBACK file_puts(BIO *h,char *str);
-static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
-static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
-static int MS_CALLBACK file_new(BIO *h);
-static int MS_CALLBACK file_free(BIO *data);
-#else
-static int MS_CALLBACK file_write();
-static int MS_CALLBACK file_read();
-static int MS_CALLBACK file_puts();
-static int MS_CALLBACK file_gets();
-static long MS_CALLBACK file_ctrl();
-static int MS_CALLBACK file_new();
-static int MS_CALLBACK file_free();
-#endif
-
-static BIO_METHOD methods_filep=
-	{
-	BIO_TYPE_FILE,"FILE pointer",
-	file_write,
-	file_read,
-	file_puts,
-	file_gets,
-	file_ctrl,
-	file_new,
-	file_free,
-	};
-
-BIO *BIO_new_file(filename,mode)
-char *filename;
-char *mode;
-	{
-	BIO *ret;
-	FILE *file;
-
-	if ((file=fopen(filename,mode)) == NULL)
-		{
-		SYSerr(SYS_F_FOPEN,errno);
-		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-		return(NULL);
-		}
-	if ((ret=BIO_new_fp(file,BIO_CLOSE)) == NULL)
-		{
-		fclose(file);
-		return(NULL);
-		}
-	return(ret);
-	}
-
-BIO *BIO_new_fp(stream,close_flag)
-FILE *stream;
-int close_flag;
-	{
-	BIO *ret;
-
-	if ((ret=BIO_new(BIO_s_file())) == NULL)
-		return(NULL);
-	BIO_set_fp(ret,stream,close_flag);
-	return(ret);
-	}
-
-#if !defined(WIN16) || defined(APPS_WIN16)
-
-BIO_METHOD *BIO_s_file()
-	{
-	return(&methods_filep);
-	}
-
-#else
-
-BIO_METHOD *BIO_s_file_internal_w16()
-	{
-	return(&methods_filep);
-	}
-
-#endif
-
-static int MS_CALLBACK file_new(bi)
-BIO *bi;
-	{
-	bi->init=0;
-	bi->num=0;
-	bi->ptr=NULL;
-	return(1);
-	}
-
-static int MS_CALLBACK file_free(a)
-BIO *a;
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if ((a->init) && (a->ptr != NULL))
-			{
-			fclose((FILE *)a->ptr);
-			a->ptr=NULL;
-			}
-		a->init=0;
-		}
-	return(1);
-	}
-	
-static int MS_CALLBACK file_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
-	{
-	int ret=0;
-
-	if (b->init && (out != NULL))
-		{
-		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
-		}
-	return(ret);
-	}
-
-static int MS_CALLBACK file_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
-	{
-	int ret=0;
-
-	if (b->init && (in != NULL))
-		{
-		if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
-			ret=inl;
-		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
-		/* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
-		 * out version above can cause 'inl' write calls under
-		 * some stupid stdio implementations (VMS) */
-		}
-	return(ret);
-	}
-
-static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
-	{
-	long ret=1;
-	FILE *fp=(FILE *)b->ptr;
-	FILE **fpp;
-	char p[4];
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ret=(long)fseek(fp,num,0);
-		break;
-	case BIO_CTRL_EOF:
-		ret=(long)feof(fp);
-		break;
-	case BIO_CTRL_INFO:
-		ret=ftell(fp);
-		break;
-	case BIO_C_SET_FILE_PTR:
-		file_free(b);
-		b->shutdown=(int)num;
-		b->ptr=(char *)ptr;
-		b->init=1;
-		break;
-	case BIO_C_SET_FILENAME:
-		file_free(b);
-		b->shutdown=(int)num&BIO_CLOSE;
-		if (num & BIO_FP_APPEND)
-			{
-			if (num & BIO_FP_READ)
-				strcpy(p,"a+");
-			else	strcpy(p,"a");
-			}
-		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-			strcpy(p,"r+");
-		else if (num & BIO_FP_WRITE)
-			strcpy(p,"w");
-		else if (num & BIO_FP_READ)
-			strcpy(p,"r");
-		else
-			{
-			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
-			ret=0;
-			break;
-			}
-#if defined(MSDOS) || defined(WINDOWS)
-		if (!(num & BIO_FP_TEXT))
-			strcat(p,"b");
-		else
-			strcat(p,"t");
-#endif
-		fp=fopen(ptr,p);
-		if (fp == NULL)
-			{
-			SYSerr(SYS_F_FOPEN,errno);
-			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
-			ret=0;
-			break;
-			}
-		b->ptr=(char *)fp;
-		b->init=1;
-		break;
-	case BIO_C_GET_FILE_PTR:
-		/* the ptr parameter is actually a FILE ** in this case. */
-		if (ptr != NULL)
-			{
-			fpp=(FILE **)ptr;
-			*fpp=(FILE *)b->ptr;
-			}
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=(long)b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_FLUSH:
-		fflush((FILE *)b->ptr);
-		break;
-	case BIO_CTRL_DUP:
-		ret=1;
-		break;
-
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_PUSH:
-	case BIO_CTRL_POP:
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int MS_CALLBACK file_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
-	{
-	int ret=0;
-
-	buf[0]='\0';
-	fgets(buf,size,(FILE *)bp->ptr);
-	if (buf[0] != '\0')
-		ret=strlen(buf);
-	return(ret);
-	}
-
-static int MS_CALLBACK file_puts(bp,str)
-BIO *bp;
-char *str;
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=file_write(bp,str,n);
-	return(ret);
-	}
-

apps/c512-key.pem

@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
-q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
-/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
-HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
-ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
-nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
-ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
------END RSA PRIVATE KEY-----

apps/c512-req.pem

@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
-MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0
-IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i
-2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs6
-2NNtXrT8odkCAwEAATANBgkqhkiG9w0BAQQFAANBAC5JBTeji7RosqMaUIDzIW13
-oO6+kPhx9fXSpMFHIsY3aH92Milkov/2A4SuZTcnv/P6+8klmS0EaiUKcRzak4E=
------END CERTIFICATE REQUEST-----

apps/ca.c

@@ -64,26 +64,41 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "txt_db.h"
-#include "evp.h"
-#include "x509.h"
-#include "x509v3.h"
-#include "objects.h"
-#include "pem.h"
-#include "conf.h"
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/txt_db.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
 
 #ifndef W_OK
-#include <sys/file.h>
+#  ifdef VMS
+#    if defined(__DECC)
+#      include <unistd.h>
+#    else
+#      include <unixlib.h>
+#    endif
+#  else
+#    include <sys/file.h>
+#  endif
+#endif
+
+#ifndef W_OK
+#  define F_OK 0
+#  define X_OK 1
+#  define W_OK 2
+#  define R_OK 4
 #endif
 
 #undef PROG
 #define PROG ca_main
 
 #define BASE_SECTION	"ca"
-#define CONFIG_FILE "lib/openssl.cnf"
+#define CONFIG_FILE "openssl.cnf"
 
 #define ENV_DEFAULT_CA		"default_ca"
 
@@ -144,8 +159,9 @@ static char *ca_usage[]={
 " -spkac file     - File contains DN and signed public key and challenge\n",
 " -ss_cert file   - File contains a self signed cert to sign\n",
 " -preserveDN     - Don't re-order the DN\n",
-" -batch	  - Don't ask questions\n",
-" -msie_hack	  - msie modifications to handle all those universal strings\n",
+" -batch          - Don't ask questions\n",
+" -msie_hack      - msie modifications to handle all those universal strings\n",
+" -revoke file    - Revoke a certificate (given in file)\n",
 NULL
 };
 
@@ -155,7 +171,6 @@ extern int EF_PROTECT_BELOW;
 extern int EF_ALIGNMENT;
 #endif
 
-#ifndef NOPROTO
 static int add_oid_section(LHASH *conf);
 static void lookup_fail(char *name,char *tag);
 static int MS_CALLBACK key_callback(char *buf,int len,int verify);
@@ -167,41 +182,25 @@ static int index_name_cmp(char **a,char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days, int batch, char *ext_sect, LHASH *conf,int verbose);
+		   const EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,
+		   char *startdate,int days,int batch,char *ext_sect,
+		   LHASH *conf,int verbose);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days,int batch,char *ext_sect, LHASH *conf,int verbose);
+			const EVP_MD *dgst,STACK *policy,TXT_DB *db,
+			BIGNUM *serial,char *startdate,int days,int batch,
+			char *ext_sect, LHASH *conf,int verbose);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days,char *ext_sect,LHASH *conf,int verbose);
+			 const EVP_MD *dgst,STACK *policy,TXT_DB *db,
+			 BIGNUM *serial,char *startdate,int days,
+			 char *ext_sect,LHASH *conf,int verbose);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der);
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,
 	int days, int batch, int verbose, X509_REQ *req, char *ext_sect,
 	LHASH *conf);
+static int do_revoke(X509 *x509, TXT_DB *db);
 static int check_time_format(char *str);
-#else
-static int add_oid_section();
-static void lookup_fail();
-static int MS_CALLBACK key_callback();
-static unsigned long index_serial_hash();
-static int index_serial_cmp();
-static unsigned long index_name_hash();
-static int index_name_qual();
-static int index_name_cmp();
-static int fix_data();
-static BIGNUM *load_serial();
-static int save_serial();
-static int certify();
-static int certify_cert();
-static int certify_spkac();
-static void write_new_certificate();
-static int do_body();
-static int check_time_format();
-#endif
-
 static LHASH *conf;
 static char *key=NULL;
 static char *section=NULL;
@@ -209,9 +208,7 @@ static char *section=NULL;
 static int preserve=0;
 static int msie_hack=0;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int total=0;
 	int total_done=0;
@@ -220,6 +217,7 @@ char **argv;
 	int req=0;
 	int verbose=0;
 	int gencrl=0;
+	int dorevoke=0;
 	long crldays=0;
 	long crlhours=0;
 	long errorline= -1;
@@ -253,7 +251,7 @@ char **argv;
 	char **pp,*p,*f;
 	int i,j;
 	long l;
-	EVP_MD *dgst=NULL;
+	const EVP_MD *dgst=NULL;
 	STACK *attribs=NULL;
 	STACK *cert_sk=NULL;
 	BIO *hex=NULL;
@@ -380,6 +378,12 @@ EF_ALIGNMENT=0;
 			spkac_file = *(++argv);
 			req=1;
 			}
+		else if (strcmp(*argv,"-revoke") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			dorevoke=1;
+			}
 		else
 			{
 bad:
@@ -401,12 +405,19 @@ bad:
 	ERR_load_crypto_strings();
 
 	/*****************************************************************/
+	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
+	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
 	if (configfile == NULL)
 		{
 		/* We will just use 'buf[0]' as a temporary buffer.  */
+#ifdef VMS
+		strncpy(buf[0],X509_get_default_cert_area(),
+			sizeof(buf[0])-1-sizeof(CONFIG_FILE));
+#else
 		strncpy(buf[0],X509_get_default_cert_area(),
 			sizeof(buf[0])-2-sizeof(CONFIG_FILE));
 		strcat(buf[0],"/");
+#endif
 		strcat(buf[0],CONFIG_FILE);
 		configfile=buf[0];
 		}
@@ -546,7 +557,12 @@ bad:
 			BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
 			goto err;
 			}
+#ifdef VMS
+		/* For technical reasons, VMS misbehaves with X_OK */
+		if (access(outdir,R_OK|W_OK) != 0)
+#else
 		if (access(outdir,R_OK|W_OK|X_OK) != 0)
+#endif
 			{
 			BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir);
 			perror(outdir);
@@ -590,13 +606,13 @@ bad:
 		if ((pp[DB_type][0] != DB_TYPE_REV) &&
 			(pp[DB_rev_date][0] != '\0'))
 			{
-			BIO_printf(bio_err,"entry %d: not, revoked yet has a revokation date\n",i+1);
+			BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
 			goto err;
 			}
 		if ((pp[DB_type][0] == DB_TYPE_REV) &&
 			!check_time_format(pp[DB_rev_date]))
 			{
-			BIO_printf(bio_err,"entry %d: invalid revokation date\n",
+			BIO_printf(bio_err,"entry %d: invalid revocation date\n",
 				i+1);
 			goto err;
 			}
@@ -699,7 +715,10 @@ bad:
 		extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
 		if(extensions) {
 			/* Check syntax of file */
-			if(!X509V3_EXT_check_conf(conf, extensions)) {
+			X509V3_CTX ctx;
+			X509V3_set_ctx_test(&ctx);
+			X509V3_set_conf_lhash(&ctx, conf);
+			if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) {
 				BIO_printf(bio_err,
 				 "Error Loading extension section %s\n",
 								 extensions);
@@ -861,12 +880,23 @@ bad:
 			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));
 
 			strncpy(buf[0],serialfile,BSIZE-4);
+
+#ifdef VMS
+			strcat(buf[0],"-new");
+#else
 			strcat(buf[0],".new");
+#endif
 
 			if (!save_serial(buf[0],serial)) goto err;
 
 			strncpy(buf[1],dbfile,BSIZE-4);
+
+#ifdef VMS
+			strcat(buf[1],"-new");
+#else
 			strcat(buf[1],".new");
+#endif
+
 			if (BIO_write_filename(out,buf[1]) <= 0)
 				{
 				perror(dbfile);
@@ -890,7 +920,11 @@ bad:
 			p=(char *)x->cert_info->serialNumber->data;
 			
 			strncpy(buf[2],outdir,BSIZE-(j*2)-6);
+
+#ifndef VMS
 			strcat(buf[2],"/");
+#endif
+
 			n=(unsigned char *)&(buf[2][strlen(buf[2])]);
 			if (j > 0)
 				{
@@ -923,7 +957,13 @@ bad:
 			{
 			/* Rename the database and the serial file */
 			strncpy(buf[2],serialfile,BSIZE-4);
+
+#ifdef VMS
+			strcat(buf[2],"-old");
+#else
 			strcat(buf[2],".old");
+#endif
+
 			BIO_free(in);
 			BIO_free(out);
 			in=NULL;
@@ -945,7 +985,13 @@ bad:
 				}
 
 			strncpy(buf[2],dbfile,BSIZE-4);
+
+#ifdef VMS
+			strcat(buf[2],"-old");
+#else
 			strcat(buf[2],".old");
+#endif
+
 			if (rename(dbfile,buf[2]) < 0)
 				{
 				BIO_printf(bio_err,"unabel to rename %s to %s\n",
@@ -971,7 +1017,10 @@ bad:
 		crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
 		if(crl_ext) {
 			/* Check syntax of file */
-			if(!X509V3_EXT_check_conf(conf, crl_ext)) {
+			X509V3_CTX ctx;
+			X509V3_set_ctx_test(&ctx);
+			X509V3_set_conf_lhash(&ctx, conf);
+			if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) {
 				BIO_printf(bio_err,
 				 "Error Loading CRL extension section %s\n",
 								 crl_ext);
@@ -1063,11 +1112,8 @@ bad:
 		    if (ci->version == NULL)
 		    if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
 		    ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */
-		    crlctx.crl = crl;
-		    crlctx.issuer_cert = x509;
-		    crlctx.subject_cert = NULL;
-		    crlctx.subject_req = NULL;
-		    crlctx.flags = 0;
+		    X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+		    X509V3_set_conf_lhash(&crlctx, conf);
 
 		    if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,
 						 crl_ext, crl)) goto err;
@@ -1078,6 +1124,69 @@ bad:
 		PEM_write_bio_X509_CRL(Sout,crl);
 		}
 	/*****************************************************************/
+	if (dorevoke)
+		{
+        	in=BIO_new(BIO_s_file());
+        	out=BIO_new(BIO_s_file());
+        	if ((in == NULL) || (out == NULL))
+                	{
+                	ERR_print_errors(bio_err);
+                	goto err;
+                	}
+        	if (infile == NULL) 
+                	{
+                	BIO_printf(bio_err,"no input files\n");
+                	goto err;
+                	}
+		else
+			{
+                	if (BIO_read_filename(in,infile) <= 0)
+                		{
+                        	perror(infile);
+                        	BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile);
+                        	goto err;
+                		}
+                	x509=PEM_read_bio_X509(in,NULL,NULL);
+                	if (x509 == NULL)
+                		{
+                        	BIO_printf(bio_err,"unable to load '%s' certificate\n",infile);
+				goto err;
+                		}
+                	j=do_revoke(x509,db);
+
+			strncpy(buf[0],dbfile,BSIZE-4);
+                	strcat(buf[0],".new");
+                	if (BIO_write_filename(out,buf[0]) <= 0)
+                		{
+                        	perror(dbfile);
+                        	BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+                        	goto err;
+                		}
+                	j=TXT_DB_write(out,db);
+                	if (j <= 0) goto err;
+                	BIO_free(in);
+                	BIO_free(out);
+                	in=NULL;
+                	out=NULL;
+                	strncpy(buf[1],dbfile,BSIZE-4);
+                	strcat(buf[1],".old");
+                	if (rename(dbfile,buf[1]) < 0)
+                		{
+                        	BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
+                        	perror("reason");
+                        	goto err;
+                		}
+	                if (rename(buf[0],dbfile) < 0)
+                		{
+                        	BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
+                        	perror("reason");
+                        	rename(buf[1],dbfile);
+                        	goto err;
+                		}
+                	BIO_printf(bio_err,"Data Base Updated\n"); 
+		        }
+		}
+	/*****************************************************************/
 	ret=0;
 err:
 	BIO_free(hex);
@@ -1100,16 +1209,12 @@ err:
 	EXIT(ret);
 	}
 
-static void lookup_fail(name,tag)
-char *name;
-char *tag;
+static void lookup_fail(char *name, char *tag)
 	{
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}
 
-static int MS_CALLBACK key_callback(buf,len,verify)
-char *buf;
-int len,verify;
+static int MS_CALLBACK key_callback(char *buf, int len, int verify)
 	{
 	int i;
 
@@ -1120,8 +1225,7 @@ int len,verify;
 	return(i);
 	}
 
-static unsigned long index_serial_hash(a)
-char **a;
+static unsigned long index_serial_hash(char **a)
 	{
 	char *n;
 
@@ -1130,9 +1234,7 @@ char **a;
 	return(lh_strhash(n));
 	}
 
-static int index_serial_cmp(a,b)
-char **a;
-char **b;
+static int index_serial_cmp(char **a, char **b)
 	{
 	char *aa,*bb;
 
@@ -1141,21 +1243,17 @@ char **b;
 	return(strcmp(aa,bb));
 	}
 
-static unsigned long index_name_hash(a)
-char **a;
+static unsigned long index_name_hash(char **a)
 	{ return(lh_strhash(a[DB_name])); }
 
-static int index_name_qual(a)
-char **a;
+static int index_name_qual(char **a)
 	{ return(a[0][0] == 'V'); }
 
-static int index_name_cmp(a,b)
-char **a;
-char **b;
-	{ return(strcmp(a[DB_name],b[DB_name])); }
+static int index_name_cmp(char **a, char **b)
+	{ return(strcmp(a[DB_name],
+	     b[DB_name])); }
 
-static BIGNUM *load_serial(serialfile)
-char *serialfile;
+static BIGNUM *load_serial(char *serialfile)
 	{
 	BIO *in=NULL;
 	BIGNUM *ret=NULL;
@@ -1193,9 +1291,7 @@ err:
 	return(ret);
 	}
 
-static int save_serial(serialfile,serial)
-char *serialfile;
-BIGNUM *serial;
+static int save_serial(char *serialfile, BIGNUM *serial)
 	{
 	BIO *out;
 	int ret=0;
@@ -1227,22 +1323,10 @@ err:
 	return(ret);
 	}
 
-static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,days,
-		   batch,ext_sect,lconf,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-char *ext_sect;
-LHASH *lconf;
-int verbose;
+static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
+	     char *startdate, int days, int batch, char *ext_sect, LHASH *lconf,
+		 int verbose)
 	{
 	X509_REQ *req=NULL;
 	BIO *in=NULL;
@@ -1298,22 +1382,11 @@ err:
 	return(ok);
 	}
 
-static int certify_cert(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,
-			days,batch,ext_sect,lconf,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-char *ext_sect;
-LHASH *lconf;
-int verbose;
+static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
+	     char *startdate, int days, int batch, char *ext_sect, LHASH *lconf,
+		 int verbose)
+
 	{
 	X509 *req=NULL;
 	X509_REQ *rreq=NULL;
@@ -1373,22 +1446,9 @@ err:
 	return(ok);
 	}
 
-static int do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
-		   batch,verbose,req,ext_sect,lconf)
-X509 **xret;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-int verbose;
-X509_REQ *req;
-char *ext_sect;
-LHASH *lconf;
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
+	     STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate, int days,
+	     int batch, int verbose, X509_REQ *req, char *ext_sect, LHASH *lconf)
 	{
 	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
 	ASN1_UTCTIME *tm,*tmptm;
@@ -1715,15 +1775,13 @@ again2:
 		/* Free the current entries if any, there should not
 		 * be any I belive */
 		if (ci->extensions != NULL)
-			sk_pop_free(ci->extensions,X509_EXTENSION_free);
+			sk_X509_EXTENSION_pop_free(ci->extensions,
+						   X509_EXTENSION_free);
 
 		ci->extensions = NULL;
 
-		ctx.subject_cert = ret;
-		ctx.issuer_cert = x509;
-		ctx.subject_req = req;
-		ctx.crl = NULL;
-		ctx.flags = 0;
+		X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+		X509V3_set_conf_lhash(&ctx, lconf);
 
 		if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
 
@@ -1819,10 +1877,7 @@ err:
 	return(ok);
 	}
 
-static void write_new_certificate(bp,x, output_der)
-BIO *bp;
-X509 *x;
-int output_der;
+static void write_new_certificate(BIO *bp, X509 *x, int output_der)
 	{
 	char *f;
 	char buf[256];
@@ -1848,21 +1903,9 @@ int output_der;
 	BIO_puts(bp,"\n");
 	}
 
-static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,
-			 startdate,days,ext_sect,lconf,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-char *ext_sect;
-LHASH *lconf;
-int verbose;
+static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
+	     char *startdate, int days, char *ext_sect, LHASH *lconf, int verbose)
 	{
 	STACK *sk=NULL;
 	LHASH *parms=NULL;
@@ -2018,9 +2061,7 @@ err:
 	return(ok);
 	}
 
-static int fix_data(nid,type)
-int nid;
-int *type;
+static int fix_data(int nid, int *type)
 	{
 	if (nid == NID_pkcs9_emailAddress)
 		*type=V_ASN1_IA5STRING;
@@ -2035,8 +2076,7 @@ int *type;
 	return(1);
 	}
 
-static int check_time_format(str)
-char *str;
+static int check_time_format(char *str)
 	{
 	ASN1_UTCTIME tm;
 
@@ -2046,8 +2086,7 @@ char *str;
 	return(ASN1_UTCTIME_check(&tm));
 	}
 
-static int add_oid_section(hconf)
-LHASH *hconf;
+static int add_oid_section(LHASH *hconf)
 {	
 	char *p;
 	STACK *sktmp;
@@ -2068,3 +2107,109 @@ LHASH *hconf;
 	}
 	return 1;
 }
+
+static int do_revoke(X509 *x509, TXT_DB *db)
+{
+        ASN1_UTCTIME *tm=NULL;
+        char *row[DB_NUMBER],**rrow,**irow;
+        int ok=-1,i;
+
+        for (i=0; i<DB_NUMBER; i++)
+                row[i]=NULL;
+        row[DB_name]=X509_NAME_oneline(x509->cert_info->subject,NULL,0);
+        row[DB_serial]=BN_bn2hex(ASN1_INTEGER_to_BN(x509->cert_info->serialNumber,NULL));
+        if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+                {
+                BIO_printf(bio_err,"Malloc failure\n");
+                goto err;
+                }
+        rrow=TXT_DB_get_by_index(db,DB_name,row);
+        if (rrow == NULL)
+                {
+                BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
+
+                /* We now just add it to the database */
+                row[DB_type]=(char *)Malloc(2);
+
+                tm=X509_get_notAfter(x509);
+                row[DB_exp_date]=(char *)Malloc(tm->length+1);
+                memcpy(row[DB_exp_date],tm->data,tm->length);
+                row[DB_exp_date][tm->length]='\0';
+
+                row[DB_rev_date]=NULL;
+
+                /* row[DB_serial] done already */
+                row[DB_file]=(char *)Malloc(8);
+
+                /* row[DB_name] done already */
+
+                if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+                        (row[DB_file] == NULL))
+                        {
+                        BIO_printf(bio_err,"Malloc failure\n");
+                        goto err;
+                        }
+                strcpy(row[DB_file],"unknown");
+                row[DB_type][0]='V';
+                row[DB_type][1]='\0';
+
+                if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+                        {
+                        BIO_printf(bio_err,"Malloc failure\n");
+                        goto err;
+                        }
+
+                for (i=0; i<DB_NUMBER; i++)
+                        {
+                        irow[i]=row[i];
+                        row[i]=NULL;
+                        }
+                irow[DB_NUMBER]=NULL;
+
+                if (!TXT_DB_insert(db,irow))
+                        {
+                        BIO_printf(bio_err,"failed to update database\n");
+                        BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
+                        goto err;
+                        }
+
+                /* Revoke Certificate */
+                do_revoke(x509,db);
+
+                ok=1;
+                goto err;
+
+                }
+        else if (index_serial_cmp(row,rrow))
+                {
+                BIO_printf(bio_err,"ERROR:no same serial number %s\n",
+                           row[DB_serial]);
+                goto err;
+                }
+        else if (rrow[DB_type][0]=='R')
+                {
+                BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
+                           row[DB_serial]);
+                goto err;
+                }
+        else
+                {
+                BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
+                tm=X509_gmtime_adj(tm,0);
+                rrow[DB_type][0]='R';
+                rrow[DB_type][1]='\0';
+                rrow[DB_rev_date]=(char *)Malloc(tm->length+1);
+                memcpy(rrow[DB_rev_date],tm->data,tm->length);
+                rrow[DB_rev_date][tm->length]='\0';
+                }
+        ok=1;
+err:
+        for (i=0; i<DB_NUMBER; i++)
+                {
+                if (row[i] != NULL) 
+                        Free(row[i]);
+                }
+        ASN1_UTCTIME_free(tm);
+        return(ok);
+}
+

apps/ciphers.c

@@ -63,8 +63,12 @@
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
 
 #undef PROG
 #define PROG	ciphers_main
@@ -77,19 +81,18 @@ static char *ciphers_usage[]={
 NULL
 };
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
 	int verbose=0;
-	char **pp,*p;
+	char **pp;
+	const char *p;
 	int badops=0;
 	SSL_CTX *ctx=NULL;
 	SSL *ssl=NULL;
 	char *ciphers=NULL;
 	SSL_METHOD *meth=NULL;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	char buf[512];
 	BIO *STDout=NULL;
 
@@ -167,10 +170,10 @@ char **argv;
 		{
 		sk=SSL_get_ciphers(ssl);
 
-		for (i=0; i<sk_num(sk); i++)
+		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 			{
 			BIO_puts(STDout,SSL_CIPHER_description(
-				(SSL_CIPHER *)sk_value(sk,i),
+				sk_SSL_CIPHER_value(sk,i),
 				buf,512));
 			}
 		}

apps/crl.c

@@ -60,11 +60,11 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "x509v3.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	crl_main
@@ -88,17 +88,10 @@ static char *crl_usage[]={
 NULL
 };
 
-#ifndef NOPROTO
 static X509_CRL *load_crl(char *file, int format);
-#else
-static X509_CRL *load_crl();
-#endif
-
 static BIO *bio_out=NULL;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	X509_CRL *x=NULL;
 	int ret=1,i,num,badops=0;
@@ -221,8 +214,6 @@ bad:
 			}
 		}
 
-	if (noout) goto end;
-
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -242,6 +233,9 @@ bad:
 		}
 
 	if (text) X509_CRL_print(out, x);
+
+	if (noout) goto end;
+
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
@@ -261,9 +255,7 @@ end:
 	EXIT(ret);
 	}
 
-static X509_CRL *load_crl(infile, format)
-char *infile;
-int format;
+static X509_CRL *load_crl(char *infile, int format)
 	{
 	X509_CRL *x=NULL;
 	BIO *in=NULL;

apps/crl.out

@@ -1,8 +0,0 @@
------BEGIN X509 CRL-----
-MIIBDjCBuTANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD
-UUxEMRkwFwYDVQQKExBNaW5jb20gUHR5LiBMdGQuMQswCQYDVQQLEwJDUzEbMBkG
-A1UEAxMSU1NMZWF5IGRlbW8gc2VydmVyFw05NzA3MDkwMDAwMjJaFw05NzA4MDgw
-MDAwMjJaMCgwEgIBARcNOTUxMDA5MjMzMjA1WjASAgEDFw05NTEyMDEwMTAwMDBa
-MA0GCSqGSIb3DQEBBAUAA0EAcEBIWVZPXxSlLMPPLfBi4s0N3lzTgskZkgO6pjZi
-oQRwh5vi5zFqDNQteGx7RTHpUYntgyoAZ87FZE0GOJgBaQ==
------END X509 CRL-----

apps/crl2p7.c

@@ -65,19 +65,14 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "err.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static int add_certs_from_file(STACK *stack, char *certfile);
-#else
-static int add_certs_from_file();
-#endif
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/objects.h>
 
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 #undef PROG
 #define PROG	crl2pkcs7_main
 
@@ -87,9 +82,7 @@ static int add_certs_from_file();
  * -out arg	- output file - default stdout
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -100,7 +93,7 @@ char **argv;
 	X509_CRL *crl=NULL;
 	STACK *certflst=NULL;
 	STACK *crl_stack=NULL;
-	STACK *cert_stack=NULL;
+	STACK_OF(X509) *cert_stack=NULL;
 	int ret=1,nocrl=0;
 
 	apps_startup();
@@ -228,7 +221,7 @@ bad:
 		crl=NULL; /* now part of p7 for Freeing */
 		}
 
-	if ((cert_stack=sk_new(NULL)) == NULL) goto end;
+	if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end;
 	p7s->cert=cert_stack;
 
 	if(certflst) for(i = 0; i < sk_num(certflst); i++) {
@@ -288,15 +281,13 @@ end:
  *	number of certs added if successful, -1 if not.
  *----------------------------------------------------------------------
  */
-static int add_certs_from_file(stack,certfile)
-STACK *stack;
-char *certfile;
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 	{
 	struct stat st;
 	BIO *in=NULL;
 	int count=0;
 	int ret= -1;
-	STACK *sk=NULL;
+	STACK_OF(X509_INFO) *sk=NULL;
 	X509_INFO *xi;
 
 	if ((stat(certfile,&st) != 0))
@@ -320,12 +311,12 @@ char *certfile;
 	}
 
 	/* scan over it and pull out the CRL's */
-	while (sk_num(sk))
+	while (sk_X509_INFO_num(sk))
 		{
-		xi=(X509_INFO *)sk_shift(sk);
+		xi=sk_X509_INFO_shift(sk);
 		if (xi->x509 != NULL)
 			{
-			sk_push(stack,(char *)xi->x509);
+			sk_X509_push(stack,xi->x509);
 			xi->x509=NULL;
 			count++;
 			}
@@ -336,7 +327,7 @@ char *certfile;
 end:
  	/* never need to Free x */
 	if (in != NULL) BIO_free(in);
-	if (sk != NULL) sk_free(sk);
+	if (sk != NULL) sk_X509_INFO_free(sk);
 	return(ret);
 	}
 

apps/dgst.c

@@ -60,12 +60,12 @@
 #include <string.h>
 #include <stdlib.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -73,22 +73,15 @@
 #undef PROG
 #define PROG	dgst_main
 
-#ifndef NOPROTO
 void do_fp(unsigned char *buf,BIO *f,int sep);
-#else
-void do_fp();
-#endif
-
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	unsigned char *buf=NULL;
 	int i,err=0;
-	EVP_MD *md=NULL,*m;
+	const EVP_MD *md=NULL,*m;
 	BIO *in=NULL,*inp;
 	BIO *bmd=NULL;
-	char *name;
+	const char *name;
 #define PROG_NAME_SIZE  16
         char pname[PROG_NAME_SIZE];
 	int separator=0;
@@ -112,7 +105,7 @@ char **argv;
 
 	argc--;
 	argv++;
-	for (i=0; i<argc; i++)
+	while (argc > 0)
 		{
 		if ((*argv)[0] != '-') break;
 		if (strcmp(*argv,"-c") == 0)
@@ -203,10 +196,7 @@ end:
 	EXIT(err);
 	}
 
-void do_fp(buf,bp,sep)
-unsigned char *buf;
-BIO *bp;
-int sep;
+void do_fp(unsigned char *buf, BIO *bp, int sep)
 	{
 	int len;
 	int i;

apps/dh.c

@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "dh.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dh_main
@@ -81,9 +82,7 @@
  * -C
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	DH *dh=NULL;
 	int i,badops=0,text=0;
@@ -310,3 +309,4 @@ end:
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
+#endif

apps/dsa.c

@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "dsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dsa_main
@@ -82,14 +83,12 @@
  * -modulus	- print the DSA public key
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	char *infile,*outfile,*prog;
@@ -254,4 +253,4 @@ end:
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}
-
+#endif

apps/dsaparam.c

@@ -56,18 +56,19 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "rand.h"
-#include "dsa.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dsaparam_main
@@ -83,15 +84,8 @@
  * -genkey
  */
 
-#ifndef NOPROTO
 static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
-#else
-static void MS_CALLBACK dsa_cb();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
@@ -342,10 +336,7 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dsa_cb(p, n, arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
 	{
 	char c='*';
 
@@ -359,3 +350,4 @@ char *arg;
 	p=n;
 #endif
 	}
+#endif

apps/eay.c

@@ -62,29 +62,30 @@
 
 #define MONOLITH
 #define USE_SOCKETS
-#include "../e_os.h"
 
-#include "bio.h"
-#include "stack.h"
-#include "lhash.h"
+#include "openssl/e_os.h"
 
-#include "err.h"
+#include <openssl/bio.h>
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
 
-#include "bn.h"
+#include <openssl/err.h>
 
-#include "evp.h"
+#include <openssl/bn.h>
 
-#include "rand.h"
-#include "conf.h"
-#include "txt_db.h"
+#include <openssl/evp.h>
 
-#include "err.h"
+#include <openssl/rand.h>
+#include <openssl/conf.h>
+#include <openssl/txt_db.h>
 
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "asn1.h"
-#include "objects.h"
+#include <openssl/err.h>
+
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
 
 #define MONOLITH
 

apps/enc.c

@@ -60,22 +60,17 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#ifdef NO_MD5
-#include "md5.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#ifndef NO_MD5
+#include <openssl/md5.h>
 #endif
-#include "pem.h"
+#include <openssl/pem.h>
 
-#ifndef NOPROTO
 int set_hex(char *in,unsigned char *out,int size);
-#else
-int set_hex();
-#endif
-
 #undef SIZE
 #undef BSIZE
 #undef PROG
@@ -84,9 +79,7 @@ int set_hex();
 #define BSIZE	(8*1024)
 #define	PROG	enc_main
 
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	char *strbuf=NULL;
 	unsigned char *buff=NULL,*bufsize=NULL;
@@ -97,7 +90,7 @@ char **argv;
 	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
 	int debug=0,olb64=0;
-	EVP_CIPHER *cipher=NULL,*c;
+	const EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
@@ -239,7 +232,7 @@ bad:
 #ifndef NO_RC4
 			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 			BIO_printf(bio_err,"bf      :128 bit key BlowFish encryption\n");
 #endif
 #ifndef NO_RC4
@@ -277,19 +270,19 @@ bad:
 				LN_rc2_cfb64, LN_rc2_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_bf_ecb, LN_bf_cbc,
 				LN_bf_cfb64, LN_bf_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_CAST
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_cast5_ecb, LN_cast5_cbc,
 				LN_cast5_cfb64, LN_cast5_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_RC5
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_rc5_ecb, LN_rc5_cbc,
 				LN_rc5_cfb64, LN_rc5_ofb64);
@@ -521,10 +514,7 @@ end:
 	EXIT(ret);
 	}
 
-int set_hex(in,out,size)
-char *in;
-unsigned char *out;
-int size;
+int set_hex(char *in, unsigned char *out, int size)
 	{
 	int i,n;
 	unsigned char j;

apps/errstr.c

@@ -60,17 +60,15 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "lhash.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 #undef PROG
 #define PROG	errstr_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,ret=0;
 	char buf[256];

apps/gendh.c

@@ -56,34 +56,27 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DH
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "dh.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG gendh_main
 
-#ifndef NOPROTO
 static void MS_CALLBACK dh_cb(int p, int n, char *arg);
 static long dh_load_rand(char *names);
-#else
-static void MS_CALLBACK dh_cb();
-static long dh_load_rand();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	char buffer[200];
 	DH *dh=NULL;
@@ -191,10 +184,7 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dh_cb(p,n,arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK dh_cb(int p, int n, char *arg)
 	{
 	char c='*';
 
@@ -209,8 +199,7 @@ char *arg;
 #endif
 	}
 
-static long dh_load_rand(name)
-char *name;
+static long dh_load_rand(char *name)
 	{
 	char *p,*n;
 	int last;
@@ -231,5 +220,4 @@ char *name;
 		}
 	return(tot);
 	}
-
-
+#endif

apps/gendsa.c

@@ -56,32 +56,26 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "dsa.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG gendsa_main
 
-#ifndef NOPROTO
 static long dsa_load_rand(char *names);
-#else
-static long dsa_load_rand();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	char buffer[200];
 	DSA *dsa=NULL;
@@ -214,8 +208,7 @@ end:
 	EXIT(ret);
 	}
 
-static long dsa_load_rand(name)
-char *name;
+static long dsa_load_rand(char *name)
 	{
 	char *p,*n;
 	int last;
@@ -236,5 +229,4 @@ char *name;
 		}
 	return(tot);
 	}
-
-
+#endif

apps/genrsa.c

@@ -56,35 +56,28 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "rsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG genrsa_main
 
-#ifndef NOPROTO
 static void MS_CALLBACK genrsa_cb(int p, int n, char *arg);
 static long gr_load_rand(char *names);
-#else
-static void MS_CALLBACK genrsa_cb();
-static long gr_load_rand();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	char buffer[200];
@@ -234,10 +227,7 @@ err:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK genrsa_cb(p, n, arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK genrsa_cb(int p, int n, char *arg)
 	{
 	char c='*';
 
@@ -252,8 +242,7 @@ char *arg;
 #endif
 	}
 
-static long gr_load_rand(name)
-char *name;
+static long gr_load_rand(char *name)
 	{
 	char *p,*n;
 	int last;
@@ -274,5 +263,4 @@ char *name;
 		}
 	return(tot);
 	}
-
-
+#endif

apps/install.com

@@ -0,0 +1,69 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVEXE:
+$	IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLAEXE:
+$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLLIB:
+$
+$	EXE := openssl
+$
+$	VEXE_DIR := [-.VAX.EXE.APPS]
+$	AEXE_DIR := [-.AXP.EXE.APPS]
+$
+$	I = 0
+$ LOOP_EXE: 
+$	E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
+$	I = I + 1
+$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
+$	SET NOON
+$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
+$	ENDIF
+$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
+$	ENDIF
+$	SET ON
+$	GOTO LOOP_EXE
+$ LOOP_EXE_END:
+$
+$	SET NOON
+$	COPY CA.COM WRK_SSLAEXE:CA.COM/LOG
+$	SET FILE/PROT=W:RE WRK_SSLAEXE:CA.COM
+$	COPY CA.COM WRK_SSLVEXE:CA.COM/LOG
+$	SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
+$	COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
+$	SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
+$	SET ON
+$
+$	EXIT

apps/nseq.c

@@ -57,22 +57,17 @@
  */
 
 #include <stdio.h>
-#include "pem.h"
-#include "err.h"
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
 #include "apps.h"
 
 #undef PROG
 #define PROG nseq_main
 
-#ifdef NOPROTO
 static int dump_cert_text(BIO *out, X509 *x);
-#else
-static int dump_cert_text();
-#endif
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 {
 	char **args, *infile = NULL, *outfile = NULL;
 	BIO *in = NULL, *out = NULL;
@@ -83,7 +78,6 @@ char **argv;
 	int badarg = 0;
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	ERR_load_crypto_strings();
-        SSLeay_add_all_algorithms();
 	args = argv + 1;
 	while (!badarg && *args && *args[0] == '-') {
 		if (!strcmp (*args, "-toseq")) toseq = 1;
@@ -164,9 +158,7 @@ end:
 	EXIT(ret);
 }
 
-static int dump_cert_text(out, x)
-BIO *out;
-X509 *x;
+static int dump_cert_text(BIO *out, X509 *x)
 {
         char buf[256];
         X509_NAME_oneline(X509_get_subject_name(x),buf,256);

apps/openssl-vms.cnf

@@ -0,0 +1,214 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= $ENV::HOME/.rnd
+oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= sys\$disk:[.demoCA	# Where everything is kept
+certs		= $dir.certs]		# Where the issued certs are kept
+crl_dir		= $dir.crl]		# Where the issued crl are kept
+database	= $dir]index.txt	# database index file.
+new_certs_dir	= $dir.newcerts]	# default place for new certs.
+
+certificate	= $dir]cacert.pem 	# The CA certificate
+serial		= $dir]serial.		# The current serial number
+crl		= $dir]crl.pem 		# The current CRL
+private_key	= $dir.private]cakey.pem# The private key
+RANDFILE	= $dir.private].rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 40
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_ca]
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# RAW DER hex encoding of an extension: beware experts only!
+# 1.2.3.5=RAW:02:03
+# You can even override a supported extension:
+# basicConstraints= critical, RAW:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always

apps/openssl.c

@@ -63,19 +63,19 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "bio.h"
-#include "crypto.h"
-#include "lhash.h"
-#include "conf.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 #define SSLEAY	/* turn off a few special case MONOLITH macros */
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
 #define SSLEAY_SRC
 #include "apps.h"
 #include "s_apps.h"
-#include "err.h"
+#include <openssl/err.h>
 
 /*
 #ifdef WINDOWS
@@ -83,24 +83,15 @@
 #endif
 */
 
-#ifndef NOPROTO
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
-#else
-static unsigned long MS_CALLBACK hash();
-static int MS_CALLBACK cmp();
-static LHASH *prog_init();
-static int do_cmd();
-#endif
-
 LHASH *config=NULL;
 char *default_config_file=NULL;
 
 #ifdef DEBUG
-static void sig_stop(i)
-int i;
+static void sig_stop(int i)
 	{
 	char *a=NULL;
 
@@ -113,9 +104,7 @@ int i;
 BIO *bio_err=NULL;
 #endif
 
-int main(Argc,Argv)
-int Argc;
-char *Argv[];
+int main(int Argc, char *Argv[])
 	{
 	ARGS arg;
 #define PROG_NAME_SIZE	16
@@ -158,7 +147,9 @@ char *Argv[];
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
+#ifndef VMS
+		strcat(config_name,"/");
+#endif
 		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
@@ -254,10 +245,11 @@ end:
 	EXIT(ret);
 	}
 
-static int do_cmd(prog,argc,argv)
-LHASH *prog;
-int argc;
-char *argv[];
+#define LIST_STANDARD_COMMANDS "list-standard-commands"
+#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
+#define LIST_CIPHER_COMMANDS "list-cipher-commands"
+
+static int do_cmd(LHASH *prog, int argc, char *argv[])
 	{
 	FUNCTION f,*fp;
 	int i,ret=1,tp,nl;
@@ -278,6 +270,28 @@ char *argv[];
 		ret= -1;
 		goto end;
 		}
+	else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
+		(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
+		(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
+		{
+		int list_type;
+		BIO *bio_stdout;
+
+		if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
+			list_type = FUNC_TYPE_GENERAL;
+		else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
+			list_type = FUNC_TYPE_MD;
+		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
+			list_type = FUNC_TYPE_CIPHER;
+		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+		
+		for (fp=functions; fp->name != NULL; fp++)
+			if (fp->type == list_type)
+				BIO_printf(bio_stdout, "%s\n", fp->name);
+		BIO_free(bio_stdout);
+		ret=0;
+		goto end;
+		}
 	else
 		{
 		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
@@ -328,7 +342,7 @@ static int SortFnByName(const void *_f1,const void *_f2)
     return strcmp(f1->name,f2->name);
     }
 
-static LHASH *prog_init()
+static LHASH *prog_init(void)
 	{
 	LHASH *ret;
 	FUNCTION *f;
@@ -346,14 +360,12 @@ static LHASH *prog_init()
 	return(ret);
 	}
 
-static int MS_CALLBACK cmp(a,b)
-FUNCTION *a,*b;
+static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
 	{
 	return(strncmp(a->name,b->name,8));
 	}
 
-static unsigned long MS_CALLBACK hash(a)
-FUNCTION *a;
+static unsigned long MS_CALLBACK hash(FUNCTION *a)
 	{
 	return(lh_strhash(a->name));
 	}

apps/openssl.cnf

@@ -7,6 +7,13 @@ RANDFILE		= $ENV::HOME/.rnd
 oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
 [ new_oids ]
 
 # We can add new OIDs in here for use by 'ca' and 'req'.
@@ -35,7 +42,11 @@ private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
 
 x509_extensions	= usr_cert		# The extentions to add to the cert
-crl_extensions	= crl_ext		# Extensions to add to CRL
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= md5			# which md to use.
@@ -124,31 +135,33 @@ basicConstraints=CA:FALSE
 # the certificate can be used for anything *except* object signing.
 
 # This is OK for an SSL server.
-#nsCertType			= server
+# nsCertType			= server
 
 # For an object signing certificate this would be used.
-#nsCertType = objsign
+# nsCertType = objsign
 
 # For normal client use this is typical
-#nsCertType = client, email
+# nsCertType = client, email
 
-# This is typical also
+# and for everything including object signing:
+# nsCertType = client, email, objsign
 
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
+# This will be displayed in Netscape's comment listbox.
 nsComment			= "OpenSSL Generated Certificate"
 
-# PKIX recommendations
+# PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 
+# This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
-
-subjectAltName=email:copy
+# subjectAltName=email:copy
 
 # Copy subject details
-
-issuerAltName=issuer:copy
+# issuerAltName=issuer:copy
 
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
@@ -161,8 +174,6 @@ issuerAltName=issuer:copy
 
 # Extensions for a typical CA
 
-# It's a CA certificate
-basicConstraints = CA:true
 
 # PKIX recommendation.
 
@@ -173,17 +184,21 @@ authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
 
-# Key usage: again this should really be critical.
-keyUsage = cRLSign, keyCertSign
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
 
 # Some might want this also
-#nsCertType = sslCA, emailCA
+# nsCertType = sslCA, emailCA
 
 # Include email address in subject alt name: another PKIX recommendation
-subjectAltName=email:copy
+# subjectAltName=email:copy
 # Copy issuer details
-issuerAltName=issuer:copy
+# issuerAltName=issuer:copy
 
 # RAW DER hex encoding of an extension: beware experts only!
 # 1.2.3.5=RAW:02:03
@@ -195,5 +210,5 @@ issuerAltName=issuer:copy
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 
-issuerAltName=issuer:copy
+# issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always

apps/pem_mail.c

@@ -56,13 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
 #include "apps.h"
 
 #undef PROG
@@ -87,9 +88,7 @@ typedef struct lines_St
 	struct lines_st *next;
 	} LINES;
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	FILE *in;
 	RSA *rsa=NULL;
@@ -168,3 +167,4 @@ err:
 	ERR_print_errors(bio_err);
 	EXIT(1);
 	}
+#endif

apps/pkcs12.c

@@ -0,0 +1,705 @@
+/* pkcs12.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/des.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "apps.h"
+#define PROG pkcs12_main
+
+EVP_CIPHER *enc;
+
+
+#define NOKEYS		0x1
+#define NOCERTS 	0x2
+#define INFO		0x4
+#define CLCERTS		0x8
+#define CACERTS		0x10
+
+int get_cert_chain(X509 *cert, STACK **chain);
+int dump_cert_text (BIO *out, X509 *x);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
+int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
+int print_attribs(BIO *out, STACK *attrlst, char *name);
+void hex_prin(BIO *out, unsigned char *buf, int len);
+int alg_print(BIO *x, X509_ALGOR *alg);
+int cert_load(BIO *in, STACK *sk);
+int MAIN(int argc, char **argv)
+{
+    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
+    char *certfile=NULL;
+    BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
+    char **args;
+    char *name = NULL;
+    PKCS12 *p12 = NULL;
+    char pass[50], macpass[50];
+    int export_cert = 0;
+    int options = 0;
+    int chain = 0;
+    int badarg = 0;
+    int iter = PKCS12_DEFAULT_ITER;
+    int maciter = 1;
+    int twopass = 0;
+    int keytype = 0;
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+    int ret = 1;
+    int macver = 1;
+    int noprompt = 0;
+    STACK *canames = NULL;
+    char *cpass = NULL, *mpass = NULL;
+
+    apps_startup();
+
+    enc = EVP_des_ede3_cbc();
+    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+    args = argv + 1;
+
+
+    while (*args) {
+	if (*args[0] == '-') {
+		if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
+		else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
+		else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
+		else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
+		else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
+		else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
+		else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
+		else if (!strcmp (*args, "-info")) options |= INFO;
+		else if (!strcmp (*args, "-chain")) chain = 1;
+		else if (!strcmp (*args, "-twopass")) twopass = 1;
+		else if (!strcmp (*args, "-nomacver")) macver = 0;
+		else if (!strcmp (*args, "-descert"))
+    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+		else if (!strcmp (*args, "-export")) export_cert = 1;
+		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
+#ifndef NO_IDEA
+		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
+#endif
+		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+		else if (!strcmp (*args, "-noiter")) iter = 1;
+		else if (!strcmp (*args, "-maciter"))
+					 maciter = PKCS12_DEFAULT_ITER;
+		else if (!strcmp (*args, "-nodes")) enc=NULL;
+		else if (!strcmp (*args, "-inkey")) {
+		    if (args[1]) {
+			args++;	
+			keyname = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-certfile")) {
+		    if (args[1]) {
+			args++;	
+			certfile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-name")) {
+		    if (args[1]) {
+			args++;	
+			name = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-caname")) {
+		    if (args[1]) {
+			args++;	
+			if (!canames) canames = sk_new(NULL);
+			sk_push(canames, *args);
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-in")) {
+		    if (args[1]) {
+			args++;	
+			infile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+		    if (args[1]) {
+			args++;	
+			outfile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-envpass")) {
+		    if (args[1]) {
+			args++;	
+			if(!(cpass = getenv(*args))) {
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n", *args);
+				goto end;
+			}
+			noprompt = 1;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-password")) {
+		    if (args[1]) {
+			args++;	
+			cpass = *args;
+		    	noprompt = 1;
+		    } else badarg = 1;
+		} else badarg = 1;
+
+	} else badarg = 1;
+	args++;
+    }
+
+    if (badarg) {
+	BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
+	BIO_printf (bio_err, "where options are\n");
+	BIO_printf (bio_err, "-export       output PKCS12 file\n");
+	BIO_printf (bio_err, "-chain        add certificate chain\n");
+	BIO_printf (bio_err, "-inkey file   private key if not infile\n");
+	BIO_printf (bio_err, "-certfile f   add all certs in f\n");
+	BIO_printf (bio_err, "-name \"name\"  use name as friendly name\n");
+	BIO_printf (bio_err, "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
+	BIO_printf (bio_err, "-in  infile   input filename\n");
+	BIO_printf (bio_err, "-out outfile  output filename\n");
+	BIO_printf (bio_err, "-noout        don't output anything, just verify.\n");
+	BIO_printf (bio_err, "-nomacver     don't verify MAC.\n");
+	BIO_printf (bio_err, "-nocerts      don't output certificates.\n");
+	BIO_printf (bio_err, "-clcerts      only output client certificates.\n");
+	BIO_printf (bio_err, "-cacerts      only output CA certificates.\n");
+	BIO_printf (bio_err, "-nokeys       don't output private keys.\n");
+	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");
+	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");
+	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
+#ifndef NO_IDEA
+	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
+#endif
+	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
+	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
+	BIO_printf (bio_err, "-maciter      use MAC iteration\n");
+	BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
+	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
+	BIO_printf (bio_err, "-keysig       set MS key signature type\n");
+	BIO_printf (bio_err, "-password p   set import/export password (NOT RECOMMENDED)\n");
+	BIO_printf (bio_err, "-envpass p    set import/export password from environment\n");
+    	goto end;
+    }
+
+    if(cpass) mpass = cpass;
+    else {
+	cpass = pass;
+	mpass = macpass;
+    }
+
+    ERR_load_crypto_strings();
+
+    in = BIO_new (BIO_s_file());
+    out = BIO_new (BIO_s_file());
+
+    if (!infile) BIO_set_fp (in, stdin, BIO_NOCLOSE);
+    else {
+        if (BIO_read_filename (in, infile) <= 0) {
+	    perror (infile);
+	    goto end;
+	}
+    }
+
+   if (certfile) {
+    	certsin = BIO_new (BIO_s_file());
+        if (BIO_read_filename (certsin, certfile) <= 0) {
+	    perror (certfile);
+	    goto end;
+	}
+    }
+
+    if (keyname) {
+    	inkey = BIO_new (BIO_s_file());
+        if (BIO_read_filename (inkey, keyname) <= 0) {
+	    perror (keyname);
+	    goto end;
+	}
+     }
+
+    if (!outfile) BIO_set_fp (out, stdout, BIO_NOCLOSE);
+    else {
+        if (BIO_write_filename (out, outfile) <= 0) {
+	    perror (outfile);
+	    goto end;
+	}
+    }
+    if (twopass) {
+	if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert)) {
+    	    BIO_printf (bio_err, "Can't read Password\n");
+    	    goto end;
+       	}
+    }
+
+if (export_cert) {
+	EVP_PKEY *key;
+	STACK *bags, *safes;
+	PKCS12_SAFEBAG *bag;
+	PKCS8_PRIV_KEY_INFO *p8;
+	PKCS7 *authsafe;
+	X509 *cert, *ucert = NULL;
+	STACK *certs;
+	char *catmp;
+	int i, pmatch = 0;
+	unsigned char keyid[EVP_MAX_MD_SIZE];
+	unsigned int keyidlen;
+	/* Get private key so we can match it to a certificate */
+	key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL);
+	if (!inkey) BIO_reset(in);
+	if (!key) {
+		BIO_printf (bio_err, "Error loading private key\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	certs = sk_new(NULL);
+
+	/* Load in all certs in input file */
+	if(!cert_load(in, certs)) {
+		BIO_printf(bio_err, "Error loading certificates from input\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+	
+	bags = sk_new (NULL);
+
+	/* Add any more certificates asked for */
+	if (certsin) {
+		if(!cert_load(certsin, certs)) {
+			BIO_printf(bio_err, "Error loading certificates from certfile\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	    	BIO_free(certsin);
+ 	}
+
+	/* Find certificate (if any) matching private key */
+
+	for(i = 0; i < sk_num(certs); i++) {
+			cert = (X509 *)sk_value(certs, i);
+			if(X509_check_private_key(cert, key)) {
+				ucert = cert;
+				break;
+			}
+	}
+
+	if(!ucert) {
+		BIO_printf(bio_err, "No certificate matches private key\n");
+		goto end;
+	}
+
+	/* If chaining get chain from user cert */
+	if (chain) {
+        	int vret;
+		STACK *chain2;
+			
+		vret = get_cert_chain (ucert, &chain2);
+		if (vret) {
+			BIO_printf (bio_err, "Error %s getting chain.\n",
+					X509_verify_cert_error_string(vret));
+			goto end;
+		}
+		/* Exclude verified certificate */
+		for (i = 1; i < sk_num (chain2) ; i++) 
+				 sk_push(certs, sk_value (chain2, i));
+		sk_free(chain2);
+			
+    	}
+
+	/* We now have loads of certificates: include them all */
+	for(i = 0; i < sk_num(certs); i++) {
+		cert = (X509 *)sk_value(certs, i);
+		bag = M_PKCS12_x5092certbag(cert);
+		/* If it matches private key mark it */
+		if(cert == ucert) {
+			if(name) PKCS12_add_friendlyname(bag, name, -1);
+			X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+			PKCS12_add_localkeyid(bag, keyid, keyidlen);
+			pmatch = 1;
+		} else if((catmp = sk_shift(canames))) 
+				PKCS12_add_friendlyname(bag, catmp, -1);
+		sk_push(bags, (char *)bag);
+	}
+
+	if (canames) sk_free(canames);
+
+	if(!noprompt &&
+		EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
+	    BIO_printf (bio_err, "Can't read Password\n");
+	    goto end;
+        }
+	if (!twopass) strcpy(macpass, pass);
+	/* Turn certbags into encrypted authsafe */
+	authsafe = PKCS12_pack_p7encdata (cert_pbe, cpass, -1, NULL, 0,
+								 iter, bags);
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);
+
+	if (!authsafe) {
+		ERR_print_errors (bio_err);
+		goto end;
+	}
+
+	safes = sk_new (NULL);
+	sk_push (safes, (char *)authsafe);
+
+	/* Make a shrouded key bag */
+	p8 = EVP_PKEY2PKCS8 (key);
+	EVP_PKEY_free(key);
+	if(keytype) PKCS8_add_keyusage(p8, keytype);
+	bag = PKCS12_MAKE_SHKEYBAG (NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+			cpass, -1, NULL, 0, iter, p8);
+	PKCS8_PRIV_KEY_INFO_free(p8);
+        if (name) PKCS12_add_friendlyname (bag, name, -1);
+	if(pmatch) PKCS12_add_localkeyid (bag, keyid, keyidlen);
+	bags = sk_new(NULL);
+	sk_push (bags, (char *)bag);
+	/* Turn it into unencrypted safe bag */
+	authsafe = PKCS12_pack_p7data (bags);
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);
+	sk_push (safes, (char *)authsafe);
+
+	p12 = PKCS12_init (NID_pkcs7_data);
+
+	M_PKCS12_pack_authsafes (p12, safes);
+
+	sk_pop_free(safes, PKCS7_free);
+
+	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
+
+	i2d_PKCS12_bio (out, p12);
+
+	PKCS12_free(p12);
+
+	ret = 0;
+	goto end;
+	
+    }
+
+    if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
+	ERR_print_errors(bio_err);
+	goto end;
+    }
+
+    if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
+	BIO_printf (bio_err, "Can't read Password\n");
+	goto end;
+    }
+
+    if (!twopass) strcpy(macpass, pass);
+
+    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+    if(macver) {
+	if (!PKCS12_verify_mac (p12, mpass, -1)) {
+	    BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
+	    ERR_print_errors (bio_err);
+	    goto end;
+	} else BIO_printf (bio_err, "MAC verified OK\n");
+    }
+
+    if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) {
+	BIO_printf(bio_err, "Error outputting keys and certificates\n");
+	ERR_print_errors (bio_err);
+	goto end;
+    }
+    PKCS12_free(p12);
+    ret = 0;
+    end:
+    BIO_free(out);
+    EXIT(ret);
+}
+
+int dump_cert_text (BIO *out, X509 *x)
+{
+	char buf[256];
+	X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+	BIO_puts(out,"subject=");
+	BIO_puts(out,buf);
+
+	X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+	BIO_puts(out,"\nissuer= ");
+	BIO_puts(out,buf);
+	BIO_puts(out,"\n");
+        return 0;
+}
+
+int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+	     int passlen, int options)
+{
+	STACK *asafes, *bags;
+	int i, bagnid;
+	PKCS7 *p7;
+	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
+	for (i = 0; i < sk_num (asafes); i++) {
+		p7 = (PKCS7 *) sk_value (asafes, i);
+		bagnid = OBJ_obj2nid (p7->type);
+		if (bagnid == NID_pkcs7_data) {
+			bags = M_PKCS12_unpack_p7data (p7);
+			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
+		} else if (bagnid == NID_pkcs7_encrypted) {
+			if (options & INFO) {
+				BIO_printf (bio_err, "PKCS7 Encrypted data: ");
+				alg_print (bio_err, 
+					p7->d.encrypted->enc_data->algorithm);
+			}
+			bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
+		} else continue;
+		if (!bags) return 0;
+	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
+							 options)) {
+			sk_pop_free (bags, PKCS12_SAFEBAG_free);
+			return 0;
+		}
+		sk_pop_free (bags, PKCS12_SAFEBAG_free);
+	}
+	sk_pop_free (asafes, PKCS7_free);
+	return 1;
+}
+
+int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
+	     int passlen, int options)
+{
+	int i;
+	for (i = 0; i < sk_num (bags); i++) {
+		if (!dump_certs_pkeys_bag (out,
+			 (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
+					 		options)) return 0;
+	}
+	return 1;
+}
+
+int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+	     int passlen, int options)
+{
+	EVP_PKEY *pkey;
+	PKCS8_PRIV_KEY_INFO *p8;
+	X509 *x509;
+	
+	switch (M_PKCS12_bag_type(bag))
+	{
+	case NID_keyBag:
+		if (options & INFO) BIO_printf (bio_err, "Key bag\n");
+		if (options & NOKEYS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		p8 = bag->value.keybag;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		print_attribs (out, p8->attributes, "Key Attributes");
+		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL);
+		EVP_PKEY_free(pkey);
+	break;
+
+	case NID_pkcs8ShroudedKeyBag:
+		if (options & INFO) {
+			BIO_printf (bio_err, "Shrouded Keybag: ");
+			alg_print (bio_err, bag->value.shkeybag->algor);
+		}
+		if (options & NOKEYS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
+				return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		print_attribs (out, p8->attributes, "Key Attributes");
+		PKCS8_PRIV_KEY_INFO_free(p8);
+		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL);
+		EVP_PKEY_free(pkey);
+	break;
+
+	case NID_certBag:
+		if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
+		if (options & NOCERTS) return 1;
+                if (PKCS12_get_attr(bag, NID_localKeyID)) {
+			if (options & CACERTS) return 1;
+		} else if (options & CLCERTS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
+								 return 1;
+		if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
+		dump_cert_text (out, x509);
+		PEM_write_bio_X509 (out, x509);
+		X509_free(x509);
+	break;
+
+	case NID_safeContentsBag:
+		if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		return dump_certs_pkeys_bags (out, bag->value.safes, pass,
+							    passlen, options);
+					
+	default:
+		BIO_printf (bio_err, "Warning unsupported bag type: ");
+		i2a_ASN1_OBJECT (bio_err, bag->type);
+		BIO_printf (bio_err, "\n");
+		return 1;
+	break;
+	}
+	return 1;
+}
+
+/* Given a single certificate return a verified chain or NULL if error */
+
+/* Hope this is OK .... */
+
+int get_cert_chain (X509 *cert, STACK **chain)
+{
+	X509_STORE *store;
+	X509_STORE_CTX store_ctx;
+	STACK *chn;
+	int i;
+	X509 *x;
+	store = X509_STORE_new ();
+	X509_STORE_set_default_paths (store);
+	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
+	if (X509_verify_cert(&store_ctx) <= 0) {
+		i = X509_STORE_CTX_get_error (&store_ctx);
+		goto err;
+	}
+	chn =  sk_dup(X509_STORE_CTX_get_chain (&store_ctx));
+	for (i = 0; i < sk_num(chn); i++) {
+		x = (X509 *)sk_value(chn, i);
+		CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+	}
+	i = 0;
+	*chain = chn;
+err:
+	X509_STORE_CTX_cleanup(&store_ctx);
+	X509_STORE_free(store);
+	
+	return i;
+}	
+
+int alg_print (BIO *x, X509_ALGOR *alg)
+{
+	PBEPARAM *pbe;
+	unsigned char *p;
+	p = alg->parameter->value.sequence->data;
+	pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
+	BIO_printf (bio_err, "%s, Iteration %d\n", 
+	OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter));
+	PBEPARAM_free (pbe);
+	return 0;
+}
+
+/* Load all certificates from a given file */
+
+int cert_load(BIO *in, STACK *sk)
+{
+	int ret;
+	X509 *cert;
+	ret = 0;
+	while((cert = PEM_read_bio_X509(in, NULL, NULL))) {
+		ret = 1;
+		sk_push(sk, (char *)cert);
+	}
+	if(ret) ERR_clear_error();
+	return ret;
+}
+
+/* Generalised attribute print: handle PKCS#8 and bag attributes */
+
+int print_attribs (BIO *out, STACK *attrlst, char *name)
+{
+	X509_ATTRIBUTE *attr;
+	ASN1_TYPE *av;
+	char *value;
+	int i, attr_nid;
+	if(!attrlst) {
+		BIO_printf(out, "%s: <No Attributes>\n", name);
+		return 1;
+	}
+	if(!sk_num(attrlst)) {
+		BIO_printf(out, "%s: <Empty Attributes>\n", name);
+		return 1;
+	}
+	BIO_printf(out, "%s\n", name);
+	for(i = 0; i < sk_num(attrlst); i++) {
+		attr = (X509_ATTRIBUTE *) sk_value(attrlst, i);
+		attr_nid = OBJ_obj2nid(attr->object);
+		BIO_printf(out, "    ");
+		if(attr_nid == NID_undef) {
+			i2a_ASN1_OBJECT (out, attr->object);
+			BIO_printf(out, ": ");
+		} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+
+		if(sk_ASN1_TYPE_num(attr->value.set)) {
+			av = sk_ASN1_TYPE_value(attr->value.set, 0);
+			switch(av->type) {
+				case V_ASN1_BMPSTRING:
+        			value = uni2asc(av->value.bmpstring->data,
+                                	       av->value.bmpstring->length);
+				BIO_printf(out, "%s\n", value);
+				Free(value);
+				break;
+
+				case V_ASN1_OCTET_STRING:
+				hex_prin(out, av->value.bit_string->data,
+					av->value.bit_string->length);
+				BIO_printf(out, "\n");	
+				break;
+
+				case V_ASN1_BIT_STRING:
+				hex_prin(out, av->value.octet_string->data,
+					av->value.octet_string->length);
+				BIO_printf(out, "\n");	
+				break;
+
+				default:
+					BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+				break;
+			}
+		} else BIO_printf(out, "<No Values>\n");
+	}
+	return 1;
+}
+
+void hex_prin(BIO *out, unsigned char *buf, int len)
+{
+	int i;
+	for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
+}

apps/pkcs7.c

@@ -61,12 +61,12 @@
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "err.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	pkcs7_main
@@ -81,9 +81,7 @@
  * -print_certs
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	PKCS7 *p7=NULL;
 	int i,badops=0;
@@ -223,7 +221,7 @@ bad:
 
 	if (print_certs)
 		{
-		STACK *certs=NULL;
+		STACK_OF(X509) *certs=NULL;
 		STACK *crls=NULL;
 
 		i=OBJ_obj2nid(p7->type);
@@ -245,9 +243,9 @@ bad:
 			{
 			X509 *x;
 
-			for (i=0; i<sk_num(certs); i++)
+			for (i=0; i<sk_X509_num(certs); i++)
 				{
-				x=(X509 *)sk_value(certs,i);
+				x=sk_X509_value(certs,i);
 
 				X509_NAME_oneline(X509_get_subject_name(x),
 					buf,256);

apps/progs.h

@@ -1,4 +1,5 @@
-#ifndef NOPROTO
+/* This file was generated by progs.pl. */
+
 extern int verify_main(int argc,char *argv[]);
 extern int asn1parse_main(int argc,char *argv[]);
 extern int req_main(int argc,char *argv[]);
@@ -25,36 +26,9 @@ extern int crl2pkcs7_main(int argc,char *argv[]);
 extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
 extern int nseq_main(int argc,char *argv[]);
-#else
-extern int verify_main();
-extern int asn1parse_main();
-extern int req_main();
-extern int dgst_main();
-extern int dh_main();
-extern int enc_main();
-extern int gendh_main();
-extern int errstr_main();
-extern int ca_main();
-extern int crl_main();
-extern int rsa_main();
-extern int dsa_main();
-extern int dsaparam_main();
-extern int x509_main();
-extern int genrsa_main();
-extern int gendsa_main();
-extern int s_server_main();
-extern int s_client_main();
-extern int speed_main();
-extern int s_time_main();
-extern int version_main();
-extern int pkcs7_main();
-extern int crl2pkcs7_main();
-extern int sess_id_main();
-extern int ciphers_main();
-extern int nseq_main();
-#endif
+extern int pkcs12_main(int argc,char *argv[]);
 
-#ifdef SSLEAY_SRC
+#ifdef SSLEAY_SRC  /* Defined only in openssl.c. */
 
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -115,6 +89,7 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
 	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
+	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
 	{FUNC_TYPE_MD,"sha",dgst_main},
@@ -140,7 +115,7 @@ FUNCTION functions[] = {
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf",enc_main},
 #endif
 #ifndef NO_CAST
@@ -209,16 +184,16 @@ FUNCTION functions[] = {
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
 #endif
 #ifndef NO_CAST

apps/progs.pl

@@ -1,20 +1,15 @@
 #!/usr/local/bin/perl
 
-print "#ifndef NOPROTO\n";
+print "/* This file was generated by progs.pl. */\n\n";
 
 grep(s/^asn1pars$/asn1parse/,@ARGV);
 
 foreach (@ARGV)
 	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
-print "#else\n";
-foreach (@ARGV)
-	{ printf "extern int %s_main();\n",$_; }
-print "#endif\n";
-
 
 print <<'EOF';
 
-#ifdef SSLEAY_SRC
+#ifdef SSLEAY_SRC  /* Defined only in openssl.c. */
 
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -71,7 +66,7 @@ foreach (
 	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
 	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
 	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
-	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
+	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BF\n${t}#endif\n"; }
 	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
 	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
 	print $t;

apps/req.c

@@ -64,16 +64,16 @@
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "bio.h"
-#include "evp.h"
-#include "rand.h"
-#include "conf.h"
-#include "err.h"
-#include "asn1.h"
-#include "x509.h"
-#include "x509v3.h"
-#include "objects.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
 
 #define SECTION		"req"
 
@@ -107,26 +107,16 @@
  *		  require.  This format is wrong
  */
 
-#ifndef NOPROTO
 static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
-static int add_attribute_object(STACK *n, char *text, char *def, 
-	char *value, int nid,int min,int max);
+static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
+				char *def, char *value, int nid, int min,
+				int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int min,int max);
 static void MS_CALLBACK req_cb(int p,int n,char *arg);
 static int req_fix_data(int nid,int *type,int len,int min,int max);
 static int check_end(char *str, char *end);
 static int add_oid_section(LHASH *conf);
-#else
-static int make_REQ();
-static int add_attribute_object();
-static int add_DN_object();
-static void MS_CALLBACK req_cb();
-static int req_fix_data();
-static int check_end();
-static int add_oid_section();
-#endif
-
 #ifndef MONOLITH
 static char *default_config_file=NULL;
 static LHASH *config=NULL;
@@ -137,9 +127,7 @@ static LHASH *req_conf=NULL;
 #define TYPE_DSA	2
 #define TYPE_DH		3
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
@@ -157,7 +145,7 @@ char **argv;
 	EVP_CIPHER *cipher=NULL;
 	int modulus=0;
 	char *p;
-	EVP_MD *md_alg=NULL,*digest=EVP_md5();
+	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 #ifndef MONOLITH
 	MS_STATIC char config_name[256];
 #endif
@@ -373,7 +361,9 @@ bad:
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
+#ifndef VMS
+		strcat(config_name,"/");
+#endif
 		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
@@ -438,7 +428,10 @@ bad:
 	extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
 	if(extensions) {
 		/* Check syntax of file */
-		if(!X509V3_EXT_check_conf(req_conf, extensions)) {
+		X509V3_CTX ctx;
+		X509V3_set_ctx_test(&ctx);
+		X509V3_set_conf_lhash(&ctx, req_conf);
+		if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
 			BIO_printf(bio_err,
 			 "Error Loading extension section %s\n", extensions);
 			goto end;
@@ -666,11 +659,8 @@ loop:
 
 			/* Set up V3 context struct */
 
-			ext_ctx.issuer_cert = x509ss;
-			ext_ctx.subject_cert = x509ss;
-			ext_ctx.subject_req = NULL;
-			ext_ctx.crl = NULL;
-			ext_ctx.flags = 0;
+			X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+			X509V3_set_conf_lhash(&ext_ctx, req_conf);
 
 			/* Add extensions */
 			if(extensions && !X509V3_EXT_add_conf(req_conf, 
@@ -825,13 +815,10 @@ end:
 	EXIT(ex);
 	}
 
-static int make_REQ(req,pkey,attribs)
-X509_REQ *req;
-EVP_PKEY *pkey;
-int attribs;
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	{
 	int ret=0,i;
-	unsigned char *p,*q;
+	char *p,*q;
 	X509_REQ_INFO *ri;
 	char buf[100];
 	int nid,min,max;
@@ -923,7 +910,7 @@ start:		for (;;)
 				min,max))
 				goto err;
 			}
-		if (sk_num(ri->subject->entries) == 0)
+		if (sk_X509_NAME_ENTRY_num(ri->subject->entries) == 0)
 			{
 			BIO_printf(bio_err,"error, no objects specified in config file\n");
 			goto err;
@@ -984,14 +971,8 @@ err:
 	return(ret);
 	}
 
-static int add_DN_object(n,text,def,value,nid,min,max)
-X509_NAME *n;
-char *text;
-char *def;
-char *value;
-int nid;
-int min;
-int max;
+static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
+	     int nid, int min, int max)
 	{
 	int i,j,ret=0;
 	X509_NAME_ENTRY *ne=NULL;
@@ -1044,14 +1025,9 @@ err:
 	return(ret);
 	}
 
-static int add_attribute_object(n,text,def,value,nid,min,max)
-STACK *n;
-char *text;
-char *def;
-char *value;
-int nid;
-int min;
-int max;
+static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
+				char *def, char *value, int nid, int min,
+				int max)
 	{
 	int i,z;
 	X509_ATTRIBUTE *xa=NULL;
@@ -1095,7 +1071,7 @@ start:
 	/* add object plus value */
 	if ((xa=X509_ATTRIBUTE_new()) == NULL)
 		goto err;
-	if ((xa->value.set=sk_new_null()) == NULL)
+	if ((xa->value.set=sk_ASN1_TYPE_new_null()) == NULL)
 		goto err;
 	xa->set=1;
 
@@ -1121,12 +1097,12 @@ start:
 		{ BIO_printf(bio_err,"Malloc failure\n"); goto err; }
 
 	ASN1_TYPE_set(at,bs->type,(char *)bs);
-	sk_push(xa->value.set,(char *)at);
+	sk_ASN1_TYPE_push(xa->value.set,at);
 	bs=NULL;
 	at=NULL;
 	/* only one item per attribute */
 
-	if (!sk_push(n,(char *)xa)) goto err;
+	if (!sk_X509_ATTRIBUTE_push(n,xa)) goto err;
 	return(1);
 err:
 	if (xa != NULL) X509_ATTRIBUTE_free(xa);
@@ -1135,10 +1111,7 @@ err:
 	return(0);
 	}
 
-static void MS_CALLBACK req_cb(p,n,arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK req_cb(int p, int n, char *arg)
 	{
 	char c='*';
 
@@ -1153,10 +1126,7 @@ char *arg;
 #endif
 	}
 
-static int req_fix_data(nid,type,len,min,max)
-int nid;
-int *type;
-int len,min,max;
+static int req_fix_data(int nid, int *type, int len, int min, int max)
 	{
 	if (nid == NID_pkcs9_emailAddress)
 		*type=V_ASN1_IA5STRING;
@@ -1189,9 +1159,7 @@ int len,min,max;
 	}
 
 /* Check if the end of a string matches 'end' */
-static int check_end(str, end)
-char *str;
-char *end;
+static int check_end(char *str, char *end)
 {
 	int elen, slen;	
 	char *tmp;
@@ -1202,8 +1170,7 @@ char *end;
 	return strcmp(tmp, end);
 }
 
-static int add_oid_section(conf)
-LHASH *conf;
+static int add_oid_section(LHASH *conf)
 {	
 	char *p;
 	STACK *sktmp;

apps/rsa.c

@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "rsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	rsa_main
@@ -82,14 +83,12 @@
  * -modulus	- print the RSA key modulus
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	char *infile,*outfile,*prog;
@@ -300,4 +299,4 @@ end:
 	if (rsa != NULL) RSA_free(rsa);
 	EXIT(ret);
 	}
-
+#endif

apps/s_apps.h

@@ -56,11 +56,34 @@
  * [including the GNU Public Licence.]
  */
 
+#include <sys/types.h>
+#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET)
+/* VAX C does not defined fd_set and friends, but it's actually quite simple */
+/* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */
+#define MAX_NOFILE	32
+#define	NBBY		 8		/* number of bits in a byte	*/
+
+#ifndef	FD_SETSIZE
+#define	FD_SETSIZE	MAX_NOFILE
+#endif	/* FD_SETSIZE */
+
+/* How many things we'll allow select to use. 0 if unlimited */
+#define MAXSELFD	MAX_NOFILE
+typedef int	fd_mask;	/* int here! VMS prototypes int, not long */
+#define NFDBITS	(sizeof(fd_mask) * NBBY)	/* bits per mask (power of 2!)*/
+#define NFDSHIFT 5				/* Shift based on above */
+
+typedef fd_mask fd_set;
+#define	FD_SET(n, p)	(*(p) |= (1 << ((n) % NFDBITS)))
+#define	FD_CLR(n, p)	(*(p) &= ~(1 << ((n) % NFDBITS)))
+#define	FD_ISSET(n, p)	(*(p) & (1 << ((n) % NFDBITS)))
+#define FD_ZERO(p)	memset((char *)(p), 0, sizeof(*(p)))
+#endif
+
 #define PORT            4433
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
 
-#ifndef NOPROTO
 int do_accept(int acc_sock, int *sock, char **host);
 int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
@@ -86,7 +109,7 @@ int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
 int host_ip(char *str, unsigned char ip[4]);
 
-long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, char *argp,
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);
 
 #ifdef HEADER_SSL_H
@@ -95,25 +118,3 @@ void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
 void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
 #endif
 
-#else
-int do_accept();
-int do_server();
-int MS_CALLBACK verify_callback();
-int set_cert_stuff();
-int init_client();
-int init_client_ip();
-int nbio_init_client_ip();
-int nbio_sock_error();
-int spawn();
-int init_server();
-int should_retry();
-void sock_cleanup();
-int extract_port();
-int extract_host_port();
-int host_ip();
-
-long MS_CALLBACK bio_dump_cb();
-void MS_CALLBACK apps_ssl_info_callback();
-
-#endif
-

apps/s_cb.c

@@ -63,17 +63,15 @@
 #include "apps.h"
 #undef NON_MAIN
 #undef USE_SOCKETS
-#include "err.h"
-#include "x509.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
 #include "s_apps.h"
 
 int verify_depth=0;
 int verify_error=X509_V_OK;
 
-int MS_CALLBACK verify_callback(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 	X509 *err_cert;
@@ -123,10 +121,7 @@ X509_STORE_CTX *ctx;
 	return(ok);
 	}
 
-int set_cert_stuff(ctx, cert_file, key_file)
-SSL_CTX *ctx;
-char *cert_file;
-char *key_file;
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 	{
 	if (cert_file != NULL)
 		{
@@ -181,13 +176,8 @@ char *key_file;
 	return(1);
 	}
 
-long MS_CALLBACK bio_dump_cb(bio,cmd,argp,argi,argl,ret)
-BIO *bio;
-int cmd;
-char *argp;
-int argi;
-long argl;
-long ret;
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
+	     long argl, long ret)
 	{
 	BIO *out;
 
@@ -210,10 +200,7 @@ long ret;
 	return(ret);
 	}
 
-void MS_CALLBACK apps_ssl_info_callback(s,where,ret)
-SSL *s;
-int where;
-int ret;
+void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
 	{
 	char *str;
 	int w;

apps/s_client.c

@@ -56,6 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -64,12 +73,21 @@
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-#include "pem.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
 #include "s_apps.h"
 
+#if (defined(VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
 #undef PROG
 #define PROG	s_client_main
 
@@ -90,19 +108,14 @@ static int c_nbio=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;
+static int c_showcerts=0;
 
-#ifndef NOPROTO
 static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
-#else
-static void sc_usage();
-static void print_stuff();
-#endif
-
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
 
-static void sc_usage()
+static void sc_usage(void)
 	{
 	BIO_printf(bio_err,"usage: s_client args\n");
 	BIO_printf(bio_err,"\n");
@@ -118,6 +131,7 @@ static void sc_usage()
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
@@ -135,9 +149,7 @@ static void sc_usage()
 
 	}
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int off=0;
 	SSL *con=NULL,*con2=NULL;
@@ -152,7 +164,7 @@ char **argv;
 	char *cert_file=NULL,*key_file=NULL;
 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
+	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
 	SSL_METHOD *meth=NULL;
@@ -171,6 +183,7 @@ char **argv;
 	c_Pause=0;
 	c_quiet=0;
 	c_debug=0;
+	c_showcerts=0;
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -227,6 +240,8 @@ char **argv;
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
+		else if	(strcmp(*argv,"-showcerts") == 0)
+			c_showcerts=1;
 		else if	(strcmp(*argv,"-nbio_test") == 0)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
@@ -434,31 +449,43 @@ re_start:
 				}
 			}
 
+		ssl_pending = read_ssl && SSL_pending(con);
+
+		if (!ssl_pending)
+			{
 #ifndef WINDOWS
-		if (tty_on)
-			{
-			if (read_tty)  FD_SET(fileno(stdin),&readfds);
-			if (write_tty) FD_SET(fileno(stdout),&writefds);
-			}
+			if (tty_on)
+				{
+				if (read_tty)  FD_SET(fileno(stdin),&readfds);
+				if (write_tty) FD_SET(fileno(stdout),&writefds);
+				}
 #endif
-		if (read_ssl)
-			FD_SET(SSL_get_fd(con),&readfds);
-		if (write_ssl)
-			FD_SET(SSL_get_fd(con),&writefds);
+			if (read_ssl)
+				FD_SET(SSL_get_fd(con),&readfds);
+			if (write_ssl)
+				FD_SET(SSL_get_fd(con),&writefds);
 
-/*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
-			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",
+				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
 
-		i=select(width,&readfds,&writefds,NULL,NULL);
-		if ( i < 0)
-			{
-			BIO_printf(bio_err,"bad select %d\n",
+			/* Note: under VMS with SOCKETSHR the second parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
+			 */
+			i=select(width,(void *)&readfds,(void *)&writefds,
+				 NULL,NULL);
+			if ( i < 0)
+				{
+				BIO_printf(bio_err,"bad select %d\n",
 				get_last_socket_error());
-			goto shut;
-			/* goto end; */
+				goto shut;
+				/* goto end; */
+				}
 			}
 
-		if (FD_ISSET(SSL_get_fd(con),&writefds))
+		if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
 			{
 			k=SSL_write(con,&(cbuf[cbuf_off]),
 				(unsigned int)cbuf_len);
@@ -526,7 +553,7 @@ re_start:
 				}
 			}
 #ifndef WINDOWS
-		else if (FD_ISSET(fileno(stdout),&writefds))
+		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
 			{
 			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
 
@@ -546,7 +573,7 @@ re_start:
 				}
 			}
 #endif
-		else if (FD_ISSET(SSL_get_fd(con),&readfds))
+		else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
 			{
 #ifdef RENEG
 { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
@@ -613,9 +640,9 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 
 			if ((!c_quiet) && (cbuf[0] == 'R'))
 				{
+				BIO_printf(bio_err,"RENEGOTIATING\n");
 				SSL_renegotiate(con);
-				read_tty=0;
-				write_ssl=1;
+				cbuf_len=0;
 				}
 			else
 				{
@@ -623,8 +650,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 				cbuf_off=0;
 				}
 
-			read_tty=0;
 			write_ssl=1;
+			read_tty=0;
 			}
 #endif
 		}
@@ -647,34 +674,38 @@ end:
 	}
 
 
-static void print_stuff(bio,s,full)
-BIO *bio;
-SSL *s;
-int full;
+static void print_stuff(BIO *bio, SSL *s, int full)
 	{
 	X509 *peer=NULL;
 	char *p;
 	static char *space="                ";
 	char buf[BUFSIZ];
-	STACK *sk;
+	STACK_OF(X509) *sk;
+	STACK_OF(X509_NAME) *sk2;
 	SSL_CIPHER *c;
 	X509_NAME *xn;
 	int j,i;
 
 	if (full)
 		{
+		int got_a_chain = 0;
+
 		sk=SSL_get_peer_cert_chain(s);
 		if (sk != NULL)
 			{
+			got_a_chain = 1; /* we don't have it for SSL2 (yet) */
+
 			BIO_printf(bio,"---\nCertificate chain\n");
-			for (i=0; i<sk_num(sk); i++)
+			for (i=0; i<sk_X509_num(sk); i++)
 				{
-				X509_NAME_oneline(X509_get_subject_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
+				X509_NAME_oneline(X509_get_subject_name(
+					sk_X509_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"%2d s:%s\n",i,buf);
-				X509_NAME_oneline(X509_get_issuer_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
+				X509_NAME_oneline(X509_get_issuer_name(
+					sk_X509_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"   i:%s\n",buf);
+				if (c_showcerts)
+					PEM_write_bio_X509(bio,sk_X509_value(sk,i));
 				}
 			}
 
@@ -683,7 +714,8 @@ int full;
 		if (peer != NULL)
 			{
 			BIO_printf(bio,"Server certificate\n");
-			PEM_write_bio_X509(bio,peer);
+			if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
+				PEM_write_bio_X509(bio,peer);
 			X509_NAME_oneline(X509_get_subject_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"subject=%s\n",buf);
@@ -694,13 +726,13 @@ int full;
 		else
 			BIO_printf(bio,"no peer certificate available\n");
 
-		sk=SSL_get_client_CA_list(s);
-		if ((sk != NULL) && (sk_num(sk) > 0))
+		sk2=SSL_get_client_CA_list(s);
+		if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
 			{
 			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
-			for (i=0; i<sk_num(sk); i++)
+			for (i=0; i<sk_X509_NAME_num(sk2); i++)
 				{
-				xn=(X509_NAME *)sk_value(sk,i);
+				xn=sk_X509_NAME_value(sk2,i);
 				X509_NAME_oneline(xn,buf,sizeof(buf));
 				BIO_write(bio,buf,strlen(buf));
 				BIO_write(bio,"\n",1);
@@ -713,6 +745,11 @@ int full;
 		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
 		if (p != NULL)
 			{
+			/* This works only for SSL 2.  In later protocol
+			 * versions, the client does not know what other
+			 * ciphers (in addition to the one to be used
+			 * in the current connection) the server supports. */
+
 			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
 			j=i=0;
 			while (*p)

apps/s_server.c

@@ -56,6 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -64,20 +73,30 @@
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
-#include "lhash.h"
-#include "bn.h"
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
 #define USE_SOCKETS
 #include "apps.h"
-#include "err.h"
-#include "pem.h"
-#include "x509.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
 #include "s_apps.h"
 
-#ifndef NOPROTO
+#if (defined(VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
+#ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength);
-static int sv_body(char *hostname, int s, char *context);
-static int www_body(char *hostname, int s, char *context);
+#endif
+static int sv_body(char *hostname, int s, unsigned char *context);
+static int www_body(char *hostname, int s, unsigned char *context);
 static void close_accept_socket(void );
 static void sv_usage(void);
 static int init_ssl_connection(SSL *s);
@@ -87,25 +106,14 @@ static DH *load_dh_param(void );
 static DH *get_dh512(void);
 #endif
 /* static void s_server_init(void);*/
-#else
-static RSA MS_CALLBACK *tmp_rsa_cb();
-static int sv_body();
-static int www_body();
-static void close_accept_socket();
-static void sv_usage();
-static int init_ssl_connection();
-static void print_stats();
-#ifndef NO_DH
-static DH *load_dh_param();
-static DH *get_dh512();
-#endif
-/* static void s_server_init(); */
-#endif
-
 
 #ifndef S_ISDIR
+#if defined(VMS) && !defined(__DECC)
+#define S_ISDIR(a)	(((a) & S_IFMT) == S_IFDIR)
+#else
 #define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
 #endif
+#endif
 
 #ifndef NO_DH
 static unsigned char dh512_p[]={
@@ -120,7 +128,7 @@ static unsigned char dh512_g[]={
 	0x02,
 	};
 
-static DH *get_dh512()
+static DH *get_dh512(void)
 	{
 	DH *dh=NULL;
 
@@ -150,6 +158,7 @@ extern int verify_depth;
 
 static char *cipher=NULL;
 static int s_server_verify=SSL_VERIFY_NONE;
+static int s_server_session_id_context = 1; /* anything will do */
 static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
 static char *s_dcert_file=NULL,*s_dkey_file=NULL;
 #ifdef FIONBIO
@@ -164,7 +173,7 @@ static int s_debug=0;
 static int s_quiet=0;
 
 #if 0
-static void s_server_init()
+static void s_server_init(void)
 	{
 	cipher=NULL;
 	s_server_verify=SSL_VERIFY_NONE;
@@ -185,7 +194,7 @@ static void s_server_init()
 	}
 #endif
 
-static void sv_usage()
+static void sv_usage(void)
 	{
 	BIO_printf(bio_err,"usage: s_server [args ...]\n");
 	BIO_printf(bio_err,"\n");
@@ -226,9 +235,7 @@ static int local_argc=0;
 static char **local_argv;
 static int hack=0;
 
-int MAIN(argc, argv)
-int argc;
-char *argv[];
+int MAIN(int argc, char *argv[])
 	{
 	short port=PORT;
 	char *CApath=NULL,*CAfile=NULL;
@@ -488,6 +495,7 @@ bad:
 			goto end;
 		}
 
+#ifndef NO_RSA
 #if 1
 	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
 #else
@@ -508,11 +516,14 @@ bad:
 		RSA_free(rsa);
 		BIO_printf(bio_s_out,"\n");
 		}
+#endif
 #endif
 
 	if (cipher != NULL)
 		SSL_CTX_set_cipher_list(ctx,cipher);
 	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
+	SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
+		sizeof s_server_session_id_context);
 
 	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
 
@@ -533,9 +544,7 @@ end:
 	EXIT(ret);
 	}
 
-static void print_stats(bio,ssl_ctx)
-BIO *bio;
-SSL_CTX *ssl_ctx;
+static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
 	{
 	BIO_printf(bio,"%4ld items in the session cache\n",
 		SSL_CTX_sess_number(ssl_ctx));
@@ -560,10 +569,7 @@ SSL_CTX *ssl_ctx;
 		SSL_CTX_sess_get_cache_size(ssl_ctx));
 	}
 
-static int sv_body(hostname, s, context)
-char *hostname;
-int s;
-char *context;
+static int sv_body(char *hostname, int s, unsigned char *context)
 	{
 	char *buf=NULL;
 	fd_set readfds;
@@ -593,7 +599,8 @@ char *context;
 	if (con == NULL) {
 		con=(SSL *)SSL_new(ctx);
 		if(context)
-		      SSL_set_session_id_context(con, context, strlen(context));
+		      SSL_set_session_id_context(con, context,
+						 strlen((char *)context));
 	}
 	SSL_clear(con);
 
@@ -624,7 +631,13 @@ char *context;
 		FD_SET(fileno(stdin),&readfds);
 #endif
 		FD_SET(s,&readfds);
-		i=select(width,&readfds,NULL,NULL,NULL);
+		/* Note: under VMS with SOCKETSHR the second parameter is
+		 * currently of type (int *) whereas under other systems
+		 * it is (void *) if you don't have a cast it will choke
+		 * the compiler: if you do have a cast then you can either
+		 * go for (int *) or (void *).
+		 */
+		i=select(width,(void *)&readfds,NULL,NULL,NULL);
 		if (i <= 0) continue;
 		if (FD_ISSET(fileno(stdin),&readfds))
 			{
@@ -779,7 +792,7 @@ err:
 	return(ret);
 	}
 
-static void close_accept_socket()
+static void close_accept_socket(void)
 	{
 	BIO_printf(bio_err,"shutdown accept socket\n");
 	if (accept_socket >= 0)
@@ -788,11 +801,10 @@ static void close_accept_socket()
 		}
 	}
 
-static int init_ssl_connection(con)
-SSL *con;
+static int init_ssl_connection(SSL *con)
 	{
 	int i;
-	char *str;
+	const char *str;
 	X509 *peer;
 	long verify_error;
 	MS_STATIC char buf[BUFSIZ];
@@ -844,7 +856,7 @@ SSL *con;
 	}
 
 #ifndef NO_DH
-static DH *load_dh_param()
+static DH *load_dh_param(void)
 	{
 	DH *ret=NULL;
 	BIO *bio;
@@ -859,9 +871,7 @@ err:
 #endif
 
 #if 0
-static int load_CA(ctx,file)
-SSL_CTX *ctx;
-char *file;
+static int load_CA(SSL_CTX *ctx, char *file)
 	{
 	FILE *in;
 	X509 *x=NULL;
@@ -881,10 +891,7 @@ char *file;
 	}
 #endif
 
-static int www_body(hostname, s, context)
-char *hostname;
-int s;
-char *context;
+static int www_body(char *hostname, int s, unsigned char *context)
 	{
 	char *buf=NULL;
 	int ret=1;
@@ -917,7 +924,8 @@ char *context;
 	if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
 
 	if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
-	if(context) SSL_set_session_id_context(con, context, strlen(context));
+	if(context) SSL_set_session_id_context(con, context,
+					       strlen((char *)context));
 
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if (s_nbio_test)
@@ -998,7 +1006,7 @@ char *context;
 			{
 			char *p;
 			X509 *peer;
-			STACK *sk;
+			STACK_OF(SSL_CIPHER) *sk;
 			static char *space="                          ";
 
 			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
@@ -1017,10 +1025,10 @@ char *context;
 			 * be done */
 			BIO_printf(io,"Ciphers supported in s_server binary\n");
 			sk=SSL_get_ciphers(con);
-			j=sk_num(sk);
+			j=sk_SSL_CIPHER_num(sk);
 			for (i=0; i<j; i++)
 				{
-				c=(SSL_CIPHER *)sk_value(sk,i);
+				c=sk_SSL_CIPHER_value(sk,i);
 				BIO_printf(io,"%-11s:%-25s",
 					SSL_CIPHER_get_version(c),
 					SSL_CIPHER_get_name(c));
@@ -1226,10 +1234,8 @@ err:
 	return(ret);
 	}
 
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export,keylength)
-SSL *s;
-int export;
-int keylength;
+#ifndef NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export, int keylength)
 	{
 	static RSA *rsa_tmp=NULL;
 
@@ -1240,9 +1246,7 @@ int keylength;
 			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
 			BIO_flush(bio_err);
 			}
-#ifndef NO_RSA
 		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
-#endif
 		if (!s_quiet)
 			{
 			BIO_printf(bio_err,"\n");
@@ -1251,3 +1255,4 @@ int keylength;
 		}
 	return(rsa_tmp);
 	}
+#endif

apps/s_socket.c

@@ -56,6 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -67,16 +76,18 @@
 #undef USE_SOCKETS
 #undef NON_MAIN
 #include "s_apps.h"
-#include "ssl.h"
+#include <openssl/ssl.h>
 
-#ifndef NOPROTO
-static struct hostent *GetHostByName(char *name);
-int sock_init(void );
-#else
-static struct hostent *GetHostByName();
-int sock_init();
+#ifdef VMS
+#if (__VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl,
+			      and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+#include <processes.h> /* for vfork() */
 #endif
 
+static struct hostent *GetHostByName(char *name);
+int sock_init(void );
 #ifdef WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
@@ -93,11 +104,8 @@ static FARPROC lpTopWndProc=NULL;
 static FARPROC lpTopHookProc=NULL;
 extern HINSTANCE _hInstance;  /* nice global CRT provides */
 
-static LONG FAR PASCAL topHookProc(hwnd,message,wParam,lParam)
-HWND hwnd;
-UINT message;
-WPARAM wParam;
-LPARAM lParam;
+static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
+	     LPARAM lParam)
 	{
 	if (hwnd == topWnd)
 		{
@@ -122,7 +130,7 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 #endif /* WIN32 */
 #endif /* WINDOWS */
 
-void sock_cleanup()
+void sock_cleanup(void)
 	{
 #ifdef WINDOWS
 	if (wsa_init_done)
@@ -134,7 +142,7 @@ void sock_cleanup()
 #endif
 	}
 
-int sock_init()
+int sock_init(void)
 	{
 #ifdef WINDOWS
 	if (!wsa_init_done)
@@ -165,10 +173,7 @@ int sock_init()
 	return(1);
 	}
 
-int init_client(sock, host, port)
-int *sock;
-char *host;
-int port;
+int init_client(int *sock, char *host, int port)
 	{
 	unsigned char ip[4];
 	short p=0;
@@ -181,10 +186,7 @@ int port;
 	return(init_client_ip(sock,ip,port));
 	}
 
-int init_client_ip(sock, ip, port)
-int *sock;
-unsigned char ip[4];
-int port;
+int init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -215,23 +217,25 @@ int port;
 	return(1);
 	}
 
-int nbio_sock_error(sock)
-int sock;
+int nbio_sock_error(int sock)
 	{
-	int j,i,size;
+	int j,i;
+	int size;
 
 	size=sizeof(int);
-	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
+	/* Note: under VMS with SOCKETSHR the third parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,(void *)&size);
 	if (i < 0)
 		return(1);
 	else
 		return(j);
 	}
 
-int nbio_init_client_ip(sock, ip, port)
-int *sock;
-unsigned char ip[4];
-int port;
+int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -251,7 +255,9 @@ int port;
 
 	if (*sock <= 0)
 		{
+#ifdef FIONBIO
 		unsigned long l=1;
+#endif
 
 		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 		if (s == INVALID_SOCKET) { perror("socket"); return(0); }
@@ -280,11 +286,7 @@ int port;
 		return(1);
 	}
 
-int do_server(port, ret, cb, context)
-int port;
-int *ret;
-int (*cb)();
-char *context;
+int do_server(int port, int *ret, int (*cb)(), char *context)
 	{
 	int sock;
 	char *name;
@@ -316,10 +318,7 @@ char *context;
 		}
 	}
 
-int init_server_long(sock, port, ip)
-int *sock;
-int port;
-char *ip;
+int init_server_long(int *sock, int port, char *ip)
 	{
 	int ret=0;
 	struct sockaddr_in server;
@@ -342,6 +341,13 @@ char *ip;
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 
 	if (s == INVALID_SOCKET) goto err;
+#if defined SOL_SOCKET && defined SO_REUSEADDR
+		{
+		int j = 1;
+		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+			   (void *) &j, sizeof j);
+		}
+#endif
 	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 		{
 #ifndef WINDOWS
@@ -362,17 +368,12 @@ err:
 	return(ret);
 	}
 
-int init_server(sock,port)
-int *sock;
-int port;
+int init_server(int *sock, int port)
 	{
 	return(init_server_long(sock, port, NULL));
 	}
 
-int do_accept(acc_sock, sock, host)
-int acc_sock;
-int *sock;
-char **host;
+int do_accept(int acc_sock, int *sock, char **host)
 	{
 	int ret,i;
 	struct hostent *h1,*h2;
@@ -388,7 +389,12 @@ redoit:
 
 	memset((char *)&from,0,sizeof(from));
 	len=sizeof(from);
-	ret=accept(acc_sock,(struct sockaddr *)&from,&len);
+	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
 #ifdef WINDOWS
@@ -458,11 +464,8 @@ end:
 	return(1);
 	}
 
-int extract_host_port(str,host_ptr,ip,port_ptr)
-char *str;
-char **host_ptr;
-unsigned char *ip;
-short *port_ptr;
+int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+	     short *port_ptr)
 	{
 	char *h,*p;
 
@@ -486,9 +489,7 @@ err:
 	return(0);
 	}
 
-int host_ip(str,ip)
-char *str;
-unsigned char ip[4];
+int host_ip(char *str, unsigned char ip[4])
 	{
 	unsigned int in[4]; 
 	int i;
@@ -534,9 +535,7 @@ err:
 	return(0);
 	}
 
-int extract_port(str,port_ptr)
-char *str;
-short *port_ptr;
+int extract_port(char *str, short *port_ptr)
 	{
 	int i;
 	struct servent *s;
@@ -568,8 +567,7 @@ static struct ghbn_cache_st
 static unsigned long ghbn_hits=0L;
 static unsigned long ghbn_miss=0L;
 
-static struct hostent *GetHostByName(name)
-char *name;
+static struct hostent *GetHostByName(char *name)
 	{
 	struct hostent *ret;
 	int i,lowi=0;
@@ -609,11 +607,7 @@ char *name;
 	}
 
 #ifndef MSDOS
-int spawn(argc, argv, in, out)
-int argc;
-char **argv;
-int *in;
-int *out;
+int spawn(int argc, char **argv, int *in, int *out)
 	{
 	int pid;
 #define CHILD_READ	p1[0]
@@ -624,7 +618,11 @@ int *out;
 
 	if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
 
+#ifdef VMS
+	if ((pid=vfork()) == 0)
+#else
 	if ((pid=fork()) == 0)
+#endif
 		{ /* child */
 		if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
 			perror("dup2");

apps/s_time.c

@@ -67,26 +67,29 @@
 #include <stdlib.h>
 #include <string.h>
 
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
-#include "x509.h"
-#include "ssl.h"
-#include "pem.h"
 #define USE_SOCKETS
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
 #include "apps.h"
 #include "s_apps.h"
-#include "err.h"
+#include <openssl/err.h>
 #ifdef WIN32_STUFF
 #include "winmain.h"
 #include "wintext.h"
 #endif
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -94,15 +97,15 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -121,11 +124,7 @@ struct tms {
 */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
 #define HZ      100.0
-#else /* VMS */
-#define HZ      100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -134,6 +133,7 @@ struct tms {
 #undef PROG
 #define PROG s_time_main
 
+#undef ioctl
 #define ioctl ioctlsocket
 
 #define SSL_CONNECT_NAME	"localhost:4433"
@@ -151,18 +151,10 @@ struct tms {
 extern int verify_depth;
 extern int verify_error;
 
-#ifndef NOPROTO
 static void s_time_usage(void);
 static int parseArgs( int argc, char **argv );
 static SSL *doConnection( SSL *scon );
 static void s_time_init(void);
-#else
-static void s_time_usage();
-static int parseArgs();
-static SSL *doConnection();
-static void s_time_init();
-#endif
-
 
 /***********************************************************************
  * Static data declarations
@@ -190,7 +182,7 @@ static int t_nbio=0;
 static int exitNow = 0;		/* Set when it's time to exit main */
 #endif
 
-static void s_time_init()
+static void s_time_init(void)
 	{
 	host=SSL_CONNECT_NAME;
 	t_cert_file=NULL;
@@ -218,7 +210,7 @@ static void s_time_init()
 /***********************************************************************
  * usage - display usage message
  */
-static void s_time_usage()
+static void s_time_usage(void)
 {
 	static char umsg[] = "\
 -time arg     - max number of seconds to collect data, default %d\n\
@@ -250,9 +242,7 @@ static void s_time_usage()
  *
  * Returns 0 if ok, -1 on bad args
  */
-static int parseArgs(argc,argv)
-int argc;
-char **argv;
+static int parseArgs(int argc, char **argv)
 {
     int badop = 0;
 
@@ -377,8 +367,7 @@ bad:
 #define START	0
 #define STOP	1
 
-static double tm_Time_F(s)
-int s;
+static double tm_Time_F(int s)
 	{
 	static double ret;
 #ifdef TIMES
@@ -412,10 +401,7 @@ int s;
  * MAIN - main processing area for client
  *			real name depends on MONOLITH
  */
-int
-MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	double totalTime = 0.0;
 	int nConn = 0;
@@ -639,9 +625,7 @@ end:
  * Returns:
  *		SSL *	= the connection pointer.
  */
-static SSL *
-doConnection(scon)
-SSL *scon;
+static SSL *doConnection(SSL *scon)
 	{
 	BIO *conn;
 	SSL *serverCon;
@@ -680,7 +664,13 @@ SSL *scon;
 			width=i+1;
 			FD_ZERO(&readfds);
 			FD_SET(i,&readfds);
-			select(width,&readfds,NULL,NULL,NULL);
+			/* Note: under VMS with SOCKETSHR the 2nd parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
+			 */
+			select(width,(void *)&readfds,NULL,NULL,NULL);
 			continue;
 			}
 		break;

apps/sc.c

@@ -1,784 +0,0 @@
-/* apps/s_client.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#define USE_SOCKETS
-#ifdef NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-#include "pem.h"
-#include "s_apps.h"
-
-#ifdef WINDOWS
-/* Most of the #if(n)def WINDOWS put in by Gerrit van Niekerk 
-   <gerritvn@osi.co.za> to support the keyboard under Windows.
-   Tested using Win95, *should* work with NT and Win3.x
-*/
-#include <conio.h>
-#endif
-
-#undef PROG
-#define PROG	s_client_main
-
-/*#define SSL_HOST_NAME	"www.netscape.com" */
-/*#define SSL_HOST_NAME	"193.118.187.102" */
-#define SSL_HOST_NAME	"localhost"
-
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
-
-#undef BUFSIZZ
-#define BUFSIZZ 1024*8
-
-extern int verify_depth;
-extern int verify_error;
-
-#ifdef FIONBIO
-static int c_nbio=0;
-#endif
-static int c_Pause=0;
-static int c_debug=0;
-
-#ifndef NOPROTO
-static void sc_usage(void);
-static void print_stuff(BIO *berr,SSL *con,int full);
-#else
-static void sc_usage();
-static void print_stuff();
-#endif
-
-static BIO *bio_c_out=NULL;
-static int c_quiet=0;
-
-static void sc_usage()
-	{
-	BIO_printf(bio_err,"usage: client args\n");
-	BIO_printf(bio_err,"\n");
-	BIO_printf(bio_err," -host host     - use -connect instead\n");
-	BIO_printf(bio_err," -port port     - use -connect instead\n");
-	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-
-	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
-	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
-	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
-	BIO_printf(bio_err,"                 not specified but cert file is.\n");
-	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
-	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
-	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
-	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
-	BIO_printf(bio_err," -debug        - extra output\n");
-	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
-	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
-#ifdef FIONBIO
-	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
-#endif
-	BIO_printf(bio_err," -quiet        - no s_client output\n");
-	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
-	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
-	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
-	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
-	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
-	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
-	BIO_printf(bio_err,"                 command to see what is available\n");
-
-	}
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
-	{
-	int off=0;
-	SSL *con=NULL,*con2=NULL;
-	int s,k,width,state=0;
-	char *cbuf=NULL,*sbuf=NULL;
-	int cbuf_len,cbuf_off;
-	int sbuf_len,sbuf_off;
-	fd_set readfds,writefds;
-	short port=PORT;
-	int full_log=1;
-	char *host=SSL_HOST_NAME;
-	char *cert_file=NULL,*key_file=NULL;
-	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
-	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
-	SSL_CTX *ctx=NULL;
-	int ret=1,in_init=1,i,nbio_test=0;
-	SSL_METHOD *meth=NULL;
-	BIO *sbio;
-	/*static struct timeval timeout={10,0};*/
-
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
-	meth=SSLv23_client_method();
-#elif !defined(NO_SSL3)
-	meth=SSLv3_client_method();
-#elif !defined(NO_SSL2)
-	meth=SSLv2_client_method();
-#endif
-
-	apps_startup();
-	c_Pause=0;
-	c_quiet=0;
-	c_debug=0;
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-	if (	((cbuf=Malloc(BUFSIZZ)) == NULL) ||
-		((sbuf=Malloc(BUFSIZZ)) == NULL))
-		{
-		BIO_printf(bio_err,"out of memory\n");
-		goto end;
-		}
-
-	verify_depth=0;
-	verify_error=X509_V_OK;
-#ifdef FIONBIO
-	c_nbio=0;
-#endif
-#ifdef WINDOWS
-	c_nbio = 1;
-#endif
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if	(strcmp(*argv,"-host") == 0)
-			{
-			if (--argc < 1) goto bad;
-			host= *(++argv);
-			}
-		else if	(strcmp(*argv,"-port") == 0)
-			{
-			if (--argc < 1) goto bad;
-			port=atoi(*(++argv));
-			if (port == 0) goto bad;
-			}
-		else if (strcmp(*argv,"-connect") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!extract_host_port(*(++argv),&host,NULL,&port))
-				goto bad;
-			}
-		else if	(strcmp(*argv,"-verify") == 0)
-			{
-			verify=SSL_VERIFY_PEER;
-			if (--argc < 1) goto bad;
-			verify_depth=atoi(*(++argv));
-			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
-			}
-		else if	(strcmp(*argv,"-cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			cert_file= *(++argv);
-			}
-		else if	(strcmp(*argv,"-quiet") == 0)
-			c_quiet=1;
-		else if	(strcmp(*argv,"-pause") == 0)
-			c_Pause=1;
-		else if	(strcmp(*argv,"-debug") == 0)
-			c_debug=1;
-		else if	(strcmp(*argv,"-nbio_test") == 0)
-			nbio_test=1;
-		else if	(strcmp(*argv,"-state") == 0)
-			state=1;
-#ifndef NO_SSL2
-		else if	(strcmp(*argv,"-ssl2") == 0)
-			meth=SSLv2_client_method();
-#endif
-#ifndef NO_SSL3
-		else if	(strcmp(*argv,"-ssl3") == 0)
-			meth=SSLv3_client_method();
-#endif
-#ifndef NO_TLS1
-		else if	(strcmp(*argv,"-tls1") == 0)
-			meth=TLSv1_client_method();
-#endif
-		else if (strcmp(*argv,"-bugs") == 0)
-			bugs=1;
-		else if	(strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			key_file= *(++argv);
-			}
-		else if	(strcmp(*argv,"-reconnect") == 0)
-			{
-			reconnect=5;
-			}
-		else if	(strcmp(*argv,"-CApath") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CApath= *(++argv);
-			}
-		else if	(strcmp(*argv,"-CAfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-no_tls1") == 0)
-			off|=SSL_OP_NO_TLSv1;
-		else if (strcmp(*argv,"-no_ssl3") == 0)
-			off|=SSL_OP_NO_SSLv3;
-		else if (strcmp(*argv,"-no_ssl2") == 0)
-			off|=SSL_OP_NO_SSLv2;
-		else if	(strcmp(*argv,"-cipher") == 0)
-			{
-			if (--argc < 1) goto bad;
-			cipher= *(++argv);
-			}
-#ifdef FIONBIO
-		else if (strcmp(*argv,"-nbio") == 0)
-			{ c_nbio=1; }
-#endif
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badop=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-	if (badop)
-		{
-bad:
-		sc_usage();
-		goto end;
-		}
-
-	if (bio_c_out == NULL)
-		{
-		if (c_quiet)
-			{
-			bio_c_out=BIO_new(BIO_s_null());
-			}
-		else
-			{
-			if (bio_c_out == NULL)
-				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-			}
-		}
-
-	SSLeay_add_ssl_algorithms();
-	ctx=SSL_CTX_new(meth);
-	if (ctx == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (bugs)
-		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
-	else
-		SSL_CTX_set_options(ctx,off);
-
-	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
-	if (cipher != NULL)
-		SSL_CTX_set_cipher_list(ctx,cipher);
-#if 0
-	else
-		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
-#endif
-
-	SSL_CTX_set_verify(ctx,verify,verify_callback);
-	if (!set_cert_stuff(ctx,cert_file,key_file))
-		goto end;
-
-	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(ctx)))
-		{
-		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
-		ERR_print_errors(bio_err);
-		/* goto end; */
-		}
-
-	SSL_load_error_strings();
-
-	con=(SSL *)SSL_new(ctx);
-/*	SSL_set_cipher_list(con,"RC4-MD5"); */
-
-re_start:
-
-	if (init_client(&s,host,port) == 0)
-		{
-		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
-		SHUTDOWN(s);
-		goto end;
-		}
-	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
-
-#ifdef FIONBIO
-	if (c_nbio)
-		{
-		unsigned long l=1;
-		BIO_printf(bio_c_out,"turning on non blocking io\n");
-		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-#endif                                              
-	if (c_Pause & 0x01) con->debug=1;
-	sbio=BIO_new_socket(s,BIO_NOCLOSE);
-
-	if (nbio_test)
-		{
-		BIO *test;
-
-		test=BIO_new(BIO_f_nbio_test());
-		sbio=BIO_push(test,sbio);
-		}
-
-	if (c_debug)
-		{
-		con->debug=1;
-		BIO_set_callback(sbio,bio_dump_cb);
-		BIO_set_callback_arg(sbio,bio_c_out);
-		}
-
-	SSL_set_bio(con,sbio,sbio);
-	SSL_set_connect_state(con);
-
-	/* ok, lets connect */
-	width=SSL_get_fd(con)+1;
-
-	read_tty=1;
-	write_tty=0;
-	tty_on=0;
-	read_ssl=1;
-	write_ssl=1;
-	
-	cbuf_len=0;
-	cbuf_off=0;
-	sbuf_len=0;
-	sbuf_off=0;
-
-	for (;;)
-		{
-		FD_ZERO(&readfds);
-		FD_ZERO(&writefds);
-
-		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
-			{
-			in_init=1;
-			tty_on=0;
-			}
-		else
-			{
-			tty_on=1;
-			if (in_init)
-				{
-				in_init=0;
-				print_stuff(bio_c_out,con,full_log);
-				if (full_log > 0) full_log--;
-
-				if (reconnect)
-					{
-					reconnect--;
-					BIO_printf(bio_c_out,"drop connection and then reconnect\n");
-					SSL_shutdown(con);
-					SSL_set_connect_state(con);
-					SHUTDOWN(SSL_get_fd(con));
-					goto re_start;
-					}
-				}
-			}
-
-#ifndef WINDOWS
-		if (tty_on)
-			{
-			if (read_tty)  FD_SET(fileno(stdin),&readfds);
-			if (write_tty) FD_SET(fileno(stdout),&writefds);
-			}
-#endif
-		if (read_ssl)
-			FD_SET(SSL_get_fd(con),&readfds);
-		if (write_ssl)
-			FD_SET(SSL_get_fd(con),&writefds);
-
-/*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
-			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
-
-#ifndef WINDOWS
-		i=select(width,&readfds,&writefds,NULL,NULL);
-		if ( i < 0)
-			{
-			BIO_printf(bio_err,"bad select %d\n",
-				get_last_socket_error());
-			goto shut;
-			/* goto end; */
-			}
-
-		if (FD_ISSET(SSL_get_fd(con),&writefds))
-#else
-		if (write_ssl)
-#endif
-			{
-			k=SSL_write(con,&(cbuf[cbuf_off]),
-				(unsigned int)cbuf_len);
-			switch (SSL_get_error(con,k))
-				{
-			case SSL_ERROR_NONE:
-				cbuf_off+=k;
-				cbuf_len-=k;
-				if (k <= 0) goto end;
-				/* we have done a  write(con,NULL,0); */
-				if (cbuf_len <= 0)
-					{
-					read_tty=1;
-					write_ssl=0;
-					}
-				else /* if (cbuf_len > 0) */
-					{
-					read_tty=0;
-					write_ssl=1;
-					}
-				break;
-			case SSL_ERROR_WANT_WRITE:
-#ifndef WINDOWS
-				BIO_printf(bio_c_out,"write W BLOCK\n");
-#endif
-				write_ssl=1;
-				read_tty=0;
-				break;
-			case SSL_ERROR_WANT_READ:
-#ifndef WINDOWS
-				BIO_printf(bio_c_out,"write R BLOCK\n");
-#endif
-				write_tty=0;
-				read_ssl=1;
-				write_ssl=0;
-				break;
-			case SSL_ERROR_WANT_X509_LOOKUP:
-				BIO_printf(bio_c_out,"write X BLOCK\n");
-				break;
-			case SSL_ERROR_ZERO_RETURN:
-				if (cbuf_len != 0)
-					{
-					BIO_printf(bio_c_out,"shutdown\n");
-					goto shut;
-					}
-				else
-					{
-					read_tty=1;
-					write_ssl=0;
-					break;
-					}
-				
-			case SSL_ERROR_SYSCALL:
-				if ((k != 0) || (cbuf_len != 0))
-					{
-					BIO_printf(bio_err,"write:errno=%d\n",
-						get_last_socket_error());
-					goto shut;
-					}
-				else
-					{
-					read_tty=1;
-					write_ssl=0;
-					}
-				break;
-			case SSL_ERROR_SSL:
-				ERR_print_errors(bio_err);
-				goto shut;
-				}
-			}
-#ifndef WINDOWS
-		else if (FD_ISSET(fileno(stdout),&writefds))
-#else
-		else if (tty_on && write_tty)
-#endif
-			{
-			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
-
-			if (i <= 0)
-				{
-				BIO_printf(bio_c_out,"DONE\n");
-				goto shut;
-				/* goto end; */
-				}
-
-			sbuf_len-=i;;
-			sbuf_off+=i;
-			if (sbuf_len <= 0)
-				{
-				read_ssl=1;
-				write_tty=0;
-				}
-			}
-#ifndef WINDOWS
-		else if (FD_ISSET(SSL_get_fd(con),&readfds))
-#else
-		if (read_ssl)
-#endif
-			{
-#ifdef RENEG
-{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
-#endif
-			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
-
-			switch (SSL_get_error(con,k))
-				{
-			case SSL_ERROR_NONE:
-				if (k <= 0)
-					goto end;
-				sbuf_off=0;
-				sbuf_len=k;
-
-				read_ssl=0;
-				write_tty=1;
-				break;
-			case SSL_ERROR_WANT_WRITE:
-#ifndef WINDOWS
-				BIO_printf(bio_c_out,"read W BLOCK\n");
-#endif
-				write_ssl=1;
-				read_tty=0;
-				break;
-			case SSL_ERROR_WANT_READ:
-#ifndef WINDOWS
-				BIO_printf(bio_c_out,"read R BLOCK\n");
-#endif
-				write_tty=0;
-				read_ssl=1;
-				if ((read_tty == 0) && (write_ssl == 0))
-					write_ssl=1;
-				break;
-			case SSL_ERROR_WANT_X509_LOOKUP:
-				BIO_printf(bio_c_out,"read X BLOCK\n");
-				break;
-			case SSL_ERROR_SYSCALL:
-				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
-				goto shut;
-			case SSL_ERROR_ZERO_RETURN:
-				BIO_printf(bio_c_out,"closed\n");
-				goto shut;
-			case SSL_ERROR_SSL:
-				ERR_print_errors(bio_err);
-				goto shut;
-				break;
-				}
-			}
-
-#ifndef WINDOWS
-		else if (FD_ISSET(fileno(stdin),&readfds))
-			{
-			i=read(fileno(stdin),cbuf,BUFSIZZ);
-#else
-		if (tty_on && read_tty && _kbhit())
-			{
-			i = 1;
-			cbuf[0] = _getch();
-#endif
-
-			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
-				{
-				BIO_printf(bio_err,"DONE\n");
-				goto shut;
-				}
-
-			if ((!c_quiet) && (cbuf[0] == 'R'))
-				{
-				SSL_renegotiate(con);
-				read_tty=0;
-				write_ssl=1;
-				}
-			else
-				{
-				cbuf_len=i;
-				cbuf_off=0;
-				}
-
-			read_tty=0;
-			write_ssl=1;
-			}
-		}
-shut:
-	SSL_shutdown(con);
-	SHUTDOWN(SSL_get_fd(con));
-	ret=0;
-end:
-	if (con != NULL) SSL_free(con);
-	if (con2 != NULL) SSL_free(con2);
-	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
-	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
-	if (bio_c_out != NULL)
-		{
-		BIO_free(bio_c_out);
-		bio_c_out=NULL;
-		}
-	EXIT(ret);
-	}
-
-
-static void print_stuff(bio,s,full)
-BIO *bio;
-SSL *s;
-int full;
-	{
-	X509 *peer=NULL;
-	char *p;
-	static char *space="                ";
-	char buf[BUFSIZ];
-	STACK *sk;
-	SSL_CIPHER *c;
-	X509_NAME *xn;
-	int j,i;
-
-	if (full)
-		{
-		sk=SSL_get_peer_cert_chain(s);
-		if (sk != NULL)
-			{
-			BIO_printf(bio,"---\nCertificate chain\n");
-			for (i=0; i<sk_num(sk); i++)
-				{
-				X509_NAME_oneline(X509_get_subject_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
-				BIO_printf(bio,"%2d s:%s\n",i,buf);
-				X509_NAME_oneline(X509_get_issuer_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
-				BIO_printf(bio,"   i:%s\n",buf);
-				}
-			}
-
-		BIO_printf(bio,"---\n");
-		peer=SSL_get_peer_certificate(s);
-		if (peer != NULL)
-			{
-			BIO_printf(bio,"Server certificate\n");
-			PEM_write_bio_X509(bio,peer);
-			X509_NAME_oneline(X509_get_subject_name(peer),
-				buf,BUFSIZ);
-			BIO_printf(bio,"subject=%s\n",buf);
-			X509_NAME_oneline(X509_get_issuer_name(peer),
-				buf,BUFSIZ);
-			BIO_printf(bio,"issuer=%s\n",buf);
-			}
-		else
-			BIO_printf(bio,"no peer certificate available\n");
-
-		sk=SSL_get_client_CA_list(s);
-		if ((sk != NULL) && (sk_num(sk) > 0))
-			{
-			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
-			for (i=0; i<sk_num(sk); i++)
-				{
-				xn=(X509_NAME *)sk_value(sk,i);
-				X509_NAME_oneline(xn,buf,sizeof(buf));
-				BIO_write(bio,buf,strlen(buf));
-				BIO_write(bio,"\n",1);
-				}
-			}
-		else
-			{
-			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
-			}
-		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
-		if (p != NULL)
-			{
-			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
-			j=i=0;
-			while (*p)
-				{
-				if (*p == ':')
-					{
-					BIO_write(bio,space,15-j%25);
-					i++;
-					j=0;
-					BIO_write(bio,((i%3)?" ":"\n"),1);
-					}
-				else
-					{
-					BIO_write(bio,p,1);
-					j++;
-					}
-				p++;
-				}
-			BIO_write(bio,"\n",1);
-			}
-
-		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
-			BIO_number_read(SSL_get_rbio(s)),
-			BIO_number_written(SSL_get_wbio(s)));
-		}
-	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
-	c=SSL_get_current_cipher(s);
-	BIO_printf(bio,"%s, Cipher is %s\n",
-		SSL_CIPHER_get_version(c),
-		SSL_CIPHER_get_name(c));
-	if (peer != NULL)
-	{
-		EVP_PKEY *pktmp;
-		BIO_printf(bio,"Server public key is %d bit\n",
-							EVP_PKEY_bits(pktmp));
-		EVP_PKEY_free(pktmp);
-	}
-	SSL_SESSION_print(bio,SSL_get_session(s));
-	BIO_printf(bio,"---\n");
-	if (peer != NULL)
-		X509_free(peer);
-	}
-

apps/sess_id.c

@@ -60,11 +60,11 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 #undef PROG
 #define PROG	sess_id_main
@@ -83,15 +83,8 @@ static char *sess_id_usage[]={
 NULL
 };
 
-#ifndef NOPROTO
 static SSL_SESSION *load_sess_id(char *file, int format);
-#else
-static SSL_SESSION *load_sess_id();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	SSL_SESSION *x=NULL;
 	int ret=1,i,num,badops=0;
@@ -271,9 +264,7 @@ end:
 	EXIT(ret);
 	}
 
-static SSL_SESSION *load_sess_id(infile, format)
-char *infile;
-int format;
+static SSL_SESSION *load_sess_id(char *infile, int format)
 	{
 	SSL_SESSION *x=NULL;
 	BIO *in=NULL;

apps/speed.c

@@ -78,15 +78,14 @@
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
-#include "crypto.h"
-#include "rand.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -94,15 +93,15 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -114,48 +113,48 @@ struct tms {
 #endif
 
 #ifndef NO_DES
-#include "des.h"
+#include <openssl/des.h>
 #endif
 #ifndef NO_MD2
-#include "md2.h"
+#include <openssl/md2.h>
 #endif
 #ifndef NO_MDC2
-#include "mdc2.h"
+#include <openssl/mdc2.h>
 #endif
 #ifndef NO_MD5
-#include "md5.h"
-#include "hmac.h"
-#include "evp.h"
+#include <openssl/md5.h>
+#include <openssl/hmac.h>
+#include <openssl/evp.h>
 #endif
-#ifndef NO_SHA1
-#include "sha.h"
+#ifndef NO_SHA
+#include <openssl/sha.h>
 #endif
-#ifndef NO_RMD160
-#include "ripemd.h"
+#ifndef NO_RIPEMD
+#include <openssl/ripemd.h>
 #endif
 #ifndef NO_RC4
-#include "rc4.h"
+#include <openssl/rc4.h>
 #endif
 #ifndef NO_RC5
-#include "rc5.h"
+#include <openssl/rc5.h>
 #endif
 #ifndef NO_RC2
-#include "rc2.h"
+#include <openssl/rc2.h>
 #endif
 #ifndef NO_IDEA
-#include "idea.h"
+#include <openssl/idea.h>
 #endif
-#ifndef NO_BLOWFISH
-#include "blowfish.h"
+#ifndef NO_BF
+#include <openssl/blowfish.h>
 #endif
 #ifndef NO_CAST
-#include "cast.h"
+#include <openssl/cast.h>
 #endif
 #ifndef NO_RSA
-#include "rsa.h"
-#endif
-#include "x509.h"
+#include <openssl/rsa.h>
 #include "./testrsa.h"
+#endif
+#include <openssl/x509.h>
 #ifndef NO_DSA
 #include "./testdsa.h"
 #endif
@@ -164,11 +163,7 @@ struct tms {
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -181,16 +176,9 @@ struct tms {
 #define BUFSIZE	((long)1024*8+1)
 int run=0;
 
-#ifndef NOPROTO
 static double Time_F(int s);
 static void print_message(char *s,long num,int length);
 static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
-#else
-static double Time_F();
-static void print_message();
-static void pkey_print_message();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -198,14 +186,8 @@ static void pkey_print_message();
 #define SIGRETTYPE int
 #endif 
 
-#ifndef NOPROTO
 static SIGRETTYPE sig_done(int sig);
-#else
-static SIGRETTYPE sig_done();
-#endif
-
-static SIGRETTYPE sig_done(sig)
-int sig;
+static SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -218,8 +200,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-static double Time_F(s)
-int s;
+static double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -255,11 +236,10 @@ int s;
 #endif
 	}
 
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	unsigned char *buf=NULL,*buf2=NULL;
+	des_cblock *buf_as_des_cblock = NULL;
 	int ret=1;
 #define ALGOR_NUM	14
 #define SIZE_NUM	5
@@ -277,10 +257,10 @@ char **argv;
 	unsigned char md5[MD5_DIGEST_LENGTH];
 	unsigned char hmac[MD5_DIGEST_LENGTH];
 #endif
-#ifndef NO_SHA1
+#ifndef NO_SHA
 	unsigned char sha[SHA_DIGEST_LENGTH];
 #endif
-#ifndef NO_RMD160
+#ifndef NO_RIPEMD
 	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
 #endif
 #ifndef NO_RC4
@@ -295,7 +275,7 @@ char **argv;
 #ifndef NO_IDEA
 	IDEA_KEY_SCHEDULE idea_ks;
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	BF_KEY bf_ks;
 #endif
 #ifndef NO_CAST
@@ -339,9 +319,9 @@ char **argv;
 #define	R_RSA_1024	1
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
+#ifndef NO_RSA
 	RSA *rsa_key[RSA_NUM];
 	long rsa_c[RSA_NUM][2];
-#ifndef NO_RSA
 	double rsa_results[RSA_NUM][2];
 	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
 	static unsigned char *rsa_data[RSA_NUM]=
@@ -362,7 +342,7 @@ char **argv;
 	int pr_header=0;
 
 	apps_startup();
-#ifdef NO_DSA
+#ifndef NO_DSA
 	memset(dsa_key,0,sizeof(dsa_key));
 #endif
 
@@ -381,6 +361,7 @@ char **argv;
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
+	buf_as_des_cblock = (des_cblock *)buf;
 	if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
@@ -418,13 +399,13 @@ char **argv;
 			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
 		else
 #endif
-#ifndef NO_SHA1
+#ifndef NO_SHA
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
 			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
 		else
 #endif
-#ifndef NO_RMD160
+#ifndef NO_RIPEMD
 			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
 		else
 			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
@@ -480,7 +461,7 @@ char **argv;
 		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
 		else
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
@@ -530,10 +511,10 @@ char **argv;
 #ifndef NO_RC5
 			BIO_printf(bio_err,"rc5-cbc  ");
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH) && !defined(NO_RC5)
+#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BF) && !defined(NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif
 			BIO_printf(bio_err,"des-cbc  des-ede3 ");
@@ -601,9 +582,9 @@ char **argv;
 #endif
 
 #ifndef NO_DES
-	des_set_key(key,sch);
-	des_set_key(key2,sch2);
-	des_set_key(key3,sch3);
+	des_set_key(&key,sch);
+	des_set_key(&key2,sch2);
+	des_set_key(&key3,sch3);
 #endif
 #ifndef NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
@@ -617,14 +598,15 @@ char **argv;
 #ifndef NO_RC5
 	RC5_32_set_key(&rc5_ks,16,key16,12);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	BF_set_key(&bf_ks,16,key16);
 #endif
 #ifndef NO_CAST
 	CAST_set_key(&cast_ks,16,key16);
 #endif
-
+#ifndef NO_RSA
 	memset(rsa_c,0,sizeof(rsa_c));
+#endif
 #ifndef SIGALRM
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
@@ -633,7 +615,8 @@ char **argv;
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_ecb_encrypt(buf,buf, &(sch[0]),DES_ENCRYPT);
+			des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
+				&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d <3);
 	c[D_MD2][0]=count/10;
@@ -675,6 +658,7 @@ char **argv;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
 		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
 		}
+#ifndef NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
 	rsa_c[R_RSA_512][1]=count/400;
 	for (i=1; i<RSA_NUM; i++)
@@ -692,6 +676,7 @@ char **argv;
 				}
 			}				
 		}
+#endif
 
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
@@ -793,7 +778,7 @@ char **argv;
 			}
 		}
 #endif
-#ifndef NO_SHA1
+#ifndef NO_SHA
 	if (doit[D_SHA1])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -809,7 +794,7 @@ char **argv;
 			}
 		}
 #endif
-#ifndef NO_RMD160
+#ifndef NO_RIPEMD
 	if (doit[D_RMD160])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -851,7 +836,7 @@ char **argv;
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
 				des_ncbc_encrypt(buf,buf,lengths[j],sch,
-						 &(iv[0]),DES_ENCRYPT);
+						 &iv,DES_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_DES],d);
@@ -868,7 +853,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
 				des_ede3_cbc_encrypt(buf,buf,lengths[j],
 						     sch,sch2,sch3,
-						     &(iv[0]),DES_ENCRYPT);
+						     &iv,DES_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_EDE3_DES],d);
@@ -886,7 +871,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
 				idea_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&idea_ks,
-					(unsigned char *)&(iv[0]),IDEA_ENCRYPT);
+					iv,IDEA_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_IDEA],d);
@@ -904,7 +889,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
 				RC2_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc2_ks,
-					(unsigned char *)&(iv[0]),RC2_ENCRYPT);
+					iv,RC2_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_RC2],d);
@@ -922,7 +907,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
 				RC5_32_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc5_ks,
-					(unsigned char *)&(iv[0]),RC5_ENCRYPT);
+					iv,RC5_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_RC5],d);
@@ -930,7 +915,7 @@ char **argv;
 			}
 		}
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	if (doit[D_CBC_BF])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -940,7 +925,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
 				BF_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&bf_ks,
-					(unsigned char *)&(iv[0]),BF_ENCRYPT);
+					iv,BF_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_BF],d);
@@ -958,7 +943,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
 				CAST_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&cast_ks,
-					(unsigned char *)&(iv[0]),CAST_ENCRYPT);
+					iv,CAST_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_CAST],d);
@@ -1108,7 +1093,7 @@ char **argv;
 #ifndef NO_IDEA
 	printf("%s ",idea_options());
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	printf("%s ",BF_options());
 #endif
 	fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
@@ -1183,10 +1168,7 @@ end:
 	EXIT(ret);
 	}
 
-static void print_message(s,num,length)
-char *s;
-long num;
-int length;
+static void print_message(char *s, long num, int length)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
@@ -1201,12 +1183,8 @@ int length;
 #endif
 	}
 
-static void pkey_print_message(str,str2,num,bits,tm)
-char *str;
-char *str2;
-long num;
-int bits;
-int tm;
+static void pkey_print_message(char *str, char *str2, long num, int bits,
+	     int tm)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);

apps/stuff/pkcs7.ex1

@@ -1,25 +0,0 @@
------BEGIN xxx-----
-MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIB
-rTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMT
-UGVyc29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4
-MDIxODM4NTdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
-YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZp
-Y2F0ZTEYMBYGA1UEAxMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcN
-AQEBBQADSwAwSAJBAMy8QcW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamI
-DElX/qw9mIQu4xNj1FfepfJNxzPvA0OtMKhy6+bkrlyMEU8CAwEAATAN
-BgkqhkiG9w0BAQIFAANPAAYn7jDgirhiIL4wnP8nGzUisGSpsFsF4/7z
-2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d82H5+Ndfhi2mRp4YHiGHz0Hl
-K6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANBgkqhkiG9w0BAQIFADBf
-MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHks
-IEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3MjM1OTU5
-WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJp
-dHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTAN
-BgkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1F
-pI9tXQ1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8
-nOkkuBi+AQvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7x
-Ddp49oZm9GoNcPhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6
-Wqf430Xe9Et5+jgnMTiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFc
-miin80RB8AAAMYAAAAAAAAAAAA==
------END xxx-----

apps/stuff/pkcs7.ex2

@@ -1,11 +0,0 @@
------BEGIN PRIVACY-ENHANCED MESSAGE-----
-MIAGCSqGSIb3DQEHBqCAMIACAQAwgAYJKoZIhvcNAQcBMBEGBSsOAwIHBAifqtdy
-x6uIMYCCARgvFzJtOZBn773DtmXlx037ck3giqnV0WC0QAx5f+fesAiGaxMqWcir
-r9XvT0nT0LgSQ/8tiLCDBEKdyCNgdcJAduy3D0r2sb5sNTT0TyL9uydG3w55vTnW
-aPbCPCWLudArI1UHDZbnoJICrVehxG/sYX069M8v6VO8PsJS7//hh1yM+0nekzQ5
-l1p0j7uWKu4W0csrlGqhLvEJanj6dQAGSTNCOoH3jzEXGQXntgesk8poFPfHdtj0
-5RH4MuJRajDmoEjlrNcnGl/BdHAd2JaCo6uZWGcnGAgVJ/TVfSVSwN5nlCK87tXl
-nL7DJwaPRYwxb3mnPKNq7ATiJPf5u162MbwxrddmiE7e3sST7naSN+GS0ateY5X7
-AAAAAAAAAAA=
------END PRIVACY-ENHANCED MESSAGE-----
-

apps/stuff/pkcs7.ex3

@@ -1,12 +0,0 @@
------BEGIN PRIVACY-ENHANCED MESSAGE-----
-MIAGCSqGSIb3DQEHA6CAMIACAQAxgDCBqQIBADBTME0xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29u
-YSBDZXJ0aWZpY2F0ZQICALYwDQYJKoZIhvcNAQEBBQAEQCU/R+YCJSUsV6XLilHG
-cNVzwqKcWzmT/rZ+duOv8Ggb7oO/d8H3xUVGQ2LsX4kYGq2szwj8Q6eWhsmhf4oz
-lvMAADCABgkqhkiG9w0BBwEwEQYFKw4DAgcECFif7BadXlw3oIAEgZBNcMexKe16
-+mNxx8YQPukBCL0bWqS86lvws/AgRkKPELmysBi5lco8MBCsWK/fCyrnxIRHs1oK
-BXBVlsAhKkkusk1kCf/GbXSAphdSgG+d6LxrNZwHbBFOX6A2hYS63Iczd5bOVDDW
-Op2gcgUtMJq6k2LFrs4L7HHqRPPlqNJ6j5mFP4xkzOCNIQynpD1rV6EECMIk/T7k
-1JLSAAAAAAAAAAAAAA==
------END PRIVACY-ENHANCED MESSAGE-----
-

apps/stuff/pkcs7.pem

@@ -1,46 +0,0 @@
------BEGIN PKCS7-----
-MIIIEgYJKoZIhvcNAQcCMIIIAwIBATEAMAsGCSqGSIb3DQEHAaCCBDUwggIhMIIB
-jgIFAnIAAGcwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
-F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk1MDUxNzAwMDAwMFoXDTk1MTEx
-NjIzNTk1OVowdzELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5h
-MRIwEAYDVQQHEwlDaGFybG90dGUxIzAhBgNVBAoTGlZuZXQgSW50ZXJuZXQgQWNj
-ZXNzLCBJbmMuMRYwFAYDVQQDFA13d3cqLnZuZXQubmV0MHwwDQYJKoZIhvcNAQEB
-BQADawAwaAJhAOngW+io4W1lAp1b2k4+KqICaLHatp6AWkPLpa3Li2mwmggSGeRD
-AmTI4FQB0EFrDMfKLOteHgGoDJ0vifmV5cKvevRt5Gn+xPn54Halu7i145iUldyv
-oViUNpWmLJhKTQIDAQABMA0GCSqGSIb3DQEBAgUAA34AQkyfJje6H8fxtN68TvXV
-RibnPpQol2jMbh0VnK9cP9ePvsXy+7JoGuWxj6zlgjZGwia49xITggZ+0b+wP51l
-5e8xEEc2K7eC5QVD0qh/NSqdPcVP+UG6UK/LT25w/yLuZgqJ3g87kGbOo9myLhkZ
-3jr3kXnsriBmwmqcjgUwggIMMIIBlgIFAkAAAEUwDQYJKoZIhvcNAQECBQAwXzEL
-MAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4w
-LAYDVQQLEyVMb3cgQXNzdXJhbmNlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
-DTk0MTEwOTIzMTk0NFoXDTk5MTIzMTIzMTk0NFowXzELMAkGA1UEBhMCVVMxIDAe
-BgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUg
-U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUA
-A4GJADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwji
-ioII0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJ
-VphIuR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJ
-KoZIhvcNAQECBQADYQAjOCnuhWTdRq+8PhUBSzKbOhmafQQPQ8Ltw+49U8N1zgq9
-1ROaW46znUQykAPUdaAIflEfV2e0ULuyOWCwDJ2ME7NUmWL86SLkk6QLC9iItjva
-h+tdpLV/+TerjmrxCWChggOyMIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1
-MDIwMjEyMjZaFw05NTA2MDEwMDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcy
-NDI2WjAWAgUCQQAACRcNOTUwMjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAx
-MjQ5WjAWAgUCQQAADBcNOTUwMjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0
-MDQ5WjAWAgUCQQAAFhcNOTUwMzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0
-MDQxWjAWAgUCQQAAHxcNOTUwMzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAw
-NzExWjAWAgUCcgAAERcNOTUwMzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDEx
-MzIxWjAWAgUCcgAAHhcNOTUwNDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcx
-NzI0WjAWAgUCcgAAOBcNOTUwNDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIx
-MjI2WjANBgkqhkiG9w0BAQIFAAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6q
-QmK92W0hW158wpJg+ovV3+wQwvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3M
-rJBnZ4GaZDu4FutZh72MR3GtJaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFA
-yp0vMIIBHTCBqDANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UE
-ChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFu
-Y2UgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTk1MDUwMTE5MjcyOVoXDTk1MDYw
-MTA4MDAwMFowGDAWAgUCQAAAXhcNOTUwMjA4MDE0NjIyWjANBgkqhkiG9w0BAQIF
-AANhAF70VxEAKgGlS2otYkWSqYJ286MMDbdAIoEGCDTtVuLCOP3YKHOSTjFhbIhL
-5mBd+Q/W+lKSqdoyYhdObaBk4I4Wk+/BE2QK1x4QhtYG144spESXIRIKAbhffg1g
-rRe/ETEA
------END PKCS7-----

apps/test.ssl

@@ -1,16 +0,0 @@
-www.microsoft.com:443
-sectest.microsoft.com:443
-https://sectest.microsoft.com/ClientAuth/test.asp
-ssl3.netscape.com:443
-ssl3.netscape.com:444
-www.openmarket.com:443 - no session ID caching. - no swap
-
-Servers
-bad  www.openmarket.com	Open-Market-Secure-WebServer/V2.1
-bad  www.microsoft.com	Server: Microsoft-IIS/3.0
-good transact.netscape.com	Netscape-Enterprise/2.01
-
-clients
-good netscape
-hmm  MSIE
-

apps/testdsa.h

@@ -1,14 +1,7 @@
 /* NOCW */
-#ifndef NOPROTO
 DSA *get_dsa512(void );
 DSA *get_dsa1024(void );
 DSA *get_dsa2048(void );
-#else
-DSA *get_dsa512();
-DSA *get_dsa1024();
-DSA *get_dsa2048();
-#endif
-
 static unsigned char dsa512_p[]={
 	0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
 	0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,

apps/verify.c

@@ -60,27 +60,19 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	verify_main
 
-#ifndef NOPROTO
 static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
 static int check(X509_STORE *ctx,char *file);
-#else
-static int MS_CALLBACK cb();
-static int check();
-#endif
-
 static int v_verbose=0;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,ret=1;
 	char *CApath=NULL,*CAfile=NULL;
@@ -154,9 +146,7 @@ end:
 	EXIT(ret);
 	}
 
-static int check(ctx,file)
-X509_STORE *ctx;
-char *file;
+static int check(X509_STORE *ctx, char *file)
 	{
 	X509 *x=NULL;
 	BIO *in=NULL;
@@ -210,9 +200,7 @@ end:
 	return(ret);
 	}
 
-static int MS_CALLBACK cb(ok,ctx)
-int ok;
-X509_STORE_CTX *ctx;
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 

apps/version.c

@@ -60,15 +60,13 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "evp.h"
-#include "crypto.h"
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
 
 #undef PROG
 #define PROG	version_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,ret=0;
 	int cflags=0,version=0,date=0,options=0,platform=0;
@@ -121,7 +119,7 @@ char **argv;
 #ifndef NO_IDEA
 		printf("%s ",idea_options());
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 		printf("%s ",BF_options());
 #endif
 		printf("\n");

apps/x509.c

@@ -63,15 +63,15 @@
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "bio.h"
-#include "asn1.h"
-#include "err.h"
-#include "bn.h"
-#include "evp.h"
-#include "x509.h"
-#include "x509v3.h"
-#include "objects.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG x509_main
@@ -85,7 +85,7 @@
 static char *x509_usage[]={
 "usage: x509 args\n",
 " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
-" -outform arg    - output format - default PEM (one of DER, NET or PEM\n",
+" -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",
 " -keyform arg    - private key format - default PEM\n",
 " -CAform arg     - CA format - default PEM\n",
 " -CAkeyform arg  - CA key format - default PEM\n",
@@ -114,29 +114,21 @@ static char *x509_usage[]={
 " -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
+" -extfile        - configuration file with X509V3 extensions to add\n",
 NULL
 };
 
-#ifndef NOPROTO
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
 static EVP_PKEY *load_key(char *file, int format);
 static X509 *load_cert(char *file, int format);
-static int sign (X509 *x, EVP_PKEY *pkey,int days,EVP_MD *digest);
-static int x509_certify (X509_STORE *ctx,char *CAfile, EVP_MD *digest,X509 *x,
-	X509 *xca, EVP_PKEY *pkey,char *serial, int create, int days);
-#else
-static int MS_CALLBACK callb();
-static EVP_PKEY *load_key();
-static X509 *load_cert();
-static int sign ();
-static int x509_certify ();
-#endif
-
+static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest,
+						LHASH *conf, char *section);
+static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
+			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
+			 int create,int days, LHASH *conf, char *section);
 static int reqfile=0;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	X509_REQ *req=NULL;
@@ -157,7 +149,9 @@ char **argv;
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	EVP_MD *md_alg,*digest=EVP_md5();
+	const EVP_MD *md_alg,*digest=EVP_md5();
+	LHASH *extconf = NULL;
+	char *extsect = NULL, *extfile = NULL;
 
 	reqfile=0;
 
@@ -219,6 +213,11 @@ char **argv;
 				goto bad;
 				}
 			}
+		else if (strcmp(*argv,"-extfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			extfile= *(++argv);
+			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -322,6 +321,34 @@ bad:
 		goto end;
 		}
 
+	if (extfile) {
+		long errorline;
+		X509V3_CTX ctx2;
+		if (!(extconf=CONF_load(NULL,extfile,&errorline))) {
+			if (errorline <= 0)
+				BIO_printf(bio_err,
+					"error loading the config file '%s'\n",
+								extfile);
+                	else
+                        	BIO_printf(bio_err,
+				       "error on line %ld of config file '%s'\n"
+							,errorline,extfile);
+			goto end;
+		}
+		if(!(extsect = CONF_get_string(extconf, "default",
+					 "extensions"))) extsect = "default";
+		X509V3_set_ctx_test(&ctx2);
+		X509V3_set_conf_lhash(&ctx2, extconf);
+		if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) {
+			BIO_printf(bio_err,
+				"Error Loading extension section %s\n",
+								 extsect);
+			ERR_print_errors(bio_err);
+			goto end;
+                }
+	} 
+
+
 	if (reqfile)
 		{
 		EVP_PKEY *pkey;
@@ -599,7 +626,8 @@ bad:
 		                        digest=EVP_dss1();
 #endif
 
-				if (!sign(x,Upkey,days,digest)) goto end;
+				if (!sign(x,Upkey,days,digest,
+						 extconf, extsect)) goto end;
 				}
 			else if (CA_flag == i)
 				{
@@ -615,8 +643,8 @@ bad:
 #endif
 				
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
-					CApkey,
-					CAserial,CA_createserial,days))
+					CApkey, CAserial,CA_createserial,days,
+					extconf, extsect))
 					goto end;
 				}
 			else if (x509req == i)
@@ -690,29 +718,23 @@ bad:
 	ret=0;
 end:
 	OBJ_cleanup();
-	if (out != NULL) BIO_free(out);
-	if (STDout != NULL) BIO_free(STDout);
-	if (ctx != NULL) X509_STORE_free(ctx);
-	if (req != NULL) X509_REQ_free(req);
-	if (x != NULL) X509_free(x);
-	if (xca != NULL) X509_free(xca);
-	if (Upkey != NULL) EVP_PKEY_free(Upkey);
-	if (CApkey != NULL) EVP_PKEY_free(CApkey);
-	if (rq != NULL) X509_REQ_free(rq);
+	CONF_free(extconf);
+	BIO_free(out);
+	BIO_free(STDout);
+	X509_STORE_free(ctx);
+	X509_REQ_free(req);
+	X509_free(x);
+	X509_free(xca);
+	EVP_PKEY_free(Upkey);
+	EVP_PKEY_free(CApkey);
+	X509_REQ_free(rq);
 	X509V3_EXT_cleanup();
 	EXIT(ret);
 	}
 
-static int x509_certify(ctx,CAfile,digest,x,xca,pkey,serialfile,create,days)
-X509_STORE *ctx;
-char *CAfile;
-EVP_MD *digest;
-X509 *x;
-X509 *xca;
-EVP_PKEY *pkey;
-char *serialfile;
-int create;
-int days;
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
+	     int days, LHASH *conf, char *section)
 	{
 	int ret=0;
 	BIO *io=NULL;
@@ -845,6 +867,14 @@ int days;
 		}
 	EVP_PKEY_free(upkey);
 
+	if(conf) {
+		X509V3_CTX ctx2;
+		X509_set_version(x,2); /* version 3 certificate */
+                X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+                X509V3_set_conf_lhash(&ctx2, conf);
+                if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+	}
+
 	if (!X509_sign(x,pkey,digest)) goto end;
 	ret=1;
 end:
@@ -858,9 +888,7 @@ end:
 	return(ret);
 	}
 
-static int MS_CALLBACK callb(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 	int err;
@@ -893,9 +921,7 @@ X509_STORE_CTX *ctx;
 		}
 	}
 
-static EVP_PKEY *load_key(file, format)
-char *file;
-int format;
+static EVP_PKEY *load_key(char *file, int format)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -948,9 +974,7 @@ end:
 	return(pkey);
 	}
 
-static X509 *load_cert(file, format)
-char *file;
-int format;
+static X509 *load_cert(char *file, int format)
 	{
 	ASN1_HEADER *ah=NULL;
 	BUF_MEM *buf=NULL;
@@ -1037,11 +1061,8 @@ end:
 	}
 
 /* self sign */
-static int sign(x, pkey, days, digest)
-X509 *x;
-EVP_PKEY *pkey;
-int days;
-EVP_MD *digest;
+static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest, 
+						LHASH *conf, char *section)
 	{
 
 	EVP_PKEY *pktmp;
@@ -1062,6 +1083,13 @@ EVP_MD *digest;
 		goto err;
 
 	if (!X509_set_pubkey(x,pkey)) goto err;
+	if(conf) {
+		X509V3_CTX ctx;
+		X509_set_version(x,2); /* version 3 certificate */
+                X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+                X509V3_set_conf_lhash(&ctx, conf);
+                if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+	}
 	if (!X509_sign(x,pkey,digest)) goto err;
 	return(1);
 err:

bugs/stream.c

@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
-#include "rc4.h"
+#include <openssl/rc4.h>
 #ifdef NO_DES
 #include <des.h>
 #else
-#include "des.h"
+#include <openssl/des.h>
 #endif
 
 /* show how stream ciphers are not very good.  The mac has no affect

certs/vsign4.pem

@@ -1,16 +0,0 @@
- subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
-9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
-IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
-O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
-g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
-yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
------END CERTIFICATE-----

config

@@ -1,17 +1,11 @@
 #!/bin/sh
 #
-# config - this is a merge of minarch and GuessOS from the Apache Group
-#          which then automatically runs Configure from SSLeay after
-#	   mapping the Apache names for OSs into SSLeay names
+# OpenSSL config: determine the operating system and run ./Configure
 #
-# 29-May-97 eay		Added no-asm option
-# 27-May-97 eay		Alpha linux mods
-# ??-May-97 eay		IRIX mods
-# 16-Sep-97 tjh		first cut of merged version
-#
-# Tim Hudson
-# tjh@cryptsoft.com
+# "config -h" for usage information.
 #
+#          this is a merge of minarch and GuessOS from the Apache Group.
+#          Originally written by Tim Hudson <tjh@cryptsoft.com>.
 
 # Original Apache Group comments on GuessOS
 
@@ -88,8 +82,11 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
     HP-UX:*)
 	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	case "$HPUXVER" in
+	    11.*)
+		echo "${MACHINE}-hp-hpux11"; exit 0
+		;;
 	    10.*)
-		echo "${MACHINE}-hp-hpux10."; exit 0
+		echo "${MACHINE}-hp-hpux10"; exit 0
 		;;
 	    *)
 		echo "${MACHINE}-hp-hpux"; exit 0
@@ -129,16 +126,23 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-freebsd3"; exit 0
 	;;
 
-    FreeBSD:*:*:*486*)
-	echo "i486-whatever-freebsd"; exit 0
+    FreeBSD:*:*:*386*)
+        case `sysctl -n hw.model` in
+	    Pentium*)
+                echo "i586-whatever-freebsd"; exit 0
+                ;;
+            *)
+                echo "i386-whatever-freebsd"; exit 0
+                ;;
+            esac;
 	;;
 
     FreeBSD:*)
 	echo "${MACHINE}-whatever-freebsd"; exit 0
 	;;
 
-    NetBSD:*:*:*486*)
-	echo "i486-whatever-netbsd"; exit 0
+    NetBSD:*:*:*386*)
+        echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0
 	;;
 
     NetBSD:*)
@@ -197,8 +201,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-unknown-ultrix"; exit 0
 	;;
 
-    SINIX*)
-	echo "${MACHINE}-sni-sysv4"; exit 0
+    SINIX*|ReliantUNIX*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0
 	;;
 
     machten:*)
@@ -239,7 +243,7 @@ esac
 # At this point we gone through all the one's
 # we know of: Punt
 
-echo "${MACHINE}-whatever-${SYSTEM}|${RELEASE}|${VERSION}" 
+echo "${MACHINE}-whatever-${SYSTEM}" 
 exit 0
 ) 2>/dev/null | (
 
@@ -249,7 +253,6 @@ exit 0
 
 PREFIX=""
 SUFFIX=""
-VERBOSE="false"
 TEST="false"
 
 # pick up any command line args to config
@@ -257,25 +260,16 @@ for i
 do
 case "$i" in 
 -d*) PREFIX="debug-";;
--v*) VERBOSE="true";;
 -t*) TEST="true";;
--h*) cat <<EOF
-usage: config [options]
+-h*) TEST="true"; cat <<EOF
+Usage: config [options]
  -d	Add a debug- prefix to machine choice.
- -v	Verbose mode.
  -t	Test mode, do not run the Configure perl script.
  -h	This help.
 
-Any other text will be passed to ther Configure perl script.
-Usefull options include
- no-asm Build with no assember code.
- -Dxxx	Add xxx define to compilation.
- -Lxxx	Add xxx library include path to build.
- -lxxx	Add xxx library to build.
+Any other text will be passed to the Configure perl script.
+See INSTALL for instructions.
 
-eg, to build using RSAref, without assember, building to allow anon-DH
-ciphers and null encryption ciphers,
- config no-asm -DRSAref -DSSL_ALLOW_ADH -DSSL_ALLOW_ENULL -lrsaref
 EOF
 ;;
 *) options=$options" $i" ;;
@@ -284,30 +278,40 @@ done
 
 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`gcc -v 2>&1`
+GCCVER=`(gcc -v) 2>&1`
 if [ $? = "0" ]; then
   CC=gcc
 else
   CC=cc
+  if [ "$SYSTEM" = "SunOS" ]
+  then
+   case `cc -V 2>&1` in
+    *4*) CC=cc;;
+    *5*) CC=cc;;
+    *) CC=sc3;;
+   esac
+  fi
 fi
 
 # read the output of the embedded GuessOS 
 read GUESSOS
 
-if [ "$VERBOSE" = "true" ]; then
-  echo GUESSOS $GUESSOS
-fi
+echo Operating system: $GUESSOS
 
 # now map the output into SSLeay terms ... really should hack into the
 # script above so we end up with values in vars but that would take
 # more time that I want to waste at the moment
 case "$GUESSOS" in
   alpha-*-linux2) OUT="alpha-gcc" ;;
+  ppc-*-linux2) OUT="linux-ppc" ;;
+  mips-*-linux?) OUT="linux-mips" ;;
   *-*-linux2) OUT="linux-elf" ;;
   *-*-linux1) OUT="linux-aout" ;;
+  sun4u-sun-solaris2) OUT="solaris-usparc-$CC" ;;
   sun4*-sun-solaris2) OUT="solaris-sparc-$CC" ;;
   *86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
   *-*-sunos4) OUT="sunos-$CC" ;;
+  alpha*-*-freebsd3) OUT="FreeBSD-alpha" ;;
   *-freebsd3) OUT="FreeBSD-elf" ;;
   *-freebsd) OUT="FreeBSD" ;;
   *86*-*-netbsd) OUT="NetBSD-x86" ;;
@@ -319,38 +323,81 @@ case "$GUESSOS" in
   *-*-openbsd) OUT="OpenBSD" ;;
   *-*-osf) OUT="alpha-cc" ;;
   *-*-unixware*) OUT="unixware-2.0" ;;
-  *-sni-sysv4) OUT="SINIX" ;;
-  *-hpux*) OUT="hpux-$CC" ;;
+  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
+  *-siemens-sysv4) OUT="SINIX" ;;
   # these are all covered by the catchall below
+  # *-hpux*) OUT="hpux-$CC" ;;
   # *-aix) OUT="aix-$CC" ;;
   # *-dgux) OUT="dgux" ;;
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
+# gcc < 2.8 does not support -mcpu=ultrasparc
+if [ "$OUT" = solaris-usparc-gcc ]
+then
+ GCCVERMAJOR="`echo $GCCVER | sed 's/.*version \([^.]*\).*/\1/`"
+ GCCVERMINOR="`echo $GCCVER | sed 's/.*version[^.]*\.\([^.]*\).*/\1/`"
+ echo "gcc version $GCCVERMAJOR.$GCCVERMINOR.x"
+ if [ $GCCVERMAJOR$GCCVERMINOR -lt 28 ]
+ then
+  OUT=solaris-usparc-oldgcc
+ fi
+fi
+
+case "$GUESSOS" in
+  i386-*) options="$options 386" ;;
+esac
+
 if [ -z "$OUT" ]; then
   OUT="$CC"
 fi
 
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl5" ] ; then
+			PERL="$i/perl5"
+			break;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl" ] ; then
+			if "$i/perl" -e 'exit($]<5.0)'; then
+				PERL="$i/perl"
+				break;
+			fi;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	echo "You need Perl 5."
+	exit 1
+fi
+
 # run Configure to check to see if we need to specify the 
 # compiler for the platform ... in which case we add it on
 # the end ... otherwise we leave it off
-perl ./Configure 2>&1 | grep "$OUT-$CC" > /dev/null
+
+$PERL ./Configure 2>&1 | grep "$OUT-$CC" > /dev/null
 if [ $? = "0" ]; then
   OUT="$OUT-$CC"
 fi
 
 OUT="$PREFIX$OUT"
 
-# at this point we have the answer ... which we could check again
-# and then fallback to a vanilla SSLeay build but then this script
-# wouldn't get updated
-echo Configuring for $OUT
+$PERL ./Configure 2>&1 | grep "$OUT" > /dev/null
+if [ $? = "0" ]; then
+  echo Configuring for $OUT
 
-if [ "$TEST" = "true" ]; then
-  echo ./Configure $OUT $options
+  if [ "$TEST" = "true" ]; then
+    echo $PERL ./Configure $OUT $options
+  else
+    $PERL ./Configure $OUT $options
+  fi
 else
-  perl ./Configure $OUT $options
+  echo "This system ($OUT) is not supported. See file INSTALL for details."
 fi
-
 )
-

crypto/.cvsignore

@@ -1,2 +1,4 @@
 lib
 date.h
+opensslconf.h
+Makefile.save

crypto/Makefile.ssl

@@ -8,6 +8,8 @@ CC=		cc
 INCLUDE=	-I. -I../include
 INCLUDES=	-I.. -I../../include
 CFLAG=		-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
 MAKE=           make -f Makefile.ssl
 MAKEDEPEND=	$(TOP)/util/domd $(TOP)
@@ -20,8 +22,6 @@ EX_LIBS=
  
 CFLAGS= $(INCLUDE) $(CFLAG) -DCFLAGS="\"$(CC) $(CFLAG)\"" -DPLATFORM="\"$(PLATFORM)\""
 
-ERR=crypto
-ERRC=cpt_err
 
 LIBS=
 
@@ -29,17 +29,17 @@ SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 comp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
-GENERAL=Makefile README
+GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c cversion.c ex_data.c tmdiff.c $(ERRC).c
-LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o tmdiff.o $(ERRC).o
+LIBSRC=	cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c
+LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o tmdiff.o cpt_err.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= crypto.h cryptall.h tmdiff.h opensslv.h
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h
 HEADER=	cryptlib.h date.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -56,38 +56,38 @@ subdirs:
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i && echo "making all in crypto/$$i..." && \
-	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' all ) || exit 1; \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
 	done;
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making 'files' in crypto/$$i..."; \
-	$(MAKE) files ); \
+	$(MAKE) PERL='${PERL}' files ); \
 	done;
 
 links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(TOP)/util/mklink.sh ../include $(HEADER)
-	@$(TOP)/util/mklink.sh ../test $(TEST)
-	@$(TOP)/util/mklink.sh ../apps $(APPS)
+	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@for i in $(SDIRS); do \
 	(cd $$i; echo "making links in crypto/$$i..."; \
-	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' links ); \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
 	done;
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 libs:
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making libs in crypto/$$i..."; \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
 	done;
 
 tests:
@@ -100,13 +100,13 @@ tests:
 install:
 	@for i in $(EXHEADER) ;\
 	do \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making install in crypto/$$i..."; \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
 	done;
 
 lint:
@@ -117,11 +117,11 @@ lint:
 	done;
 
 depend:
-	$(MAKEDEPEND) $(INCLUDE) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making depend in crypto/$$i..."; \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' depend ); \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
 	done;
 
 clean:
@@ -133,43 +133,40 @@ clean:
 	done;
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making dclean in crypto/$$i..."; \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
 	done;
 
-errors: errgen $(ERRC).c
-
-$(ERRC).c: $(ERR).err
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl err/err_genc.pl -s $(ERR).h $(ERRC).c
-
-errgen:
-	perl ./err/err_code.pl -conf err/ssleay.ec *.c */*.c ../ssl/*.c ../rsaref/*.c
-	@for i in $(SDIRS) ;\
-	do \
-	(cd $$i; echo "making errors in crypto/$$i..."; \
-	$(MAKE) errors ); \
-	done;
-
-
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-cpt_err.o: ../include/err.h ../include/stack.h crypto.h opensslv.h
-cryptlib.o: ../include/bio.h ../include/buffer.h ../include/e_os.h
-cryptlib.o: ../include/err.h ../include/stack.h cryptlib.h crypto.h date.h
-cryptlib.o: opensslv.h
-cversion.o: ../include/bio.h ../include/buffer.h ../include/e_os.h
-cversion.o: ../include/err.h ../include/stack.h cryptlib.h crypto.h date.h
-cversion.o: opensslv.h
-ex_data.o: ../include/bio.h ../include/buffer.h ../include/e_os.h
-ex_data.o: ../include/err.h ../include/lhash.h ../include/stack.h cryptlib.h
-ex_data.o: crypto.h opensslv.h
-mem.o: ../include/bio.h ../include/buffer.h ../include/e_os.h ../include/err.h
-mem.o: ../include/lhash.h ../include/stack.h cryptlib.h crypto.h opensslv.h
-tmdiff.o: ../include/bio.h ../include/buffer.h ../include/e_os.h
-tmdiff.o: ../include/err.h ../include/stack.h cryptlib.h crypto.h opensslv.h
-tmdiff.o: tmdiff.h
+cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/stack.h
+cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/stack.h cryptlib.h date.h
+cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/stack.h cryptlib.h date.h
+ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+ex_data.o: ../include/openssl/opensslv.h ../include/openssl/stack.h cryptlib.h
+mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+mem.o: ../include/openssl/opensslv.h ../include/openssl/stack.h cryptlib.h
+tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/stack.h ../include/openssl/tmdiff.h cryptlib.h

crypto/asn1/.cvsignore

@@ -1 +1,2 @@
 lib
+Makefile.save

crypto/asn1/a_bitstr.c

@@ -58,15 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_ASN1_STRING_NEW,ASN1_R_STRING_TOO_SHORT);
- * ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,ASN1_R_EXPECTING_A_BIT_STRING);
- */
-
-int i2d_ASN1_BIT_STRING(a,pp)
-ASN1_BIT_STRING *a;
-unsigned char **pp;
+int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	{
 	int ret,j,r,bits,len;
 	unsigned char *p,*d;
@@ -116,10 +110,8 @@ unsigned char **pp;
 	return(r);
 	}
 
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(a, pp, length)
-ASN1_BIT_STRING **a;
-unsigned char **pp;
-long length;
+ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_BIT_STRING *ret=NULL;
 	unsigned char *p,*s;
@@ -187,10 +179,7 @@ err:
 
 /* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
  */
-int ASN1_BIT_STRING_set_bit(a,n,value)
-ASN1_BIT_STRING *a;
-int n;
-int value;
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	{
 	int w,v,iv;
 	unsigned char *c;
@@ -220,9 +209,7 @@ int value;
 	return(1);
 	}
 
-int ASN1_BIT_STRING_get_bit(a,n)
-ASN1_BIT_STRING *a;
-int n;
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
 	{
 	int w,v;
 

crypto/asn1/a_bmp.c

@@ -58,23 +58,16 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_INTEGER,ASN1_R_EXPECTING_AN_INTEGER);
- */
-
-int i2d_ASN1_BMPSTRING(a, pp)
-ASN1_BMPSTRING *a;
-unsigned char **pp;
+int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp)
 	{
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL));
 	}
 
-ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(a, pp, length)
-ASN1_BMPSTRING **a;
-unsigned char **pp;
-long length;
+ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_BMPSTRING *ret=NULL;
 

crypto/asn1/a_bool.c

@@ -58,15 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_EXPECTING_A_BOOLEAN);
- * ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
- */
-
-int i2d_ASN1_BOOLEAN(a,pp)
-int a;
-unsigned char **pp;
+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
 	{
 	int r;
 	unsigned char *p;
@@ -81,10 +75,7 @@ unsigned char **pp;
 	return(r);
 	}
 
-int d2i_ASN1_BOOLEAN(a, pp, length)
-int *a;
-unsigned char **pp;
-long length;
+int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length)
 	{
 	int ret= -1;
 	unsigned char *p;

crypto/asn1/a_bytes.c

@@ -58,36 +58,24 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-
-/* ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,ASN1_R_WRONG_TYPE);
- * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG);
- */
+#include <openssl/asn1_mac.h>
 
 static unsigned long tag2bit[32]={
 0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
 B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
 B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
-B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags 12-15 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
 0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
 B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
 0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
 B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
 	};
 
-#ifndef NOPROTO
 static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c);
-#else
-static int asn1_collate_primative();
-#endif
-
-/* type is a 'bitmap' of acceptable string types to be accepted.
+/* type is a 'bitmap' of acceptable string types.
  */
-ASN1_STRING *d2i_ASN1_type_bytes(a, pp, length, type)
-ASN1_STRING **a;
-unsigned char **pp;
-long length;
-int type;
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
+	     long length, int type)
 	{
 	ASN1_STRING *ret=NULL;
 	unsigned char *p,*s;
@@ -150,11 +138,7 @@ err:
 	return(NULL);
 	}
 
-int i2d_ASN1_bytes(a, pp, tag, xclass)
-ASN1_STRING *a;
-unsigned char **pp;
-int tag;
-int xclass;
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
 	{
 	int ret,r,constructed;
 	unsigned char *p;
@@ -180,12 +164,8 @@ int xclass;
 	return(r);
 	}
 
-ASN1_STRING *d2i_ASN1_bytes(a, pp, length, Ptag, Pclass)
-ASN1_STRING **a;
-unsigned char **pp;
-long length;
-int Ptag;
-int Pclass;
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
+	     int Ptag, int Pclass)
 	{
 	ASN1_STRING *ret=NULL;
 	unsigned char *p,*s;
@@ -277,9 +257,7 @@ err:
  * them into the one struture that is then returned */
 /* There have been a few bug fixes for this function from
  * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
-static int asn1_collate_primative(a,c)
-ASN1_STRING *a;
-ASN1_CTX *c;
+static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c)
 	{
 	ASN1_STRING *os=NULL;
 	BUF_MEM b;
@@ -336,7 +314,7 @@ ASN1_CTX *c;
 	if (os != NULL) ASN1_STRING_free(os);
 	return(1);
 err:
-	ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,c->error);
+	ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
 	if (os != NULL) ASN1_STRING_free(os);
 	if (b.data != NULL) Free(b.data);
 	return(0);

crypto/asn1/a_d2i_fp.c

@@ -58,17 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1_mac.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1_mac.h>
 
 #define HEADER_SIZE   8
 
 #ifndef NO_FP_API
-char *ASN1_d2i_fp(xnew,d2i,in,x)
-char *(*xnew)();
-char *(*d2i)();
-FILE *in;
-unsigned char **x;
+char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
+	     unsigned char **x)
         {
         BIO *b;
         char *ret;
@@ -85,11 +82,8 @@ unsigned char **x;
         }
 #endif
 
-char *ASN1_d2i_bio(xnew,d2i,in,x)
-char *(*xnew)();
-char *(*d2i)();
-BIO *in;
-unsigned char **x;
+char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
+	     unsigned char **x)
 	{
 	BUF_MEM *b;
 	unsigned char *p;

crypto/asn1/a_digest.c

@@ -62,16 +62,12 @@
 #include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "evp.h"
-#include "x509.h"
-#include "buffer.h"
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/buffer.h>
 
-int ASN1_digest(i2d,type,data,md,len)
-int (*i2d)();
-EVP_MD *type;
-char *data;
-unsigned char *md;
-unsigned int *len;
+int ASN1_digest(int (*i2d)(), EVP_MD *type, char *data, unsigned char *md,
+	     unsigned int *len)
 	{
 	EVP_MD_CTX ctx;
 	int i;

crypto/asn1/a_dup.c

@@ -58,14 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
 
 #define READ_CHUNK   2048
 
-char *ASN1_dup(i2d,d2i,x)
-int (*i2d)();
-char *(*d2i)();
-char *x;
+char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	{
 	unsigned char *b,*p;
 	long i;

crypto/asn1/a_enum.c

@@ -58,19 +58,17 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* Support for ASN1 ENUMERATED type: based on a_int.c */
-
-/* ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,ASN1_R_EXPECTING_AN_ENUMERATED);
+/* 
+ * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
+ * for comments on encoding see a_int.c
  */
 
-int i2d_ASN1_ENUMERATED(a,pp)
-ASN1_ENUMERATED *a;
-unsigned char **pp;
+int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
 	{
 	int pad=0,ret,r,i,t;
-	unsigned char *p,*pt,*n,pb=0;
+	unsigned char *p,*n,pb=0;
 
 	if ((a == NULL) || (a->data == NULL)) return(0);
 	t=a->type;
@@ -80,16 +78,21 @@ unsigned char **pp;
 		{
 		ret=a->length;
 		i=a->data[0];
-		if ((t == V_ASN1_ENUMERATED) && (i > 127))
-			{
+		if ((t == V_ASN1_ENUMERATED) && (i > 127)) {
 			pad=1;
 			pb=0;
+		} else if(t == V_ASN1_NEG_ENUMERATED) {
+			if(i>128) {
+				pad=1;
+				pb=0xFF;
+			} else if(i == 128) {
+				for(i = 1; i < a->length; i++) if(a->data[i]) {
+						pad=1;
+						pb=0xFF;
+						break;
+				}
 			}
-		else if ((t == V_ASN1_NEG_ENUMERATED) && (i>128))
-			{
-			pad=1;
-			pb=0xFF;
-			}
+		}
 		ret+=pad;
 		}
 	r=ASN1_object_size(0,ret,V_ASN1_ENUMERATED);
@@ -105,23 +108,31 @@ unsigned char **pp;
 		memcpy(p,a->data,(unsigned int)a->length);
 		p+=a->length;
 		}
-	else
-		{
-		n=a->data;
-		pt=p;
-		for (i=a->length; i>0; i--)
-			*(p++)= (*(n++)^0xFF)+1;
-		if (!pad) *pt|=0x80;
+	else {
+		/* Begin at the end of the encoding */
+		n=a->data + a->length - 1;
+		p += a->length - 1;
+		i = a->length;
+		/* Copy zeros to destination as long as source is zero */
+		while(!*n) {
+			*(p--) = 0;
+			n--;
+			i--;
 		}
+		/* Complement and increment next octet */
+		*(p--) = ((*(n--)) ^ 0xff) + 1;
+		i--;
+		/* Complement any octets left */
+		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+		p += a->length;
+	}
 
 	*pp=p;
 	return(r);
 	}
 
-ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(a, pp, length)
-ASN1_ENUMERATED **a;
-unsigned char **pp;
-long length;
+ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_ENUMERATED *ret=NULL;
 	unsigned char *p,*to,*s;
@@ -163,16 +174,30 @@ long length;
 	if (*p & 0x80) /* a negative number */
 		{
 		ret->type=V_ASN1_NEG_ENUMERATED;
-		if (*p == 0xff)
-			{
+		if ((*p == 0xff) && (len != 1)) {
 			p++;
 			len--;
-			}
-		for (i=(int)len; i>0; i--)
-			*(to++)= (*(p++)^0xFF)+1;
 		}
-	else
-		{
+		i = len;
+		p += i - 1;
+		to += i - 1;
+		while((!*p) && i) {
+			*(to--) = 0;
+			i--;
+			p--;
+		}
+		if(!i) {
+			*s = 1;
+			s[len] = 0;
+			p += len;
+			len++;
+		} else {
+			*(to--) = (*(p--) ^ 0xff) + 1;
+			i--;
+			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+			p += len;
+		}
+	} else {
 		ret->type=V_ASN1_ENUMERATED;
 		if ((*p == 0) && (len != 1))
 			{
@@ -181,7 +206,7 @@ long length;
 			}
 		memcpy(s,p,(int)len);
 		p+=len;
-		}
+	}
 
 	if (ret->data != NULL) Free((char *)ret->data);
 	ret->data=s;
@@ -196,9 +221,7 @@ err:
 	return(NULL);
 	}
 
-int ASN1_ENUMERATED_set(a,v)
-ASN1_ENUMERATED *a;
-long v;
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
 	{
 	int i,j,k;
 	unsigned char buf[sizeof(long)+1];
@@ -231,15 +254,13 @@ long v;
 		d>>=8;
 		}
 	j=0;
-	if (v < 0) a->data[j++]=0;
 	for (k=i-1; k >=0; k--)
 		a->data[j++]=buf[k];
 	a->length=j;
 	return(1);
 	}
 
-long ASN1_ENUMERATED_get(a)
-ASN1_ENUMERATED *a;
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 	{
 	int neg=0,i;
 	long r=0;
@@ -268,9 +289,7 @@ ASN1_ENUMERATED *a;
 	return(r);
 	}
 
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(bn,ai)
-BIGNUM *bn;
-ASN1_ENUMERATED *ai;
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	{
 	ASN1_ENUMERATED *ret;
 	int len,j;
@@ -284,7 +303,8 @@ ASN1_ENUMERATED *ai;
 		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
 		goto err;
 		}
-	ret->type=V_ASN1_ENUMERATED;
+	if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED;
+	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
 	ret->data=(unsigned char *)Malloc(len+4);
@@ -295,13 +315,12 @@ err:
 	return(NULL);
 	}
 
-BIGNUM *ASN1_ENUMERATED_to_BN(ai,bn)
-ASN1_ENUMERATED *ai;
-BIGNUM *bn;
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
 	{
 	BIGNUM *ret;
 
 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
+	if(ai->type == V_ASN1_NEG_ENUMERATED) bn->neg = 1;
 	return(ret);
 	}

crypto/asn1/a_gentm.c

@@ -61,25 +61,17 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_NEW,ASN1_R_GENERALIZEDTIME_TOO_LONG);
- * ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_EXPECTING_A_GENERALIZEDTIME);
- */
-
-int i2d_ASN1_GENERALIZEDTIME(a,pp)
-ASN1_GENERALIZEDTIME *a;
-unsigned char **pp;
+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
 	{
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
 	}
 
 
-ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(a, pp, length)
-ASN1_GENERALIZEDTIME **a;
-unsigned char **pp;
-long length;
+ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
+	     unsigned char **pp, long length)
 	{
 	ASN1_GENERALIZEDTIME *ret=NULL;
 
@@ -103,8 +95,7 @@ err:
 	return(NULL);
 	}
 
-int ASN1_GENERALIZEDTIME_check(d)
-ASN1_GENERALIZEDTIME *d;
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 	{
 	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[9]={99, 99,12,31,23,59,59,12,59};
@@ -157,9 +148,7 @@ err:
 	return(0);
 	}
 
-int ASN1_GENERALIZEDTIME_set_string(s,str)
-ASN1_GENERALIZEDTIME *s;
-char *str;
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
 	{
 	ASN1_GENERALIZEDTIME t;
 
@@ -179,9 +168,8 @@ char *str;
 		return(0);
 	}
 
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(s, t)
-ASN1_GENERALIZEDTIME *s;
-time_t t;
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+	     time_t t)
 	{
 	char *p;
 	struct tm *ts;
@@ -195,9 +183,10 @@ time_t t;
 		return(NULL);
 
 #if defined(THREADS) && !defined(WIN32)
-	ts=(struct tm *)gmtime_r(&t,&data);
+	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+	ts=&data;
 #else
-	ts=(struct tm *)gmtime(&t);
+	ts=gmtime(&t);
 #endif
 	p=(char *)s->data;
 	if ((p == NULL) || (s->length < 16))
@@ -209,7 +198,7 @@ time_t t;
 		s->data=(unsigned char *)p;
 		}
 
-	sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year,
+	sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
 		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_GENERALIZEDTIME;

crypto/asn1/a_hdr.c

@@ -58,19 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "asn1.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
-/*
- * ASN1err(ASN1_F_D2I_ASN1_HEADER,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_ASN1_HEADER,ERR_R_BAD_GET_ASN1_OBJECT_CALL);
- * ASN1err(ASN1_F_I2D_ASN1_HEADER,ERR_R_BAD_GET_ASN1_OBJECT_CALL);
- * ASN1err(ASN1_F_ASN1_HEADER_NEW,ERR_R_BAD_GET_ASN1_OBJECT_CALL);
- */
-
-int i2d_ASN1_HEADER(a,pp)
-ASN1_HEADER *a;
-unsigned char **pp;
+int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -85,10 +76,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-ASN1_HEADER *d2i_ASN1_HEADER(a,pp,length)
-ASN1_HEADER **a;
-unsigned char **pp;
-long length;
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
 
@@ -107,7 +96,7 @@ long length;
         M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
 	}
 
-ASN1_HEADER *ASN1_HEADER_new()
+ASN1_HEADER *ASN1_HEADER_new(void)
 	{
 	ASN1_HEADER *ret=NULL;
 	ASN1_CTX c;
@@ -120,8 +109,7 @@ ASN1_HEADER *ASN1_HEADER_new()
         M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
 	}
 
-void ASN1_HEADER_free(a)
-ASN1_HEADER *a;
+void ASN1_HEADER_free(ASN1_HEADER *a)
 	{
 	if (a == NULL) return;
 	ASN1_OCTET_STRING_free(a->header);

crypto/asn1/a_i2d_fp.c

@@ -58,14 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1_mac.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1_mac.h>
 
 #ifndef NO_FP_API
-int ASN1_i2d_fp(i2d,out,x)
-int (*i2d)();
-FILE *out;
-unsigned char *x;
+int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
         {
         BIO *b;
         int ret;
@@ -82,10 +79,7 @@ unsigned char *x;
         }
 #endif
 
-int ASN1_i2d_bio(i2d,out,x)
-int (*i2d)();
-BIO *out;
-unsigned char *x;
+int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
 	{
 	char *b;
 	unsigned char *p;

crypto/asn1/a_int.c

@@ -58,17 +58,37 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_INTEGER,ASN1_R_EXPECTING_AN_INTEGER);
+/* 
+ * This converts an ASN1 INTEGER into its DER encoding.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally 
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing 
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
  */
 
-int i2d_ASN1_INTEGER(a,pp)
-ASN1_INTEGER *a;
-unsigned char **pp;
+int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 	{
 	int pad=0,ret,r,i,t;
-	unsigned char *p,*pt,*n,pb=0;
+	unsigned char *p,*n,pb=0;
 
 	if ((a == NULL) || (a->data == NULL)) return(0);
 	t=a->type;
@@ -78,16 +98,25 @@ unsigned char **pp;
 		{
 		ret=a->length;
 		i=a->data[0];
-		if ((t == V_ASN1_INTEGER) && (i > 127))
-			{
+		if ((t == V_ASN1_INTEGER) && (i > 127)) {
 			pad=1;
 			pb=0;
+		} else if(t == V_ASN1_NEG_INTEGER) {
+			if(i>128) {
+				pad=1;
+				pb=0xFF;
+			} else if(i == 128) {
+			/*
+			 * Special case: if any other bytes non zero we pad:
+			 * otherwise we don't.
+			 */
+				for(i = 1; i < a->length; i++) if(a->data[i]) {
+						pad=1;
+						pb=0xFF;
+						break;
+				}
 			}
-		else if ((t == V_ASN1_NEG_INTEGER) && (i>128))
-			{
-			pad=1;
-			pb=0xFF;
-			}
+		}
 		ret+=pad;
 		}
 	r=ASN1_object_size(0,ret,V_ASN1_INTEGER);
@@ -103,23 +132,31 @@ unsigned char **pp;
 		memcpy(p,a->data,(unsigned int)a->length);
 		p+=a->length;
 		}
-	else
-		{
-		n=a->data;
-		pt=p;
-		for (i=a->length; i>0; i--)
-			*(p++)= (*(n++)^0xFF)+1;
-		if (!pad) *pt|=0x80;
+	else {
+		/* Begin at the end of the encoding */
+		n=a->data + a->length - 1;
+		p += a->length - 1;
+		i = a->length;
+		/* Copy zeros to destination as long as source is zero */
+		while(!*n) {
+			*(p--) = 0;
+			n--;
+			i--;
 		}
+		/* Complement and increment next octet */
+		*(p--) = ((*(n--)) ^ 0xff) + 1;
+		i--;
+		/* Complement any octets left */
+		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+		p += a->length;
+	}
 
 	*pp=p;
 	return(r);
 	}
 
-ASN1_INTEGER *d2i_ASN1_INTEGER(a, pp, length)
-ASN1_INTEGER **a;
-unsigned char **pp;
-long length;
+ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_INTEGER *ret=NULL;
 	unsigned char *p,*to,*s;
@@ -161,16 +198,37 @@ long length;
 	if (*p & 0x80) /* a negative number */
 		{
 		ret->type=V_ASN1_NEG_INTEGER;
-		if (*p == 0xff)
-			{
+		if ((*p == 0xff) && (len != 1)) {
 			p++;
 			len--;
-			}
-		for (i=(int)len; i>0; i--)
-			*(to++)= (*(p++)^0xFF)+1;
 		}
-	else
-		{
+		i = len;
+		p += i - 1;
+		to += i - 1;
+		while((!*p) && i) {
+			*(to--) = 0;
+			i--;
+			p--;
+		}
+		/* Special case: if all zeros then the number will be of
+		 * the form FF followed by n zero bytes: this corresponds to
+		 * 1 followed by n zero bytes. We've already written n zeros
+		 * so we just append an extra one and set the first byte to
+		 * a 1. This is treated separately because it is the only case
+		 * where the number of bytes is larger than len.
+		 */
+		if(!i) {
+			*s = 1;
+			s[len] = 0;
+			p += len;
+			len++;
+		} else {
+			*(to--) = (*(p--) ^ 0xff) + 1;
+			i--;
+			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+			p += len;
+		}
+	} else {
 		ret->type=V_ASN1_INTEGER;
 		if ((*p == 0) && (len != 1))
 			{
@@ -179,7 +237,7 @@ long length;
 			}
 		memcpy(s,p,(int)len);
 		p+=len;
-		}
+	}
 
 	if (ret->data != NULL) Free((char *)ret->data);
 	ret->data=s;
@@ -194,9 +252,74 @@ err:
 	return(NULL);
 	}
 
-int ASN1_INTEGER_set(a,v)
-ASN1_INTEGER *a;
-long v;
+/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
+ * ASN1 integers: some broken software can encode a positive INTEGER
+ * with its MSB set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_INTEGER *ret=NULL;
+	unsigned char *p,*to,*s;
+	long len;
+	int inf,tag,xclass;
+	int i;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_INTEGER_new()) == NULL) return(NULL);
+		ret->type=V_ASN1_INTEGER;
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_INTEGER)
+		{
+		i=ASN1_R_EXPECTING_AN_INTEGER;
+		goto err;
+		}
+
+	/* We must Malloc stuff, even for 0 bytes otherwise it
+	 * signifies a missing NULL parameter. */
+	s=(unsigned char *)Malloc((int)len+1);
+	if (s == NULL)
+		{
+		i=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+	to=s;
+		ret->type=V_ASN1_INTEGER;
+		if ((*p == 0) && (len != 1))
+			{
+			p++;
+			len--;
+			}
+		memcpy(s,p,(int)len);
+		p+=len;
+
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->data=s;
+	ret->length=(int)len;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_INTEGER_free(ret);
+	return(NULL);
+	}
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
 	{
 	int i,j,k;
 	unsigned char buf[sizeof(long)+1];
@@ -229,15 +352,13 @@ long v;
 		d>>=8;
 		}
 	j=0;
-	if (v < 0) a->data[j++]=0;
 	for (k=i-1; k >=0; k--)
 		a->data[j++]=buf[k];
 	a->length=j;
 	return(1);
 	}
 
-long ASN1_INTEGER_get(a)
-ASN1_INTEGER *a;
+long ASN1_INTEGER_get(ASN1_INTEGER *a)
 	{
 	int neg=0,i;
 	long r=0;
@@ -266,9 +387,7 @@ ASN1_INTEGER *a;
 	return(r);
 	}
 
-ASN1_INTEGER *BN_to_ASN1_INTEGER(bn,ai)
-BIGNUM *bn;
-ASN1_INTEGER *ai;
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	{
 	ASN1_INTEGER *ret;
 	int len,j;
@@ -282,7 +401,8 @@ ASN1_INTEGER *ai;
 		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
 		goto err;
 		}
-	ret->type=V_ASN1_INTEGER;
+	if(bn->neg) ret->type = V_ASN1_NEG_INTEGER;
+	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
 	ret->data=(unsigned char *)Malloc(len+4);
@@ -293,13 +413,12 @@ err:
 	return(NULL);
 	}
 
-BIGNUM *ASN1_INTEGER_to_BN(ai,bn)
-ASN1_INTEGER *ai;
-BIGNUM *bn;
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
 	{
 	BIGNUM *ret;
 
 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
+	if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
 	return(ret);
 	}

crypto/asn1/a_meth.c

@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
 
 static  ASN1_METHOD ia5string_meth={
 	(int (*)())	i2d_ASN1_IA5STRING,
@@ -73,12 +73,12 @@ static  ASN1_METHOD bit_string_meth={
 	(char *(*)())	ASN1_STRING_new,
 	(void (*)())	ASN1_STRING_free};
 
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth()
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
 	{
 	return(&ia5string_meth);
 	}
 
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth()
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
 	{
 	return(&bit_string_meth);
 	}

crypto/asn1/a_object.c

@@ -58,18 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1.h"
-#include "objects.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
 
-/* ASN1err(ASN1_F_ASN1_OBJECT_NEW,ASN1_R_EXPECTING_AN_OBJECT); 
- * ASN1err(ASN1_F_D2I_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER); 
- * ASN1err(ASN1_F_I2T_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER);
- */
-
-int i2d_ASN1_OBJECT(a, pp)
-ASN1_OBJECT *a;
-unsigned char **pp;
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 	{
 	unsigned char *p;
 
@@ -87,14 +80,11 @@ unsigned char **pp;
 	return(a->length);
 	}
 
-int a2d_ASN1_OBJECT(out,olen,buf,num)
-unsigned char *out;
-int olen;
-char *buf;
-int num;
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 	{
 	int i,first,len=0,c;
-	char tmp[24],*p;
+	char tmp[24];
+	const char *p;
 	unsigned long l;
 
 	if (num == 0)
@@ -180,15 +170,12 @@ err:
 	return(0);
 	}
 
-int i2t_ASN1_OBJECT(buf,buf_len,a)
-char *buf;
-int buf_len;
-ASN1_OBJECT *a;
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
 	{
 	int i,idx=0,n=0,len,nid;
 	unsigned long l;
 	unsigned char *p;
-	char *s;
+	const char *s;
 	char tbuf[32];
 
 	if (buf_len <= 0) return(0);
@@ -246,9 +233,9 @@ ASN1_OBJECT *a;
 		}
 	else
 		{
-		s=(char *)OBJ_nid2ln(nid);
+		s=OBJ_nid2ln(nid);
 		if (s == NULL)
-			s=(char *)OBJ_nid2sn(nid);
+			s=OBJ_nid2sn(nid);
 		strncpy(buf,s,buf_len);
 		n=strlen(s);
 		}
@@ -256,9 +243,7 @@ ASN1_OBJECT *a;
 	return(n);
 	}
 
-int i2a_ASN1_OBJECT(bp,a)
-BIO *bp;
-ASN1_OBJECT *a;
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 	{
 	char buf[80];
 	int i;
@@ -271,10 +256,8 @@ ASN1_OBJECT *a;
 	return(i);
 	}
 
-ASN1_OBJECT *d2i_ASN1_OBJECT(a, pp, length)
-ASN1_OBJECT **a;
-unsigned char **pp;
-long length; 
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_OBJECT *ret=NULL;
 	unsigned char *p;
@@ -330,7 +313,7 @@ err:
 	return(NULL);
 	}
 
-ASN1_OBJECT *ASN1_OBJECT_new()
+ASN1_OBJECT *ASN1_OBJECT_new(void)
 	{
 	ASN1_OBJECT *ret;
 
@@ -349,14 +332,15 @@ ASN1_OBJECT *ASN1_OBJECT_new()
 	return(ret);
 	}
 
-void ASN1_OBJECT_free(a)
-ASN1_OBJECT *a;
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
 	{
 	if (a == NULL) return;
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
 		{
-		if (a->sn != NULL) Free(a->sn);
-		if (a->ln != NULL) Free(a->ln);
+#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause mempory leaks */
+		if (a->sn != NULL) Free((void *)a->sn);
+		if (a->ln != NULL) Free((void *)a->ln);
+#endif
 		a->sn=a->ln=NULL;
 		}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
@@ -366,14 +350,11 @@ ASN1_OBJECT *a;
 		a->length=0;
 		}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
-		Free((char *)a);
+		Free(a);
 	}
 
-ASN1_OBJECT *ASN1_OBJECT_create(nid,data,len,sn,ln)
-int nid;
-unsigned char *data;
-int len;
-char *sn,*ln;
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+	     char *sn, char *ln)
 	{
 	ASN1_OBJECT o;
 

crypto/asn1/a_octet.c

@@ -58,23 +58,16 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ASN1_R_EXPECTING_AN_OCTET_STRING);
- */
-
-int i2d_ASN1_OCTET_STRING(a, pp)
-ASN1_OCTET_STRING *a;
-unsigned char **pp;
+int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **pp)
 	{
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL));
 	}
 
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(a, pp, length)
-ASN1_OCTET_STRING **a;
-unsigned char **pp;
-long length;
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
+	     unsigned char **pp, long length)
 	{
 	ASN1_OCTET_STRING *ret=NULL;
 

crypto/asn1/a_print.c

@@ -58,49 +58,32 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_WRONG_PRINTABLE_TYPE);
- * ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_TAG_VALUE_TOO_HIGH);
- */
-
-int i2d_ASN1_IA5STRING(a,pp)
-ASN1_IA5STRING *a;
-unsigned char **pp;
+int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **pp)
 	{ return(M_i2d_ASN1_IA5STRING(a,pp)); }
 
-ASN1_IA5STRING *d2i_ASN1_IA5STRING(a,pp,l)
-ASN1_IA5STRING **a;
-unsigned char **pp;
-long l;
+ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, unsigned char **pp,
+	     long l)
 	{ return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
 
-ASN1_T61STRING *d2i_ASN1_T61STRING(a,pp,l)
-ASN1_T61STRING **a;
-unsigned char **pp;
-long l;
+ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, unsigned char **pp,
+	     long l)
 	{ return(M_d2i_ASN1_T61STRING(a,pp,l)); }
 
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(a,pp,l)
-ASN1_PRINTABLESTRING **a;
-unsigned char **pp;
-long l;
-	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,l)); }
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
+	     unsigned char **pp, long l)
+	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,
+	     l)); }
 
-int i2d_ASN1_PRINTABLE(a,pp)
-ASN1_STRING *a;
-unsigned char **pp;
+int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **pp)
 	{ return(M_i2d_ASN1_PRINTABLE(a,pp)); }
 
-ASN1_STRING *d2i_ASN1_PRINTABLE(a,pp,l)
-ASN1_STRING **a;
-unsigned char **pp;
-long l;
+ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, unsigned char **pp,
+	     long l)
 	{ return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
 
-int ASN1_PRINTABLE_type(s,len)
-unsigned char *s;
-int len;
+int ASN1_PRINTABLE_type(unsigned char *s, int len)
 	{
 	int c;
 	int ia5=0;
@@ -131,8 +114,7 @@ int len;
 	return(V_ASN1_PRINTABLESTRING);
 	}
 
-int ASN1_UNIVERSALSTRING_to_string(s)
-ASN1_UNIVERSALSTRING *s;
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
 	{
 	int i;
 	unsigned char *p;
@@ -159,3 +141,17 @@ ASN1_UNIVERSALSTRING *s;
 	return(1);
 	}
 
+
+int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **pp)
+	{ return(M_i2d_DIRECTORYSTRING(a,pp)); }
+
+ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_DIRECTORYSTRING(a,pp,l)); }
+
+int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **pp)
+	{ return(M_i2d_DISPLAYTEXT(a,pp)); }
+
+ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_DISPLAYTEXT(a,pp,l)); }

crypto/asn1/a_set.c

@@ -58,10 +58,8 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
 
-/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ERR_R_MALLOC_FAILURE);
- */
 typedef struct
     {
     unsigned char *pbData;
@@ -73,8 +71,8 @@ typedef struct
  */
 static int SetBlobCmp(const void *elem1, const void *elem2 )
     {
-    MYBLOB *b1 = (MYBLOB *)elem1;
-    MYBLOB *b2 = (MYBLOB *)elem2;
+    const MYBLOB *b1 = (const MYBLOB *)elem1;
+    const MYBLOB *b2 = (const MYBLOB *)elem2;
     int r;
 
     r = memcmp(b1->pbData, b2->pbData,
@@ -84,14 +82,9 @@ static int SetBlobCmp(const void *elem1, const void *elem2 )
     return b1->cbData-b2->cbData;
     }
 
-int i2d_ASN1_SET(a,pp,func,ex_tag,ex_class,is_set)
-STACK *a;
-unsigned char **pp;
-int (*func)();
-int ex_tag;
-int ex_class;
-int is_set;	/* if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */
-
+/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
+int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
+	     int ex_class, int is_set)
 	{
 	int ret=0,r;
 	int i;
@@ -158,14 +151,8 @@ SetBlob
         return(r);
         }
 
-STACK *d2i_ASN1_SET(a,pp,length,func,free_func,ex_tag,ex_class)
-STACK **a;
-unsigned char **pp;
-long length;
-char *(*func)();
-void (*free_func)();
-int ex_tag;
-int ex_class;
+STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
+	     char *(*func)(), void (*free_func)(), int ex_tag, int ex_class)
 	{
 	ASN1_CTX c;
 	STACK *ret=NULL;