This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_3beta1'.

Configure

@@ -97,7 +97,6 @@ my %table=(
 "debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe:(unknown):::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe:(unknown):::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-bodo",	"gcc:-DL_ENDIAN -O3 -g -m486 -Wall:-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 "dist",		"cc:-O:(unknown):::::",
 
 # Basic configs that should work on any box

INSTALL.VMS

@@ -127,29 +127,15 @@ The logical names that are set up are the following:
 
   SSLROOT       a dotted concealed logical name pointing at the
                 root directory.
+  SSLLIB        points at the directory where CRYPTORTL.OLB and
+		SSLRTL.OLB are installed.
+  SSLINCLUDE    points at the directory where the header files are
+                installed.
+  SSLEXE        points at the directory where the applications are
+                installed.
+  SSLCERTS      the place where the certificates are stored.
+  SSLPRIVATE    I'm actually not sure what this is used for.
 
-  SSLCERTS      Initially an empty directory, this is the default
-		location for certificate files.
-  SSLMISC	Various scripts.
-  SSLPRIVATE	Initially an empty directory, this is the default
-		location for private key files.
-
-  SSLEXE        Contains the openssl binary and a few other utility
-		programs.
-  SSLINCLUDE    Contains the header files needed if you want to
-		compile programs with libcrypto or libssl.
-  SSLLIB        Contains the OpenSSL library files (LIBCRYPTO.OLB
-		and LIBSSL.OLB) themselves.
-
-  OPENSSL	Same as SSLINCLUDE.  This is because the standard
-		way to include OpenSSL header files from version
-		0.9.3 and on is:
-
-			#include <openssl/header.h>
-
-		For more info on this issue, see the INSTALL. file
-		(the NOTE in section 4 of "Installation in Detail").
-		You don't need to "deleting old header files"!!!
 
 Backward portability:
 =====================

INSTALL.W32

@@ -6,7 +6,7 @@
  this is tested on Win32 but it may also work in Win 3.1 with some
  modification.  See the end of this file for Eric's original comments.
 
- You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
+ You need Perl for Win32 (available from http://activestate.com/ActivePerl)
  and one of the following C compilers:
 
   * Visual C++

Makefile.org

@@ -294,7 +294,7 @@ errors:
 
 tar:
 	@tar --norecurse -cvf - \
-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS | sort` |\
+		`find * -depth \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS | sort` |\
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\

VMS/00README.1st

@@ -1,63 +0,0 @@
-			OpenSSL 0.9.2c for VMS, README
-			written by Richard Levitte
-			<richard@levitte.org>
-
-
-For a more general overview of SSLeay, read README.
-If you just want to compile and install, read INSTALL.VMS
-
-
-A few notes:
-
-Things NOT done:
-================
-
-There are a bunch of directories that aren't touched on VMS so far.
-If anyone wants to add those capabilities, go right ahead.
-
-The directories not touched but that might be of interest in the
-future are:
-
-  [.DEMOS]
-  [.TOOLS]
-  [.UTIL]
-
-
-Things added by me:
-===================
-
-[.VMS]       a directory with VMS command procedures.  Right now,
-             there are a two of them, of which one is not finished.
-
-
-Things removed:
-===============
-
-In some other patch kits, there were things very OSU-httpd specific
-things.  I haven't included those, because they seem to belong more
-with the OSU source.
-
-I am, however, assembling those things in a separate package.
-
-
-TODO:
-=====
-
-- Description files.
-- Bug fixes (of course).
-- A VMSINSTALlable version (way in the future, unless someone else hacks).
-- shareable images (DLL for you Windows folks).
-- other...  Please send me ideas.
-
-
-Report bugs and such:
-=====================
-
-I maintain a few mailinglists for bug reports and such on software that
-I develop/port/enhance/destroy.  Please look at http://www.free.lp.se/
-for further info.
-
-
--- 
-Richard Levitte <richard@levitte.org>
-1999-03-09

VMS/WISHLIST.TXT

@@ -1,4 +0,0 @@
-* Have the building procedure contain a LINK-only possibility.
-  Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
-
-  One way to enable that is also to go over to DESCRIP.MMS files.

VMS/install.com

@@ -1,65 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 23-MAY-1998 19:22
-$!
-$! P1	root of the directory tree
-$!
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
-$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
-$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
-$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
-$	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
-$	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
-$
-$	OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
-$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
-$	WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999"
-$	WRITE SF "$!"
-$	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
-$	WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
-$	WRITE SF "$!"
-$	WRITE SF "$! P1	a qualifier to DEFINE.  For example ""/SYSTEM"" to get the logical names"
-$	WRITE SF "$!	defined in the system logical name table."
-$	WRITE SF "$!"
-$	WRITE SF "$	ARCH = ""VAX"""
-$	WRITE SF "$	IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLROOT		",ROOT,".] /TRANS=CONC"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLLIB		SSLROOT:['ARCH'_LIB]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLINCLUDE	SSLROOT:[INCLUDE]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLEXE		SSLROOT:['ARCH'_EXE]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLCERTS	SSLROOT:[CERTS]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLPRIVATE	SSLROOT:[PRIVATE]"
-$	WRITE SF "$"
-$	WRITE SF "$!	This is program can include <openssl/{foo}.h>"
-$	WRITE SF "$	DEFINE/NOLOG'P1	OPENSSL		SSLINCLUDE:"
-$	WRITE SF "$"
-$	WRITE SF "$	IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
-$	WRITE SF "	   @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
-$	WRITE SF "$"
-$	WRITE SF "$	EXIT"
-$	CLOSE SF
-$
-$	COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
-$
-$	EXIT

VMS/multinet_shr.opt

@@ -1 +0,0 @@
-multinet:multinet_socket_library.exe/share

VMS/openssl_utils.com

@@ -1,35 +0,0 @@
-$!
-$!  APPS.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!
-$! Slightly modified by Richard Levitte <richard@levitte.org>
-$!
-$ OPENSSL  :== $SSLEXE:OPENSSL
-$ VERIFY   :== $SSLEXE:OPENSSL VERIFY
-$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
-$ REQ      :== $SSLEXE:OPENSSL REQ
-$ DGST     :== $SSLEXE:OPENSSL DGST
-$ DH       :== $SSLEXE:OPENSSL DH
-$ ENC      :== $SSLEXE:OPENSSL ENC
-$ GENDH    :== $SSLEXE:OPENSSL GENDH
-$ ERRSTR   :== $SSLEXE:OPENSSL ERRSTR
-$ CA       :== $SSLEXE:OPENSSL CA
-$ CRL      :== $SSLEXE:OPENSSL CRL
-$ RSA      :== $SSLEXE:OPENSSL RSA
-$ DSA      :== $SSLEXE:OPENSSL DSA
-$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
-$ X509     :== $SSLEXE:OPENSSL X509
-$ GENRSA   :== $SSLEXE:OPENSSL GENRSA
-$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
-$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
-$ SPEED    :== $SSLEXE:OPENSSL SPEED
-$ S_TIME   :== $SSLEXE:OPENSSL S_TIME
-$ VERSION  :== $SSLEXE:OPENSSL VERSION
-$ PKCS7    :== $SSLEXE:OPENSSL PKCS7
-$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
-$ SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
-$ CIPHERS  :== $SSLEXE:OPENSSL CIPHERS

VMS/socketshr_shr.opt

@@ -1 +0,0 @@
-socketshr/share

VMS/ucx_shr_decc.opt

@@ -1 +0,0 @@
-sys$share:ucx$ipc_shr.exe/share

VMS/ucx_shr_decc_log.opt

@@ -1 +0,0 @@
-ucx$ipc_shr/share

VMS/ucx_shr_vaxc.opt

@@ -1 +0,0 @@
-sys$library:ucx$ipc.olb/library

apps/apps.h

@@ -59,7 +59,7 @@
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
 
-#include "openssl/e_os.h"
+#include <openssl/e_os.h>
 
 #include <openssl/buffer.h>
 #include <openssl/bio.h>

apps/eay.c

@@ -62,8 +62,7 @@
 
 #define MONOLITH
 #define USE_SOCKETS
-
-#include "openssl/e_os.h"
+#include <openssl/e_os.h>
 
 #include <openssl/bio.h>
 #include <openssl/stack.h>

apps/openssl-vms.cnf

@@ -3,17 +3,10 @@
 # This is mostly being used for generation of certificate requests.
 #
 
-RANDFILE		= $ENV::HOME/.rnd
-oid_file		= $ENV::HOME/.oid
+RANDFILE		= $ENV::HOME.rnd
+oid_file		= $ENV::HOME.oid
 oid_section		= new_oids
 
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions		= 
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
 [ new_oids ]
 
 # We can add new OIDs in here for use by 'ca' and 'req'.
@@ -42,11 +35,6 @@ private_key	= $dir.private]cakey.pem# The private key
 RANDFILE	= $dir.private].rand	# private random number file
 
 x509_extensions	= usr_cert		# The extentions to add to the cert
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crl_extensions	= crl_ext
-
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= md5			# which md to use.
@@ -135,33 +123,31 @@ basicConstraints=CA:FALSE
 # the certificate can be used for anything *except* object signing.
 
 # This is OK for an SSL server.
-# nsCertType			= server
+#nsCertType			= server
 
 # For an object signing certificate this would be used.
-# nsCertType = objsign
+#nsCertType = objsign
 
 # For normal client use this is typical
-# nsCertType = client, email
+#nsCertType = client, email
 
-# and for everything including object signing:
-# nsCertType = client, email, objsign
+# This is typical also
 
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
-# This will be displayed in Netscape's comment listbox.
 nsComment			= "OpenSSL Generated Certificate"
 
-# PKIX recommendations harmless if included in all certificates.
+# PKIX recommendations
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 
-# This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
-# subjectAltName=email:copy
+
+subjectAltName=email:copy
 
 # Copy subject details
-# issuerAltName=issuer:copy
+
+issuerAltName=issuer:copy
 
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
@@ -174,6 +160,8 @@ authorityKeyIdentifier=keyid,issuer:always
 
 # Extensions for a typical CA
 
+# It's a CA certificate
+basicConstraints = CA:true
 
 # PKIX recommendation.
 
@@ -184,31 +172,19 @@ authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
 
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
+# Key usage: again this should really be critical.
+keyUsage = cRLSign, keyCertSign
 
 # Some might want this also
-# nsCertType = sslCA, emailCA
+#nsCertType = sslCA, emailCA
 
 # Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
+subjectAltName=email:copy
 # Copy issuer details
-# issuerAltName=issuer:copy
+issuerAltName=issuer:copy
 
 # RAW DER hex encoding of an extension: beware experts only!
 # 1.2.3.5=RAW:02:03
 # You can even override a supported extension:
 # basicConstraints= critical, RAW:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always

config

@@ -304,7 +304,6 @@ echo Operating system: $GUESSOS
 case "$GUESSOS" in
   alpha-*-linux2) OUT="alpha-gcc" ;;
   ppc-*-linux2) OUT="linux-ppc" ;;
-  mips-*-linux?) OUT="linux-mips" ;;
   *-*-linux2) OUT="linux-elf" ;;
   *-*-linux1) OUT="linux-aout" ;;
   sun4u-sun-solaris2) OUT="solaris-usparc-$CC" ;;

crypto/bn/bntest.c

@@ -59,9 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-
-#include "openssl/e_os.h"
-
+#include <openssl/e_os.h>
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>

crypto/cast/cast_lcl.h

@@ -60,8 +60,7 @@
 #include <stdlib.h>
 #endif
 
-
-#include "openssl/e_os.h" /* OPENSSL_EXTERN */
+#include <openssl/e_os.h>	/* OPENSSL_EXTERN */
 
 #undef c2l
 #define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \

crypto/cryptlib.h

@@ -66,8 +66,7 @@
 extern "C" {
 #endif
 
-#include "openssl/e_os.h"
-
+#include <openssl/e_os.h>
 #include <openssl/crypto.h>
 #include <openssl/buffer.h> 
 #include <openssl/bio.h> 

crypto/md5/md5_locl.h

@@ -127,11 +127,7 @@ void md5_block_data_order (MD5_CTX *c, const void *p,int num);
  */
 #endif
 
-#ifndef FLAT_INC
 #include "../md32_common.h"
-#else
-#include "md32_common.h"
-#endif
 
 /*
 #define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))

crypto/opensslv.h

@@ -4,17 +4,15 @@
 /* Numeric release version identifier:
  * MMNNFFRBB: major minor fix final beta/patch
  * For example:
- * 0.9.3-dev	  0x00903000
- * 0.9.3beta1	  0x00903001
- * 0.9.3beta2-dev 0x00903002
- * 0.9.3beta2     0x00903002
- * 0.9.3	  0x00903100
- * 0.9.3a	  0x00903101
- * 1.2.3z	  0x1020311a
+ * 0.9.3-dev	0x00903000
+ * 0.9.3beta1	0x00903001
+ * 0.9.3	0x00903100
+ * 0.9.3a	0x00903101
+ * 1.2.3z	0x1020311a
  * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
  */
-#define OPENSSL_VERSION_NUMBER	0x00903100L
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.3 23 May 1999"
+#define OPENSSL_VERSION_NUMBER	0x00903001L
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.3beta1 20 May 1999"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 #endif /* HEADER_OPENSSLV_H */

crypto/pkcs7/pkcs7.h

@@ -66,11 +66,6 @@ extern "C" {
 #include <openssl/bio.h>
 #include <openssl/x509.h>
 
-#ifdef WIN32
-/* Under Win32 this is defined in wincrypt.h */
-#undef PKCS7_ISSUER_AND_SERIAL
-#endif
-
 /*
 Encryption_ID		DES-CBC
 Digest_ID		MD5
@@ -240,11 +235,11 @@ PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type,
 	unsigned char *md,unsigned int *len);
 #ifndef NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
+PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7);
 int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
 #endif
 PKCS7 *PKCS7_dup(PKCS7 *p7);
-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7);
 int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
 #endif
 

crypto/rand/md_rand.c

@@ -60,9 +60,7 @@
 #include <sys/types.h>
 #include <time.h>
 #include <string.h>
-
-#include "openssl/e_os.h"
-
+#include <openssl/e_os.h>
 #include <openssl/crypto.h>
 
 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)

crypto/rand/randfile.c

@@ -63,9 +63,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/types.h>
-
-#include "openssl/e_os.h"
-
+#include <openssl/e_os.h>
 #include <openssl/rand.h>
 
 #undef BUFSIZE

crypto/rsa/rsa_oaep_test.c

@@ -2,9 +2,7 @@
 
 #include <stdio.h>
 #include <string.h>
-
-#include "openssl/e_os.h"
-
+#include <openssl/e_os.h>
 #include <openssl/err.h>
 #ifdef NO_RSA
 int main(int argc, char *argv[])

crypto/x509/x509.h

@@ -86,12 +86,6 @@ extern "C" {
 
 #include <openssl/evp.h>
 
-
-#ifdef WIN32
-/* Under Win32 this is defined in wincrypt.h */
-#undef X509_NAME
-#endif
-
 #define X509_FILETYPE_PEM	1
 #define X509_FILETYPE_ASN1	2
 #define X509_FILETYPE_DEFAULT	3
@@ -557,39 +551,39 @@ int X509_NAME_digest(X509_NAME *data,EVP_MD *type,
 #endif
 
 #ifndef NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 **x509);
+X509 *d2i_X509_fp(FILE *fp, X509 *x509);
 int i2d_X509_fp(FILE *fp,X509 *x509);
-X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl);
 int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ *req);
 int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
 #ifndef NO_RSA
-RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
+RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
 int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
-RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA *rsa);
 int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
 #endif
 #ifndef NO_DSA
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
 int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
 #endif
 #endif
 
 #ifdef HEADER_BIO_H
-X509 *d2i_X509_bio(BIO *bp,X509 **x509);
+X509 *d2i_X509_bio(BIO *bp,X509 *x509);
 int i2d_X509_bio(BIO *bp,X509 *x509);
-X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL *crl);
 int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ *req);
 int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
 #ifndef NO_RSA
-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
+RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
 int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
-RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA *rsa);
 int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
 #endif
 #ifndef NO_DSA
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
 int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
 #endif
 #endif

crypto/x509/x_all.c

@@ -133,7 +133,7 @@ X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex)
 	}
 
 #ifndef NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 **x509)
+X509 *d2i_X509_fp(FILE *fp, X509 *x509)
 	{
 	return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
 		(char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
@@ -145,7 +145,7 @@ int i2d_X509_fp(FILE *fp, X509 *x509)
 	}
 #endif
 
-X509 *d2i_X509_bio(BIO *bp, X509 **x509)
+X509 *d2i_X509_bio(BIO *bp, X509 *x509)
 	{
 	return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
 		(char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
@@ -163,7 +163,7 @@ X509_CRL *X509_CRL_dup(X509_CRL *crl)
 	}
 
 #ifndef NO_FP_API
-X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL *crl)
 	{
 	return((X509_CRL *)ASN1_d2i_fp((char *(*)())
 		X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
@@ -176,7 +176,7 @@ int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
 	}
 #endif
 
-X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL *crl)
 	{
 	return((X509_CRL *)ASN1_d2i_bio((char *(*)())
 		X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
@@ -195,7 +195,7 @@ PKCS7 *PKCS7_dup(PKCS7 *p7)
 	}
 
 #ifndef NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 *p7)
 	{
 	return((PKCS7 *)ASN1_d2i_fp((char *(*)())
 		PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
@@ -208,7 +208,7 @@ int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
 	}
 #endif
 
-PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 *p7)
 	{
 	return((PKCS7 *)ASN1_d2i_bio((char *(*)())
 		PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
@@ -227,7 +227,7 @@ X509_REQ *X509_REQ_dup(X509_REQ *req)
 	}
 
 #ifndef NO_FP_API
-X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ *req)
 	{
 	return((X509_REQ *)ASN1_d2i_fp((char *(*)())
 		X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
@@ -240,7 +240,7 @@ int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
 	}
 #endif
 
-X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ *req)
 	{
 	return((X509_REQ *)ASN1_d2i_bio((char *(*)())
 		X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
@@ -266,7 +266,7 @@ RSA *RSAPrivateKey_dup(RSA *rsa)
 	}
 
 #ifndef NO_FP_API
-RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
 	{
 	return((RSA *)ASN1_d2i_fp((char *(*)())
 		RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
@@ -278,7 +278,7 @@ int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
 	return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
 	}
 
-RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA *rsa)
 	{
 	return((RSA *)ASN1_d2i_fp((char *(*)())
 		RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
@@ -291,7 +291,7 @@ int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
 	}
 #endif
 
-RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
 	{
 	return((RSA *)ASN1_d2i_bio((char *(*)())
 		RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
@@ -303,7 +303,7 @@ int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
 	return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
 	}
 
-RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA *rsa)
 	{
 	return((RSA *)ASN1_d2i_bio((char *(*)())
 		RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
@@ -318,7 +318,7 @@ int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
 
 #ifndef NO_DSA
 #ifndef NO_FP_API
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
 	{
 	return((DSA *)ASN1_d2i_fp((char *(*)())
 		DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
@@ -331,7 +331,7 @@ int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
 	}
 #endif
 
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
 	{
 	return((DSA *)ASN1_d2i_bio((char *(*)())
 		DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),

crypto/x509v3/v3_lib.c

@@ -131,7 +131,6 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
 void X509V3_EXT_cleanup(void)
 {
 	sk_pop_free(ext_list, ext_list_free);
-	ext_list = NULL;
 }
 
 static void ext_list_free(X509V3_EXT_METHOD *ext)

e_os.h

@@ -61,8 +61,8 @@
 
 #include <openssl/e_os2.h>
 /* <openssl/e_os2.h> contains what we can justify to make visible
- * to the outside; this file e_os.h is not part of the exported
- * interface. */
+ * to the outside.  e_os.h shouldn't even be in the include/openssl
+ * directory, these are just local definitions. */
 
 #ifdef  __cplusplus
 extern "C" {
@@ -103,6 +103,9 @@ extern "C" {
 #ifdef WIN32
 #define get_last_sys_error()	GetLastError()
 #define clear_sys_error()	SetLastError(0)
+/* These are defined in wincrypt.h and can cause problems */
+#undef X509_NAME
+#undef PKCS7_SIGNER_INFO
 #if !defined(WINNT)
 #define WIN_CONSOLE_BUG
 #endif
@@ -348,9 +351,6 @@ extern HINSTANCE _hInstance;
 #ifdef sgi
 #define IRIX_CC_BUG	/* all version of IRIX I've tested (4.* 5.*) */
 #endif
-#ifdef SNI
-#define IRIX_CC_BUG	/* CDS++ up to V2.0Bsomething suffered from the same bug.*/
-#endif
 
 #ifdef NO_MD2
 #define MD2_Init MD2Init

install.com

@@ -53,7 +53,7 @@ $	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
 	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
 $
 $	SDIRS := CRYPTO,SSL,RSAREF,APPS,VMS!,TEST,TOOLS
-$	EXHEADER := e_os.h,e_os2.h
+$	EXHEADER := e_os.h
 $
 $	COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG
 $

makevms.com

@@ -220,7 +220,7 @@ $ IF F$PARSE("SYS$DISK:[.INCLUDE.OPENSSL]") .EQS. "" THEN -
 $!
 $! Copy All The ".H" Files From The Main Directory.
 $!
-$ EXHEADER := e_os.h,e_os2.h
+$ EXHEADER := e_os.h
 $ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
 $!
 $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.

ms/do_nt.bat

@@ -1,7 +1,7 @@
 
 perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl no-asm VC-NT >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-NT >ms\ntdll.mak
+perl util\mk1mf.pl VC-NT no-asm >ms\nt.mak
+perl util\mk1mf.pl VC-NT dll no-asm >ms\ntdll.mak
 
-perl util\mkdef.pl libeay NT > ms\libeay32.def
-perl util\mkdef.pl ssleay NT > ms\ssleay32.def
+perl util\mkdef.pl NT libeay > ms\libeay32.def
+perl util\mkdef.pl NT ssleay > ms\ssleay32.def

ssl/s3_srvr.c

@@ -557,9 +557,7 @@ static int ssl3_get_client_hello(SSL *s)
 			{ /* previous session */
 			s->hit=1;
 			}
-		else if (i == -1)
-			goto err;
-		else /* i == 0 */
+		else
 			{
 			if (!ssl_get_new_session(s,1))
 				goto err;

ssl/ssl.c

@@ -61,6 +61,7 @@
 #include <string.h>
 
 #define USE_SOCKETS
+#include <openssl/e_os.h>
 
 #include <openssl/buffer.h>
 #include <openssl/stack.h>

ssl/ssl_locl.h

@@ -63,7 +63,7 @@
 #include <string.h>
 #include <errno.h>
 
-#include "openssl/e_os.h"
+#include <openssl/e_os.h>
 
 #include <openssl/buffer.h>
 #include <openssl/comp.h>

ssl/ssl_sess.c

@@ -168,8 +168,6 @@ int ssl_get_new_session(SSL *s, int session)
 			CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
 			if (r == NULL) break;
 			/* else - woops a session_id match */
-			/* XXX should also check external cache!
-			 * (But the probability of a collision is negligible, anyway...) */
 			}
 		}
 	else
@@ -190,29 +188,24 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 	/* This is used only by servers. */
 
 	SSL_SESSION *ret=NULL,data;
-	int fatal = 0;
+	int copy=1;
 
 	/* conn_init();*/
 	data.ssl_version=s->version;
 	data.session_id_length=len;
 	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
-		goto err;
+		return(0);
 	memcpy(data.session_id,session_id,len);
 
 	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 		{
 		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
 		ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
-		if (ret != NULL)
-		    /* don't allow other threads to steal it: */
-		    CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
 		}
 
 	if (ret == NULL)
 		{
-		int copy=1;
-	
 		s->ctx->stats.sess_miss++;
 		ret=NULL;
 		if (s->ctx->get_session_cb != NULL
@@ -221,52 +214,28 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 			{
 			s->ctx->stats.sess_cb_hit++;
 
-			/* Increment reference count now if the session callback
-			 * asks us to do so (note that if the session structures
-			 * returned by the callback are shared between threads,
-			 * it must handle the reference count itself [i.e. copy == 0],
-			 * or things won't be thread-safe). */
-			if (copy)
-				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-
 			/* The following should not return 1, otherwise,
 			 * things are very strange */
 			SSL_CTX_add_session(s->ctx,ret);
 			}
-		if (ret == NULL)
-			goto err;
+		if (ret == NULL) return(0);
 		}
 
-	/* Now ret is non-NULL, and we own one of its reference counts. */
-
 	if((s->verify_mode&SSL_VERIFY_PEER)
 	   && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
 	       || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
 	    {
-		/* We've found the session named by the client, but we don't
-		 * want to use it in this context. */
-		
-		if (s->sid_ctx_length == 0)
-			{
-			/* application should have used SSL[_CTX]_set_session_id_context
-			 * -- we could tolerate this and just pretend we never heard
-			 * of this session, but then applications could effectively
-			 * disable the session cache by accident without anyone noticing */
-
-			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
-			fatal = 1;
-			goto err;
-			}
-		else
-			{
-#if 0 /* The client cannot always know when a session is not appropriate,
-	   * so we shouldn't generate an error message. */
-
+		if (s->sid_ctx_length)
 			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-#endif
-			goto err; /* treat like cache miss */
-			}
-		}
+		else
+			/* application should have used SSL[_CTX]_set_session_id_context */
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+	    return 0;
+	    }
+
+	/* auto free it */
+	if (!copy)
+	    SSL_SESSION_free(ret);
 
 	if (ret->cipher == NULL)
 		{
@@ -281,25 +250,22 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 		else 
 			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
 		if (ret->cipher == NULL)
-			goto err;
+			return(0);
 		}
 
-
-#if 0 /* This is way too late. */
-
 	/* If a thread got the session, then 'swaped', and another got
 	 * it and then due to a time-out decided to 'Free' it we could
 	 * be in trouble.  So I'll increment it now, then double decrement
 	 * later - am I speaking rubbish?. */
 	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-#endif
 
 	if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
 		{
 		s->ctx->stats.sess_timeout++;
 		/* remove it from the cache */
 		SSL_CTX_remove_session(s->ctx,ret);
-		goto err;
+		SSL_SESSION_free(ret);		/* again to actually Free it */
+		return(0);
 		}
 
 	s->ctx->stats.sess_hit++;
@@ -312,14 +278,6 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 		SSL_SESSION_free(s->session);
 	s->session=ret;
 	return(1);
-
- err:
-	if (ret != NULL)
-		SSL_SESSION_free(ret);
-	if (fatal)
-		return -1;
-	else
-		return 0;
 	}
 
 int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)

ssl/ssl_task.c

@@ -123,10 +123,8 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
 
 #include <string.h>		/* from ssltest.c */
 #include <errno.h>
-
-#include "openssl/e_os.h"
-
 #include <openssl/buffer.h>
+#include <openssl/e_os.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>

ssl/ssltest.c

@@ -60,9 +60,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-
-#include "openssl/e_os.h"
-
+#include <openssl/e_os.h>
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/x509.h>