make update

These changes will be part of OpenSSL 0.9.6a beta3 [engine]

CHANGES

@@ -2,10 +2,341 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
+ Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]
+
+  *) Fix for asn1_GetSequence() for indefinite length constructed data.
+     If SEQUENCE is length is indefinite just set c->slen to the total
+     amount of data available.
+     [Steve Henson, reported by shige@FreeBSD.org]
+     [This change does not apply to 0.9.7.]
+
+  *) Change bctest to avoid here-documents inside command substitution
+     (workaround for FreeBSD /bin/sh bug).
+     [Bodo Moeller]
+
+  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
+     with des_encrypt() defined on some operating systems, like Solaris
+     and UnixWare.
+     [Richard Levitte]
+
+  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
+     On the Importance of Eliminating Errors in Cryptographic
+     Computations, J. Cryptology 14 (2001) 2, 101-119,
+     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
+     [Ulf Moeller]
+  
+  *) MIPS assembler BIGNUM division bug fix. 
+     [Andy Polyakov]
+
+  *) Fix PKCS#7 decode routines so they correctly update the length
+     after reading an EOC for the EXPLICIT tag.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Fix bug in PKCS#12 key generation routines. This was triggered
+     if a 3DES key was generated with a 0 initial byte. Include
+     PKCS12_BROKEN_KEYGEN compilation option to retain the old
+     (but broken) behaviour.
+     [Steve Henson]
+
+  *) Enhance bctest to search for a working bc along $PATH and print
+     it when found.
+     [Tim Rice <tim@multitalents.net> via Richard Levitte]
+
+  *) Fix memory leaks in err.c: free err_data string if necessary;
+     don't write to the wrong index in ERR_set_error_data.
+     [Bodo Moeller]
+
+  *) Implement ssl23_peek (analogous to ssl23_read), which previously
+     did not exist.
+     [Bodo Moeller]
+
+  *) Replace rdtsc with _emit statements for VC++ version 5.
+     [Jeremy Cooper <jeremy@baymoo.org>]
+
+  *) Make it possible to reuse SSLv2 sessions.
+     [Richard Levitte]
+
+  *) In copy_email() check for >= 0 as a return value for
+     X509_NAME_get_index_by_NID() since 0 is a valid index.
+     [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
+
+  *) Avoid coredump with unsupported or invalid public keys by checking if
+     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+     PKCS7_verify() fails with non detached data.
+     [Steve Henson]
+
+  *) Don't use getenv in library functions when run as setuid/setgid.
+     New function OPENSSL_issetugid().
+     [Ulf Moeller]
+
+  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+     due to incorrect handling of multi-threading:
+
+     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+     3. Count how many times MemCheck_off() has been called so that
+        nested use can be treated correctly.  This also avoids 
+        inband-signalling in the previous code (which relied on the
+        assumption that thread ID 0 is impossible).
+     [Bodo Moeller]
+
+  *) Add "-rand" option also to s_client and s_server.
+     [Lutz Jaenicke]
+
+  *) Fix CPU detection on Irix 6.x.
+     [Kurt Hockenbury <khockenb@stevens-tech.edu> and
+      "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+     was empty.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
+  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+     Bleichenbacher's DSA attack.
+     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+     to be set and top=0 forces the highest bit to be set; top=-1 is new
+     and leaves the highest bit random.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) In the NCONF_...-based implementations for CONF_... queries
+     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+     a temporary CONF structure with the data component set to NULL
+     (which gives segmentation faults in lh_retrieve).
+     Instead, use NULL for the CONF pointer in CONF_get_string and
+     CONF_get_number (which may use environment variables) and directly
+     return NULL from CONF_get_section.
+     [Bodo Moeller]
+
+  *) Fix potential buffer overrun for EBCDIC.
+     [Ulf Moeller]
+
+  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+     keyUsage if basicConstraints absent for a CA.
+     [Steve Henson]
+
+  *) Make SMIME_write_PKCS7() write mail header values with a format that
+     is more generally accepted (no spaces before the semicolon), since
+     some programs can't parse those values properly otherwise.  Also make
+     sure BIO's that break lines after each write do not create invalid
+     headers.
+     [Richard Levitte]
+
+  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+     macros previously used would not encode an empty SEQUENCE OF
+     and break the signature.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
+  *) Add some EVP_add_digest_alias registrations (as found in
+     OpenSSL_add_all_digests()) to SSL_library_init()
+     aka OpenSSL_add_ssl_algorithms().  This provides improved
+     compatibility with peers using X.509 certificates
+     with unconventional AlgorithmIdentifier OIDs.
+     [Bodo Moeller]
+
+  *) Fix for Irix with NO_ASM.
+     ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) ./config script fixes.
+     [Ulf Moeller, Richard Levitte]
+
+  *) Fix 'openssl passwd -1'.
+     [Bodo Moeller]
+
+  *) Change PKCS12_key_gen_asc() so it can cope with non null
+     terminated strings whose length is passed in the passlen
+     parameter, for example from PEM callbacks. This was done
+     by adding an extra length parameter to asc2uni().
+     [Steve Henson, reported by <oddissey@samsung.co.kr>]
+
+  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+     call failed, free the DSA structure.
+     [Bodo Moeller]
+
+  *) Fix to uni2asc() to cope with zero length Unicode strings.
+     These are present in some PKCS#12 files.
+     [Steve Henson]
+
+  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+     when writing a 32767 byte record.
+     [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
+
+  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+     (RSA objects have a reference count access to which is protected
+     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+     so they are meant to be shared between threads.)
+     [Bodo Moeller, Geoff Thorpe; original patch submitted by
+     "Reddie, Steven" <Steven.Reddie@ca.com>]
+
+  *) Fix a deadlock in CRYPTO_mem_leaks().
+     [Bodo Moeller]
+
+  *) Use better test patterns in bntest.
+     [Ulf M<>ller]
+
+  *) rand_win.c fix for Borland C.
+     [Ulf M<>ller]
+ 
+  *) BN_rshift bugfix for n == 0.
+     [Bodo Moeller]
+
+  *) Add a 'bctest' script that checks for some known 'bc' bugs
+     so that 'make test' does not abort just because 'bc' is broken.
+     [Bodo Moeller]
+
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+     SSL3_RT_APPLICATION_DATA, return 0.
+     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+     [Bodo Moeller]
+
+  *) Fix SSL_peek:
+     Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+     releases, have been re-implemented by renaming the previous
+     implementations of ssl2_read and ssl3_read to ssl2_read_internal
+     and ssl3_read_internal, respectively, and adding 'peek' parameters
+     to them.  The new ssl[23]_{read,peek} functions are calls to
+     ssl[23]_read_internal with the 'peek' flag set appropriately.
+     A 'peek' parameter has also been added to ssl3_read_bytes, which
+     does the actual work for ssl3_read_internal.
+     [Bodo Moeller]
+
+  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+     the method-specific "init()" handler. Also clean up ex_data after
+     calling the method-specific "finish()" handler. Previously, this was
+     happening the other way round.
+     [Geoff Thorpe]
+
+  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+     The previous value, 12, was not always sufficient for BN_mod_exp().
+     [Bodo Moeller]
+
+  *) Make sure that shared libraries get the internal name engine with
+     the full version number and not just 0.  This should mark the
+     shared libraries as not backward compatible.  Of course, this should
+     be changed again when we can guarantee backward binary compatibility.
+     [Richard Levitte]
+
+  *) Fix typo in get_cert_by_subject() in by_dir.c
+     [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
+
+  *) Rework the system to generate shared libraries:
+
+     - Make note of the expected extension for the shared libraries and
+       if there is a need for symbolic links from for example libcrypto.so.0
+       to libcrypto.so.0.9.7.  There is extended info in Configure for
+       that.
+
+     - Make as few rebuilds of the shared libraries as possible.
+
+     - Still avoid linking the OpenSSL programs with the shared libraries.
+
+     - When installing, install the shared libraries separately from the
+       static ones.
+     [Richard Levitte]
+
+  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+     and not in SSL_clear because the latter is also used by the
+     accept/connect functions; previously, the settings made by
+     SSL_set_read_ahead would be lost during the handshake.
+     [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]     
+
+  *) Correct util/mkdef.pl to be selective about disabled algorithms.
+     Previously, it would create entries for disableed algorithms no
+     matter what.
+     [Richard Levitte]
+
+  *) Added several new manual pages for SSL_* function.
+     [Lutz Jaenicke]
+
+ Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
+
+  *) In ssl23_get_client_hello, generate an error message when faced
+     with an initial SSL 3.0/TLS record that is too small to contain the
+     first two bytes of the ClientHello message, i.e. client_version.
+     (Note that this is a pathologic case that probably has never happened
+     in real life.)  The previous approach was to use the version number
+     from the record header as a substitute; but our protocol choice
+     should not depend on that one because it is not authenticated
+     by the Finished messages.
+     [Bodo Moeller]
+
+  *) More robust randomness gathering functions for Windows.
+     [Jeffrey Altman <jaltman@columbia.edu>]
+
+  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+     not set then we don't setup the error code for issuer check errors
+     to avoid possibly overwriting other errors which the callback does
+     handle. If an application does set the flag then we assume it knows
+     what it is doing and can handle the new informational codes
+     appropriately.
+     [Steve Henson]
+
+  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
+     a general "ANY" type, as such it should be able to decode anything
+     including tagged types. However it didn't check the class so it would
+     wrongly interpret tagged types in the same way as their universal
+     counterpart and unknown types were just rejected. Changed so that the
+     tagged and unknown types are handled in the same way as a SEQUENCE:
+     that is the encoding is stored intact. There is also a new type
+     "V_ASN1_OTHER" which is used when the class is not universal, in this
+     case we have no idea what the actual type is so we just lump them all
+     together.
+     [Steve Henson]
+
+  *) On VMS, stdout may very well lead to a file that is written to
+     in a record-oriented fashion.  That means that every write() will
+     write a separate record, which will be read separately by the
+     programs trying to read from it.  This can be very confusing.
+
+     The solution is to put a BIO filter in the way that will buffer
+     text until a linefeed is reached, and then write everything a
+     line at a time, so every record written will be an actual line,
+     not chunks of lines and not (usually doesn't happen, but I've
+     seen it once) several lines in one record.  BIO_f_linebuffer() is
+     the answer.
+
+     Currently, it's a VMS-only method, because that's where it has
+     been tested well enough.
+     [Richard Levitte]
+
+  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
+     it can return incorrect results.
+     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
+     but it was in 0.9.6-beta[12].)
+     [Bodo Moeller]
+
+  *) Disable the check for content being present when verifying detached
+     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
+     include zero length content when signing messages.
+     [Steve Henson]
 
   *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
      BIO_ctrl (for BIO pairs).
+     [Bodo M<>ller]
 
   *) Add DSO method for VMS.
      [Richard Levitte]
@@ -239,7 +570,7 @@
      [Steve Henson]
 
   *) Changes needed for Tandem NSK.
-     [Scott Uroff scott@xypro.com]
+     [Scott Uroff <scott@xypro.com>]
 
   *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
      RSA_padding_check_SSLv23(), special padding was never detected

Configure

@@ -10,7 +10,7 @@ use strict;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -23,11 +23,20 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               default).  This needn't be set in advance, you can
 #               just as well use "make INSTALL_PREFIX=/whatever install".
 #
+# no-hw-xxx     do not compile support for specific crypto hardware.
+#               Generic OpenSSL-style methods relating to this support
+#               are always compiled but return NULL if the hardware
+#               support isn't compiled.
+# no-hw         do not compile support for any crypto hardware.
 # rsaref        use RSAref
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries when supported.
+#               IT IS NOT RECOMMENDED TO USE "shared"!  Since this is a
+#               development branch, the positions of the ENGINE symbols
+#               in the transfer vector are constantly moving, so binary
+#               backward compatibility can't be guaranteed in any way.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
@@ -89,6 +98,11 @@ my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm
 my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
 my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
 
+my $mips3_irix_asm="asm/mips3.o::::::::";
+# There seems to be boundary faults in asm/alpha.s.
+#my $alpha_asm="asm/alpha.o::::::::";
+my $alpha_asm="::::::::";
+
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
 
@@ -127,32 +141,32 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Linux setups
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
@@ -178,11 +192,11 @@ my %table=(
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
 
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -216,16 +230,16 @@ my %table=(
 # Since there is mention of this in shlib/hpux10-cc.sh
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",
 
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldl:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dl",
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
 
 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
@@ -256,13 +270,16 @@ my %table=(
 #"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 # Use unified settings above instead.
 
+#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
-"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
@@ -277,31 +294,32 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 
 # assembler versions -- currently defunct:
-##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
@@ -311,11 +329,16 @@ my %table=(
 "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
 
 # Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
-# UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+# UnixWare 2.0x fails destest with -O
+"unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium:-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+
+# UnixWare 2.1
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
 # UnixWare 7
 "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
@@ -323,6 +346,8 @@ my %table=(
 # IBM's AIX.
 "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
 
 #
 # Cray T90 (SDSC)
@@ -352,9 +377,13 @@ my %table=(
 "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
 "dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 
+# SCO 3 - Tim Rice <tim@multitalents.net>
+"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
 "sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 
 # Sinix/ReliantUNIX RM400
@@ -394,10 +423,10 @@ my %table=(
 ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
 
 # Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn",
-"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 ##### MacOS X (a.k.a. Rhapsody) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -439,10 +468,10 @@ my $md5_obj="";
 my $sha1_obj="";
 my $rmd160_obj="";
 my $processor="";
-my $ranlib;
+my $default_ranlib;
 my $perl;
 
-$ranlib=&which("ranlib") or $ranlib="true";
+$default_ranlib= &which("ranlib") or $default_ranlib="true";
 $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
   or $perl="perl";
 
@@ -487,6 +516,18 @@ PROCESS_ARGS:
 			$flags .= "-DNO_ASM ";
 			$openssl_other_defines .= "#define NO_ASM\n";
 			}
+		elsif (/^no-hw-(.+)$/)
+			{
+			my $hw=$1;
+			$hw =~ tr/[a-z]/[A-Z]/;
+			$flags .= "-DNO_HW_$hw ";
+			$openssl_other_defines .= "#define NO_HW_$hw\n";
+			}
+		elsif (/^no-hw$/)
+			{
+			$flags .= "-DNO_HW ";
+			$openssl_other_defines .= "#define NO_HW\n";
+			}
 		elsif (/^no-dso$/)
 			{ $no_dso=1; }
 		elsif (/^no-threads$/)
@@ -629,8 +670,8 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
 print "IsWindows=$IsWindows\n";
 
 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
-	split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension,my $ranlib)=
+	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 $cflags="$flags$cflags" if ($flags ne "");
 
 # The DSO code currently always implements all functions so that no
@@ -705,17 +746,27 @@ if ($threads)
 	}
 
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
-my $shared_mark1 = "";
-my $shared_mark2 = "";
-if ($shared_cflag ne "")
+my $shared_mark = "";
+if ($shared_target ne "")
 	{
-	$cflags = "$shared_cflag $cflags";
+	if ($shared_cflag ne "")
+		{
+		$cflags = "$shared_cflag $cflags";
+		}
 	if (!$no_shared)
 		{
-		$shared_mark1 = ".shlib-clean.";
-		$shared_mark2 = ".shlib.";
+		#$shared_mark = "\$(SHARED_LIBS)";
 		}
 	}
+else
+	{
+	$no_shared = 1;
+	}
+
+if ($ranlib eq "")
+	{
+	$ranlib = $default_ranlib;
+	}
 
 #my ($bn1)=split(/\s+/,$bn_obj);
 #$bn1 = "" unless defined $bn1;
@@ -797,6 +848,7 @@ while (<IN>)
 	s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
 	s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
 	s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
+	s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
 	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
 	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
 	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
@@ -820,9 +872,9 @@ while (<IN>)
 	s/^RANLIB=.*/RANLIB= $ranlib/;
 	s/^PERL=.*/PERL= $perl/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
-	s/^SHLIB_MARK1=.*/SHLIB_MARK1=$shared_mark1/;
-	s/^SHLIB_MARK2=.*/SHLIB_MARK2=$shared_mark2/;
-	s/^LIBS=.*/LIBS=libcrypto\.so\* libssl\.so\*/ if (!$no_shared);
+	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+	s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/);
 	print OUT $_."\n";
 	}
 close(IN);
@@ -1109,8 +1161,9 @@ sub print_table_entry
 	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
 	my $bn_obj,my $des_obj,my $bf_obj,
 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
-	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
-	split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
+	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
+	my $shared_extension,my $ranlib)=
+	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 			
 	print <<EOF
 
@@ -1133,5 +1186,7 @@ sub print_table_entry
 \$dso_scheme   = $dso_scheme
 \$shared_target= $shared_target
 \$shared_cflag = $shared_cflag
+\$shared_extension = $shared_extension
+\$ranlib       = $ranlib
 EOF
 	}

FAQ

@@ -32,7 +32,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.5a was released on April 1st, 2000.
+OpenSSL 0.9.6 was released on September 24th, 2000.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -135,7 +135,7 @@ installing the SUNski package from Sun patch 105710-01 (Sparc) which
 adds a /dev/random device and make sure it gets used, usually through
 $RANDFILE.  There are probably similar patches for the other Solaris
 versions.  However, be warned that /dev/random is usually a blocking
-device, which may have som effects on OpenSSL.
+device, which may have some effects on OpenSSL.
 
 
 * Why does the linker complain about undefined symbols?
@@ -194,7 +194,7 @@ unsigned char *buf, *p;
 int len;
 
 len = i2d_PKCS7(p7, NULL);
-buf = OPENSSL_Malloc(len); /* or Malloc, error checking omitted */
+buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
 p = buf;
 i2d_PKCS7(p7, &p);
 

INSTALL

@@ -57,7 +57,10 @@
 
   shared        In addition to the usual static libraries, create shared
                 libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.
+                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
+                this is a development branch, the positions of the ENGINE
+                symbols in the transfer vector are constantly moving, so
+                binary backward compatibility can't be guaranteed in any way.
 
   no-asm        Do not use assembler code.
 

INSTALL.W32

@@ -108,8 +108,8 @@
 
  * Compiler installation:
 
-   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
-   mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
+   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
    <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
    make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
    C:\egcs-1.1.2\mingw32.bat to set the PATH.

LICENSE

@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

Makefile.org

@@ -9,6 +9,7 @@ SHLIB_VERSION_NUMBER=
 SHLIB_VERSION_HISTORY=
 SHLIB_MAJOR=
 SHLIB_MINOR=
+SHLIB_EXT=
 PLATFORM=dist
 OPTIONS=
 CONFIGURE_ARGS=
@@ -56,13 +57,13 @@ CC= gcc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 DEPFLAG= 
-PEX_LIBS= -L. -L.. -L../.. -L../../..
+PEX_LIBS= 
 EX_LIBS= 
 AR=ar r
 RANLIB= ranlib
 PERL= perl
 TAR= tar
-TARFLAGS= --norecurse
+TARFLAGS= --no-recursion
 
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -149,21 +150,18 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
 
-# To do special treatment, use "directory names" starting with a period.
 # When we're prepared to use shared libraries in the programs we link here
-# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
-# or have that configurable.
-SHLIB_MARK1=.shlib-clean.
-SHLIB_MARK2=.shlib.
+# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
+SHLIB_MARK=
 
-DIRS=   crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
+DIRS=   crypto ssl rsaref $(SHLIB_MARK) apps test tools
 SHLIBDIRS= crypto ssl
 
 # dirs in crypto to build
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
@@ -180,7 +178,10 @@ ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
-SHARED_LIBS=libcrypto.so libssl.so
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=
 
 GENERAL=        Makefile
 BASENAME=       openssl
@@ -190,108 +191,93 @@ WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os.h e_os2.h
 HEADER=         e_os.h
 
-all: Makefile.ssl
-	@need_shlib=true; \
-	for i in $(DIRS) ;\
-	do \
-	if [ "$$i" = ".shlib-clean." ]; then \
-		if [ "$(SHLIB_TARGET)" != "" ]; then \
-			$(MAKE) clean-shared; \
-		fi; \
-	elif [ "$$i" = ".shlib." ]; then \
-		if [ "$(SHLIB_TARGET)" != "" ]; then \
-			$(MAKE) $(SHARED_LIBS); \
-		fi; \
-		need_shlib=false; \
-	else \
-		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
-	fi; \
-	done; \
-	if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
-		$(MAKE) $(SHARED_LIBS); \
-	fi
+# When we're prepared to use shared libraries in the programs we link here
+# we might remove 'clean-shared' from the targets to perform at this stage
+
+all: clean-shared Makefile.ssl sub_all
 
 sub_all:
-	@need_shlib=true; \
-	for i in $(DIRS) ;\
+	@for i in $(DIRS); \
 	do \
-	if [ "$$i" = ".shlib-clean." ]; then \
-		if [ "$(SHLIB_TARGET)" != "" ]; then \
-			$(MAKE) clean-shared; \
-		fi; \
-	elif [ "$$i" = ".shlib." ]; then \
-		if [ "$(SHLIB_TARGET)" != "" ]; then \
-			$(MAKE) $(SHARED_LIBS); \
-		fi; \
-		need_shlib=false; \
-	else \
+	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+	else \
+		$(MAKE) $$i; \
 	fi; \
 	done; \
-	if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
+	if echo "$(DIRS)" | \
+	    egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
+	   [ -n "$(SHARED_LIBS)" ]; then \
 		$(MAKE) $(SHARED_LIBS); \
 	fi
 
-libcrypto.so: libcrypto.a
+libcrypto$(SHLIB_EXT): libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
+		$(MAKE) SHLIBDIRS=crypto build-shared; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
-libssl.so: libcrypto.so libssl.a
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' $(SHLIB_TARGET); \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
 
 clean-shared:
-	for i in ${SHLIBDIRS}; do \
-	rm -f lib$$i.so \
-		lib$$i.so.${SHLIB_MAJOR} \
-		lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	@for i in $(SHLIBDIRS); do \
+		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+			for j in $${tmp:-x}; do \
+				( set -x; rm -f lib$$i$$j ); \
+			done; \
+		fi; \
+		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
 	done
 
-linux-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	rm -f lib$$i.so \
-		lib$$i.so.${SHLIB_MAJOR} \
-		lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+link-shared:
+	@for i in $(SHLIBDIRS); do \
+		prev=lib$$i$(SHLIB_EXT); \
+		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+			for j in $${tmp:-x}; do \
+				( set -x; ln -f -s $$prev lib$$i$$j ); \
+				prev=lib$$i$$j; \
+			done; \
+		fi; \
+	done
+
+build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
+
+do_bsd-gcc-shared: linux-shared
+do_linux-shared: do_gnu-shared
+do_gnu-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
+		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
-	( set -x; \
-		ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			lib$$i.so.${SHLIB_MAJOR}; \
-		ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
+	libs="$$libs -l$$i"; \
 	done
 
 # This assumes that GNU utilities are *not* used
-true64-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+do_tru64-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
 		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
+	libs="$$libs -l$$i"; \
 	done
 
 # This assumes that GNU utilities are *not* used
-solaris-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	rm -f lib$$i.so \
-		lib$$i.so.${SHLIB_MAJOR} \
-		lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
-	( set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-h lib$$i.so.${SHLIB_MAJOR} \
+do_solaris-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
-	ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		lib$$i.so.${SHLIB_MAJOR}; \
-	ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
+	libs="$$libs -l$$i"; \
 	done
 
 Makefile.ssl: Makefile.org
@@ -306,7 +292,7 @@ clean:
 	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
 	@for i in $(DIRS) ;\
 	do \
-	if echo "$$i" | grep -v '^\.'; then \
+	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making clean in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
 		rm -f $(LIBS); \
@@ -327,7 +313,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
 	@for i in $(DIRS) ;\
 	do \
-	if echo "$$i" | grep -v '^\.'; then \
+	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making 'files' in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
 	fi; \
@@ -338,7 +324,7 @@ links:
 	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
 	@for i in $(DIRS); do \
-	if echo "$$i" | grep -v '^\.'; then \
+	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making links in $$i..." && \
 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
 	fi; \
@@ -348,7 +334,7 @@ dclean:
 	rm -f *.bak
 	@for i in $(DIRS) ;\
 	do \
-	if echo "$$i" | grep -v '^\.'; then \
+	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dclean in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
 	fi; \
@@ -372,7 +358,7 @@ report:
 depend:
 	@for i in $(DIRS) ;\
 	do \
-	if echo "$$i" | grep -v '^\.'; then \
+	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
 	fi; \
@@ -381,7 +367,7 @@ depend:
 lint:
 	@for i in $(DIRS) ;\
 	do \
-	if echo "$$i" | grep -v '^\.'; then \
+	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making lint $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
 	fi; \
@@ -390,7 +376,7 @@ lint:
 tags:
 	@for i in $(DIRS) ;\
 	do \
-	if echo "$$i" | grep -v '^\.'; then \
+	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making tags $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
 	fi; \
@@ -452,7 +438,7 @@ install: all install_docs
 	done;
 	@for i in $(DIRS) ;\
 	do \
-	if echo "$$i" | grep -v '^\.'; then \
+	if [ -d "$$i" ]; then \
 		(cd $$i; echo "installing $$i..."; \
 		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
 	fi; \
@@ -466,6 +452,20 @@ install: all install_docs
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi \
 	done
+	@if [ -n "$(SHARED_LIBS)" ]; then \
+		tmp="$(SHARED_LIBS)"; \
+		for i in $${tmp:-x}; \
+		do \
+			if [ -f "$$i" ]; then \
+			(       echo installing $$i; \
+				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+				chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+			fi \
+		done; \
+		(	here="`pwd`"; \
+			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+			make -f $$here/Makefile link-shared ); \
+	fi
 
 install_docs:
 	@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -492,11 +492,4 @@ install_docs:
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 
-shlib: all
-	if [ ! -d shlib_dir ] ; then mkdir shlib_dir ; else rm -f shlib_dir/* ; fi
-	cd shlib_dir ; ar -x ../libcrypto.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libcrypto.so.0.9 \
-            -o ./libcrypto.so.0.9.4 && rm *.o
-	cd shlib_dir ; ar -x ../libssl.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libssl.so.0.9 \
-            -o ./libssl.so.0.9.4 && rm *.o
-
 # DO NOT DELETE THIS LINE -- make depend depends on it.

NEWS

@@ -5,6 +5,46 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
+
+  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
+
+      o Some documentation for BIO and SSL libraries.
+      o Enhanced chain verification using key identifiers.
+      o New sign and verify options to 'dgst' application.
+      o Support for DER and PEM encoded messages in 'smime' application.
+      o New 'rsautl' application, low level RSA utility.
+      o MD4 now included.
+      o Bugfix for SSL rollback padding check.
+      o Support for external crypto devices [1].
+      o Enhanced EVP interface.
+
+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
   Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
 
       o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.6-beta2 17 Sep 2000
+ OpenSSL 0.9.6a-beta3 [engine] 30 Mar 2001
 
  Copyright (c) 1998-2000 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -163,6 +163,9 @@
  the string "[PATCH]" in the subject. Please be sure to include a
  textual explanation of what your patch does.
 
+ Note: For legal reasons, contributions from the US can be accepted only
+ if a copy of the patch is sent to crypt@bxa.doc.gov
+
  The preferred format for changes is "diff -u" output. You might
  generate it like this:
 

README.ENGINE

@@ -0,0 +1,63 @@
+
+  ENGINE
+  ======
+
+  With OpenSSL 0.9.6, a new component has been added to support external 
+  crypto devices, for example accelerator cards.  The component is called
+  ENGINE, and has still a pretty experimental status and almost no
+  documentation.  It's designed to be faily easily extensible by the
+  calling programs.
+
+  There's currently built-in support for the following crypto devices:
+
+      o CryptoSwift
+      o Compaq Atalla
+      o nCipher CHIL
+
+  A number of things are still needed and are being worked on:
+
+      o An openssl utility command to handle or at least check available
+        engines.
+      o A better way of handling the methods that are handled by the
+        engines.
+      o Documentation!
+
+  What already exists is fairly stable as far as it has been tested, but
+  the test base has been a bit small most of the time.
+
+  Because of this experimental status and what's lacking, the ENGINE
+  component is not yet part of the default OpenSSL distribution.  However,
+  we have made a separate kit for those who want to try this out, to be
+  found in the same places as the default OpenSSL distribution, but with
+  "-engine-" being part of the kit file name.  For example, version 0.9.6
+  is distributed in the following two files:
+
+      openssl-0.9.6.tar.gz
+      openssl-engine-0.9.6.tar.gz
+
+  NOTES
+  =====
+
+  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
+  not need to download both.
+
+  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
+  crypto device.  The internal OpenSSL functions are contained in the
+  engine "openssl", and will be used by default.
+
+  No external crypto device is chosen unless you say so.  You have actively
+  tell the openssl utility commands to use it through a new command line
+  switch called "-engine".  And if you want to use the ENGINE library to
+  do something similar, you must also explicitely choose an external crypto
+  device, or the built-in crypto routines will be used, just as in the
+  default OpenSSL distribution.
+
+
+  PROBLEMS
+  ========
+
+  It seems like the ENGINE part doesn't work too well with Cryptoswift on
+  Win32.  A quick test done right before the release showed that trying
+  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
+  an attempt is made to write at memory address 0x00000002.
+

STATUS

@@ -1,62 +1,66 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/09/17 11:56:53 $
+  ______________                           $Date: 2001/03/26 17:09:12 $
 
   DEVELOPMENT STATE
 
-    o  OpenSSL 0.9.6:  Under development (in release cycle)...
-                       Proposed release date September 24, 2000
-                       0.9.6-beta1 is available:
-			OpenBSD-x86 2.7			- failed
-				ftime not supported [FIXED]
-			hpux-parisc-cc 10.20		- passed
-			hpux-parisc-gcc 10.20		- passed
-			hpux-parisc-gcc 11.00		- passed
-			hpux-gcc			- passed
-			hpux-brokengcc			- failed
-				BN_sqr fails in test
-			linux-elf			- passed
-			linux-sparcv7			- passed
-			linux-ppc			- passed
-			Solaris [engine]		- failed
-				speed cswift gives odd errors [FIXED]
-			solaris-sparcv8-gcc		- passed
-			solaris-sparcv9-gcc		- passed
-			solaris-sparcv9-cc		- passed
-			solaris64-sparcv9-cc		- passed
-			sco5-gcc			- passed
-			sco5-cc				- passed
-			FreeBSD				- passed
-			Win32 VC++			- failed
-				PCURSORINFO not defined unless Win2000 [FIXED]
-				RAND_poll() problem on Win2000 [FIXED]
-				DSO method always DSO_METHOD_null [FIXED]
-			CygWin32			- test failed
-			MingW32				- failed
-				thelp32.h
-			aix-gcc (AIX 4.3.2)		- passed
-			VMS/Alpha			- failed
-				Some things were missing [FIXED]
-    o  OpenSSL 0.9.5a: Released on April     1st, 2000
-    o  OpenSSL 0.9.5:  Released on February 28th, 2000
-    o  OpenSSL 0.9.4:  Released on August   09th, 1999
-    o  OpenSSL 0.9.3a: Released on May      29th, 1999
-    o  OpenSSL 0.9.3:  Released on May      25th, 1999
-    o  OpenSSL 0.9.2b: Released on March    22th, 1999
-    o  OpenSSL 0.9.1c: Released on December 23th, 1998
+    o  OpenSSL 0.9.6a: Bugfix release -- under development...
+                       Beta 1 released on March 13th, 2001
+	HP-UX 10.20 (hpux-parisc-cc)		- PASSED [normal+engine]
+	HP-UX 10.20 (hpux-parisc-gcc)		- PASSED [normal+engine]
+	HP-UX 11.00 32bit (hpux-parisc-gcc)	- FAILED [engine]
+		"openssl speed rsa1024 -engine cswift" fails unless
+		libswift.sl is renamed to libswift.so.
+		[CORRECTED]
+	HP MPE/iX				- PASSED [presumed normal]
+	Linux 2.2.17 SMP (linux-elf)		- PASSED [normal+engine]
+	Windows (VC-WIN32)			- FAILED [presumed normal]
+		Missing line in ms/32all.bat:
+			perl util\mkfiles.pl >MINFO
+		[CORRECTED]
+		In randfile.c, line 214, signed and unsigned int are mixed.
+		[CORRECTED]
+		In s_client.c and s_server.c, RAND_status() needs to get
+		declared (#include <openssl/rand.h>)
+		[CORRECTED]
+	OpenVMS (any version)			- FAILED [normal+engine]
+		Missing instructions in building script.
+		[CORRECTED]
+	AIX 4.3					- FAILED [engine]
+		Needs -DDSO_DLFCN and -DHAVE_DLFCN_H to work.
+		[CORRECTED] (but will not be automagically configured)
+	Irix 6.5.11				- FAILED [presumed normal]
+		BN_sqr test fails.
+        solaris64-sparcv9-cc (SunOS 5.8)        - PASSED [normal+engine]
+	BSDI 4.0.1 (bsdi-elf-gcc)		- FAILED [engine]
+		Needs -DDSO_DLFCN, -DHAVE_DLFCN_H and -ldl to work.
+		[CORRECTED]
+	mingw32 w/ gcc 2.95.2			- PASSED [presumed normal]
+
+                       Beta 2 released on March 21st, 2001
+	OpenVMS (tested on VMS 7.2-1 for Alpha)	- PASSED [presumed normal]
+        solaris64-sparcv9-cc (SunOS 5.8)        - PASSED [normal]
+
+    o  OpenSSL 0.9.6:  Released on September 24th, 2000
+    o  OpenSSL 0.9.5a: Released on April      1st, 2000
+    o  OpenSSL 0.9.5:  Released on February  28th, 2000
+    o  OpenSSL 0.9.4:  Released on August    09th, 1999
+    o  OpenSSL 0.9.3a: Released on May       29th, 1999
+    o  OpenSSL 0.9.3:  Released on May       25th, 1999
+    o  OpenSSL 0.9.2b: Released on March     22th, 1999
+    o  OpenSSL 0.9.1c: Released on December  23th, 1998
 
   RELEASE SHOWSTOPPERS
 
   AVAILABLE PATCHES
 
-    o CA.pl patch (Damien Miller)
-
   IN PROGRESS
 
     o Steve is currently working on (in no particular order):
         ASN1 code redesign, butchery, replacement.
+        OCSP
         EVP cipher enhancement.
-        Proper (or at least usable) certificate chain verification.
+        Enhanced certificate chain verification.
 	Private key, certificate and CRL API and implementation.
 	Developing and bugfixing PKCS#7 (S/MIME code).
         Various X509 issues: character sets, certificate request extensions.
@@ -65,19 +69,29 @@
     o Richard is currently working on:
 	UTIL (a new set of library functions to support some higher level
 	      functionality that is currently missing).
-	Dynamic thread-lock support.
 	Shared library support for VMS.
+	OCSP
+	Kerberos 5 authentication
+	Constification
 
   NEEDS PATCH
 
-    o  non-blocking socket on AIX
-    o  $(PERL) in */Makefile.ssl
-    o  "Sign the certificate?" - "n" creates empty certificate file
+    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
+
+    o  OpenSSL_0_9_6-stable:
+       #include <openssl/e_os.h> in exported header files is illegal since
+       e_os.h is suitable only for library-internal use.
+
+    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
+       or an error is reported
 
   OPEN ISSUES
 
-    o internal_verify doesn't know about X509.v3 (basicConstraints
-      CA flag ...)
+    o  crypto/ex_data.c is not really thread-safe and so must be used
+       with care (e.g., extra locking where necessary, or don't call
+       CRYPTO_get_ex_new_index once multiple threads exist).
+       The current API is not suitable for everything that it pretends
+       to offer.
 
     o  The Makefile hierarchy and build mechanism is still not a round thing:
 

apps/Makefile.ssl

@@ -209,14 +209,15 @@ ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 ca.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ca.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -295,14 +296,15 @@ dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
 dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
+dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -314,14 +316,15 @@ dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 dh.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-dh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -335,14 +338,15 @@ dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -355,14 +359,15 @@ dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
 dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsaparam.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dsaparam.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -375,20 +380,20 @@ enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 enc.o: ../include/openssl/des.h ../include/openssl/dh.h
 enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
-enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
-enc.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-enc.o: ../include/openssl/x509_vfy.h apps.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -419,20 +424,20 @@ gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
-gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h apps.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -440,14 +445,15 @@ gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -460,14 +466,15 @@ genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -544,14 +551,15 @@ pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs12.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -565,14 +573,15 @@ pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -585,14 +594,15 @@ pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs8.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -606,19 +616,19 @@ rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rand.o: ../include/openssl/des.h ../include/openssl/dh.h
 rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -626,14 +636,15 @@ req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 req.o: ../include/openssl/des.h ../include/openssl/dh.h
 req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 req.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-req.o: ../include/openssl/err.h ../include/openssl/evp.h
-req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-req.o: ../include/openssl/md2.h ../include/openssl/md4.h
-req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md4.h ../include/openssl/md5.h
+req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -647,14 +658,15 @@ rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -667,14 +679,15 @@ rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rsautl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsautl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rsautl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rsautl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -710,14 +723,15 @@ s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_client.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -734,14 +748,15 @@ s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_server.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -828,14 +843,15 @@ smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 smime.o: ../include/openssl/des.h ../include/openssl/dh.h
 smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-smime.o: ../include/openssl/err.h ../include/openssl/evp.h
-smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
-smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-smime.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+smime.o: ../include/openssl/engine.h ../include/openssl/err.h
+smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
+smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
+smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -848,20 +864,20 @@ speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 speed.o: ../include/openssl/des.h ../include/openssl/dh.h
 speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-speed.o: ../include/openssl/err.h ../include/openssl/evp.h
-speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
-speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
-speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-speed.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
-speed.o: ./testrsa.h apps.h
+speed.o: ../include/openssl/engine.h ../include/openssl/err.h
+speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
+speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
 spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -869,14 +885,15 @@ spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
 spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
-spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
+spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
+spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -889,14 +906,15 @@ verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 verify.o: ../include/openssl/des.h ../include/openssl/dh.h
 verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
-verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-verify.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+verify.o: ../include/openssl/engine.h ../include/openssl/err.h
+verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
+verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -929,14 +947,15 @@ x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/des.h ../include/openssl/dh.h
 x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
-x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-x509.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+x509.o: ../include/openssl/engine.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
+x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h

apps/app_rand.c

@@ -177,8 +177,10 @@ long app_RAND_load_files(char *name)
 		if (*n == '\0') break;
 
 		egd=RAND_egd(n);
-		if (egd > 0) tot+=egd;
-		tot+=RAND_load_file(n,-1);
+		if (egd > 0)
+			tot+=egd;
+		else
+			tot+=RAND_load_file(n,-1);
 		if (last) break;
 		}
 	if (tot > 512)

apps/apps.c

@@ -170,6 +170,8 @@ int str2fmt(char *s)
 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
 		return(FORMAT_PKCS12);
+	else if ((*s == 'E') || (*s == 'e'))
+		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}

apps/apps.h

@@ -162,6 +162,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
+/* Since this is currently inofficial, let's give it a high number */
+#define FORMAT_ENGINE   127
 
 #define NETSCAPE_CERT_HDR	"certificate"
 

apps/asn1pars.c

@@ -206,6 +206,12 @@ bad:
 		goto end;
 		}
 	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+#ifdef VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	out = BIO_push(tmpbio, out);
+	}
+#endif
 
 	if (oidfile != NULL)
 		{
@@ -315,7 +321,7 @@ bad:
 end:
 	BIO_free(derout);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);

apps/ca-cert.srl

@@ -1 +1 @@
-05
+07

apps/ca.c

@@ -74,6 +74,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #ifndef W_OK
 #  ifdef VMS
@@ -167,6 +168,7 @@ static char *ca_usage[]={
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
 
@@ -216,6 +218,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
 	int total=0;
 	int total_done=0;
@@ -268,6 +271,7 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
+	char *engine = NULL;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -419,6 +423,11 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			crl_ext= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else
 			{
 bad:
@@ -439,6 +448,24 @@ bad:
 
 	ERR_load_crypto_strings();
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto err;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto err;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	/*****************************************************************/
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
 	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
@@ -690,6 +717,12 @@ bad:
 	if (verbose)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
 		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
 			db->data->num);
@@ -724,7 +757,15 @@ bad:
 				}
 			}
 		else
+			{
 			BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+#ifdef VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			Sout = BIO_push(tmpbio, Sout);
+			}
+#endif
+			}
 		}
 
 	if (req)
@@ -1020,7 +1061,7 @@ bad:
 #endif
 
 			BIO_free(in);
-			BIO_free(out);
+			BIO_free_all(out);
 			in=NULL;
 			out=NULL;
 			if (rename(serialfile,buf[2]) < 0)
@@ -1237,9 +1278,9 @@ bad:
 	ret=0;
 err:
 	BIO_free(hex);
-	BIO_free(Cout);
-	BIO_free(Sout);
-	BIO_free(out);
+	BIO_free_all(Cout);
+	BIO_free_all(Sout);
+	BIO_free_all(out);
 	BIO_free(in);
 
 	sk_X509_pop_free(cert_sk,X509_free);
@@ -1354,7 +1395,7 @@ static int save_serial(char *serialfile, BIGNUM *serial)
 	BIO_puts(out,"\n");
 	ret=1;
 err:
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (ai != NULL) ASN1_INTEGER_free(ai);
 	return(ret);
 	}

apps/ciphers.c

@@ -108,6 +108,12 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	STDout = BIO_push(tmpbio, STDout);
+	}
+#endif
 
 	argc--;
 	argv++;
@@ -195,7 +201,7 @@ err:
 end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (ssl != NULL) SSL_free(ssl);
-	if (STDout != NULL) BIO_free(STDout);
+	if (STDout != NULL) BIO_free_all(STDout);
 	EXIT(ret);
 	}
 

apps/crl.c

@@ -122,7 +122,15 @@ int MAIN(int argc, char **argv)
 
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			bio_out = BIO_push(tmpbio, bio_out);
+			}
+#endif
+			}
 
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -314,7 +322,15 @@ bad:
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -340,8 +356,8 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	BIO_free(out);
-	BIO_free(bio_out);
+	BIO_free_all(out);
+	BIO_free_all(bio_out);
 	bio_out=NULL;
 	X509_CRL_free(x);
 	if(store) {

apps/crl2p7.c

@@ -239,7 +239,15 @@ bad:
 	sk_free(certflst);
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -266,7 +274,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (p7 != NULL) PKCS7_free(p7);
 	if (crl != NULL) X509_CRL_free(crl);
 

apps/dgst.c

@@ -66,6 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -74,12 +75,13 @@
 #define PROG	dgst_main
 
 void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
-		EVP_PKEY *key, unsigned char *sigin, unsigned int siglen);
+		EVP_PKEY *key, unsigned char *sigin, int siglen);
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
 	const EVP_MD *md=NULL,*m;
@@ -96,7 +98,8 @@ int MAIN(int argc, char **argv)
 	char out_bin = -1, want_pub = 0, do_verify = 0;
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
-	unsigned int siglen = 0;
+	int siglen = 0;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -154,6 +157,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) break;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
@@ -190,6 +198,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
+		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
@@ -209,6 +218,24 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
@@ -236,7 +263,15 @@ int MAIN(int argc, char **argv)
 		if(out_bin)
 			out = BIO_new_file(outfile, "wb");
 		else    out = BIO_new_file(outfile, "w");
-	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+	} else {
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
 
 	if(!out) {
 		BIO_printf(bio_err, "Error opening output file %s\n", 
@@ -280,7 +315,7 @@ int MAIN(int argc, char **argv)
 		}
 		siglen = BIO_read(sigbio, sigbuf, siglen);
 		BIO_free(sigbio);
-		if(siglen == 0) {
+		if(siglen <= 0) {
 			BIO_printf(bio_err, "Error reading signature file %s\n",
 								sigfile);
 			ERR_print_errors(bio_err);
@@ -323,7 +358,7 @@ end:
 		OPENSSL_free(buf);
 		}
 	if (in != NULL) BIO_free(in);
-	BIO_free(out);
+	BIO_free_all(out);
 	EVP_PKEY_free(sigkey);
 	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
@@ -331,7 +366,7 @@ end:
 	}
 
 void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
-			EVP_PKEY *key, unsigned char *sigin, unsigned int siglen)
+			EVP_PKEY *key, unsigned char *sigin, int siglen)
 	{
 	int len;
 	int i;
@@ -345,7 +380,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
 		{
 		EVP_MD_CTX *ctx;
 		BIO_get_md_ctx(bp, &ctx);
-		i = EVP_VerifyFinal(ctx, sigin, siglen, key); 
+		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 
 		if(i > 0) BIO_printf(out, "Verified OK\n");
 		else if(i == 0) BIO_printf(out, "Verification Failure\n");
 		else

apps/dh.c

@@ -69,6 +69,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	dh_main
@@ -87,11 +88,12 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog;
+	char *infile,*outfile,*prog,*engine;
 
 	apps_startup();
 
@@ -99,6 +101,7 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -129,6 +132,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -160,11 +168,30 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -184,7 +211,15 @@ bad:
 			}
 		}
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -309,7 +344,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}

apps/dhparam.c

@@ -121,6 +121,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #ifndef NO_DSA
 #include <openssl/dsa.h>
@@ -148,6 +149,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 #ifndef NO_DSA
@@ -156,7 +158,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL;
+	char *inrand=NULL,*engine=NULL;
 	int num = 0, g = 0;
 
 	apps_startup();
@@ -195,6 +197,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -240,6 +247,7 @@ bad:
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
@@ -249,6 +257,24 @@ bad:
 
 	ERR_load_crypto_strings();
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if (g && !num)
 		num = DEFBITS;
 
@@ -391,7 +417,15 @@ bad:
 		goto end;
 		}
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -496,7 +530,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}

apps/dsa.c

@@ -68,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	dsa_main
@@ -87,6 +88,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -94,7 +96,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog;
+	char *infile,*outfile,*prog,*engine;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -105,6 +107,7 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -145,6 +148,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -176,6 +184,7 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -189,6 +198,24 @@ bad:
 
 	ERR_load_crypto_strings();
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -233,7 +260,15 @@ bad:
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -281,7 +316,7 @@ bad:
 		ret=0;
 end:
 	if(in != NULL) BIO_free(in);
-	if(out != NULL) BIO_free(out);
+	if(out != NULL) BIO_free_all(out);
 	if(dsa != NULL) DSA_free(dsa);
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);

apps/dsaparam.c

@@ -69,6 +69,7 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	dsaparam_main
@@ -90,11 +91,12 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*inrand=NULL;
+	char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
 
@@ -205,7 +207,15 @@ bad:
 			}
 		}
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -303,7 +313,7 @@ bad:
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
 		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
-		printf("\t\treturn(NULL);\n");
+		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}
 
@@ -347,7 +357,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}

apps/enc.c

@@ -70,6 +70,7 @@
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -84,6 +85,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	static const char magic[]="Salted__";
 	char mbuf[8];	/* should be 1 smaller than magic */
 	char *strbuf=NULL;
@@ -101,6 +103,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
 	char pname[PROG_NAME_SIZE];
+	char *engine = NULL;
 
 	apps_startup();
 
@@ -141,6 +144,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
@@ -241,6 +249,7 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 
 			BIO_printf(bio_err,"Cipher Types\n");
 			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
@@ -314,6 +323,24 @@ bad:
 		argv++;
 		}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -416,7 +443,15 @@ bad:
 
 
 	if (outf == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outf) <= 0)
@@ -584,7 +619,7 @@ end:
 	if (strbuf != NULL) OPENSSL_free(strbuf);
 	if (buff != NULL) OPENSSL_free(buff);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (benc != NULL) BIO_free(benc);
 	if (b64 != NULL) BIO_free(b64);
 	if(pass) OPENSSL_free(pass);

apps/errstr.c

@@ -91,12 +91,18 @@ int MAIN(int argc, char **argv)
 		out=BIO_new(BIO_s_file());
 		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
 			{
+#ifdef VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+			}
+#endif
 			lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_node_usage_stats_bio((LHASH *)
 				ERR_get_string_table(),out);
 			}
-		if (out != NULL) BIO_free(out);
+		if (out != NULL) BIO_free_all(out);
 		argc--;
 		argv++;
 		}

apps/gendh.c

@@ -70,6 +70,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define DEFBITS	512
 #undef PROG
@@ -81,11 +82,13 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
+	char *engine=NULL;
 	BIO *out=NULL;
 
 	apps_startup();
@@ -110,6 +113,11 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -125,15 +133,34 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2    use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5    use 5 as the generator value\n");
+		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 		
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -142,7 +169,15 @@ bad:
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -174,7 +209,7 @@ bad:
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}

apps/gendsa.c

@@ -68,6 +68,7 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define DEFBITS	512
 #undef PROG
@@ -77,6 +78,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@@ -84,6 +86,7 @@ int MAIN(int argc, char **argv)
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
 	EVP_CIPHER *enc=NULL;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -106,6 +109,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -145,6 +153,7 @@ bad:
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
@@ -153,6 +162,24 @@ bad:
 		goto end;
 		}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -178,7 +205,15 @@ bad:
 	if (out == NULL) goto end;
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -209,7 +244,7 @@ end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (dsa != NULL) DSA_free(dsa);
 	if(passout) OPENSSL_free(passout);
 	EXIT(ret);

apps/genrsa.c

@@ -69,6 +69,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define DEFBITS	512
 #undef PROG
@@ -80,6 +81,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
@@ -88,6 +90,7 @@ int MAIN(int argc, char **argv)
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
+	char *engine=NULL;
 	char *inrand=NULL;
 	BIO *out=NULL;
 
@@ -116,6 +119,11 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -154,6 +162,7 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
@@ -167,8 +176,34 @@ bad:
 		goto err;
 	}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto err;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto err;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -178,7 +213,8 @@ bad:
 			}
 		}
 
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
@@ -212,7 +248,7 @@ bad:
 	ret=0;
 err:
 	if (rsa != NULL) RSA_free(rsa);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if(passout) OPENSSL_free(passout);
 	if (ret != 0)
 		ERR_print_errors(bio_err);

apps/nseq.c

@@ -119,8 +119,15 @@ int MAIN(int argc, char **argv)
 				 "Can't open output file %s\n", outfile);
 			goto end;
 		}
-	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
+	} else {
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
 	if (toseq) {
 		seq = NETSCAPE_CERT_SEQUENCE_new();
 		seq->certs = sk_X509_new_null();
@@ -152,7 +159,7 @@ int MAIN(int argc, char **argv)
 	ret = 0;
 end:
 	BIO_free(in);
-	BIO_free(out);
+	BIO_free_all(out);
 	NETSCAPE_CERT_SEQUENCE_free(seq);
 
 	EXIT(ret);

apps/openssl.c

@@ -238,13 +238,19 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 	else if ((strncmp(argv[0],"no-",3)) == 0)
 		{
 		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		bio_stdout = BIO_push(tmpbio, bio_stdout);
+		}
+#endif
 		f.name=argv[0]+3;
 		ret = (lh_retrieve(prog,&f) != NULL);
 		if (!ret)
 			BIO_printf(bio_stdout, "%s\n", argv[0]);
 		else
 			BIO_printf(bio_stdout, "%s\n", argv[0]+3);
-		BIO_free(bio_stdout);
+		BIO_free_all(bio_stdout);
 		goto end;
 		}
 	else if ((strcmp(argv[0],"quit") == 0) ||
@@ -269,11 +275,17 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
 			list_type = FUNC_TYPE_CIPHER;
 		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		bio_stdout = BIO_push(tmpbio, bio_stdout);
+		}
+#endif
 		
 		for (fp=functions; fp->name != NULL; fp++)
 			if (fp->type == list_type)
 				BIO_printf(bio_stdout, "%s\n", fp->name);
-		BIO_free(bio_stdout);
+		BIO_free_all(bio_stdout);
 		ret=0;
 		goto end;
 		}

apps/passwd.c

@@ -81,6 +81,12 @@ int MAIN(int argc, char **argv)
 	if (out == NULL)
 		goto err;
 	BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	out = BIO_push(tmpbio, out);
+	}
+#endif
 
 	badopt = 0, opt_done = 0;
 	i = 0;
@@ -266,6 +272,7 @@ int MAIN(int argc, char **argv)
 			}
 		while (!done);
 		}
+	ret = 0;
 
 err:
 	ERR_print_errors(bio_err);
@@ -276,7 +283,7 @@ err:
 	if (in)
 		BIO_free(in);
 	if (out)
-		BIO_free(out);
+		BIO_free_all(out);
 	EXIT(ret);
 	}
 
@@ -309,7 +316,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	strncat(out_buf, "$", 1);
 	strncat(out_buf, salt, 8);
 	assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
-	salt_out = out_buf + 6;
+	salt_out = out_buf + 2 + strlen(magic);
 	salt_len = strlen(salt_out);
 	assert(salt_len <= 8);
 	

apps/pca-cert.srl

@@ -1 +1 @@
-01
+07

apps/pkcs12.c

@@ -66,6 +66,7 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
+#include <openssl/engine.h>
 
 #define PROG pkcs12_main
 
@@ -92,6 +93,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+    ENGINE *e = NULL;
     char *infile=NULL, *outfile=NULL, *keyname = NULL;	
     char *certfile=NULL;
     BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -118,6 +120,7 @@ int MAIN(int argc, char **argv)
     char *passin = NULL, *passout = NULL;
     char *inrand = NULL;
     char *CApath = NULL, *CAfile = NULL;
+    char *engine=NULL;
 
     apps_startup();
 
@@ -236,6 +239,11 @@ int MAIN(int argc, char **argv)
 			args++;	
 			CAfile = *args;
 		    } else badarg = 1;
+		} else if (!strcmp(*args,"-engine")) {
+		    if (args[1]) {
+			args++;	
+			engine = *args;
+		    } else badarg = 1;
 		} else badarg = 1;
 
 	} else badarg = 1;
@@ -279,12 +287,27 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
+	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
     	goto end;
     }
 
+    if (engine != NULL) {
+	if((e = ENGINE_by_id(engine)) == NULL) {
+	    BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
+	    goto end;
+	}
+	if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+	    BIO_printf(bio_err,"can't use that engine\n");
+	    goto end;
+	}
+	BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+	/* Free our "structural" reference. */
+	ENGINE_free(e);
+    }
+
     if(passarg) {
 	if(export_cert) passargout = passarg;
 	else passargin = passarg;
@@ -350,8 +373,15 @@ int MAIN(int argc, char **argv)
     CRYPTO_push_info("write files");
 #endif
 
-    if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);
-    else out = BIO_new_file(outfile, "wb");
+    if (!outfile) {
+	out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+	{
+	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	    out = BIO_push(tmpbio, out);
+	}
+#endif
+    } else out = BIO_new_file(outfile, "wb");
     if (!out) {
 	BIO_printf(bio_err, "Error opening output file %s\n",
 						outfile ? outfile : "<stdout>");
@@ -657,7 +687,7 @@ int MAIN(int argc, char **argv)
     CRYPTO_remove_all_info();
 #endif
     BIO_free(in);
-    BIO_free(out);
+    BIO_free_all(out);
     if (canames) sk_free(canames);
     if(passin) OPENSSL_free(passin);
     if(passout) OPENSSL_free(passout);
@@ -880,14 +910,14 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
 				break;
 
 				case V_ASN1_OCTET_STRING:
-				hex_prin(out, av->value.bit_string->data,
-					av->value.bit_string->length);
+				hex_prin(out, av->value.octet_string->data,
+					av->value.octet_string->length);
 				BIO_printf(out, "\n");	
 				break;
 
 				case V_ASN1_BIT_STRING:
-				hex_prin(out, av->value.octet_string->data,
-					av->value.octet_string->length);
+				hex_prin(out, av->value.bit_string->data,
+					av->value.bit_string->length);
 				BIO_printf(out, "\n");	
 				break;
 

apps/pkcs7.c

@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	pkcs7_main
@@ -82,6 +83,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -89,6 +91,7 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
 	int ret=0;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -132,6 +135,11 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,11 +162,30 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		EXIT(1);
 		}
 
 	ERR_load_crypto_strings();
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -196,7 +223,15 @@ bad:
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -280,6 +315,6 @@ bad:
 end:
 	if (p7 != NULL) PKCS7_free(p7);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	EXIT(ret);
 	}

apps/pkcs8.c

@@ -62,6 +62,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
+#include <openssl/engine.h>
 
 #include "apps.h"
 #define PROG pkcs8_main
@@ -70,6 +71,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
 	BIO *in = NULL, *out = NULL;
@@ -85,9 +87,13 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
+	char *engine=NULL;
+
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
+
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
@@ -138,6 +144,11 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
+		else if (strcmp(*args,"-engine") == 0)
+			{
+			if (!args[1]) goto bad;
+			engine= *(++args);
+			}
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -170,9 +181,28 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		return (1);
 	}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			return (1);
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			return (1);
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		return (1);
@@ -194,8 +224,15 @@ int MAIN(int argc, char **argv)
 				 "Can't open output file %s\n", outfile);
 			return (1);
 		}
-	} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
-
+	} else {
+		out = BIO_new_fp (stdout, BIO_NOCLOSE);
+#ifdef VMS
+		{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
 	if (topk8) {
 		if(informat == FORMAT_PEM)
 			pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
@@ -253,7 +290,7 @@ int MAIN(int argc, char **argv)
 		}
 		PKCS8_PRIV_KEY_INFO_free (p8inf);
 		EVP_PKEY_free(pkey);
-		BIO_free(out);
+		BIO_free_all(out);
 		if(passin) OPENSSL_free(passin);
 		if(passout) OPENSSL_free(passout);
 		return (0);
@@ -336,7 +373,7 @@ int MAIN(int argc, char **argv)
 	}
 
 	EVP_PKEY_free(pkey);
-	BIO_free(out);
+	BIO_free_all(out);
 	BIO_free(in);
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);

apps/rand.c

@@ -9,6 +9,7 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG rand_main
@@ -23,6 +24,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -30,6 +32,7 @@ int MAIN(int argc, char **argv)
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -48,6 +51,13 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
+		if (strcmp(argv[i], "-engine") == 0)
+			{
+			if ((argv[i+1] != NULL) && (engine == NULL))
+				engine = argv[++i];
+			else
+				badopt = 1;
+			}
 		else if (strcmp(argv[i], "-rand") == 0)
 			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -84,12 +94,31 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-out file            - write to file\n");
-		BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err, "-base64              - encode output\n");
+		BIO_printf(bio_err, "-out file             - write to file\n");
+		BIO_printf(bio_err," -engine e             - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-base64               - encode output\n");
 		goto err;
 		}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto err;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto err;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@@ -101,7 +130,15 @@ int MAIN(int argc, char **argv)
 	if (outfile != NULL)
 		r = BIO_write_filename(out, outfile);
 	else
+		{
 		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	if (r <= 0)
 		goto err;
 

apps/req.c

@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define SECTION		"req"
 
@@ -140,6 +141,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
@@ -152,6 +154,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
 	EVP_CIPHER *cipher=NULL;
@@ -195,6 +198,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -375,6 +383,7 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -key file	use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
@@ -522,24 +531,55 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;
 
-	if (keyfile != NULL)
+	if (engine != NULL)
 		{
-		if (BIO_read_filename(in,keyfile) <= 0)
+		if((e = ENGINE_by_id(engine)) == NULL)
 			{
-			perror(keyfile);
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
 			goto end;
 			}
-
-		if (keyform == FORMAT_ASN1)
-			pkey=d2i_PrivateKey_bio(in,NULL);
-		else if (keyform == FORMAT_PEM)
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
-			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
+	if (keyfile != NULL)
+		{
+		if (keyform == FORMAT_ENGINE)
+			{
+			if (!e)
+				{
+				BIO_printf(bio_err,"no engine specified\n");
+				goto end;
+				}
+			pkey = ENGINE_load_private_key(e, keyfile, NULL);
 			}
 		else
 			{
-			BIO_printf(bio_err,"bad input format specified for X509 request\n");
-			goto end;
+			if (BIO_read_filename(in,keyfile) <= 0)
+				{
+				perror(keyfile);
+				goto end;
+				}
+
+			if (keyform == FORMAT_ASN1)
+				pkey=d2i_PrivateKey_bio(in,NULL);
+			else if (keyform == FORMAT_PEM)
+				{
+				pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
+					passin);
+				}
+			else
+				{
+				BIO_printf(bio_err,"bad input format specified for X509 request\n");
+				goto end;
+				}
 			}
 
 		if (pkey == NULL)
@@ -609,6 +649,12 @@ bad:
 			{
 			BIO_printf(bio_err,"writing new private key to stdout\n");
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+			}
+#endif
 			}
 		else
 			{
@@ -679,16 +725,15 @@ loop:
 
 	if (newreq || x509)
 		{
-#ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-			digest=EVP_dss1();
-#endif
-
 		if (pkey == NULL)
 			{
 			BIO_printf(bio_err,"you need to specify a private key\n");
 			goto end;
 			}
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			digest=EVP_dss1();
+#endif
 		if (req == NULL)
 			{
 			req=X509_REQ_new();
@@ -804,7 +849,15 @@ loop:
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
@@ -890,7 +943,7 @@ end:
 		}
 	if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
 	BIO_free(in);
-	BIO_free(out);
+	BIO_free_all(out);
 	EVP_PKEY_free(pkey);
 	X509_REQ_free(req);
 	X509_free(x509ss);

apps/rsa.c

@@ -68,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	rsa_main
@@ -90,6 +91,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0, sgckey=0;
@@ -100,6 +102,7 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
+	char *engine=NULL;
 	int modulus=0;
 
 	apps_startup();
@@ -148,6 +151,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-sgckey") == 0)
 			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
@@ -195,11 +203,30 @@ bad:
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -278,7 +305,15 @@ bad:
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -377,7 +412,7 @@ bad:
 		ret=0;
 end:
 	if(in != NULL) BIO_free(in);
-	if(out != NULL) BIO_free(out);
+	if(out != NULL) BIO_free_all(out);
 	if(rsa != NULL) RSA_free(rsa);
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);

apps/rsautl.c

@@ -55,10 +55,14 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+
+#ifndef NO_RSA
+
 #include "apps.h"
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define RSA_SIGN 	1
 #define RSA_VERIFY 	2
@@ -79,6 +83,7 @@ int MAIN(int argc, char **);
 
 int MAIN(int argc, char **argv)
 {
+	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
 	char *keyfile = NULL;
@@ -92,6 +97,7 @@ int MAIN(int argc, char **argv)
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;
+	char *engine=NULL;
 
 	int ret = 1;
 
@@ -114,6 +120,9 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
+		} else if(!strcmp(*argv, "-engine")) {
+			if (--argc < 1) badarg = 1;
+			engine = *(++argv);
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -148,6 +157,24 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
 	
@@ -198,7 +225,15 @@ int MAIN(int argc, char **argv)
 			ERR_print_errors(bio_err);	
 			goto end;
 		}
-	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+	} else {
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+		{
+		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		    out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
 
 	keysize = RSA_size(rsa);
 
@@ -255,7 +290,7 @@ int MAIN(int argc, char **argv)
 	end:
 	RSA_free(rsa);
 	BIO_free(in);
-	BIO_free(out);
+	BIO_free_all(out);
 	if(rsa_in) OPENSSL_free(rsa_in);
 	if(rsa_out) OPENSSL_free(rsa_out);
 	return ret;
@@ -269,6 +304,7 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
 	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
@@ -280,3 +316,4 @@ static void usage()
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
 }
 
+#endif

apps/s_client.c

@@ -79,6 +79,8 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/engine.h>
 #include "s_apps.h"
 
 #ifdef WINDOWS
@@ -152,7 +154,8 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
-
+	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}
 
 int MAIN(int, char **);
@@ -179,6 +182,9 @@ int MAIN(int argc, char **argv)
 	int prexit = 0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
+	char *inrand=NULL;
+	char *engine_id=NULL;
+	ENGINE *e=NULL;
 #ifdef WINDOWS
 	struct timeval tv;
 #endif
@@ -316,6 +322,16 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
+		else if	(strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine_id = *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -332,7 +348,14 @@ bad:
 		goto end;
 		}
 
-	app_RAND_load_file(NULL, bio_err, 0);
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
 
 	if (bio_c_out == NULL)
 		{
@@ -349,6 +372,30 @@ bad:
 
 	OpenSSL_add_ssl_algorithms();
 	SSL_load_error_strings();
+
+	if (engine_id != NULL)
+		{
+		if((e = ENGINE_by_id(engine_id)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		if (c_debug)
+			{
+			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+				0, bio_err, 0);
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+		ENGINE_free(e);
+		}
+
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{

apps/s_server.c

@@ -83,6 +83,8 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
+#include <openssl/rand.h>
+#include <openssl/engine.h>
 #include "s_apps.h"
 
 #ifdef WINDOWS
@@ -176,6 +178,7 @@ static int s_debug=0;
 static int s_quiet=0;
 
 static int hack=0;
+static char *engine_id=NULL;
 
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -198,6 +201,7 @@ static void s_server_init(void)
 	s_debug=0;
 	s_quiet=0;
 	hack=0;
+	engine_id=NULL;
 	}
 #endif
 
@@ -242,6 +246,8 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}
 
 static int local_argc=0;
@@ -411,6 +417,9 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
+	char *inrand=NULL;
+	char *engine_id=NULL;
+	ENGINE *e=NULL;
 #ifndef NO_DH
 	DH *dh=NULL;
 #endif
@@ -565,6 +574,16 @@ int MAIN(int argc, char *argv[])
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine_id= *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -581,7 +600,14 @@ bad:
 		goto end;
 		}
 
-	app_RAND_load_file(NULL, bio_err, 0);
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
 
 	if (bio_s_out == NULL)
 		{
@@ -609,6 +635,29 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 
+	if (engine_id != NULL)
+		{
+		if((e = ENGINE_by_id(engine_id)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		if (s_debug)
+			{
+			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+				0, bio_err, 0);
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+		ENGINE_free(e);
+		}
+
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -676,7 +725,8 @@ bad:
 
 #ifndef NO_RSA
 #if 1
-	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+	if (!no_tmp_rsa)
+		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
 #else
 	if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
 		{
@@ -1336,15 +1386,29 @@ static int www_body(char *hostname, int s, unsigned char *context)
 
 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
+			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
-				if (	(e[0] == '.') &&
-					(strncmp(&(e[-1]),"/../",4) == 0))
-					dot=1;
+				if (e[0] == ' ')
+					break;
+
+				switch (dot)
+					{
+				case 1:
+					dot = (e[0] == '.') ? 2 : 0;
+					break;
+				case 2:
+					dot = (e[0] == '.') ? 3 : 0;
+					break;
+				case 3:
+					dot = (e[0] == '/') ? -1 : 0;
+					break;
+					}
+				if (dot == 0)
+					dot = (e[0] == '/') ? 1 : 0;
 				}
-			
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
 
 			if (*e == '\0')
 				{

apps/s_socket.c

@@ -209,9 +209,11 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 
+#ifndef MPE
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
+#endif
 
 	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
 		{ close(s); perror("connect"); return(0); }

apps/server.pem

@@ -1,17 +1,17 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
-MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
+MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
 cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
 Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
-JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
-IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
-FUGcPZf9ND22Etc+AQ==
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
+GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
+k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
+itAE+OjGF+PFKbwX8Q==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD

apps/sess_id.c

@@ -206,7 +206,15 @@ bad:
 			}
 
 		if (outfile == NULL)
+			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+			}
+#endif
+			}
 		else
 			{
 			if (BIO_write_filename(out,outfile) <= 0)
@@ -262,7 +270,7 @@ bad:
 		}
 	ret=0;
 end:
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (x != NULL) SSL_SESSION_free(x);
 	EXIT(ret);
 	}

apps/smime.c

@@ -64,6 +64,7 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG smime_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
 	char **args;
@@ -103,8 +105,9 @@ int MAIN(int argc, char **argv)
 	char *inrand = NULL;
 	int need_rand = 0;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
-	args = argv + 1;
+	char *engine=NULL;
 
+	args = argv + 1;
 	ret = 1;
 
 	while (!badarg && *args && *args[0] == '-') {
@@ -153,6 +156,11 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
+		} else if (!strcmp(*args,"-engine")) {
+			if (args[1]) {
+				args++;
+				engine = *args;
+			} else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -290,6 +298,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
@@ -297,6 +306,24 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -393,7 +420,15 @@ int MAIN(int argc, char **argv)
 				 "Can't open output file %s\n", outfile);
 			goto end;
 		}
-	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+	} else {
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+		{
+		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		    out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
 
 	if(operation == SMIME_VERIFY) {
 		if(!(store = setup_verify(CAfile, CApath))) goto end;
@@ -490,7 +525,7 @@ end:
 	PKCS7_free(p7);
 	BIO_free(in);
 	BIO_free(indata);
-	BIO_free(out);
+	BIO_free_all(out);
 	if(passin) OPENSSL_free(passin);
 	return (ret);
 }

apps/speed.c

@@ -81,13 +81,14 @@
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>
 
 #if defined(__FreeBSD__)
 # define USE_TOD
 #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__)
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
 # define TIMEB
 #endif
 
@@ -115,7 +116,7 @@
 #include <sys/timeb.h>
 #endif
 
-#if !defined(TIMES) && !defined(TIMEB)
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
 #error "It seems neither struct tms nor struct timeb is supported in this platform!"
 #endif
 
@@ -310,6 +311,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e;
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
 #define ALGOR_NUM	15
@@ -470,6 +472,37 @@ int MAIN(int argc, char **argv)
 		{
 		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
 			usertime = 0;
+		else
+		if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
+			{
+			argc--;
+			argv++;
+			if(argc == 0)
+				{
+				BIO_printf(bio_err,"no engine given\n");
+				goto end;
+				}
+			if((e = ENGINE_by_id(*argv)) == NULL)
+				{
+				BIO_printf(bio_err,"invalid engine \"%s\"\n",
+					*argv);
+				goto end;
+				}
+			if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+				{
+				BIO_printf(bio_err,"can't use that engine\n");
+				goto end;
+				}
+			BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
+			/* Free our "structural" reference. */
+			ENGINE_free(e);
+			/* It will be increased again further down.  We just
+			   don't want speed to confuse an engine with an
+			   algorithm, especially when none is given (which
+			   means all of them should be run) */
+			j--;
+			}
+		else
 #ifndef NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
@@ -517,7 +550,7 @@ int MAIN(int argc, char **argv)
 #ifdef RSAref
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
-			RSA_set_default_method(RSA_PKCS1_RSAref());
+			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
 			j--;
 			}
 		else
@@ -525,7 +558,7 @@ int MAIN(int argc, char **argv)
 #ifndef RSA_NULL
 			if (strcmp(*argv,"openssl") == 0) 
 			{
-			RSA_set_default_method(RSA_PKCS1_SSLeay());
+			RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
 			j--;
 			}
 		else
@@ -670,11 +703,12 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"\n");
 #endif
 
-#ifdef TIMES
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available options:\n");
+#ifdef TIMES
 			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
+			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 			goto end;
 			}
 		argc--;
@@ -831,6 +865,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 
+#ifndef NO_DSA
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
 	for (i=1; i<DSA_NUM; i++)
@@ -848,6 +883,7 @@ int MAIN(int argc, char **argv)
 				}
 			}				
 		}
+#endif
 
 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
@@ -1173,7 +1209,7 @@ int MAIN(int argc, char **argv)
 			{
 			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
 			ERR_print_errors(bio_err);
-			dsa_doit[j] = 0;
+			rsa_doit[j] = 0;
 			}
 		else
 			{
@@ -1379,6 +1415,7 @@ int MAIN(int argc, char **argv)
 #endif
 	mret=0;
 end:
+	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
 	if (buf2 != NULL) OPENSSL_free(buf2);
 #ifndef NO_RSA

apps/spkac.c

@@ -69,6 +69,7 @@
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	spkac_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int i,badops=0, ret = 1;
 	BIO *in = NULL,*out = NULL, *key = NULL;
 	int verify=0,noout=0,pubkey=0;
@@ -91,6 +93,7 @@ int MAIN(int argc, char **argv)
 	LHASH *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -136,6 +139,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -161,6 +169,7 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
@@ -170,6 +179,24 @@ bad:
 		goto end;
 	}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(keyfile) {
 		if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
 		else key = BIO_new_fp(stdin, BIO_NOCLOSE);
@@ -192,7 +219,15 @@ bad:
 		spkstr = NETSCAPE_SPKI_b64_encode(spki);
 
 		if (outfile) out = BIO_new_file(outfile, "w");
-		else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+		else {
+			out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+			{
+			    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			    out = BIO_push(tmpbio, out);
+			}
+#endif
+		}
 
 		if(!out) {
 			BIO_printf(bio_err, "Error opening output file\n");
@@ -241,7 +276,15 @@ bad:
 	}
 
 	if (outfile) out = BIO_new_file(outfile, "w");
-	else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+	else {
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+		{
+		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		    out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
 
 	if(!out) {
 		BIO_printf(bio_err, "Error opening output file\n");
@@ -268,7 +311,7 @@ end:
 	CONF_free(conf);
 	NETSCAPE_SPKI_free(spki);
 	BIO_free(in);
-	BIO_free(out);
+	BIO_free_all(out);
 	BIO_free(key);
 	EVP_PKEY_free(pkey);
 	if(passin) OPENSSL_free(passin);

apps/verify.c

@@ -65,6 +65,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	verify_main
@@ -78,6 +79,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
@@ -85,6 +87,7 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
+	char *engine=NULL;
 
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -137,6 +140,11 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
 				}
+			else if (strcmp(*argv,"-engine") == 0)
+				{
+				if (--argc < 1) goto end;
+				engine= *(++argv);
+				}
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -154,6 +162,24 @@ int MAIN(int argc, char **argv)
 			break;
 		}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -201,7 +227,7 @@ int MAIN(int argc, char **argv)
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;

apps/x509.c

@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG x509_main
@@ -129,6 +130,7 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
 
@@ -145,6 +147,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	X509_REQ *req=NULL;
 	X509 *x=NULL,*xca=NULL;
@@ -175,6 +178,7 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0;
+	char *engine=NULL;
 
 	reqfile=0;
 
@@ -183,6 +187,12 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	STDout = BIO_push(tmpbio, STDout);
+	}
+#endif
 
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -331,6 +341,11 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
@@ -414,6 +429,24 @@ bad:
 		goto end;
 		}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);
 
@@ -576,7 +609,15 @@ bad:
 			goto end;
 			}
 		if (outfile == NULL)
+			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+			}
+#endif
+			}
 		else
 			{
 			if (BIO_write_filename(out,outfile) <= 0)
@@ -853,8 +894,10 @@ bad:
 
 				BIO_printf(bio_err,"Generating certificate request\n");
 
+#ifndef NO_DSA
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
+#endif
 
 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
@@ -933,8 +976,8 @@ end:
 		app_RAND_write_file(NULL, bio_err);
 	OBJ_cleanup();
 	CONF_free(extconf);
-	BIO_free(out);
-	BIO_free(STDout);
+	BIO_free_all(out);
+	BIO_free_all(STDout);
 	X509_STORE_free(ctx);
 	X509_REQ_free(req);
 	X509_free(x);

config

@@ -49,10 +49,18 @@ if [ "x$XREL" != "x" ]; then
 		echo "whatever-whatever-sco5"; exit 0
 		;;
 	    4.2MP)
-		if [ "x$VERSION" = "x2.1.1" ]; then
+		if [ "x$VERSION" = "x2.01" ]; then
+		    echo "${MACHINE}-whatever-unixware201"; exit 0
+		elif [ "x$VERSION" = "x2.02" ]; then
+		    echo "${MACHINE}-whatever-unixware202"; exit 0
+		elif [ "x$VERSION" = "x2.03" ]; then
+		    echo "${MACHINE}-whatever-unixware203"; exit 0
+		elif [ "x$VERSION" = "x2.1.1" ]; then
 		    echo "${MACHINE}-whatever-unixware211"; exit 0
 		elif [ "x$VERSION" = "x2.1.2" ]; then
 		    echo "${MACHINE}-whatever-unixware212"; exit 0
+		elif [ "x$VERSION" = "x2.1.3" ]; then
+		    echo "${MACHINE}-whatever-unixware213"; exit 0
 		else
 		    echo "${MACHINE}-whatever-unixware2"; exit 0
 		fi
@@ -71,10 +79,22 @@ fi
 # Now we simply scan though... In most cases, the SYSTEM info is enough
 #
 case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+    MPE/iX:*)
+	MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
+	echo "parisc-hp-MPE/iX"; exit 0
+	;;
     A/UX:*)
 	echo "m68k-apple-aux3"; exit 0
 	;;
 
+    AIX:[3456789]:4:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
+	;;
+
+    AIX:*:[56789]:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
+	;;
+
     AIX:*)
 	echo "${MACHINE}-ibm-aix"; exit 0
 	;;
@@ -164,7 +184,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
         ;;
 
     NetBSD:*:*:*386*)
-        echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
+        echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
 	;;
 
     NetBSD:*)
@@ -389,10 +409,16 @@ case "$GUESSOS" in
 	;;
   mips4-sgi-irix64)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
-	echo "         invoke './Configre irix64-mips4-$CC' *manually*."
-	echo "         Type Ctrl-C if you don't want to continue."
+	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+	echo "         Type return if you want to continue, Ctrl-C to abort."
 	read waste < /dev/tty
-	options="$options -mips4"
+        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        CPU=${CPU:-0}
+        if [ $CPU -ge 5000 ]; then
+                options="$options -mips4"
+        else
+                options="$options -mips3"
+        fi
 	OUT="irix-mips3-$CC"
 	;;
   alpha-*-linux2)
@@ -419,11 +445,11 @@ case "$GUESSOS" in
 	#till 64-bit glibc for SPARC is operational:-(
 	#echo "WARNING! If you wish to build 64-bit library, then you have to"
 	#echo "         invoke './Configure linux64-sparcv9' *manually*."
-	#echo "         Type Ctrl-C if you don't want to continue."
+	#echo "         Type return if you want to continue, Ctrl-C to abort."
 	#read waste < /dev/tty
 	OUT="linux-sparcv9" ;;
   sparc-*-linux2)
-	KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
+	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
 	case ${KARCH:-sun4} in
 	sun4u*)	OUT="linux-sparcv9" ;;
 	sun4m)	OUT="linux-sparcv8" ;;
@@ -431,6 +457,7 @@ case "$GUESSOS" in
 	*)	OUT="linux-sparcv7" ;;
 	esac ;;
   arm*-*-linux2) OUT="linux-elf-arm" ;;
+  s390-*-linux2) OUT="linux-s390" ;;
   *-*-linux2) OUT="linux-elf" ;;
   *-*-linux1) OUT="linux-aout" ;;
   sun4u*-*-solaris2)
@@ -438,7 +465,7 @@ case "$GUESSOS" in
 	if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
-		echo "         Type Ctrl-C if you don't want to continue."
+		echo "         Type return if you want to continue, Ctrl-C to abort."
 		read waste < /dev/tty
 	fi
 	OUT="solaris-sparcv9-$CC" ;;
@@ -462,9 +489,12 @@ case "$GUESSOS" in
   *-*-unixware7) OUT="unixware-7" ;;
   *-*-UnixWare7) OUT="unixware-7" ;;
   *-*-Unixware7) OUT="unixware-7" ;;
-  *-*-unixware[1-2]*) OUT="unixware-2.0" ;;
-  *-*-UnixWare[1-2]*) OUT="unixware-2.0" ;;
-  *-*-Unixware[1-2]*) OUT="unixware-2.0" ;;
+  *-*-unixware20*) OUT="unixware-2.0" ;;
+  *-*-unixware21*) OUT="unixware-2.1" ;;
+  *-*-UnixWare20*) OUT="unixware-2.0" ;;
+  *-*-UnixWare21*) OUT="unixware-2.1" ;;
+  *-*-Unixware20*) OUT="unixware-2.0" ;;
+  *-*-Unixware21*) OUT="unixware-2.1" ;;
   BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
   RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
   *-siemens-sysv4) OUT="SINIX" ;;
@@ -478,11 +508,27 @@ case "$GUESSOS" in
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
+# NB: This atalla support has been superceded by the ENGINE support
+# That contains its own header and definitions anyway. Support can
+# be enabled or disabled on any supported platform without external
+# headers, eg. by adding the "hw-atalla" switch to ./config or
+# perl Configure
+#
 # See whether we can compile Atalla support
-if [ -f /usr/include/atasi.h ]
-then
-  options="$options -DATALLA"
-fi
+#if [ -f /usr/include/atasi.h ]
+#then
+#  options="$options -DATALLA"
+#fi
+
+#get some basic shared lib support (behnke@trustcenter.de)
+case "$OUT" in
+   solaris-*-gcc)
+	if  [ "$SHARED" = "true" ] 
+	 then
+	  options="$options -DPIC -fPIC"
+        fi
+     ;;
+esac
 
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
@@ -553,7 +599,7 @@ OUT="$PREFIX$OUT"
 
 $PERL ./Configure LIST | grep "$OUT" > /dev/null
 if [ $? = "0" ]; then
-  #echo Configuring for $OUT
+  echo Configuring for $OUT
 
   if [ "$TEST" = "true" ]; then
     echo $PERL ./Configure $OUT $options

crypto/Makefile.ssl

@@ -27,15 +27,15 @@ LIBS=
 
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
 GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
+LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
 
 SRC= $(LIBSRC)
 
@@ -90,7 +90,8 @@ links:
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 libs:
@@ -197,3 +198,6 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
 tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
+uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
+uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+uid.o: ../include/openssl/symhacks.h

crypto/asn1/Makefile.ssl

@@ -75,7 +75,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/asn1/a_strnid.c

@@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 	if(tbl) {
 		mask = tbl->mask;
 		if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
-		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask,
+		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
 					tbl->minsize, tbl->maxsize);
 	} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
 	if(ret <= 0) return NULL;

crypto/asn1/a_type.c

@@ -123,6 +123,8 @@ int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
 		break;
 	case V_ASN1_SET:
 	case V_ASN1_SEQUENCE:
+	case V_ASN1_OTHER:
+	default:
 		if (a->value.set == NULL)
 			r=0;
 		else
@@ -159,6 +161,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 
 	inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
 	if (inf & 0x80) goto err;
+	/* If not universal tag we've no idea what it is */
+	if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
 	
 	ASN1_TYPE_component_free(ret);
 
@@ -245,6 +249,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 		break;
 	case V_ASN1_SET:
 	case V_ASN1_SEQUENCE:
+	case V_ASN1_OTHER:
+	default:
 		/* Sets and sequences are left complete */
 		if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
 		ret->value.set->type=tag;
@@ -252,9 +258,6 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 		if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
 		p+=len;
 		break;
-	default:
-		ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE);
-		goto err;
 		}
 
 	ret->type=tag;
@@ -312,6 +315,8 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
 		case V_ASN1_OBJECT:
 			ASN1_OBJECT_free(a->value.object);
 			break;
+		case V_ASN1_NULL:
+			break;
 		case V_ASN1_INTEGER:
 		case V_ASN1_NEG_INTEGER:
 		case V_ASN1_ENUMERATED:
@@ -333,10 +338,9 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
 		case V_ASN1_UNIVERSALSTRING:
 		case V_ASN1_BMPSTRING:
 		case V_ASN1_UTF8STRING:
-			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
-			break;
+		case V_ASN1_OTHER:
 		default:
-			/* MEMORY LEAK */
+			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
 			break;
 			}
 		a->type=0;

crypto/asn1/asn1.h

@@ -83,6 +83,7 @@ extern "C" {
 #define V_ASN1_PRIMATIVE_TAG		0x1f
 
 #define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
+#define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */
 
 #define V_ASN1_NEG			0x100	/* negative flag */
 

crypto/asn1/asn1_lib.c

@@ -301,7 +301,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
 		return(0);
 		}
 	if (c->inf == (1|V_ASN1_CONSTRUCTED))
-		c->slen= *length+ *(c->pp)-c->p;
+		c->slen= *length;
 	c->eos=0;
 	return(1);
 	}

crypto/asn1/asn1_mac.h

@@ -196,6 +196,9 @@ err:\
 	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
 
+#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
+	if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
@@ -389,6 +392,9 @@ err:\
 		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 
+#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
+		if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
 		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
 
@@ -452,6 +458,15 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+		if (a)\
+			{ \
+			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+						 V_ASN1_UNIVERSAL, \
+						 IS_SEQUENCE); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)	f(a,&p)
 
@@ -536,6 +551,14 @@ err:\
 					       IS_SEQUENCE); \
 			}
 
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+		if (a) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+					       IS_SEQUENCE); \
+			}
+
 #define M_ASN1_I2D_seq_total() \
 		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
 		if (pp == NULL) return(r); \

crypto/asn1/p7_lib.c

@@ -307,12 +307,14 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
 			}
 		if (Tinf == (1|V_ASN1_CONSTRUCTED))
 			{
+			c.q=c.p;
 			if (!ASN1_check_infinite_end(&c.p,c.slen))
 				{
 				c.error=ERR_R_MISSING_ASN1_EOS;
 				c.line=__LINE__;
 				goto err;
 				}
+			c.slen-=(c.p-c.q);
 			}
 		}
 	else

crypto/asn1/x_crl.c

@@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
 
 	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					 i2d_X509_EXTENSION);
 
 	M_ASN1_I2D_seq_total();
 
 	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					 i2d_X509_EXTENSION);
 
 	M_ASN1_I2D_finish();
@@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
 					 i2d_X509_REVOKED);
-	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);
 
@@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
 					 i2d_X509_REVOKED);
-	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);
 
@@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void)
 	M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
 	ret->nextUpdate=NULL;
 	M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
-	M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
+	ret->extensions = NULL;
 	sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);

crypto/asn1/x_name.c

@@ -141,10 +141,12 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
 			}
 		size+=i2d_X509_NAME_ENTRY(ne,NULL);
 		}
-
-	ret+=ASN1_object_size(1,size,V_ASN1_SET);
 	if (fe != NULL)
+		{
+		/* SET OF needed only if entries is non empty */
+		ret+=ASN1_object_size(1,size,V_ASN1_SET);
 		fe->size=size;
+		}
 
 	r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
 

crypto/bf/Makefile.ssl

@@ -44,7 +44,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/bio/Makefile.ssl

@@ -27,11 +27,13 @@ LIBSRC= bio_lib.c bio_cb.c bio_err.c \
 	bss_file.c bss_sock.c bss_conn.c \
 	bf_null.c bf_buff.c b_print.c b_dump.c \
 	b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+#	bf_lbuf.c
 LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
 	bss_mem.o bss_null.o bss_fd.o \
 	bss_file.o bss_sock.o bss_conn.o \
 	bf_null.o bf_buff.o b_print.o b_dump.o \
 	b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
+#	bf_lbuf.o
 
 SRC= $(LIBSRC)
 
@@ -47,7 +49,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:
@@ -93,13 +96,13 @@ b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 b_dump.o: ../cryptlib.h
-b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-b_print.o: ../cryptlib.h
+b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h
 b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

crypto/bio/b_print.c

@@ -69,6 +69,7 @@
 #ifndef NO_SYS_TYPES_H
 #include <sys/types.h>
 #endif
+#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
 #include <openssl/bio.h>
 
 #ifdef BN_LLONG

crypto/bio/b_sock.c

@@ -113,8 +113,8 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
 
 	/* At this point, we have something that is most probably correct
 	   in some way, so let's init the socket. */
-	if (!BIO_sock_init())
-		return(0); /* don't generate another error code here */
+	if (BIO_sock_init() != 1)
+		return 0; /* don't generate another error code here */
 
 	/* If the string actually contained an IP address, we need not do
 	   anything more */
@@ -519,15 +519,15 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 	{
 	int ret=0;
 	struct sockaddr_in server,client;
-	int s= -1,cs;
+	int s=INVALID_SOCKET,cs;
 	unsigned char ip[4];
 	unsigned short port;
-	char *str,*e;
+	char *str=NULL,*e;
 	const char *h,*p;
 	unsigned long l;
 	int err_num;
 
-	if (!BIO_sock_init()) return(INVALID_SOCKET);
+	if (BIO_sock_init() != 1) return(INVALID_SOCKET);
 
 	if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
 
@@ -553,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		h="*";
 		}
 
-	if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
+	if (!BIO_get_port(p,&port)) goto err;
 
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
@@ -563,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		server.sin_addr.s_addr=INADDR_ANY;
 	else
 		{
-		if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
+                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
 		l=(unsigned long)
 			((unsigned long)ip[0]<<24L)|
 			((unsigned long)ip[1]<<16L)|

crypto/bio/bf_lbuf.c

@@ -0,0 +1,397 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+static int linebuffer_write(BIO *h, const char *buf,int num);
+static int linebuffer_read(BIO *h, char *buf, int size);
+static int linebuffer_puts(BIO *h, const char *str);
+static int linebuffer_gets(BIO *h, char *str, int size);
+static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int linebuffer_new(BIO *h);
+static int linebuffer_free(BIO *data);
+static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+/* A 10k maximum should be enough for most purposes */
+#define DEFAULT_LINEBUFFER_SIZE	1024*10
+
+/* #define DEBUG */
+
+static BIO_METHOD methods_linebuffer=
+	{
+	BIO_TYPE_LINEBUFFER,
+	"linebuffer",
+	linebuffer_write,
+	linebuffer_read,
+	linebuffer_puts,
+	linebuffer_gets,
+	linebuffer_ctrl,
+	linebuffer_new,
+	linebuffer_free,
+	linebuffer_callback_ctrl,
+	};
+
+BIO_METHOD *BIO_f_linebuffer(void)
+	{
+	return(&methods_linebuffer);
+	}
+
+typedef struct bio_linebuffer_ctx_struct
+	{
+	char *obuf;		/* the output char array */
+	int obuf_size;		/* how big is the output buffer */
+	int obuf_len;		/* how many bytes are in it */
+	} BIO_LINEBUFFER_CTX;
+
+static int linebuffer_new(BIO *bi)
+	{
+	BIO_LINEBUFFER_CTX *ctx;
+
+	ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
+	if (ctx == NULL) return(0);
+	ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
+	if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); }
+	ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE;
+	ctx->obuf_len=0;
+
+	bi->init=1;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int linebuffer_free(BIO *a)
+	{
+	BIO_LINEBUFFER_CTX *b;
+
+	if (a == NULL) return(0);
+	b=(BIO_LINEBUFFER_CTX *)a->ptr;
+	if (b->obuf != NULL) OPENSSL_free(b->obuf);
+	OPENSSL_free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int linebuffer_read(BIO *b, char *out, int outl)
+	{
+	int ret=0;
+ 
+	if (out == NULL) return(0);
+	if (b->next_bio == NULL) return(0);
+	ret=BIO_read(b->next_bio,out,outl);
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static int linebuffer_write(BIO *b, const char *in, int inl)
+	{
+	int i,num=0,foundnl;
+	BIO_LINEBUFFER_CTX *ctx;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+	BIO_clear_retry_flags(b);
+
+	do
+		{
+		const char *p;
+
+		for(p = in; p < in + inl && *p != '\n'; p++)
+			;
+		if (*p == '\n')
+			{
+			p++;
+			foundnl = 1;
+			}
+		else
+			foundnl = 0;
+
+		/* If a NL was found and we already have text in the save
+		   buffer, concatenate them and write */
+		while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
+			&& ctx->obuf_len > 0)
+			{
+			int orig_olen = ctx->obuf_len;
+			
+			i = ctx->obuf_size - ctx->obuf_len;
+			if (p - in > 0)
+				{
+				if (i >= p - in)
+					{
+					memcpy(&(ctx->obuf[ctx->obuf_len]),
+						in,p - in);
+					ctx->obuf_len += p - in;
+					inl -= p - in;
+					num += p - in;
+					in = p;
+					}
+				else
+					{
+					memcpy(&(ctx->obuf[ctx->obuf_len]),
+						in,i);
+					ctx->obuf_len += i;
+					inl -= i;
+					in += i;
+					num += i;
+					}
+				}
+
+#ifdef DEBUG
+BIO_write(b->next_bio, "<*<", 3);
+#endif
+			i=BIO_write(b->next_bio,
+				ctx->obuf, ctx->obuf_len);
+			if (i <= 0)
+				{
+				ctx->obuf_len = orig_olen;
+				BIO_copy_next_retry(b);
+
+#ifdef DEBUG
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+				if (i < 0) return((num > 0)?num:i);
+				if (i == 0) return(num);
+				}
+#ifdef DEBUG
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+			if (i < ctx->obuf_len)
+				memmove(ctx->obuf, ctx->obuf + i,
+					ctx->obuf_len - i);
+			ctx->obuf_len-=i;
+			}
+
+		/* Now that the save buffer is emptied, let's write the input
+		   buffer if a NL was found and there is anything to write. */
+		if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
+			{
+#ifdef DEBUG
+BIO_write(b->next_bio, "<*<", 3);
+#endif
+			i=BIO_write(b->next_bio,in,p - in);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+#ifdef DEBUG
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+				if (i < 0) return((num > 0)?num:i);
+				if (i == 0) return(num);
+				}
+#ifdef DEBUG
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+			num+=i;
+			in+=i;
+			inl-=i;
+			}
+		}
+	while(foundnl && inl > 0);
+	/* We've written as much as we can.  The rest of the input buffer, if
+	   any, is text that doesn't and with a NL and therefore needs to be
+	   saved for the next trip. */
+	if (inl > 0)
+		{
+		memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+		ctx->obuf_len += inl;
+		num += inl;
+		}
+	return num;
+	}
+
+static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+	{
+	BIO *dbio;
+	BIO_LINEBUFFER_CTX *ctx;
+	long ret=1;
+	char *p;
+	int r;
+	int obs;
+
+	ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->obuf_len=0;
+		if (b->next_bio == NULL) return(0);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_INFO:
+		ret=(long)ctx->obuf_len;
+		break;
+	case BIO_CTRL_WPENDING:
+		ret=(long)ctx->obuf_len;
+		if (ret == 0)
+			{
+			if (b->next_bio == NULL) return(0);
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+			}
+		break;
+	case BIO_C_SET_BUFF_SIZE:
+		obs=(int)num;
+		p=ctx->obuf;
+		if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size))
+			{
+			p=(char *)OPENSSL_malloc((int)num);
+			if (p == NULL)
+				goto malloc_error;
+			}
+		if (ctx->obuf != p)
+			{
+			if (ctx->obuf_len > obs)
+				{
+				ctx->obuf_len = obs;
+				}
+			memcpy(p, ctx->obuf, ctx->obuf_len);
+			OPENSSL_free(ctx->obuf);
+			ctx->obuf=p;
+			ctx->obuf_size=obs;
+			}
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		if (b->next_bio == NULL) return(0);
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+
+	case BIO_CTRL_FLUSH:
+		if (b->next_bio == NULL) return(0);
+		if (ctx->obuf_len <= 0)
+			{
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+			break;
+			}
+
+		for (;;)
+			{
+			BIO_clear_retry_flags(b);
+			if (ctx->obuf_len > 0)
+				{
+				r=BIO_write(b->next_bio,
+					ctx->obuf, ctx->obuf_len);
+#if 0
+fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r);
+#endif
+				BIO_copy_next_retry(b);
+				if (r <= 0) return((long)r);
+				if (r < ctx->obuf_len)
+					memmove(ctx->obuf, ctx->obuf + r,
+						ctx->obuf_len - r);
+				ctx->obuf_len-=r;
+				}
+			else
+				{
+				ctx->obuf_len=0;
+				ret=1;
+				break;
+				}
+			}
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		if (	!BIO_set_write_buffer_size(dbio,ctx->obuf_size))
+			ret=0;
+		break;
+	default:
+		if (b->next_bio == NULL) return(0);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+malloc_error:
+	BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE);
+	return(0);
+	}
+
+static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	long ret=1;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+	default:
+		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
+static int linebuffer_gets(BIO *b, char *buf, int size)
+	{
+	if (b->next_bio == NULL) return(0);
+	return(BIO_gets(b->next_bio,buf,size));
+	}
+
+static int linebuffer_puts(BIO *b, const char *str)
+	{
+	return(linebuffer_write(b,str,strlen(str)));
+	}
+

crypto/bio/bio.h

@@ -91,6 +91,7 @@ extern "C" {
 #define BIO_TYPE_NULL_FILTER	(17|0x0200)
 #define BIO_TYPE_BER		(18|0x0200)		/* BER -> bin filter */
 #define BIO_TYPE_BIO		(19|0x0400)		/* (half a) BIO pair */
+#define BIO_TYPE_LINEBUFFER	(20|0x0200)		/* filter */
 
 #define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */
 #define BIO_TYPE_FILTER		0x0200
@@ -554,6 +555,9 @@ BIO_METHOD *BIO_s_bio(void);
 BIO_METHOD *BIO_s_null(void);
 BIO_METHOD *BIO_f_null(void);
 BIO_METHOD *BIO_f_buffer(void);
+#ifdef VMS
+BIO_METHOD *BIO_f_linebuffer(void);
+#endif
 BIO_METHOD *BIO_f_nbio_test(void);
 /* BIO_METHOD *BIO_f_ber(void); */
 
@@ -640,6 +644,7 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args);
 #define BIO_F_CONN_CTRL					 127
 #define BIO_F_CONN_STATE				 115
 #define BIO_F_FILE_CTRL					 116
+#define BIO_F_LINEBUFFER_CTRL				 129
 #define BIO_F_MEM_READ					 128
 #define BIO_F_MEM_WRITE					 117
 #define BIO_F_SSL_NEW					 118

crypto/bio/bio_err.c

@@ -91,6 +91,7 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_PACK(0,BIO_F_CONN_CTRL,0),	"CONN_CTRL"},
 {ERR_PACK(0,BIO_F_CONN_STATE,0),	"CONN_STATE"},
 {ERR_PACK(0,BIO_F_FILE_CTRL,0),	"FILE_CTRL"},
+{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0),	"LINEBUFFER_CTRL"},
 {ERR_PACK(0,BIO_F_MEM_READ,0),	"MEM_READ"},
 {ERR_PACK(0,BIO_F_MEM_WRITE,0),	"MEM_WRITE"},
 {ERR_PACK(0,BIO_F_SSL_NEW,0),	"SSL_new"},

crypto/bio/bss_conn.c

@@ -236,7 +236,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
 				}
 			c->state=BIO_CONN_S_CONNECT;
 
-#ifdef SO_KEEPALIVE
+#if defined(SO_KEEPALIVE) && !defined(MPE)
 			i=1;
 			i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 			if (i < 0)

crypto/bn/Makefile.ssl

@@ -68,7 +68,8 @@ bnbug: bnbug.c ../../libcrypto.a top
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/bn/asm/mips3.s

@@ -586,13 +586,13 @@ LEAF(bn_div_3_words)
 	ld	a0,(a3)
 	move	ta2,a1
 	ld	a1,-8(a3)
-	move	ta3,ra
-	move	v1,zero
+	bne	a0,a2,.L_bn_div_3_words_proceed
 	li	v0,-1
-	beq	a0,a2,.L_bn_div_3_words_skip_div
+	jr	ra
+.L_bn_div_3_words_proceed:
+	move	ta3,ra
 	bal	bn_div_words
 	move	ra,ta3
-.L_bn_div_3_words_skip_div:
 	dmultu	ta2,v0
 	ld	t2,-16(a3)
 	move	ta0,zero

crypto/bn/asm/pa-risc2.s

@@ -1611,7 +1611,7 @@ bn_mul_comba4
 	.IMPORT	$global$,DATA
 	.SPACE	$TEXT$
 	.SUBSPA	$CODE$
-	.SUBSPA	$LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
+	.SUBSPA	$LIT$,ACCESS=0x2c
 C$7
 	.ALIGN	8
 	.STRINGZ	"Division would overflow (%d)\n"

crypto/bn/asm/pa-risc2W.s

@@ -1598,7 +1598,7 @@ bn_mul_comba4
 	.IMPORT	$global$,DATA
 	.SPACE	$TEXT$
 	.SUBSPA	$CODE$
-	.SUBSPA	$LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
+	.SUBSPA	$LIT$,ACCESS=0x2c
 C$4
 	.ALIGN	8
 	.STRINGZ	"Division would overflow (%d)\n"

crypto/bn/bn.h

@@ -239,7 +239,7 @@ typedef struct bignum_st
 	} BIGNUM;
 
 /* Used for temp variables */
-#define BN_CTX_NUM	12
+#define BN_CTX_NUM	16
 #define BN_CTX_NUM_POS	12
 typedef struct bignum_ctx
 	{
@@ -328,6 +328,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void	BN_CTX_end(BN_CTX *ctx);
 int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
 int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 int	BN_num_bits(const BIGNUM *a);
 int	BN_num_bits_word(BN_ULONG);
 BIGNUM *BN_new(void);
@@ -467,6 +468,8 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 # define bn_dump(a,b)
 #endif
 
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -493,16 +496,19 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 #define BN_F_BN_MPI2BN					 112
 #define BN_F_BN_NEW					 113
 #define BN_F_BN_RAND					 114
+#define BN_F_BN_RAND_RANGE				 122
 #define BN_F_BN_USUB					 115
 
 /* Reason codes. */
 #define BN_R_ARG2_LT_ARG3				 100
 #define BN_R_BAD_RECIPROCAL				 101
+#define BN_R_BIGNUM_TOO_LONG				 114
 #define BN_R_CALLED_WITH_EVEN_MODULUS			 102
 #define BN_R_DIV_BY_ZERO				 103
 #define BN_R_ENCODING_ERROR				 104
 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
 #define BN_R_INVALID_LENGTH				 106
+#define BN_R_INVALID_RANGE				 115
 #define BN_R_NOT_INITIALIZED				 107
 #define BN_R_NO_INVERSE					 108
 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109

crypto/bn/bn_div.c

@@ -180,13 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 
 	BN_CTX_start(ctx);
 	tmp=BN_CTX_get(ctx);
-	tmp->neg=0;
 	snum=BN_CTX_get(ctx);
 	sdiv=BN_CTX_get(ctx);
 	if (dv == NULL)
 		res=BN_CTX_get(ctx);
 	else	res=dv;
-	if (res == NULL) goto err;
+	if (sdiv==NULL || res == NULL) goto err;
+	tmp->neg=0;
 
 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -237,7 +237,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	for (i=0; i<loop-1; i++)
 		{
 		BN_ULONG q,l0;
-#ifdef BN_DIV3W
+#if defined(BN_DIV3W) && !defined(NO_ASM)
+		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
 		q=bn_div_3_words(wnump,d1,d0);
 #else
 		BN_ULONG n0,n1,rem=0;

crypto/bn/bn_err.c

@@ -84,6 +84,7 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},
 {ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
 {ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
+{ERR_PACK(0,BN_F_BN_RAND_RANGE,0),	"BN_rand_range"},
 {ERR_PACK(0,BN_F_BN_USUB,0),	"BN_usub"},
 {0,NULL}
 	};
@@ -92,11 +93,13 @@ static ERR_STRING_DATA BN_str_reasons[]=
 	{
 {BN_R_ARG2_LT_ARG3                       ,"arg2 lt arg3"},
 {BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
+{BN_R_BIGNUM_TOO_LONG                    ,"bignum too long"},
 {BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
 {BN_R_DIV_BY_ZERO                        ,"div by zero"},
 {BN_R_ENCODING_ERROR                     ,"encoding error"},
 {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},
 {BN_R_INVALID_LENGTH                     ,"invalid length"},
+{BN_R_INVALID_RANGE                      ,"invalid range"},
 {BN_R_NOT_INITIALIZED                    ,"not initialized"},
 {BN_R_NO_INVERSE                         ,"no inverse"},
 {BN_R_TOO_MANY_TEMPORARY_VARIABLES       ,"too many temporary variables"},

crypto/bn/bn_exp.c

@@ -113,13 +113,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#ifdef ATALLA
-# include <alloca.h>
-# include <atasi.h>
-# include <assert.h>
-# include <dlfcn.h>
-#endif
-
 
 #define TABLE_SIZE	32
 
@@ -183,174 +176,6 @@ err:
 	}
 
 
-#ifdef ATALLA
-
-/*
- * This routine will dynamically check for the existance of an Atalla AXL-200
- * SSL accelerator module.  If one is found, the variable
- * asi_accelerator_present is set to 1 and the function pointers
- * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
- */
-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
-					    unsigned int *ret_buf);
-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
-				     unsigned char *output,
-				     unsigned char *input,
-				     unsigned int modulus_len);
-
-static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
-static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
-static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
-static int asi_accelerator_present;
-static int tried_atalla;
-
-void atalla_initialize_accelerator_handle(void)
-	{
-	void *dl_handle;
-	int status;
-	unsigned int config_buf[1024]; 
-	static int tested;
-
-	if(tested)
-		return;
-
-	tested=1;
-
-	bzero((void *)config_buf, 1024);
-
-	/*
-	 * Check to see if the library is present on the system
-	 */
-	dl_handle = dlopen("atasi.so", RTLD_NOW);
-	if (dl_handle == (void *) NULL)
-		{
-/*		printf("atasi.so library is not present on the system\n");
-		printf("No HW acceleration available\n");*/
-		return;
-	        }
-
-	/*
-	 * The library is present.  Now we'll check to insure that the
-	 * LDM is up and running. First we'll get the address of the
-	 * function in the atasi library that we need to see if the
-	 * LDM is operating.
-	 */
-
-	ptr_ASI_GetHardwareConfig =
-	  (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
-
-	if (ptr_ASI_GetHardwareConfig)
-		{
-		/*
-		 * We found the call, now we'll get our config
-		 * status.  If we get a non 0 result, the LDM is not
-		 * running and we cannot use the Atalla ASI *
-		 * library.
-		 */
-		status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
-		if (status != 0)
-			{
-			printf("atasi.so library is present but not initialized\n");
-			printf("No HW acceleration available\n");
-			return;
-			}    
-	        }
-	else
-		{
-/*		printf("We found the library, but not the function. Very Strange!\n");*/
-		return ;
-	      	}
-
-	/* 
-	 * It looks like we have acceleration capabilities.  Load up the
-	 * pointers to our ASI API calls.
-	 */
-	ptr_ASI_RSAPrivateKeyOpFn=
-	  (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
-	if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
-		{
-/*		printf("We found the library, but no RSA function. Very Strange!\n");*/
-		return;
-	        }
-
-	ptr_ASI_GetPerformanceStatistics =
-	  (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
-	if (ptr_ASI_GetPerformanceStatistics == NULL)
-		{
-/*		printf("We found the library, but no stat function. Very Strange!\n");*/
-		return;
-	      }
-
-	/*
-	 * Indicate that acceleration is available
-	 */
-	asi_accelerator_present = 1;
-
-/*	printf("This system has acceleration!\n");*/
-
-	return;
-	}
-
-/* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
-int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
-	{
-	unsigned char *abin;
-	unsigned char *pbin;
-	unsigned char *mbin;
-	unsigned char *rbin;
-	int an,pn,mn,ret;
-	RSAPrivateKey keydata;
-
-	atalla_initialize_accelerator_handle();
-	if(!asi_accelerator_present)
-		return 0;
-
-
-/* We should be able to run without size testing */
-# define ASIZE	128
-	an=BN_num_bytes(a);
-	pn=BN_num_bytes(p);
-	mn=BN_num_bytes(m);
-
-	if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
-	    {
-	    int size=mn;
-
-	    assert(an <= mn);
-	    abin=alloca(size);
-	    memset(abin,'\0',mn);
-	    BN_bn2bin(a,abin+size-an);
-
-	    pbin=alloca(pn);
-	    BN_bn2bin(p,pbin);
-
-	    mbin=alloca(size);
-	    memset(mbin,'\0',mn);
-	    BN_bn2bin(m,mbin+size-mn);
-
-	    rbin=alloca(size);
-
-	    memset(&keydata,'\0',sizeof keydata);
-	    keydata.privateExponent.data=pbin;
-	    keydata.privateExponent.len=pn;
-	    keydata.modulus.data=mbin;
-	    keydata.modulus.len=size;
-
-	    ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
-/*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
-	    if(!ret)
-	        {
-		BN_bin2bn(rbin,keydata.modulus.len,r);
-/*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
-		return 1;
-	        }
-	    }
-	return 0;
-        }
-#endif /* def ATALLA */
-
-
 int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	       BN_CTX *ctx)
 	{
@@ -360,13 +185,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	bn_check_top(p);
 	bn_check_top(m);
 
-#ifdef ATALLA
-	if(BN_mod_exp_atalla(r,a,p,m))
-	    return 1;
-/* If it fails, try the other methods (but don't try atalla again) */
-	tried_atalla=1;
-#endif
-
 #ifdef MONT_MUL_MOD
 	/* I have finally been able to take out this pre-condition of
 	 * the top bit being set.  It was caused by an error in BN_div
@@ -392,10 +210,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
 #endif
 
-#ifdef ATALLA
-	tried_atalla=0;
-#endif
-
 	return(ret);
 	}
 
@@ -525,12 +339,6 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 	bn_check_top(p);
 	bn_check_top(m);
 
-#ifdef ATALLA
-	if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
-	    return 1;
-/* If it fails, try the other methods */
-#endif
-
 	if (!(m->d[0] & 1))
 		{
 		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -693,19 +501,6 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 	t = BN_CTX_get(ctx);
 	if (d == NULL || r == NULL || t == NULL) goto err;
 
-#ifdef ATALLA
-	if (!tried_atalla)
-		{
-		BN_set_word(t, a);
-		if (BN_mod_exp_atalla(rr, t, p, m))
-			{
-			BN_CTX_end(ctx);
-			return 1;
-			}
-		}
-/* If it fails, try the other methods */
-#endif
-
 	if (in_mont != NULL)
 		mont=in_mont;
 	else

crypto/bn/bn_lib.c

@@ -62,6 +62,7 @@
 #endif
 
 #include <assert.h>
+#include <limits.h>
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
@@ -319,6 +320,12 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
 
 	if (words > b->dmax)
 		{
+		if (words > (INT_MAX/(4*BN_BITS2)))
+			{
+			BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
+			return NULL;
+			}
+			
 		bn_check_top(b);	
 		if (BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{

crypto/bn/bn_mont.c

@@ -85,16 +85,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
 
 	if (a == b)
 		{
-#if 1 
-		bn_wexpand(tmp,a->top*2);
-		bn_wexpand(tmp2,a->top*4);
-		bn_sqr_recursive(tmp->d,a->d,a->top,tmp2->d);
-		tmp->top=a->top*2;
-		if (tmp->top > 0 && tmp->d[tmp->top-1] == 0)
-			tmp->top--;
-#else
 		if (!BN_sqr(tmp,a,ctx)) goto err;
-#endif
 		}
 	else
 		{

crypto/bn/bn_rand.c

@@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 
 	bytes=(bits+7)/8;
 	bit=(bits-1)%8;
-	mask=0xff<<bit;
+	mask=0xff<<(bit+1);
 
 	buf=(unsigned char *)OPENSSL_malloc(bytes);
 	if (buf == NULL)
@@ -100,25 +100,48 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 			goto err;
 		}
 
-	if (top)
+#if 1
+	if (pseudorand == 2)
 		{
-		if (bit == 0)
+		/* generate patterns that are more likely to trigger BN
+		   library bugs */
+		int i;
+		unsigned char c;
+
+		for (i = 0; i < bytes; i++)
 			{
-			buf[0]=1;
-			buf[1]|=0x80;
+			RAND_pseudo_bytes(&c, 1);
+			if (c >= 128 && i > 0)
+				buf[i] = buf[i-1];
+			else if (c < 42)
+				buf[i] = 0;
+			else if (c < 84)
+				buf[i] = 255;
+			}
+		}
+#endif
+
+	if (top != -1)
+		{
+		if (top)
+			{
+			if (bit == 0)
+				{
+				buf[0]=1;
+				buf[1]|=0x80;
+				}
+			else
+				{
+				buf[0]|=(3<<(bit-1));
+				}
 			}
 		else
 			{
-			buf[0]|=(3<<(bit-1));
-			buf[0]&= ~(mask<<1);
+			buf[0]|=(1<<bit);
 			}
 		}
-	else
-		{
-		buf[0]|=(1<<bit);
-		buf[0]&= ~(mask<<1);
-		}
-	if (bottom) /* set bottom bits to whatever odd is */
+	buf[0] &= ~mask;
+	if (bottom) /* set bottom bit if requested */
 		buf[bytes-1]|=1;
 	if (!BN_bin2bn(buf,bytes,rnd)) goto err;
 	ret=1;
@@ -140,3 +163,61 @@ int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	return bnrand(1, rnd, bits, top, bottom);
 	}
+
+#if 1
+int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+	{
+	return bnrand(2, rnd, bits, top, bottom);
+	}
+#endif
+
+/* random number r:  0 <= r < range */
+int	BN_rand_range(BIGNUM *r, BIGNUM *range)
+	{
+	int n;
+
+	if (range->neg || BN_is_zero(range))
+		{
+		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+		return 0;
+		}
+
+	n = BN_num_bits(range); /* n > 0 */
+
+	if (n == 1)
+		{
+		if (!BN_zero(r)) return 0;
+		}
+	else if (BN_is_bit_set(range, n - 2))
+		{
+		do
+			{
+			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
+			if (!BN_rand(r, n, -1, 0)) return 0;
+			}
+		while (BN_cmp(r, range) >= 0);
+		}
+	else
+		{
+		/* range = 10..._2,
+		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
+		do
+			{
+			if (!BN_rand(r, n + 1, -1, 0)) return 0;
+			/* If  r < 3*range,  use  r := r MOD range
+			 * (which is either  r, r - range,  or  r - 2*range).
+			 * Otherwise, iterate once more.
+			 * Since  3*range = 11..._2, each iteration succeeds with
+			 * probability >= .75. */
+			if (BN_cmp(r ,range) >= 0)
+				{
+				if (!BN_sub(r, r, range)) return 0;
+				if (BN_cmp(r, range) >= 0)
+					if (!BN_sub(r, r, range)) return 0;
+				}
+			}
+		while (BN_cmp(r, range) >= 0);
+		}
+
+	return 1;
+	}

crypto/bn/bn_shift.c

@@ -172,6 +172,11 @@ int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
 		r->neg=a->neg;
 		if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
 		}
+	else
+		{
+		if (n == 0)
+			return 1; /* or the copying loop will go berserk */
+		}
 
 	f= &(a->d[nw]);
 	t=r->d;

crypto/bn/bn_sqr.c

@@ -188,7 +188,7 @@ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
 
 #ifdef BN_RECURSION
 /* r is 2*n words in size,
- * a and b are both n words in size.
+ * a and b are both n words in size.    (There's not actually a 'b' here ...)
  * n must be a power of 2.
  * We multiply and return the result.
  * t must be 2*n words in size

crypto/bn/bntest.c

@@ -107,11 +107,9 @@ static const char rnd_seed[] = "string to make the random number generator think
 static void message(BIO *out, char *m)
 	{
 	fprintf(stderr, "test %s\n", m);
-#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
 	BIO_puts(out, "print \"test ");
 	BIO_puts(out, m);
 	BIO_puts(out, "\\n\"\n");
-#endif
 	}
 
 int main(int argc, char *argv[])
@@ -122,9 +120,7 @@ int main(int argc, char *argv[])
 
 	results = 0;
 
-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
-	                                       * even check its return value
-	                                       * (which we should) */
+	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
 
 	argc--;
 	argv++;
@@ -253,10 +249,10 @@ int test_add(BIO *bp)
 	BN_init(&b);
 	BN_init(&c);
 
-	BN_rand(&a,512,0,0);
+	BN_bntest_rand(&a,512,0,0);
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(&b,450+i,0,0);
+		BN_bntest_rand(&b,450+i,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -305,14 +301,14 @@ int test_sub(BIO *bp)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,512,0,0);
+			BN_bntest_rand(&a,512,0,0);
 			BN_copy(&b,&a);
 			if (BN_set_bit(&a,i)==0) return(0);
 			BN_add_word(&b,i);
 			}
 		else
 			{
-			BN_rand(&b,400+i-num1,0,0);
+			BN_bntest_rand(&b,400+i-num1,0,0);
 			a.neg=rand_neg();
 			b.neg=rand_neg();
 			}
@@ -362,13 +358,13 @@ int test_div(BIO *bp, BN_CTX *ctx)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,400,0,0);
+			BN_bntest_rand(&a,400,0,0);
 			BN_copy(&b,&a);
 			BN_lshift(&a,&a,i);
 			BN_add_word(&a,i);
 			}
 		else
-			BN_rand(&b,50+3*(i-num1),0,0);
+			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -432,13 +428,13 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,400,0,0);
+			BN_bntest_rand(&a,400,0,0);
 			BN_copy(&b,&a);
 			BN_lshift(&a,&a,i);
 			BN_add_word(&a,i);
 			}
 		else
-			BN_rand(&b,50+3*(i-num1),0,0);
+			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		BN_RECP_CTX_set(&recp,&b,ctx);
@@ -509,11 +505,11 @@ int test_mul(BIO *bp)
 		{
 		if (i <= num1)
 			{
-			BN_rand(&a,100,0,0);
-			BN_rand(&b,100,0,0);
+			BN_bntest_rand(&a,100,0,0);
+			BN_bntest_rand(&b,100,0,0);
 			}
 		else
-			BN_rand(&b,i-num1,0,0);
+			BN_bntest_rand(&b,i-num1,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -562,7 +558,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
 
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(&a,40+i*10,0,0);
+		BN_bntest_rand(&a,40+i*10,0,0);
 		a.neg=rand_neg();
 		if (bp == NULL)
 			for (j=0; j<100; j++)
@@ -613,15 +609,15 @@ int test_mont(BIO *bp, BN_CTX *ctx)
 
 	mont=BN_MONT_CTX_new();
 
-	BN_rand(&a,100,0,0); /**/
-	BN_rand(&b,100,0,0); /**/
+	BN_bntest_rand(&a,100,0,0); /**/
+	BN_bntest_rand(&b,100,0,0); /**/
 	for (i=0; i<num2; i++)
 		{
 		int bits = (200*(i+1))/num2;
 
 		if (bits == 0)
 			continue;
-		BN_rand(&n,bits,0,1);
+		BN_bntest_rand(&n,bits,0,1);
 		BN_MONT_CTX_set(mont,&n,ctx);
 
 		BN_to_montgomery(&A,&a,mont,ctx);
@@ -683,10 +679,10 @@ int test_mod(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();
 
-	BN_rand(a,1024,0,0); /**/
+	BN_bntest_rand(a,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(b,450+i*10,0,0); /**/
+		BN_bntest_rand(b,450+i*10,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 		if (bp == NULL)
@@ -732,11 +728,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();
 
-	BN_rand(c,1024,0,0); /**/
+	BN_bntest_rand(c,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(a,475+i*10,0,0); /**/
-		BN_rand(b,425+i*11,0,0); /**/
+		BN_bntest_rand(a,475+i*10,0,0); /**/
+		BN_bntest_rand(b,425+i*11,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 	/*	if (bp == NULL)
@@ -794,11 +790,11 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();
 
-	BN_rand(c,30,0,1); /* must be odd for montgomery */
+	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
 	for (i=0; i<num2; i++)
 		{
-		BN_rand(a,20+i*5,0,0); /**/
-		BN_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_bntest_rand(b,2+i,0,0); /**/
 
 		if (!BN_mod_exp(d,a,b,c,ctx))
 			return(00);
@@ -848,8 +844,8 @@ int test_exp(BIO *bp, BN_CTX *ctx)
 
 	for (i=0; i<num2; i++)
 		{
-		BN_rand(a,20+i*5,0,0); /**/
-		BN_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_bntest_rand(b,2+i,0,0); /**/
 
 		if (!BN_exp(d,a,b,ctx))
 			return(00);
@@ -899,7 +895,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
 	else
 	    {
 	    a=BN_new();
-	    BN_rand(a,200,0,0); /**/
+	    BN_bntest_rand(a,200,0,0); /**/
 	    a->neg=rand_neg();
 	    }
 	for (i=0; i<num0; i++)
@@ -951,7 +947,7 @@ int test_lshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();
 
-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -995,7 +991,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx)
 	e=BN_new();
 	BN_one(c);
 
-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -1038,7 +1034,7 @@ int test_rshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();
 
-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{

crypto/buffer/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/cast/Makefile.ssl

@@ -47,7 +47,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/comp/Makefile.ssl

@@ -42,7 +42,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/conf/Makefile.ssl

@@ -40,7 +40,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/conf/conf.h

@@ -167,6 +167,8 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
 #define CONF_R_MISSING_EQUAL_SIGN			 101
 #define CONF_R_NO_CLOSE_BRACE				 102
 #define CONF_R_NO_CONF					 105
+#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106
+#define CONF_R_NO_SECTION				 107
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
 #define CONF_R_VARIABLE_HAS_NO_VALUE			 104
 

crypto/conf/conf_err.c

@@ -87,6 +87,8 @@ static ERR_STRING_DATA CONF_str_reasons[]=
 {CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
 {CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
 {CONF_R_NO_CONF                          ,"no conf"},
+{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE  ,"no conf or environment variable"},
+{CONF_R_NO_SECTION                       ,"no section"},
 {CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
 {CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
 {0,NULL}

crypto/conf/conf_lib.c

@@ -131,38 +131,59 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
 
 STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
 	{
-	CONF ctmp;
+	if (conf == NULL)
+		{
+		return NULL;
+		}
+	else
+		{
+		CONF ctmp;
 
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();
 
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	return NCONF_get_section(&ctmp, section);
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_section(&ctmp, section);
+		}
 	}
 
 char *CONF_get_string(LHASH *conf,char *group,char *name)
 	{
-	CONF ctmp;
+	if (conf == NULL)
+		{
+		return NCONF_get_string(NULL, group, name);
+		}
+	else
+		{
+		CONF ctmp;
 
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();
 
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	return NCONF_get_string(&ctmp, group, name);
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_string(&ctmp, group, name);
+		}
 	}
 
 long CONF_get_number(LHASH *conf,char *group,char *name)
 	{
-	CONF ctmp;
+	if (conf == NULL)
+		{
+		return NCONF_get_number(NULL, group, name);
+		}
+	else
+		{
+		CONF ctmp;
 
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();
 
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	return NCONF_get_number(&ctmp, group, name);
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_number(&ctmp, group, name);
+		}
 	}
 
 void CONF_free(LHASH *conf)
@@ -299,27 +320,46 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
 		return NULL;
 		}
 
+	if (section == NULL)
+		{
+		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
+		return NULL;
+		}
+
 	return _CONF_get_section_values(conf, section);
 	}
 
 char *NCONF_get_string(CONF *conf,char *group,char *name)
 	{
+	char *s = _CONF_get_string(conf, group, name);
+
+        /* Since we may get a value from an environment variable even
+           if conf is NULL, let's check the value first */
+        if (s) return s;
+
 	if (conf == NULL)
 		{
-		CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF);
+		CONFerr(CONF_F_NCONF_GET_STRING,
+                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return NULL;
 		}
-
-	return _CONF_get_string(conf, group, name);
+	return NULL;
 	}
 
 long NCONF_get_number(CONF *conf,char *group,char *name)
 	{
+#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding
+         an environment variable with a suitable name.  Unfortunately, there's
+         no way with the current API to see if we found one or not...
+         The meaning of this is that if a number is not found anywhere, it
+         will always default to 0. */
 	if (conf == NULL)
 		{
-		CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF);
+		CONFerr(CONF_F_NCONF_GET_NUMBER,
+                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return 0;
 		}
+#endif
 	
 	return _CONF_get_number(conf, group, name);
 	}

crypto/cryptlib.c

@@ -100,7 +100,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"debug_malloc2",
 	"dso",
 	"dynlock",
-#if CRYPTO_NUM_LOCKS != 28
+	"engine",
+#if CRYPTO_NUM_LOCKS != 29
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
 	};

crypto/crypto-lib.com

@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
 $!
 $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
 		  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
-		  "BN,RSA,DSA,DH,DSO,"+ -
+		  "BN,RSA,DSA,DH,DSO,ENGINE,"+ -
 		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
 		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
 		  "CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -174,7 +174,7 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err"
+$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
@@ -206,12 +206,15 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
 $ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
 $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
 	"dso_openssl,dso_win32,dso_vms"
+$ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
+	"hw_atalla,hw_cswift,hw_ncipher"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_mem,bss_null,bss_fd,"+ -
 	"bss_file,bss_sock,bss_conn,"+ -
 	"bf_null,bf_buff,b_print,b_dump,"+ -
-	"b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log"
+	"b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
+	"bf_lbuf"
 $ LIB_STACK = "stack"
 $ LIB_LHASH = "lhash,lh_stats"
 $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,rand_win"
@@ -1193,7 +1196,9 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+           "/NOLIST/PREFIX=ALL" + -
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1225,7 +1230,8 @@ $	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1257,7 +1263,8 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!

crypto/crypto.h

@@ -122,7 +122,8 @@ extern "C" {
 #define	CRYPTO_LOCK_MALLOC2		25
 #define	CRYPTO_LOCK_DSO			26
 #define	CRYPTO_LOCK_DYNLOCK		27
-#define	CRYPTO_NUM_LOCKS		28
+#define	CRYPTO_LOCK_ENGINE		28
+#define	CRYPTO_NUM_LOCKS		29
 
 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
@@ -277,6 +278,8 @@ int CRYPTO_is_mem_check_on(void);
 const char *SSLeay_version(int type);
 unsigned long SSLeay(void);
 
+int OPENSSL_issetugid(void);
+
 int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp,
 	     CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);

crypto/des/Makefile.ssl

@@ -57,7 +57,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 des: des.o cbc3_enc.o lib

crypto/des/asm/des-586.pl

@@ -20,11 +20,11 @@ $L="edi";
 $R="esi";
 
 &external_label("des_SPtrans");
-&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt1",1);
 &des_encrypt("des_encrypt2",0);
 &des_encrypt3("des_encrypt3",1);
 &des_encrypt3("des_decrypt3",0);
-&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ncbc_encrypt","des_encrypt1","des_encrypt1",0,4,5,3,5,-1);
 &cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
 
 &asm_finish();

crypto/des/asm/des686.pl

@@ -46,7 +46,7 @@ EOF
 $L="edi";
 $R="esi";
 
-&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt1",1);
 &des_encrypt("des_encrypt2",0);
 
 &des_encrypt3("des_encrypt3",1);