About to release 0.9.6d, so set all versoin numbers right.

The tag will be OpenSSL_0_9_6d.
make update
2002-05-09 22:40:31 +00:00 · 2002-05-09 21:16:19 +00:00 · 2002-05-09 20:14:17 +00:00 · 2002-05-09 18:19:35 +00:00 · 2002-05-08 15:50:48 +00:00 · 2002-05-08 15:20:12 +00:00
25 changed files with 247 additions and 51 deletions
--- a/6
+++ b/6
@@ -2,7 +2,11 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.6c and 0.9.6d  [XX xxx XXXX]
+ Changes between 0.9.6c and 0.9.6d  [9 May 2002]
+
+  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+     encoded as NULL) with id-dsa-with-sha1.
+     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]

  *) Check various X509_...() return values in apps/req.c.
     [Nils Larsch <nla@trustcenter.de>]
--- a/2
+++ b/2
@@ -435,7 +435,7 @@ my %table=(
 "sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 "sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
-"sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC",
+"sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...

 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
--- a/2
+++ b/2
@@ -59,7 +59,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6c was released on December 21st, 2001.
+OpenSSL 0.9.6d was released on 9 May, 2002.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
--- a/Makefile.org
+++ b/Makefile.org
@@ -646,7 +646,7 @@ install: all install_docs
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-		fi \
+		fi; \
 	done
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
@@ -664,7 +664,7 @@ install: all install_docs
 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
-			fi \
+			fi; \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
--- a/6
+++ b/6
@@ -5,12 +5,12 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:

      o Various SSL/TLS library bugfixes.
      o Fix DH parameter generation for 'non-standard' generators.

-  Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:

      o Various SSL/TLS library bugfixes.
      o BIGNUM library fixes.
@@ -23,7 +23,7 @@
        Broadcom and Cryptographic Appliance's keyserver
        [in 0.9.6c-engine release].

-  Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:

      o Security fix: PRNG improvements.
      o Security fix: RSA OAEP check.
--- a/2
+++ b/2
@@ -1,5 +1,5 @@

- OpenSSL 0.9.6d-beta1 17 Apr 2002
+ OpenSSL 0.9.6d 9 May 2002

 Copyright (c) 1998-2002 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/2
+++ b/2
@@ -1,6 +1,6 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/04/17 12:28:37 $
+  ______________                           $Date: 2002/05/05 23:48:29 $

  DEVELOPMENT STATE

--- a/19
+++ b/19
@@ -1,4 +1,3 @@
-Output of `Configure TABLE':

 *** BC-16
 $cc           = bcc
@@ -2790,15 +2789,15 @@ $unistd       =
 $thread_cflag = 
 $lflags       = -lsocket -lresolv -lnsl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
-$bf_obj       = asm/bx86-elf.o
-$md5_obj      = asm/mx86-elf.o
-$sha1_obj     = asm/sx86-elf.o
-$cast_obj     = asm/cx86-elf.o
-$rc4_obj      = asm/rx86-elf.o
-$rmd160_obj   = asm/rm86-elf.o
-$rc5_obj      = asm/r586-elf.o
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= svr3-shared
 $shared_cflag = -fPIC
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -176,7 +176,7 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         print the key in text\n");
+		BIO_printf(bio_err," -text         print as text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -749,7 +749,10 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
 				return 0;
-		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) {
+			PKCS8_PRIV_KEY_INFO_free(p8);
+			return 0;
+		}
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PKCS8_PRIV_KEY_INFO_free(p8);
 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -414,7 +414,10 @@ int MAIN(int argc, char **argv)
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
 	} else if(operation == SMIME_SIGN) {
 		p7 = PKCS7_sign(signer, key, other, in, flags);
-		BIO_reset(in);
+		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
+		  BIO_printf(bio_err, "Can't rewind input file\n");
+		  goto end;
+		}
 	} else {
 		if(informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -54,7 +54,7 @@ buildinf.h: ../Makefile.ssl
 	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
 	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
 	echo "  #define PLATFORM \"$(PLATFORM)\""; \
-	echo "  #define DATE \"`date`\""; \
+	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
 	echo "#endif" ) >buildinf.h

 testapps:
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */

 #include <stdio.h>
 #include <time.h>
@@ -87,7 +140,14 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 		else
 			a=algor2;
 		if (a == NULL) continue;
-		if (	(a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
+			{
+			/* special case: RFC 2459 tells us to omit 'parameters'
+			 * with id-dsa-with-sha1 */
+			ASN1_TYPE_free(a->parameter);
+			a->parameter = NULL;
+			}
+		else if ((a->parameter == NULL) || 
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -716,12 +716,13 @@ doapr_outch(
    if (buffer) {
 	while (*currlen >= *maxlen) {
 	    if (*buffer == NULL) {
-		assert(*sbuffer != NULL);
 		if (*maxlen == 0)
 		    *maxlen = 1024;
 		*buffer = OPENSSL_malloc(*maxlen);
-		if (*currlen > 0)
+		if (*currlen > 0) {
+		    assert(*sbuffer != NULL);
 		    memcpy(*buffer, *sbuffer, *currlen);
+		}
 		*sbuffer = NULL;
 	    } else {
 		*maxlen += 1024;
@@ -761,7 +762,9 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args)
 	{
 	int ret;
 	size_t retlen;
-	MS_STATIC char hugebuf[1024*10];
+	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable
+				   in small-stack environments, like threads
+				   or DOS programs. */
 	char *hugebufp = hugebuf;
 	size_t hugebufsize = sizeof(hugebuf);
 	char *dynbuf = NULL;
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -5,7 +5,7 @@
 DIR=	conf
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../.. -I../../include
+INCLUDES= -I.. -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
@@ -80,9 +80,9 @@ clean:

 # DO NOT DELETE THIS LINE -- make depend depends on it.

-conf_api.o: ../../e_os.h ../../include/openssl/bio.h
-conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
-conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_api.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_api.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_api.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -67,7 +67,7 @@
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
-#include "e_os.h"
+#include "openssl/e_os.h"

 static void value_free_hash(CONF_VALUE *a, LHASH *conf);
 static void value_free_stack(CONF_VALUE *a,LHASH *conf);
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -437,8 +437,7 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
 		return(0);
 	}

-	nid=OBJ_obj2nid(a);
-	if ((nid == NID_undef) || no_name) {
+	if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
 		len=a->length;
 		p=a->data;

--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,8 +25,8 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x00906041L
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6d-beta1 17 Apr 2002"
+#define OPENSSL_VERSION_NUMBER	0x0090604fL
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6d 9 May 2002"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT


--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -346,7 +346,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 		}

 	/* if we have a certificate then write it out now */
-	if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0))
+	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
 		goto err;

 	/* we are ignoring anything else that is loaded into the X509_INFO
--- a/doc/crypto/EVP_EncryptInit.pod
+++ b/doc/crypto/EVP_EncryptInit.pod
@@ -192,7 +192,7 @@ EVP_DecryptInit() and EVP_DecryptUpdate() return 1 for success and 0 for failure
 EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.

 EVP_CipherInit() and EVP_CipherUpdate() return 1 for success and 0 for failure.
-EVP_CipherFinal() returns 1 for a decryption failure or 1 for success.
+EVP_CipherFinal() returns 0 for a decryption failure or 1 for success.

 EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.

--- a/openssl.spec
+++ b/openssl.spec
@@ -1,7 +1,7 @@
 %define libmaj 0
 %define libmin 9
 %define librel 6
-%define librev c
+%define librev d
 Release: 1

 %define openssldir /var/ssl
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -236,7 +236,8 @@ static int ssl3_get_record(SSL *s)
 	unsigned char md[EVP_MAX_MD_SIZE];
 	short version;
 	unsigned int mac_size;
-	int clear=0,extra;
+	int clear=0;
+	size_t extra;

 	rr= &(s->s3->rrec);
 	sess=s->session;
@@ -245,7 +246,7 @@ static int ssl3_get_record(SSL *s)
 		extra=SSL3_RT_MAX_EXTRA;
 	else
 		extra=0;
-	if (extra != (s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE))
+	if (extra != s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE)
 		{
 		/* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
 		 * set after ssl3_setup_buffers() was done */
@@ -295,8 +296,7 @@ again:
 			goto err;
 			}

-		if (rr->length > 
-			(unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
 			{
 			al=SSL_AD_RECORD_OVERFLOW;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
@@ -308,7 +308,7 @@ again:

 	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */

-	if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
+	if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
 		{
 		/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
 		i=rr->length;
@@ -336,7 +336,7 @@ again:
 	 * rr->length bytes of encrypted compressed stuff. */

 	/* check is not needed I believe */
-	if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
 		{
 		al=SSL_AD_RECORD_OVERFLOW;
 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
@@ -405,8 +405,7 @@ printf("\n");
 	/* r->length is now just compressed */
 	if (s->expand != NULL)
 		{
-		if (rr->length > 
-			(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
+		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
 			{
 			al=SSL_AD_RECORD_OVERFLOW;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
@@ -420,7 +419,7 @@ printf("\n");
 			}
 		}

-	if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
+	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
 		{
 		al=SSL_AD_RECORD_OVERFLOW;
 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
@@ -605,7 +604,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 			if (prefix_len <= 0)
 				goto err;

-			if (s->s3->wbuf_len < prefix_len + SSL3_RT_MAX_PACKET_SIZE)
+			if (s->s3->wbuf_len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
 				{
 				/* insufficient space */
 				SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR);
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -751,6 +751,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 	ret = 1;

 err:	
+	if (d) closedir(d);
 	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
 	return ret;
 	}
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -850,7 +850,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
 					
 					r = BIO_nwrite0(io1, &dataptr);
 					assert(r > 0);
-					if (r < num)
+					if (r < (int)num)
 						num = r;
 					r = BIO_read(io2, dataptr, (int)num);
 					if (r != (int)num) /* can't happen */
--- a/util/cygwin.sh
+++ b/util/cygwin.sh
@@ -0,0 +1,125 @@
+#!/bin/bash
+#
+# This script configures, builds and packs the binary package for
+# the Cygwin net distribution version of OpenSSL
+#
+
+# Uncomment when debugging
+#set -x
+
+CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2"
+INSTALL_PREFIX=/tmp/install
+
+VERSION=
+SUBVERSION=$1
+
+function cleanup()
+{
+  rm -rf ${INSTALL_PREFIX}/etc
+  rm -rf ${INSTALL_PREFIX}/usr
+}
+
+function get_openssl_version()
+{
+  eval `grep '^VERSION=' Makefile.ssl`
+  if [ -z "${VERSION}" ]
+  then
+    echo "Error: Couldn't retrieve OpenSSL version from Makefile.ssl."
+    echo "       Check value of variable VERSION in Makefile.ssl."
+    exit 1
+  fi
+}
+
+function base_install()
+{
+  mkdir -p ${INSTALL_PREFIX}
+  cleanup
+  make install INSTALL_PREFIX="${INSTALL_PREFIX}"
+}
+
+function doc_install()
+{
+  DOC_DIR=${INSTALL_PREFIX}/usr/doc/openssl
+
+  mkdir -p ${DOC_DIR}
+  cp CHANGES CHANGES.SSLeay INSTALL LICENSE NEWS README ${DOC_DIR}
+
+  create_cygwin_readme
+}
+
+function create_cygwin_readme()
+{
+  README_DIR=${INSTALL_PREFIX}/usr/doc/Cygwin
+  README_FILE=${README_DIR}/openssl-${VERSION}.README
+
+  mkdir -p ${README_DIR}
+  cat > ${README_FILE} <<- EOF
+	The Cygwin version has been built using the following configure:
+
+	  ./config ${CONFIG_OPTIONS}
+
+	The IDEA, RC5 and MDC2 algorithms are disabled due to patent and/or
+	licensing issues.
+	EOF
+}
+
+function create_profile_files()
+{
+  PROFILE_DIR=${INSTALL_PREFIX}/etc/profile.d
+
+  mkdir -p $PROFILE_DIR
+  cat > ${PROFILE_DIR}/openssl.sh <<- "EOF"
+	export MANPATH="${MANPATH}:/usr/ssl/man"
+	EOF
+  cat > ${PROFILE_DIR}/openssl.csh <<- "EOF"
+	if ( $?MANPATH ) then
+	  setenv MANPATH "${MANPATH}:/usr/ssl/man"
+	else
+	  setenv MANPATH ":/usr/ssl/man"
+	endif
+	EOF
+}
+
+if [ -z "${SUBVERSION}" ]
+then
+  echo "Usage: $0 subversion"
+  exit 1
+fi
+
+if [ ! -f config ]
+then
+  echo "You must start this script in the OpenSSL toplevel source dir."
+  exit 1
+fi
+
+./config ${CONFIG_OPTIONS}
+
+get_openssl_version
+
+make || exit 1
+
+base_install
+
+doc_install
+
+create_cygwin_readme
+
+create_profile_files
+
+cd ${INSTALL_PREFIX}
+strip usr/bin/*.exe usr/bin/*.dll
+
+# Runtime package
+find etc usr/bin usr/doc usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc \
+     usr/ssl/openssl.cnf usr/ssl/private -empty -o \! -type d |
+tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 -
+# Development package
+find usr/include usr/lib usr/ssl/man/man3 -empty -o \! -type d |
+tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 -
+
+ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2
+ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2
+
+cleanup
+
+exit 0