This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_7-beta5'.

CHANGES

@@ -2,250 +2,7 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
-
-  *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
-     by using the Codenomicon TLS Test Tool (CAN-2004-0079)                    
-     [Joe Orton, Steve Henson]   
-
-  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
-     (CAN-2004-0112)
-     [Joe Orton, Steve Henson]   
-
-  *) Make it possible to have multiple active certificates with the same
-     subject in the CA index file.  This is done only if the keyword
-     'unique_subject' is set to 'no' in the main CA section (default
-     if 'CA_default') of the configuration file.  The value is saved
-     with the database itself in a separate index attribute file,
-     named like the index file with '.attr' appended to the name.
-     [Richard Levitte]
-
-  *) X509 verify fixes. Disable broken certificate workarounds when 
-     X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
-     keyUsage extension present. Don't accept CRLs with unhandled critical
-     extensions: since verify currently doesn't process CRL extensions this
-     rejects a CRL with *any* critical extensions. Add new verify error codes
-     for these cases.
-     [Steve Henson]
-
-  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
-     A clarification of RFC2560 will require the use of OCTET STRINGs and 
-     some implementations cannot handle the current raw format. Since OpenSSL
-     copies and compares OCSP nonces as opaque blobs without any attempt at
-     parsing them this should not create any compatibility issues.
-     [Steve Henson]
-
-  *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
-     calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
-     this HMAC (and other) operations are several times slower than OpenSSL
-     < 0.9.7.
-     [Steve Henson]
-
-  *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
-     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
-
-  *) Use the correct content when signing type "other".
-     [Steve Henson]
-
- Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]
-
-  *) Fix various bugs revealed by running the NISCC test suite:
-
-     Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
-     
-     Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
-
-     If verify callback ignores invalid public key errors don't try to check
-     certificate signature with the NULL public key.
-
-     [Steve Henson]
-
-  *) New -ignore_err option in ocsp application to stop the server
-     exiting on the first error in a request.
-     [Steve Henson]
-
-  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
-     if the server requested one: as stated in TLS 1.0 and SSL 3.0
-     specifications.
-     [Steve Henson]
-
-  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
-     extra data after the compression methods not only for TLS 1.0
-     but also for SSL 3.0 (as required by the specification).
-     [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
-  *) Change X509_certificate_type() to mark the key as exported/exportable
-     when it's 512 *bits* long, not 512 bytes.
-     [Richard Levitte]
-
-  *) Change AES_cbc_encrypt() so it outputs exact multiple of
-     blocks during encryption.
-     [Richard Levitte]
-
-  *) Various fixes to base64 BIO and non blocking I/O. On write 
-     flushes were not handled properly if the BIO retried. On read
-     data was not being buffered properly and had various logic bugs.
-     This also affects blocking I/O when the data being decoded is a
-     certain size.
-     [Steve Henson]
-
-  *) Various S/MIME bugfixes and compatibility changes:
-     output correct application/pkcs7 MIME type if
-     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
-     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
-     of files as .eml work). Correctly handle very long lines in MIME
-     parser.
-     [Steve Henson]
-
- Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
-
-  *) Countermeasure against the Klima-Pokorny-Rosa extension of
-     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
-     a protocol version number mismatch like a decryption error
-     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
-     [Bodo Moeller]
-
-  *) Turn on RSA blinding by default in the default implementation
-     to avoid a timing attack. Applications that don't want it can call
-     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
-     They would be ill-advised to do so in most cases.
-     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
-
-  *) Change RSA blinding code so that it works when the PRNG is not
-     seeded (in this case, the secret RSA exponent is abused as
-     an unpredictable seed -- if it is not unpredictable, there
-     is no point in blinding anyway).  Make RSA blinding thread-safe
-     by remembering the creator's thread ID in rsa->blinding and
-     having all other threads use local one-time blinding factors
-     (this requires more computation than sharing rsa->blinding, but
-     avoids excessive locking; and if an RSA object is not shared
-     between threads, blinding will still be very fast).
-     [Bodo Moeller]
-
-  *) Fixed a typo bug that would cause ENGINE_set_default() to set an
-     ENGINE as defaults for all supported algorithms irrespective of
-     the 'flags' parameter. 'flags' is now honoured, so applications
-     should make sure they are passing it correctly.
-     [Geoff Thorpe]
-
-  *) Target "mingw" now allows native Windows code to be generated in
-     the Cygwin environment as well as with the MinGW compiler.
-     [Ulf Moeller] 
-
- Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]
-
-  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
-     via timing by performing a MAC computation even if incorrrect
-     block cipher padding has been found.  This is a countermeasure
-     against active attacks where the attacker has to distinguish
-     between bad padding and a MAC verification error. (CAN-2003-0078)
-
-     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
-     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
-     Martin Vuagnoux (EPFL, Ilion)]
-
-  *) Make the no-err option work as intended.  The intention with no-err
-     is not to have the whole error stack handling routines removed from
-     libcrypto, it's only intended to remove all the function name and
-     reason texts, thereby removing some of the footprint that may not
-     be interesting if those errors aren't displayed anyway.
-
-     NOTE: it's still possible for any application or module to have it's
-     own set of error texts inserted.  The routines are there, just not
-     used by default when no-err is given.
-     [Richard Levitte]
-
-  *) Add support for FreeBSD on IA64.
-     [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454]
-
-  *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
-     Kerberos function mit_des_cbc_cksum().  Before this change,
-     the value returned by DES_cbc_cksum() was like the one from
-     mit_des_cbc_cksum(), except the bytes were swapped.
-     [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
-
-  *) Allow an application to disable the automatic SSL chain building.
-     Before this a rather primitive chain build was always performed in
-     ssl3_output_cert_chain(): an application had no way to send the 
-     correct chain if the automatic operation produced an incorrect result.
-
-     Now the chain builder is disabled if either:
-
-     1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
-
-     2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
-
-     The reasoning behind this is that an application would not want the
-     auto chain building to take place if extra chain certificates are
-     present and it might also want a means of sending no additional
-     certificates (for example the chain has two certificates and the
-     root is omitted).
-     [Steve Henson]
-
-  *) Add the possibility to build without the ENGINE framework.
-     [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
-
-  *) Under Win32 gmtime() can return NULL: check return value in
-     OPENSSL_gmtime(). Add error code for case where gmtime() fails.
-     [Steve Henson]
-
-  *) DSA routines: under certain error conditions uninitialized BN objects
-     could be freed. Solution: make sure initialization is performed early
-     enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
-     Nils Larsch <nla@trustcenter.de> via PR#459)
-     [Lutz Jaenicke]
-
-  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
-     checked on reconnect on the client side, therefore session resumption
-     could still fail with a "ssl session id is different" error. This
-     behaviour is masked when SSL_OP_ALL is used due to
-     SSL_OP_MICROSOFT_SESS_ID_BUG being set.
-     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
-     followup to PR #377.
-     [Lutz Jaenicke]
-
-  *) IA-32 assembler support enhancements: unified ELF targets, support
-     for SCO/Caldera platforms, fix for Cygwin shared build.
-     [Andy Polyakov]
-
-  *) Add support for FreeBSD on sparc64.  As a consequence, support for
-     FreeBSD on non-x86 processors is separate from x86 processors on
-     the config script, much like the NetBSD support.
-     [Richard Levitte & Kris Kennaway <kris@obsecurity.org>]
-
- Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
-
-  [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
-  OpenSSL 0.9.7.]
-
-  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
-     code (06) was taken as the first octet of the session ID and the last
-     octet was ignored consequently. As a result SSLv2 client side session
-     caching could not have worked due to the session ID mismatch between
-     client and server.
-     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
-     PR #377.
-     [Lutz Jaenicke]
-
-  *) Change the declaration of needed Kerberos libraries to use EX_LIBS
-     instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is
-     removed entirely.
-     [Richard Levitte]
-
-  *) The hw_ncipher.c engine requires dynamic locks.  Unfortunately, it
-     seems that in spite of existing for more than a year, many application
-     author have done nothing to provide the necessary callbacks, which
-     means that this particular engine will not work properly anywhere.
-     This is a very unfortunate situation which forces us, in the name
-     of usability, to give the hw_ncipher.c a static lock, which is part
-     of libcrypto.
-     NOTE: This is for the 0.9.7 series ONLY.  This hack will never
-     appear in 0.9.8 or later.  We EXPECT application authors to have
-     dealt properly with this when 0.9.8 is released (unless we actually
-     make such changes in the libcrypto locking code that changes will
-     have to be made anyway).
-     [Richard Levitte]
+ Changes between 0.9.6h and 0.9.7  [XX xxx 2002]
 
   *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
      octets have been read, EOF or an error occurs. Without this change
@@ -392,7 +149,7 @@
 	# is assumed to contain the absolute OpenSSL source directory.
 	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
 	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
-	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
 		mkdir -p `dirname $F`
 		ln -s $OPENSSL_SOURCE/$F $F
 	done
@@ -1892,11 +1649,6 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      be reduced modulo  m.
      [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
 
-#if 0
-     The following entry accidentily appeared in the CHANGES file
-     distributed with OpenSSL 0.9.7.  The modifications described in
-     it do *not* apply to OpenSSL 0.9.7.
-
   *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
      was actually never needed) and in BN_mul().  The removal in BN_mul()
      required a small change in bn_mul_part_recursive() and the addition
@@ -1905,7 +1657,6 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      bn_sub_words() and bn_add_words() except they take arrays with
      differing sizes.
      [Richard Levitte]
-#endif
 
   *) In 'openssl passwd', verify passwords read from the terminal
      unless the '-salt' option is used (which usually means that
@@ -2037,69 +1788,6 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
- Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
-
-  *) Fix various bugs revealed by running the NISCC test suite:
-
-     Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
-     
-     If verify callback ignores invalid public key errors don't try to check
-     certificate signature with the NULL public key.
-
-     [Steve Henson]
-
-  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
-     if the server requested one: as stated in TLS 1.0 and SSL 3.0
-     specifications.
-     [Steve Henson]
-
-  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
-     extra data after the compression methods not only for TLS 1.0
-     but also for SSL 3.0 (as required by the specification).
-     [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
-  *) Change X509_certificate_type() to mark the key as exported/exportable
-     when it's 512 *bits* long, not 512 bytes.
-     [Richard Levitte]
-
- Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]
-
-  *) Countermeasure against the Klima-Pokorny-Rosa extension of
-     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
-     a protocol version number mismatch like a decryption error
-     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
-     [Bodo Moeller]
-
-  *) Turn on RSA blinding by default in the default implementation
-     to avoid a timing attack. Applications that don't want it can call
-     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
-     They would be ill-advised to do so in most cases.
-     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
-
-  *) Change RSA blinding code so that it works when the PRNG is not
-     seeded (in this case, the secret RSA exponent is abused as
-     an unpredictable seed -- if it is not unpredictable, there
-     is no point in blinding anyway).  Make RSA blinding thread-safe
-     by remembering the creator's thread ID in rsa->blinding and
-     having all other threads use local one-time blinding factors
-     (this requires more computation than sharing rsa->blinding, but
-     avoids excessive locking; and if an RSA object is not shared
-     between threads, blinding will still be very fast).
-     [Bodo Moeller]
-
- Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
-
-  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
-     via timing by performing a MAC computation even if incorrrect
-     block cipher padding has been found.  This is a countermeasure
-     against active attacks where the attacker has to distinguish
-     between bad padding and a MAC verification error. (CAN-2003-0078)
-
-     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
-     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
-     Martin Vuagnoux (EPFL, Ilion)]
-
  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
 
   *) New function OPENSSL_cleanse(), which is used to cleanse a section of

Configure

@@ -10,7 +10,7 @@ use strict;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -38,7 +38,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 # --test-sanity Make a number of sanity checks on the data in this file.
 #               This is a debugging tool for OpenSSL developers.
 #
-# no-engine     do not compile in any engine code.
 # no-hw-xxx     do not compile support for specific crypto hardware.
 #               Generic OpenSSL-style methods relating to this support
 #               are always compiled but return NULL if the hardware
@@ -108,6 +107,7 @@ my $tlib="-lnsl -lsocket";
 my $bits1="THIRTY_TWO_BIT ";
 my $bits2="SIXTY_FOUR_BIT ";
 
+my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
 my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
 my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
 my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
@@ -145,10 +145,10 @@ my %table=(
 "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",		"cc:-O::(unknown)::::::",
 
 # Basic configs that should work on any (32 and less bit) box
@@ -161,25 +161,25 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### Solaris x86 with Sun C setups
 "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
@@ -203,8 +203,9 @@ my %table=(
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
 "linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# !!!Folowing can't be even tested yet!!!
+#    We have to wait till 64-bit glibc for SPARC is operational!!!
+#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
 
 # Sunos configs, assuming sparc for the gcc one.
 ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::",
@@ -216,13 +217,13 @@ my %table=(
 "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
-# './Configure irix-cc -o32' manually.
+# './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -260,24 +261,24 @@ my %table=(
 # 64bit PARISC for GCC without optimization, which seems to make problems.
 # Submitted by <ross.alexander@uk.neceur.com>
 "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# I have no idea if this one actually works, feedback needed. <appro>
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
 # with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # Isn't the line below meaningless? HP-UX cc optimizes for host by default.
 # hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
@@ -384,21 +385,18 @@ my %table=(
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc",   "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM ::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
 "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -406,7 +404,7 @@ my %table=(
 "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
 
 # QNX 4
 "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
@@ -417,36 +415,33 @@ my %table=(
 # Linux on ARM
 "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
-# SCO/Caldera targets.
-#
-# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
-# Now we only have blended unixware-* as it's the only one used by ./config.
-# If you want to optimize for particular microarchitecture, bypass ./config
-# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
-# Note that not all targets include assembler support. Mostly because of
-# lack of motivation to support out-of-date platforms with out-of-date
-# compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
-# patiently assisted to debug most of it.
-#
 # UnixWare 2.0x fails destest with -O
 "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
-# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
-"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-2.0-pentium","cc:-DFILIO_H -DNO_STRINGS_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
+# UnixWare 2.1
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+
+# UnixWare 7
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# OpenUNIX 8
+"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # IBM's AIX.
 "aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::",
+"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
 "aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
-"aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64",
 
 #
 # Cray T90 and similar (SDSC)
@@ -479,6 +474,15 @@ my %table=(
 "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
 "dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 
+# SCO 3 - Tim Rice <tim@multitalents.net>
+"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+
+# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
+# SCO cc.
+"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-Kpic", # des options?
+"sco5-cc-pentium",  "cc:-Kpentium::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
+
 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
 "ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -505,11 +509,13 @@ my %table=(
 "VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # Borland C++ 4.5
-"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32",
+"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
 "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
-# MinGW
-"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll",
+# Mingw32
+# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
+# and its library files in util/pl/*)
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 
 # UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
@@ -522,7 +528,7 @@ my %table=(
 "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
 
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
-"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
+"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown):::::::",
 "ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::",
 # K&R C is no longer supported; you need gcc on old Ultrix installations
 ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
@@ -561,8 +567,6 @@ my %table=(
 "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
 "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
 "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
-"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:",
 
 ##### Compaq Non-Stop Kernel (Tandem)
 "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
@@ -653,7 +657,6 @@ my $openssl_thread_defines;
 my $openssl_sys_defines="";
 my $openssl_other_defines;
 my $libs;
-my $libkrb5="";
 my $target;
 my $options;
 my $symlink;
@@ -694,11 +697,6 @@ PROCESS_ARGS:
 			$flags .= "-DOPENSSL_NO_ASM ";
 			$openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
 			}
-		elsif (/^no-err$/)
-		 	{
-			$flags .= "-DOPENSSL_NO_ERR ";
-			$openssl_other_defines .= "#define OPENSSL_NO_ERR\n";
-			}
 		elsif (/^no-hw-(.+)$/)
 			{
 			my $hw=$1;
@@ -959,8 +957,6 @@ my $shared_extension = $fields[$idx_shared_extension];
 my $ranlib = $fields[$idx_ranlib];
 my $arflags = $fields[$idx_arflags];
 
-my $no_shared_warn=0;
-
 $cflags="$flags$cflags" if ($flags ne "");
 
 # Kerberos settings.  The flavor must be provided from outside, either through
@@ -1021,7 +1017,7 @@ else
 			}
 		}
 	$withargs{"krb5-lib"} .= " -lresolv"
-		if ("$lresolv" ne "");
+		if ("$lresolv");
 	$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
 		if $withargs{"krb5-include"} eq "" &&
 		   $withargs{"krb5-dir"} ne "";
@@ -1080,7 +1076,7 @@ else
 #		}
 	}	
 
-$lflags="$libs$lflags" if ($libs ne "");
+$lflags="$libs$lflags"if ($libs ne "");
 
 if ($no_asm)
 	{
@@ -1088,11 +1084,6 @@ if ($no_asm)
 	$sha1_obj=$md5_obj=$rmd160_obj="";
 	}
 
-if (!$no_shared)
-	{
-	$cast_obj="";	# CAST assembler is not PIC
-	}
-
 if ($threads)
 	{
 	$cflags=$thread_cflags;
@@ -1108,17 +1099,20 @@ if ($zlib)
 
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
 my $shared_mark = "";
-if ($shared_target eq "")
-	{
-	$no_shared_warn = 1 if !$no_shared;
-	$no_shared = 1;
-	}
-if (!$no_shared)
+if ($shared_target ne "")
 	{
 	if ($shared_cflag ne "")
 		{
 		$cflags = "$shared_cflag $cflags";
 		}
+	if (!$no_shared)
+		{
+		#$shared_mark = "\$(SHARED_LIBS)";
+		}
+	}
+else
+	{
+	$no_shared = 1;
 	}
 
 if ($sys_id ne "")
@@ -1292,6 +1286,8 @@ print "ARFLAGS       =$arflags\n";
 print "PERL          =$perl\n";
 print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
 	if $withargs{"krb5-include"} ne "";
+print "LIBKRB5       =",$withargs{"krb5-lib"},"\n"
+	if $withargs{"krb5-lib"} ne "";
 
 my $des_ptr=0;
 my $des_risc1=0;
@@ -1518,16 +1514,6 @@ applications as the compiler options required on this system are not known.
 See file INSTALL for details if you need multi-threading.
 EOF
 
-print <<\EOF if ($no_shared_warn);
-
-You gave the option 'shared'.  Normally, that would give you shared libraries.
-Unfortunately, the OpenSSL configuration doesn't include shared library support
-for this platform yet, so it will pretend you gave the option 'no-shared'.  If
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-libraries on this platform, they will at least look at it and try their best
-(but please first make sure you have tried with a current version of OpenSSL).
-EOF
-
 exit(0);
 
 sub usage

FAQ

@@ -44,8 +44,6 @@ OpenSSL  -  Frequently Asked Questions
 * What is special about OpenSSL on Redhat?
 * Why does the OpenSSL compilation fail on MacOS X?
 * Why does the OpenSSL test suite fail on MacOS X?
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
 
 [PROG] Questions about programming with OpenSSL
 
@@ -68,7 +66,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7d was released on March 17, 2004.
+OpenSSL 0.9.6h was released on December 5, 2002.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -116,14 +114,11 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from
 
 * Where can I get a compiled version of OpenSSL?
 
-You can finder pointers to binary distributions in
-http://www.openssl.org/related/binaries.html .
-
 Some applications that use OpenSSL are distributed in binary form.
 When using such an application, you don't need to install OpenSSL
 yourself; the application will include the required parts (e.g. DLLs).
 
-If you want to build OpenSSL on a Windows system and you don't have
+If you want to install OpenSSL on a Windows system and you don't have
 a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.
 
@@ -192,30 +187,18 @@ for permission to use their software with OpenSSL.
 
 Cryptographic software needs a source of unpredictable data to work
 correctly.  Many open source operating systems provide a "randomness
-device" (/dev/urandom or /dev/random) that serves this purpose.
-All OpenSSL versions try to use /dev/urandom by default; starting with
-version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
-available.
+device" that serves this purpose.  On other systems, applications have
+to call the RAND_add() or RAND_seed() function with appropriate data
+before generating keys or performing public key encryption.
+(These functions initialize the pseudo-random number generator, PRNG.)
 
-On other systems, applications have to call the RAND_add() or
-RAND_seed() function with appropriate data before generating keys or
-performing public key encryption. (These functions initialize the
-pseudo-random number generator, PRNG.)  Some broken applications do
-not do this.  As of version 0.9.5, the OpenSSL functions that need
-randomness report an error if the random number generator has not been
-seeded with at least 128 bits of randomness.  If this error occurs and
-is not discussed in the documentation of the application you are
-using, please contact the author of that application; it is likely
-that it never worked correctly.  OpenSSL 0.9.5 and later make the
-error visible by refusing to perform potentially insecure encryption.
-
-If you are using Solaris 8, you can add /dev/urandom and /dev/random
-devices by installing patch 112438 (Sparc) or 112439 (x86), which are
-available via the Patchfinder at <URL: http://sunsolve.sun.com>
-(Solaris 9 includes these devices by default). For /dev/random support
-for earlier Solaris versions, see Sun's statement at
-<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
-(the SUNWski package is available in patch 105710).
+Some broken applications do not do this.  As of version 0.9.5, the
+OpenSSL functions that need randomness report an error if the random
+number generator has not been seeded with at least 128 bits of
+randomness.  If this error occurs, please contact the author of the
+application you are using.  It is likely that it never worked
+correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+to perform potentially insecure encryption.
 
 On systems without /dev/urandom and /dev/random, it is a good idea to
 use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
@@ -248,6 +231,18 @@ OpenSSL command line tools. Applications using the OpenSSL library
 provide their own configuration options to specify the entropy source,
 please check out the documentation coming the with application.
 
+For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+installing the SUNski package from Sun patch 105710-01 (Sparc) which
+adds a /dev/random device and make sure it gets used, usually through
+$RANDFILE.  There are probably similar patches for the other Solaris
+versions.  An official statement from Sun with respect to /dev/random
+support can be found at
+  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
+However, be warned that /dev/random is usually a blocking device, which
+may have some effects on OpenSSL.
+A third party /dev/random solution for Solaris is available at
+  http://www.cosy.sbg.ac.at/~andi/
+
 
 * Why do I get an "unable to write 'random state'" error message?
 
@@ -493,13 +488,10 @@ and then redo the compilation.  What you should really do is make sure
 Sometimes, you may get reports from VC++ command line (cl) that it
 can't find standard include files like stdio.h and other weirdnesses.
 One possible cause is that the environment isn't correctly set up.
-To solve that problem for VC++ versions up to 6, one should run
-VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
-installation directory (somewhere under 'Program Files').  For VC++
-version 7 (and up?), which is also called VS.NET, the file is called
-VSVARS32.BAT instead.
-This needs to be done prior to running NMAKE, and the changes are only
-valid for the current DOS session.
+To solve that problem, one should run VCVARS32.BAT which is found in
+the 'bin' subdirectory of the VC++ installation directory (somewhere
+under 'Program Files').  This needs to be done prior to running NMAKE,
+and the changes are only valid for the current DOS session.
 
 
 * What is special about OpenSSL on Redhat?
@@ -560,37 +552,6 @@ libraries you just built.
 Look in the file PROBLEMS for a more detailed explanation and for possible
 solutions.
 
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-
-Failure in BN_sqr test is most likely caused by a failure to configure the
-toolkit for current platform or lack of support for the platform in question.
-Run './config -t' and './apps/openssl version -p'. Do these platform
-identifiers match? If they don't, then you most likely failed to run
-./config and you're hereby advised to do so before filing a bug report.
-If ./config itself fails to run, then it's most likely problem with your
-local environment and you should turn to your system administrator (or
-similar). If identifiers match (and/or no alternative identifier is
-suggested by ./config script), then the platform is unsupported. There might
-or might not be a workaround. Most notably on SPARC64 platforms with GNU
-C compiler you should be able to produce a working build by running
-'./config -m32'. I understand that -m32 might not be what you want/need,
-but the build should be operational. For further details turn to
-<openssl-dev@openssl.org>.
-
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-
-As of 0.9.7 assembler routines were overhauled for position independence
-of the machine code, which is essential for shared library support. For
-some reason OpenBSD is equipped with an out-of-date GNU assembler which
-finds the new code offensive. To work around the problem, configure with
-no-asm (and sacrifice a great deal of performance) or patch your assembler
-according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
-For your convenience a pre-compiled replacement binary is provided at
-<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
-Reportedly elder *BSD a.out platforms also suffer from this problem and
-remedy should be same. Provided binary is statically linked and should be
-working across wider range of *BSD branches, not just OpenBSD.
-
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?
@@ -735,7 +696,6 @@ The general answer is to check the config.log file generated when running
 the OpenSSH configure script. It should contain the detailed information
 on why the OpenSSL library was not detected or considered incompatible.
 
-
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 
 Yes; make sure to read the SSL_get_error(3) manual page!

INSTALL

@@ -140,8 +140,8 @@
      standard headers).  If it is a problem with OpenSSL itself, please
      report the problem to <openssl-bugs@openssl.org> (note that your
      message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/support/rt2.html and will be forwarded to a
-     public mailing list). Include the output of "make report" in your message.
+     via http://www.openssl.org/rt2.html and will be forwarded to a public
+     mailing list). Include the output of "make report" in your message.
      Please check out the request tracker. Maybe the bug was already
      reported or has already been fixed.
 
@@ -158,11 +158,11 @@
      If a test fails, look at the output.  There may be reasons for
      the failure that isn't a problem in OpenSSL itself (like a missing
      or malfunctioning bc).  If it is a problem with OpenSSL itself,
-     try removing any compiler optimization flags from the CFLAG line
+     try removing any compiler optimization flags from the CFLAGS line
      in Makefile.ssl and run "make clean; make". Please send a bug
      report to <openssl-bugs@openssl.org>, including the output of
      "make report" in order to be added to the request tracker at
-     http://www.openssl.org/support/rt2.html.
+     http://www.openssl.org/rt2.html.
 
   4. If everything tests ok, install OpenSSL with
 
@@ -308,25 +308,3 @@
  to install additional support software to obtain random seed.
  Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
  and the FAQ for more information.
-
- Note on support for multiple builds
- -----------------------------------
-
- OpenSSL is usually built in it's source tree.  Unfortunately, this doesn't
- support building for multiple platforms from the same source tree very well.
- It is however possible to build in a separate tree through the use of lots
- of symbolic links, which should be prepared like this:
-
-	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
-	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
-	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
-		mkdir -p `dirname $F`
-		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
-		echo $F '->' $OPENSSL_SOURCE/$F
-	done
-	make -f Makefile.org clean
-
- OPENSSL_SOURCE is an environment variable that contains the absolute (this
- is important!) path to the OpenSSL source tree.
-
- Also, operations like 'make update' should still be made in the source tree.

INSTALL.W32

@@ -10,20 +10,13 @@
 
  You need Perl for Win32.  Unless you will build on Cygwin, you will need
  ActiveState Perl, available from http://www.activestate.com/ActivePerl.
+ For Cygwin users, there's more info in the Cygwin section.
 
  and one of the following C compilers:
 
   * Visual C++
   * Borland C
-  * GNU C (Cygwin or MinGW)
-
- If you are compiling from a tarball or a CVS snapshot then the Win32 files
- may well be not up to date. This may mean that some "tweaking" is required to
- get it all to work. See the trouble shooting section later on for if (when?)
- it goes wrong.
-
- Visual C++
- ----------
+  * GNU C (Mingw32 or Cygwin)
 
  If you want to compile in the assembly language routines with Visual C++ then
  you will need an assembler. This is worth doing because it will result in
@@ -33,19 +26,26 @@
   * Microsoft MASM (aka "ml")
   * Free Netwide Assembler NASM.
 
- MASM is distributed with most versions of VC++. For the versions where it is
- not included in VC++, it is also distributed with some Microsoft DDKs, for
- example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have
- either of these DDKs then you can just download the binaries for the Windows
- 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to
- ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be
- downloaded from the Microsoft developers site www.msdn.com.
+ MASM was at one point distributed with VC++. It is now distributed with some
+ Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If
+ you do not have either of these DDKs then you can just download the binaries
+ for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and
+ XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both
+ DDKs can be downloaded from the Microsoft developers site www.msdn.com.
 
  NASM is freely available. Version 0.98 was used during testing: other versions
  may also work. It is available from many places, see for example:
  http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
  The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
 
+ If you are compiling from a tarball or a CVS snapshot then the Win32 files
+ may well be not up to date. This may mean that some "tweaking" is required to
+ get it all to work. See the trouble shooting section later on for if (when?)
+ it goes wrong.
+
+ Visual C++
+ ----------
+
  Firstly you should run Configure:
 
  > perl Configure VC-WIN32
@@ -119,72 +119,18 @@
  * Run make:
    > make -f bcb.mak
 
- GNU C (Cygwin)
- --------------
+ GNU C (Mingw32)
+ ---------------
 
- Cygwin provides a bash shell and GNU tools environment running
- on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP.
- Consequently, a make of OpenSSL with Cygwin is closer to a GNU
- bash environment such as Linux than to other the other Win32
- makes.
-
- Cygwin implements a Posix/Unix runtime system (cygwin1.dll).
- It is also possible to create Win32 binaries that only use the
- Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
- MinGW. MinGW can be used in the Cygwin development environment
- or in a standalone setup as described in the following section.
-
- To build OpenSSL using Cygwin:
-
- * Install Cygwin (see http://cygwin.com/)
-
- * Install Perl and ensure it is in the path. Both Cygwin perl
-   (5.6.1-2 or newer) and ActivePerl work.
-
- * Run the Cygwin bash shell
-
- * $ tar zxvf openssl-x.x.x.tar.gz
-   $ cd openssl-x.x.x
-
-   To build the Cygwin version of OpenSSL:
-
-   $ ./config
-   [...]
-   $ make
-   [...]
-   $ make test
-   $ make install
-
-   This will create a default install in /usr/local/ssl.
-
-   To build the MinGW version (native Windows) in Cygwin:
-
-   $ ./Configure mingw
-   [...]
-   $ make
-   [...]
-   $ make test
-   $ make install
-
- Cygwin Notes:
-
- "make test" and normal file operations may fail in directories
- mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
- stripping of carriage returns. To avoid this ensure that a binary
- mount is used, e.g. mount -b c:\somewhere /home.
-
- "bc" is not provided in older Cygwin distribution.  This causes a
- non-fatal error in "make test" but is otherwise harmless.  If
- desired and needed, GNU bc can be built with Cygwin without change.
-
- GNU C (MinGW)
- -------------
+ To build OpenSSL, you need the Mingw32 package and GNU make.
 
  * Compiler installation:
 
-   MinGW is available from http://www.mingw.org. Run the installer and
-   set the MinGW bin directory to the PATH in "System Properties" or
-   autoexec.bat.
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
+   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. Extract it
+   to a directory such as C:\gcc-2.95.2 and add c:\gcc-2.95.2\bin to
+   the PATH environment variable in "System Properties"; or edit and
+   run C:\gcc-2.95.2\mingw32.bat to set the PATH.
 
  * Compile OpenSSL:
 
@@ -206,6 +152,49 @@
    > cd out
    > ..\ms\test
 
+ GNU C (Cygwin)
+ --------------
+
+ Cygwin provides a bash shell and GNU tools environment running
+ on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP.
+ Consequently, a make of OpenSSL with Cygwin is closer to a GNU
+ bash environment such as Linux than to other W32 makes which are
+ based on a single makefile approach. Cygwin implements Posix/Unix
+ calls through cygwin1.dll, and is contrasted to Mingw32 which links
+ dynamically to msvcrt.dll or crtdll.dll.
+
+ To build OpenSSL using Cygwin:
+
+ * Install Cygwin (see http://cygwin.com/)
+
+ * Install Perl and ensure it is in the path (recent Cygwin perl 
+   (version 5.6.1-2 of the latter has been reported to work) or
+   ActivePerl)
+
+ * Run the Cygwin bash shell
+
+ * $ tar zxvf openssl-x.x.x.tar.gz
+   $ cd openssl-x.x.x
+   $ ./config
+   [...]
+   $ make
+   [...]
+   $ make test
+   $ make install
+
+ This will create a default install in /usr/local/ssl.
+
+ Cygwin Notes:
+
+ "make test" and normal file operations may fail in directories
+ mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
+ stripping of carriage returns. To avoid this ensure that a binary
+ mount is used, e.g. mount -b c:\somewhere /home.
+
+ "bc" is not provided in older Cygwin distribution.  This causes a
+ non-fatal error in "make test" but is otherwise harmless.  If
+ desired and needed, GNU bc can be built with Cygwin without change.
+
 
  Installation
  ------------
@@ -225,7 +214,7 @@
 	$ md c:\openssl\lib
 	$ md c:\openssl\include
 	$ md c:\openssl\include\openssl
-	$ copy /b inc32\openssl\*       c:\openssl\include\openssl
+	$ copy /b inc32\*               c:\openssl\include\openssl
 	$ copy /b out32dll\ssleay32.lib c:\openssl\lib
 	$ copy /b out32dll\libeay32.lib c:\openssl\lib
 	$ copy /b out32dll\ssleay32.dll c:\openssl\bin

LICENSE

@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

MacOS/GetHTTPS.src/CPStringUtils.cpp

@@ -2750,4 +2750,4 @@ void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL)
 			}
 		}
 	}
-}
+}

MacOS/GetHTTPS.src/ErrorHandling.cpp

@@ -167,4 +167,4 @@ void ThrowErrorMessageException(void)
 	ThrowDescriptiveException(gErrorMessage);
 }
 
-#endif
+#endif

Makefile.org

@@ -15,11 +15,6 @@ OPTIONS=
 CONFIGURE_ARGS=
 SHLIB_TARGET=
 
-# HERE indicates where this Makefile lives.  This can be used to indicate
-# where sub-Makefiles are expected to be.  Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
 # INSTALL_PREFIX is for package builders so that they can configure
 # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
 # Normally it is left empty.
@@ -72,14 +67,6 @@ TAR= tar
 TARFLAGS= --no-recursion
 MAKEDEPPROG=makedepend
 
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
 #BN_ASM= bn_asm.o
@@ -194,7 +181,6 @@ MAKE=     make -f Makefile.ssl
 MANDIR=$(OPENSSLDIR)/man
 MAN1=1
 MAN3=3
-MANSUFFIX=
 SHELL=/bin/sh
 
 TOP=    .
@@ -226,7 +212,7 @@ sub_all:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -279,45 +265,39 @@ do_bsd-gcc-shared: do_gnu-shared
 do_linux-shared: do_gnu-shared
 do_gnu-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-		libs="$(LIBKRB5) $$libs"; \
-	fi; \
 	( set -x; ${CC} ${SHARED_LDFLAGS} \
 		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="-l$$i $$libs"; \
+	libs="$$libs -l$$i"; \
 	done
 
-DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+	[ -n "$$my_ld" ] && \
+	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
 
 # For Darwin AKA Mac OS/X (dyld)
 do_darwin-shared: 
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-		libs="$(LIBKRB5) $$libs"; \
-	fi; \
-	( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
 		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
 		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
-	libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
+	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
 	echo "" ; \
 	done
 
 do_cygwin-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-		libs="$(LIBKRB5) $$libs"; \
-	fi; \
 	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--out-implib,lib$$i.dll.a \
 		-Wl,--no-whole-archive $$libs ) || exit 1; \
-	libs="-l$$i $$libs"; \
+	libs="$$libs -l$$i"; \
 	done
 
 # This assumes that GNU utilities are *not* used
@@ -326,14 +306,11 @@ do_alpha-osf1-shared:
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-			libs="$(LIBKRB5) $$libs"; \
-		fi; \
 		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-		libs="-l$$i $$libs"; \
+		libs="$$libs -l$$i"; \
 		done; \
 	fi
 
@@ -345,14 +322,11 @@ do_tru64-shared:
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-			libs="$(LIBKRB5) $$libs"; \
-		fi; \
 		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -msym -o lib$$i.so \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-		libs="-l$$i $$libs"; \
+		libs="$$libs -l$$i"; \
 		done; \
 	fi
 
@@ -364,15 +338,12 @@ do_tru64-shared-rpath:
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-			libs="$(LIBKRB5) $$libs"; \
-		fi; \
 		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -msym -o lib$$i.so \
 			-rpath  ${INSTALLTOP}/lib \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-		libs="-l$$i $$libs"; \
+		libs="$$libs -l$$i"; \
 		done; \
 	fi
 
@@ -383,18 +354,12 @@ do_solaris-shared:
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-			libs="$(LIBKRB5) $$libs"; \
-		fi; \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-		  MINUSZ='-z '; \
-		  (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
-			-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		  set -x; ${CC} ${SHARED_LDFLAGS} \
+			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
-			$$libs ${EX_LIBS} -lc ) || exit 1; \
-		libs="-l$$i $$libs"; \
+			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="$$libs -l$$i"; \
 		done; \
 	fi
 
@@ -404,20 +369,16 @@ do_svr3-shared:
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-			libs="$(LIBKRB5) $$libs"; \
-		fi; \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
+		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
 		  done ; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
-			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
-		libs="-l$$i $$libs"; \
+		libs="$$libs -l$$i"; \
 		done; \
 	fi
 
@@ -427,23 +388,17 @@ do_svr5-shared:
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-			libs="$(LIBKRB5) $$libs"; \
-		fi; \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-		  SHARE_FLAG='-G'; \
-		  (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
+		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
 		  done ; \
-		  set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
-			${CC} ${SHARED_LDFLAGS} \
-			$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		  set -x; ${CC} ${SHARED_LDFLAGS} \
+			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
-		libs="-l$$i $$libs"; \
+		libs="$$libs -l$$i"; \
 		done; \
 	fi
 
@@ -453,16 +408,11 @@ do_irix-shared:
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-			libs="$(LIBKRB5) $$libs"; \
-		fi; \
-		( WHOLELIB="-all lib$$i.a -notall"; \
-		  (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			$${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
-		libs="-l$$i $$libs"; \
+			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+		libs="$$libs -l$$i"; \
 		done; \
 	fi
 
@@ -479,9 +429,6 @@ do_irix-shared:
 #
 do_hpux-shared:
 	for i in ${SHLIBDIRS}; do \
-	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-		libs="$(LIBKRB5) $$libs"; \
-	fi; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
  		+vnocompatwarnings \
 		-b -z +s \
@@ -502,9 +449,6 @@ do_hpux-shared:
 #
 do_hpux64-shared:
 	for i in ${SHLIBDIRS}; do \
-	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-		libs="$(LIBKRB5) $$libs"; \
-	fi; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
  		-b -z \
 		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -547,24 +491,17 @@ SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
 SHAREDCMD=$(CC)
 do_aix-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-		libs="$(LIBKRB5) $$libs"; \
-	fi; \
 	( set -x; \
-	  ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
+	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
 	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
-	    $(SHAREDCMD) $(SHAREDFLAGS) \
-		-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
+	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
 		$$libs ${EX_LIBS} ) ) \
 	|| exit 1; \
-	libs="-l$$i $$libs"; \
+	libs="$$libs -l$$i"; \
 	done
 
 do_reliantunix-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-		libs="$(LIBKRB5) $$libs"; \
-	fi; \
 	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
 	( set -x; \
 	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
@@ -574,10 +511,10 @@ do_reliantunix-shared:
 	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
 	) || exit 1; \
 	rm -rf $$tmpdir ; \
-	libs="-l$$i $$libs"; \
+	libs="$$libs -l$$i"; \
 	done
 
-openssl.pc: Makefile.ssl
+openssl.pc:
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
 	    echo 'exec_prefix=$${prefix}'; \
 	    echo 'libdir=$${exec_prefix}/lib'; \
@@ -587,8 +524,8 @@ openssl.pc: Makefile.ssl
 	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
 	    echo 'Version: '$(VERSION); \
 	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir}' ) > openssl.pc
 
 Makefile.ssl: Makefile.org
 	@echo "Makefile.ssl is older than Makefile.org."
@@ -596,10 +533,10 @@ Makefile.ssl: Makefile.org
 	@false
 
 libclean:
-	rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
+	rm -f *.a */lib */*/lib
 
-clean:	libclean
-	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
+clean:
+	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
 	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
@@ -609,7 +546,7 @@ clean:	libclean
 	fi; \
 	done;
 	rm -f openssl.pc
-	rm -f speed.* .pure
+	rm -f *.a *.o speed.* *.map *.so .pure core
 	rm -f $(TARFILE)
 	@for i in $(ONEDIRS) ;\
 	do \
@@ -659,11 +596,9 @@ rehash: rehash.time
 rehash.time: certs
 	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
 		export OPENSSL OPENSSL_DEBUG_MEMORY; \
-		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
-		LIBPATH="`pwd`:$$LIBPATH"; \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		if [ "$(PLATFORM)" == "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" != "Cygwin" ];  then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		$(PERL) tools/c_rehash certs)
 	touch rehash.time
@@ -673,13 +608,11 @@ test:   tests
 tests: rehash
 	@(cd test && echo "testing..." && \
 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
-	@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-	DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-	SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
-	LIBPATH="`pwd`:$$LIBPATH"; \
-	if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
-	export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
-	apps/openssl version -a
+	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		if [ "$(PLATFORM)" == "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" != "Cygwin" ];  then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		apps/openssl version -a
 
 report:
 	@$(PERL) util/selftest.pl
@@ -773,7 +706,7 @@ dist_pem_h:
 install: all install_docs
 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkginfo \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
@@ -798,7 +731,7 @@ install: all install_docs
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi; \
 	done;
 	@if [ -n "$(SHARED_LIBS)" ]; then \
@@ -810,15 +743,15 @@ install: all install_docs
 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
-					c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+					c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
 			fi; \
 		done; \
@@ -826,15 +759,8 @@ install: all install_docs
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
 			set $(MAKE); \
 			$$1 -f $$here/Makefile link-shared ); \
-		if [ "$(INSTALLTOP)" != "/usr" ]; then \
-			echo 'OpenSSL shared libraries have been installed in:'; \
-			echo '  $(INSTALLTOP)'; \
-			echo ''; \
-			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
-		fi; \
 	fi
-	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
+	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkginfo
 
 install_docs:
 	@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -843,44 +769,33 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
-	here="`pwd`"; \
-	filecase=; \
-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
-		filecase=-i; \
-	fi; \
 	for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+		echo "installing man$$sec/$$fn.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
 		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			grep -v $$filecase "^$$fn\$$" | \
-			grep -v "[	]" | \
-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
-			 while read n; do \
-				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-			 done); \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+		$(PERL) util/extract-names.pl < $$i | grep -v "^$$fn" | \
+			while read n; do \
+				util/point.sh $$fn.$$sec $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$n.$$sec; \
+			done; \
 	done; \
 	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+		echo "installing man$$sec/$$fn.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
 		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			grep -v $$filecase "^$$fn\$$" | \
-			grep -v "[	]" | \
-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
-			 while read n; do \
-				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-			 done); \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+		$(PERL) util/extract-names.pl < $$i | grep -v "^$$fn" | \
+			while read n; do \
+				util/point.sh $$fn.$$sec $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$n.$$sec; \
+			done; \
 	done
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.

NEWS

@@ -5,43 +5,6 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
-
-      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
-      o Security: Fix null-pointer assignment in do_change_cipher_spec()
-      o Allow multiple active certificates with same subject in CA index
-      o Multiple X590 verification fixes
-      o Speed up HMAC and other operations
-
-  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
-
-      o Security: fix various ASN1 parsing bugs.
-      o New -ignore_err option to OCSP utility.
-      o Various interop and bug fixes in S/MIME code.
-      o SSL/TLS protocol fix for unrequested client certificates.
-
-  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
-
-      o Security: counter the Klima-Pokorny-Rosa extension of
-        Bleichbacher's attack 
-      o Security: make RSA blinding default.
-      o Configuration: Irix fixes, AIX fixes, better mingw support.
-      o Support for new platforms: linux-ia64-ecc.
-      o Build: shared library support fixes.
-      o ASN.1: treat domainComponent correctly.
-      o Documentation: fixes and additions.
-
-  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
-
-      o Security: Important security related bugfixes.
-      o Enhanced compatibility with MIT Kerberos.
-      o Can be built without the ENGINE framework.
-      o IA32 assembler enhancements.
-      o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
-      o Configuration: the no-err option now works properly.
-      o SSL/TLS: now handles manual certificate chain building.
-      o SSL/TLS: certain session ID malfunctions corrected.
-
   Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
 
       o New library section OCSP.
@@ -55,14 +18,11 @@
       o New elliptic curve library section.
       o New AES (Rijndael) library section.
       o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
-        Linux x86_64, Linux 64-bit on Sparc v9
+        Linux x86_64
       o Extended support for some platforms: VxWorks
       o Enhanced support for shared libraries.
-      o Now only builds PIC code when shared library support is requested.
       o Support for pkg-config.
       o Lots of new manuals.
-      o Makes symbolic links to or copies of manuals to cover all described
-        functions.
       o Change DES API to clean up the namespace (some applications link also
         against libdes providing similar functions having the same name).
         Provide macros for backward compatibility (will be removed in the
@@ -88,22 +48,6 @@
       o SSL/TLS: add callback to retrieve SSL/TLS messages.
       o SSL/TLS: support AES cipher suites (RFC3268).
 
-  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
-
-      o Security: fix various ASN1 parsing bugs.
-      o SSL/TLS protocol fix for unrequested client certificates.
-
-  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
-
-      o Security: counter the Klima-Pokorny-Rosa extension of
-        Bleichbacher's attack 
-      o Security: make RSA blinding default.
-      o Build: shared library support fixes.
-
-  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
-
-      o Important security related bugfixes.
-
   Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
 
       o New configuration targets for Tandem OSS and A/UX.

PROBLEMS

@@ -62,70 +62,3 @@ What happens is that gcc might optimize a little too agressively, and
 you end up with an extra incrementation when *header != '4'.
 
 We recommend that you upgrade gcc to as high a 3.x version as you can.
-
-* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
-
-As subject suggests SHA-1 might perform poorly (4 times slower)
-if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
-this seems to be the fact that compiler emits multiplication to
-perform shift operations:-( To work the problem around configure
-with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
-
-* Problems with hp-parisc2-cc target when used with "no-asm" flag
-
-When using the hp-parisc2-cc target, wrong bignum code is generated.
-This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
-aggressive optimization.
-The problem manifests itself by the BN_kronecker test hanging in an
-endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
-which itself hangs. The reason could be tracked down to the bn_mul_comba8()
-function in bn_asm.c. At some occasions the higher 32bit value of r[7]
-is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
-as no debugger support possible at +O3 and additional fprintf()'s
-introduced fixed the bug, therefore it is most likely a bug in the
-optimizer.
-The bug was found in the BN_kronecker test but may also lead to
-failures in other parts of the code.
-(See Ticket #426.)
-
-Workaround: modify the target to +O2 when building with no-asm.
-
-* Poor support for AIX shared builds.
-
-do_aix-shared rule is not flexible enough to parameterize through a
-config-line. './Configure aix43-cc shared' is working, but not
-'./Configure aix64-gcc shared'. In latter case make fails to create shared
-libraries. It's possible to build 64-bit shared libraries by running
-'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
-supporting even gcc shared builds. See RT#463 for background information.
-
-* Problems building shared libraries on SCO OpenServer Release 5.0.6
-  with gcc 2.95.3
-
-The symptoms appear when running the test suite, more specifically
-test/ectest, with the following result:
-
-OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
-ectest.c:186: ABORT
-
-The cause of the problem seems to be that isxdigit(), called from
-BN_hex2bn(), returns 0 on a perfectly legitimate hex digit.  Further
-investigation shows that any of the isxxx() macros return 0 on any
-input.  A direct look in the information array that the isxxx() use,
-called __ctype, shows that it contains all zeroes...
-
-Taking a look at the newly created libcrypto.so with nm, one can see
-that the variable __ctype is defined in libcrypto's .bss (which
-explains why it is filled with zeroes):
-
-$ nm -Pg libcrypto.so | grep __ctype
-__ctype B 0011659c
-__ctype2 U         
-
-Curiously, __ctype2 is undefined, in spite of being declared in
-/usr/include/ctype.h in exactly the same way as __ctype.
-
-Any information helping to solve this issue would be deeply
-appreciated.
-
-NOTE: building non-shared doesn't come with this problem.

README

@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.7d 17 Mar 2004
+ OpenSSL 0.9.7-beta5  5 Dec 2002
 
- Copyright (c) 1998-2004 The OpenSSL Project
+ Copyright (c) 1998-2002 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

STATUS

@@ -1,20 +1,15 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2004/03/17 12:01:16 $
+  ______________                           $Date: 2002/12/05 22:51:17 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
-    o  OpenSSL 0.9.7d: Released on March     17th, 2004
-    o  OpenSSL 0.9.7c: Released on September 30th, 2003
-    o  OpenSSL 0.9.7b: Released on April     10th, 2003
-    o  OpenSSL 0.9.7a: Released on February  19th, 2003
-    o  OpenSSL 0.9.7:  Released on December  31st, 2002
-    o  OpenSSL 0.9.6m: Released on March     17th, 2004
-    o  OpenSSL 0.9.6l: Released on November   4th, 2003
-    o  OpenSSL 0.9.6k: Released on September 30th, 2003
-    o  OpenSSL 0.9.6j: Released on April     10th, 2003
-    o  OpenSSL 0.9.6i: Released on February  19th, 2003
+    o  OpenSSL 0.9.7-beta5: Released on December  5th, 2002
+    o  OpenSSL 0.9.7-beta4: Released on November 19th, 2002
+    o  OpenSSL 0.9.7-beta3: Released on July     30th, 2002
+    o  OpenSSL 0.9.7-beta2: Released on June     16th, 2002
+    o  OpenSSL 0.9.7-beta1: Released on June      1st, 2002
     o  OpenSSL 0.9.6h: Released on December   5th, 2002
     o  OpenSSL 0.9.6g: Released on August     9th, 2002
     o  OpenSSL 0.9.6f: Released on August     8th, 2002
@@ -36,7 +31,20 @@
 
   RELEASE SHOWSTOPPERS
 
-    o 
+    o BN_mod_mul verification fails for mips3-sgi-irix
+      unless configured with no-asm
+
+    o [2002-11-21]
+      PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may
+      be optimized away in modern compilers.  This is definitely not good
+      and needs to be fixed immediately.  The formula to use is presented
+      in:
+
+      http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0
+
+      The problem report that mentions this is:
+
+      https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343
 
   AVAILABLE PATCHES
 
@@ -59,8 +67,9 @@
 	UTIL (a new set of library functions to support some higher level
 	      functionality that is currently missing).
 	Shared library support for VMS.
-	Kerberos 5 authentication (Heimdal)
+	Kerberos 5 authentication
 	Constification
+	OCSP
 
   NEEDS PATCH
 

TABLE

@@ -32,7 +32,7 @@ $unistd       =
 $thread_cflag = 
 $sys_id       = WIN32
 $lflags       = 
-$bn_ops       = BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN
+$bn_ops       = BN_LLONG DES_PTR RC4_INDEX
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -225,56 +225,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
-*** FreeBSD-ia64
-$cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = 
-$lflags       = 
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
-$bn_obj       = asm/ia64-cpp.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
-*** FreeBSD-sparc64
-$cc           = gcc
-$cflags       = -DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
-$unistd       = 
-$thread_cflag = -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE
-$sys_id       = 
-$lflags       = 
-$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= bsd-gcc-shared
-$shared_cflag = -fPIC
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** MPE/iX-gcc
 $cc           = gcc
 $cflags       = -D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB
@@ -300,6 +250,31 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
+*** Mingw32
+$cc           = gcc
+$cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
 *** NetBSD-m68
 $cc           = gcc
 $cflags       = -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
@@ -708,15 +683,15 @@ $thread_cflag = -Kthread
 $sys_id       = 
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
-$bf_obj       = asm/bx86-elf.o
-$md5_obj      = asm/mx86-elf.o
-$sha1_obj     = asm/sx86-elf.o
-$cast_obj     = asm/cx86-elf.o
-$rc4_obj      = asm/rx86-elf.o
-$rmd160_obj   = asm/rm86-elf.o
-$rc5_obj      = asm/r586-elf.o
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= svr5-shared
 $shared_cflag = -Kpic
@@ -733,15 +708,15 @@ $thread_cflag = -pthread
 $sys_id       = 
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
-$bf_obj       = asm/bx86-elf.o
-$md5_obj      = asm/mx86-elf.o
-$sha1_obj     = asm/sx86-elf.o
-$cast_obj     = asm/cx86-elf.o
-$rc4_obj      = asm/rx86-elf.o
-$rmd160_obj   = asm/rm86-elf.o
-$rc5_obj      = asm/r586-elf.o
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= svr5-shared
 $shared_cflag = -fPIC
@@ -750,6 +725,56 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
+*** OpenUNIX-8-pentium
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenUNIX-8-pentium_pro
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium_pro
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
 *** ReliantUNIX
 $cc           = cc
 $cflags       = -KPIC -g -DTERMIOS -DB_ENDIAN
@@ -1093,10 +1118,10 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
-$shared_target= aix-shared
+$shared_target= 
 $shared_cflag = 
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 
 $arflags      = 
 
@@ -1143,10 +1168,10 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
-$shared_target= aix-shared
+$shared_target= 
 $shared_cflag = 
-$shared_ldflag = -q64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_ldflag = 
+$shared_extension = 
 $ranlib       = 
 $arflags      = -X 64
 
@@ -1652,7 +1677,7 @@ $arflags      =
 
 *** debug-levitte-linux-elf
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1677,7 +1702,7 @@ $arflags      =
 
 *** debug-levitte-linux-elf-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1702,7 +1727,7 @@ $arflags      =
 
 *** debug-levitte-linux-noasm
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1727,7 +1752,7 @@ $arflags      =
 
 *** debug-levitte-linux-noasm-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1920,7 +1945,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -shared
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -1970,7 +1995,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -shared
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -2277,7 +2302,7 @@ $arflags      =
 
 *** hpux-ia64-cc
 $cc           = cc
-$cflags       = -Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN
+$cflags       = -Ae +DD32 +O3 +ESlit -z -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2327,7 +2352,7 @@ $arflags      =
 
 *** hpux-parisc-cc
 $cc           = cc
-$cflags       = +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+$cflags       = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2402,7 +2427,7 @@ $arflags      =
 
 *** hpux-parisc1_1-cc
 $cc           = cc
-$cflags       = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$cflags       = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2427,7 +2452,7 @@ $arflags      =
 
 *** hpux-parisc2-cc
 $cc           = cc
-$cflags       = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$cflags       = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2552,7 +2577,7 @@ $arflags      =
 
 *** hpux64-ia64-cc
 $cc           = cc
-$cflags       = -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN
+$cflags       = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2627,7 +2652,7 @@ $arflags      =
 
 *** hpux64-parisc2-cc
 $cc           = cc
-$cflags       = +DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2650,31 +2675,6 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
-*** hpux64-parisc2-gcc
-$cc           = gcc
-$cflags       = -O3 -DB_ENDIAN -DMD32_XARRAY
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
-$bn_obj       = asm/pa-risc2W.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= hpux64-shared
-$shared_cflag = -fpic
-$shared_ldflag = 
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** hurd-x86
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall
@@ -2752,7 +2752,7 @@ $arflags      =
 
 *** irix-mips3-cc
 $cc           = cc
-$cflags       = -n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$cflags       = -n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
@@ -3050,31 +3050,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
-*** linux-ia64-ecc
-$cc           = ecc
-$cflags       = -DL_ENDIAN -DTERMIO -O2 -Wall
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
-$bn_obj       = asm/ia64.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** linux-k6
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall
@@ -3129,10 +3104,10 @@ $arflags      =
 $cc           = gcc
 $cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
-$thread_cflag = -D_REENTRANT
+$thread_cflag = (unknown)
 $sys_id       = 
-$lflags       = -ldl
-$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2
+$lflags       = 
+$bn_ops       = BN_LLONG
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -3142,11 +3117,11 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 
 $arflags      = 
 
@@ -3154,10 +3129,10 @@ $arflags      =
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
-$thread_cflag = -D_REENTRANT
+$thread_cflag = (unknown)
 $sys_id       = 
-$lflags       = -ldl
-$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2
+$lflags       = 
+$bn_ops       = BN_LLONG
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -3167,11 +3142,11 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 
 $arflags      = 
 
@@ -3402,13 +3377,13 @@ $arflags      =
 
 *** linux-x86_64
 $cc           = gcc
-$cflags       = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int
+$cflags       = -DL_ENDIAN -DNO_ASM
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL
-$bn_obj       = asm/x86_64-gcc.o
+$bn_ops       = SIXTY_FOUR_BIT_LONG
+$bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -3420,58 +3395,8 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
-*** linux64-sparcv9
-$cc           = gcc
-$cflags       = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = ULTRASPARC
-$lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = asm/md5-sparcv9.o
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
-*** mingw
-$cc           = gcc
-$cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall
-$unistd       = 
-$thread_cflag = 
-$sys_id       = MINGW32
-$lflags       = -mno-cygwin -lwsock32 -lgdi32
-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = asm/bn86-out.o asm/co86-out.o
-$des_obj      = asm/dx86-out.o asm/yx86-out.o
-$bf_obj       = asm/bx86-out.o
-$md5_obj      = asm/mx86-out.o
-$sha1_obj     = asm/sx86-out.o
-$cast_obj     = asm/cx86-out.o
-$rc4_obj      = asm/rx86-out.o
-$rmd160_obj   = asm/rm86-out.o
-$rc5_obj      = asm/r586-out.o
-$dso_scheme   = win32
-$shared_target= 
-$shared_cflag = 
 $shared_ldflag = 
-$shared_extension = .dll
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -3481,7 +3406,7 @@ $cflags       = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lc89
+$lflags       = -lsocket -lnsl
 $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = 
 $des_obj      = 
@@ -3706,22 +3631,47 @@ $cflags       = -belf
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
-$lflags       = -lsocket -lnsl
+$lflags       = -lsocket -lresolv -lnsl
 $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
-$bf_obj       = asm/bx86-elf.o
-$md5_obj      = asm/mx86-elf.o
-$sha1_obj     = asm/sx86-elf.o
-$cast_obj     = asm/cx86-elf.o
-$rc4_obj      = asm/rx86-elf.o
-$rmd160_obj   = asm/rm86-elf.o
-$rc5_obj      = asm/r586-elf.o
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= svr3-shared
 $shared_cflag = -Kpic
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** sco5-cc-pentium
+$cc           = cc
+$cflags       = -Kpentium
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
 $ranlib       = 
 $arflags      = 
 
@@ -3731,7 +3681,7 @@ $cflags       = -O3 -fomit-frame-pointer
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
-$lflags       = -lsocket -lnsl
+$lflags       = -lsocket -lresolv -lnsl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
 $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
@@ -3746,7 +3696,7 @@ $dso_scheme   = dlfcn
 $shared_target= svr3-shared
 $shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 
 $arflags      = 
 
@@ -3820,7 +3770,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -shared
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -3870,7 +3820,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -shared
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -3920,7 +3870,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -shared
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -3945,7 +3895,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -shared
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -3983,19 +3933,19 @@ $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
-$bf_obj       = asm/bx86-elf.o
-$md5_obj      = asm/mx86-elf.o
-$sha1_obj     = asm/sx86-elf.o
-$cast_obj     = asm/cx86-elf.o
-$rc4_obj      = asm/rx86-elf.o
-$rmd160_obj   = asm/rm86-elf.o
-$rc5_obj      = asm/r586-elf.o
+$bn_obj       = asm/bn86-sol.o asm/co86-sol.o
+$des_obj      = asm/dx86-sol.o asm/yx86-sol.o
+$bf_obj       = asm/bx86-sol.o
+$md5_obj      = asm/mx86-sol.o
+$sha1_obj     = asm/sx86-sol.o
+$cast_obj     = asm/cx86-sol.o
+$rc4_obj      = asm/rx86-sol.o
+$rmd160_obj   = asm/rm86-sol.o
+$rc5_obj      = asm/r586-sol.o
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -shared
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -4045,7 +3995,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -m64 -shared
+$shared_ldflag = -m64
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -4070,7 +4020,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -m64 -shared
+$shared_ldflag = -m64
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -4127,7 +4077,7 @@ $arflags      =
 
 *** ultrix-cc
 $cc           = cc
-$cflags       = -std1 -O -Olimit 2500 -DL_ENDIAN
+$cflags       = -std1 -O -Olimit 1000 -DL_ENDIAN
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -4200,6 +4150,31 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
+*** unixware-2.0-pentium
+$cc           = cc
+$cflags       = -DFILIO_H -DNO_STRINGS_H -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
 *** unixware-2.1
 $cc           = cc
 $cflags       = -O -DFILIO_H
@@ -4225,6 +4200,56 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
+*** unixware-2.1-p6
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kp6
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.1-pentium
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
 *** unixware-7
 $cc           = cc
 $cflags       = -O -DFILIO_H -Kalloca
@@ -4233,15 +4258,15 @@ $thread_cflag = -Kthread
 $sys_id       = 
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
-$bf_obj       = asm/bx86-elf.o
-$md5_obj      = asm/mx86-elf.o
-$sha1_obj     = asm/sx86-elf.o
-$cast_obj     = asm/cx86-elf.o
-$rc4_obj      = asm/rx86-elf.o
-$rmd160_obj   = asm/rm86-elf.o
-$rc5_obj      = asm/r586-elf.o
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= svr5-shared
 $shared_cflag = -Kpic
@@ -4258,31 +4283,6 @@ $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
-$bf_obj       = asm/bx86-elf.o
-$md5_obj      = asm/mx86-elf.o
-$sha1_obj     = asm/sx86-elf.o
-$cast_obj     = asm/cx86-elf.o
-$rc4_obj      = asm/rx86-elf.o
-$rmd160_obj   = asm/rm86-elf.o
-$rc5_obj      = asm/r586-elf.o
-$dso_scheme   = dlfcn
-$shared_target= gnu-shared
-$shared_cflag = -fPIC
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
-*** vxworks-mipsle
-$cc           = ccmips
-$cflags       = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I$(WIND_BASE)/target/h
-$unistd       = 
-$thread_cflag = 
-$sys_id       = VXWORKS
-$lflags       = -r
-$bn_ops       = 
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -4292,12 +4292,62 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
+$dso_scheme   = dlfcn
+$shared_target= gnu-shared
+$shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = 
-$ranlib       = ranlibmips
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** unixware-7-pentium
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** unixware-7-pentium_pro
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium_pro
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
 $arflags      = 
 
 *** vxworks-ppc405
@@ -4374,28 +4424,3 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 
 $arflags      = 
-
-*** vxworks-ppc860
-$cc           = ccppc
-$cflags       = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
-$unistd       = 
-$thread_cflag = 
-$sys_id       = VXWORKS
-$lflags       = -r
-$bn_ops       = 
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 

apps/Makefile.ssl

@@ -87,7 +87,6 @@ all:	exe
 exe:	$(PROGRAM)
 
 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 sreq.o: req.c 
@@ -100,20 +99,17 @@ install:
 	@for i in $(EXE); \
 	do  \
 	(echo installing $$i; \
-	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
 	 done;
 	@for i in $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
-	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
-	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
-	 mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
 	 done
-	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
-	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
-	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
+	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 
 tags:
 	ctags $(SRC)
@@ -121,7 +117,7 @@ tags:
 tests:
 
 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -148,15 +144,12 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
 	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
 	else \
-	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	fi
 	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
-		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
-		LIBPATH="`pwd`:$$LIBPATH"; \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
+		if [ "$(PLATFORM)" == "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" != "Cygwin" ];  then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		$(PERL) tools/c_rehash certs)
 

apps/apps.c

@@ -122,9 +122,7 @@
 #include <openssl/pkcs12.h>
 #include <openssl/ui.h>
 #include <openssl/safestack.h>
-#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
-#endif
 
 #ifdef OPENSSL_SYS_WINDOWS
 #define strcasecmp _stricmp
@@ -140,6 +138,10 @@
 #include "apps.h"
 #undef NON_MAIN
 
+#ifdef OPENSSL_SYS_WINDOWS
+#  include "bss_file.c"
+#endif
+
 typedef struct {
 	char *name;
 	unsigned long flag;
@@ -501,7 +503,7 @@ static int ui_read(UI *ui, UI_STRING *uis)
 			{
 			const char *password =
 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-			if (password && password[0] != '\0')
+			if (password[0] != '\0')
 				{
 				UI_set_result(ui, uis, password);
 				return 1;
@@ -525,7 +527,7 @@ static int ui_write(UI *ui, UI_STRING *uis)
 			{
 			const char *password =
 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-			if (password && password[0] != '\0')
+			if (password[0] != '\0')
 				return 1;
 			}
 		default:
@@ -857,7 +859,6 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
-#ifndef OPENSSL_NO_ENGINE
 	if (format == FORMAT_ENGINE)
 		{
 		if (!e)
@@ -867,7 +868,6 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 				ui_method, &cb_data);
 		goto end;
 		}
-#endif
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -935,7 +935,6 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
-#ifndef OPENSSL_NO_ENGINE
 	if (format == FORMAT_ENGINE)
 		{
 		if (!e)
@@ -945,7 +944,6 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
 				ui_method, &cb_data);
 		goto end;
 		}
-#endif
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -1331,7 +1329,6 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
 	return NULL;
 }
 
-#ifndef OPENSSL_NO_ENGINE
 /* Try to load an engine in a shareable library */
 static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
 	{
@@ -1388,7 +1385,6 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
 		}
         return e;
         }
-#endif
 
 int load_config(BIO *err, CONF *cnf)
 	{
@@ -1411,565 +1407,14 @@ int load_config(BIO *err, CONF *cnf)
 char *make_config_name()
 	{
 	const char *t=X509_get_default_cert_area();
-	size_t len;
 	char *p;
 
-	len=strlen(t)+strlen(OPENSSL_CONF)+2;
-	p=OPENSSL_malloc(len);
-	BUF_strlcpy(p,t,len);
+	p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
+	strcpy(p,t);
 #ifndef OPENSSL_SYS_VMS
-	BUF_strlcat(p,"/",len);
+	strcat(p,"/");
 #endif
-	BUF_strlcat(p,OPENSSL_CONF,len);
+	strcat(p,OPENSSL_CONF);
 
 	return p;
 	}
-
-static unsigned long index_serial_hash(const char **a)
-	{
-	const char *n;
-
-	n=a[DB_serial];
-	while (*n == '0') n++;
-	return(lh_strhash(n));
-	}
-
-static int index_serial_cmp(const char **a, const char **b)
-	{
-	const char *aa,*bb;
-
-	for (aa=a[DB_serial]; *aa == '0'; aa++);
-	for (bb=b[DB_serial]; *bb == '0'; bb++);
-	return(strcmp(aa,bb));
-	}
-
-static int index_name_qual(char **a)
-	{ return(a[0][0] == 'V'); }
-
-static unsigned long index_name_hash(const char **a)
-	{ return(lh_strhash(a[DB_name])); }
-
-int index_name_cmp(const char **a, const char **b)
-	{ return(strcmp(a[DB_name],
-	     b[DB_name])); }
-
-static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
-static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
-
-#undef BSIZE
-#define BSIZE 256
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
-	{
-	BIO *in=NULL;
-	BIGNUM *ret=NULL;
-	MS_STATIC char buf[1024];
-	ASN1_INTEGER *ai=NULL;
-
-	ai=ASN1_INTEGER_new();
-	if (ai == NULL) goto err;
-
-	if ((in=BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	if (BIO_read_filename(in,serialfile) <= 0)
-		{
-		if (!create)
-			{
-			perror(serialfile);
-			goto err;
-			}
-		else
-			{
-			ASN1_INTEGER_set(ai,1);
-			ret=BN_new();
-			if (ret == NULL)
-				BIO_printf(bio_err, "Out of memory\n");
-			else
-				BN_one(ret);
-			}
-		}
-	else
-		{
-		if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
-			{
-			BIO_printf(bio_err,"unable to load number from %s\n",
-				serialfile);
-			goto err;
-			}
-		ret=ASN1_INTEGER_to_BN(ai,NULL);
-		if (ret == NULL)
-			{
-			BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
-			goto err;
-			}
-		}
-
-	if (ret && retai)
-		{
-		*retai = ai;
-		ai = NULL;
-		}
- err:
-	if (in != NULL) BIO_free(in);
-	if (ai != NULL) ASN1_INTEGER_free(ai);
-	return(ret);
-	}
-
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
-	{
-	char buf[1][BSIZE];
-	BIO *out = NULL;
-	int ret=0;
-	ASN1_INTEGER *ai=NULL;
-	int j;
-
-	if (suffix == NULL)
-		j = strlen(serialfile);
-	else
-		j = strlen(serialfile) + strlen(suffix) + 1;
-	if (j >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-	if (suffix == NULL)
-		BUF_strlcpy(buf[0], serialfile, BSIZE);
-	else
-		{
-#ifndef OPENSSL_SYS_VMS
-		j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
-#else
-		j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
-#endif
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
-	out=BIO_new(BIO_s_file());
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-	if (BIO_write_filename(out,buf[0]) <= 0)
-		{
-		perror(serialfile);
-		goto err;
-		}
-
-	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
-		{
-		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
-		goto err;
-		}
-	i2a_ASN1_INTEGER(out,ai);
-	BIO_puts(out,"\n");
-	ret=1;
-	if (retai)
-		{
-		*retai = ai;
-		ai = NULL;
-		}
-err:
-	if (out != NULL) BIO_free_all(out);
-	if (ai != NULL) ASN1_INTEGER_free(ai);
-	return(ret);
-	}
-
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
-	{
-	char buf[5][BSIZE];
-	int i,j;
-	struct stat sb;
-
-	i = strlen(serialfile) + strlen(old_suffix);
-	j = strlen(serialfile) + strlen(new_suffix);
-	if (i > j) j = i;
-	if (j + 1 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
-		serialfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
-		serialfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
-		serialfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
-		serialfile, old_suffix);
-#endif
-	if (stat(serialfile,&sb) < 0)
-		{
-		if (errno != ENOENT 
-#ifdef ENOTDIR
-			&& errno != ENOTDIR)
-#endif
-			goto err;
-		}
-	else
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-			serialfile, buf[1]);
-#endif
-		if (rename(serialfile,buf[1]) < 0)
-			{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				serialfile, buf[1]);
-			perror("reason");
-			goto err;
-			}
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[0],serialfile);
-#endif
-	if (rename(buf[0],serialfile) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[0],serialfile);
-		perror("reason");
-		rename(buf[1],serialfile);
-		goto err;
-		}
-	return 1;
- err:
-	return 0;
-	}
-
-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
-	{
-	CA_DB *retdb = NULL;
-	TXT_DB *tmpdb = NULL;
-	BIO *in = BIO_new(BIO_s_file());
-	CONF *dbattr_conf = NULL;
-	char buf[1][BSIZE];
-	long errorline= -1;
-
-	if (in == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-	if (BIO_read_filename(in,dbfile) <= 0)
-		{
-		perror(dbfile);
-		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
-		goto err;
-		}
-	if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
-		{
-		if (tmpdb != NULL) TXT_DB_free(tmpdb);
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
-#else
-	BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
-#endif
-	dbattr_conf = NCONF_new(NULL);
-	if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
-		{
-		if (errorline > 0)
-			{
-			BIO_printf(bio_err,
-				"error on line %ld of db attribute file '%s'\n"
-				,errorline,buf[0]);
-			goto err;
-			}
-		else
-			{
-			NCONF_free(dbattr_conf);
-			dbattr_conf = NULL;
-			}
-		}
-
-	if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
-		{
-		fprintf(stderr, "Out of memory\n");
-		goto err;
-		}
-
-	retdb->db = tmpdb;
-	tmpdb = NULL;
-	if (db_attr)
-		retdb->attributes = *db_attr;
-	else
-		{
-		retdb->attributes.unique_subject = 1;
-		}
-
-	if (dbattr_conf)
-		{
-		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
-		if (p)
-			{
-			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
-			switch(*p)
-				{
-			case 'f': /* false */
-			case 'F': /* FALSE */
-			case 'n': /* no */
-			case 'N': /* NO */
-				retdb->attributes.unique_subject = 0;
-				break;
-			case 't': /* true */
-			case 'T': /* TRUE */
-			case 'y': /* yes */
-			case 'Y': /* YES */
-			default:
-				retdb->attributes.unique_subject = 1;
-				break;
-				}
-			}
-		}
-
- err:
-	if (dbattr_conf) NCONF_free(dbattr_conf);
-	if (tmpdb) TXT_DB_free(tmpdb);
-	if (in) BIO_free_all(in);
-	return retdb;
-	}
-
-int index_index(CA_DB *db)
-	{
-	if (!TXT_DB_create_index(db->db, DB_serial, NULL,
-				LHASH_HASH_FN(index_serial_hash),
-				LHASH_COMP_FN(index_serial_cmp)))
-		{
-		BIO_printf(bio_err,
-		  "error creating serial number index:(%ld,%ld,%ld)\n",
-		  			db->db->error,db->db->arg1,db->db->arg2);
-			return 0;
-		}
-
-	if (db->attributes.unique_subject
-		&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,
-			LHASH_HASH_FN(index_name_hash),
-			LHASH_COMP_FN(index_name_cmp)))
-		{
-		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
-			db->db->error,db->db->arg1,db->db->arg2);
-		return 0;
-		}
-	return 1;
-	}
-
-int save_index(char *dbfile, char *suffix, CA_DB *db)
-	{
-	char buf[3][BSIZE];
-	BIO *out = BIO_new(BIO_s_file());
-	int j;
-
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	j = strlen(dbfile) + strlen(suffix);
-	if (j + 6 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
-#else
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
-#endif
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
-	if (BIO_write_filename(out,buf[0]) <= 0)
-		{
-		perror(dbfile);
-		BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
-		goto err;
-		}
-	j=TXT_DB_write(out,db->db);
-	if (j <= 0) goto err;
-			
-	BIO_free(out);
-
-	out = BIO_new(BIO_s_file());
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
-#endif
-	if (BIO_write_filename(out,buf[1]) <= 0)
-		{
-		perror(buf[2]);
-		BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
-		goto err;
-		}
-	BIO_printf(out,"unique_subject = %s\n",
-		db->attributes.unique_subject ? "yes" : "no");
-	BIO_free(out);
-
-	return 1;
- err:
-	return 0;
-	}
-
-int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
-	{
-	char buf[5][BSIZE];
-	int i,j;
-	struct stat sb;
-
-	i = strlen(dbfile) + strlen(old_suffix);
-	j = strlen(dbfile) + strlen(new_suffix);
-	if (i > j) j = i;
-	if (j + 6 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
-#else
-	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
-		dbfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
-		dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
-		dbfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
-		dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
-		dbfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
-		dbfile, old_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
-		dbfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
-		dbfile, old_suffix);
-#endif
-	if (stat(dbfile,&sb) < 0)
-		{
-		if (errno != ENOENT 
-#ifdef ENOTDIR
-			&& errno != ENOTDIR)
-#endif
-			goto err;
-		}
-	else
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-			dbfile, buf[1]);
-#endif
-		if (rename(dbfile,buf[1]) < 0)
-			{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				dbfile, buf[1]);
-			perror("reason");
-			goto err;
-			}
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[0],dbfile);
-#endif
-	if (rename(buf[0],dbfile) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[0],dbfile);
-		perror("reason");
-		rename(buf[1],dbfile);
-		goto err;
-		}
-	if (stat(buf[4],&sb) < 0)
-		{
-		if (errno != ENOENT 
-#ifdef ENOTDIR
-			&& errno != ENOTDIR)
-#endif
-			goto err;
-		}
-	else
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-			buf[4],buf[3]);
-#endif
-		if (rename(buf[4],buf[3]) < 0)
-			{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				buf[4], buf[3]);
-			perror("reason");
-			rename(dbfile,buf[0]);
-			rename(buf[1],dbfile);
-			goto err;
-			}
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[2],buf[4]);
-#endif
-	if (rename(buf[2],buf[4]) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[2],buf[4]);
-		perror("reason");
-		rename(buf[3],buf[4]);
-		rename(dbfile,buf[0]);
-		rename(buf[1],dbfile);
-		goto err;
-		}
-	return 1;
- err:
-	return 0;
-	}
-
-void free_index(CA_DB *db)
-	{
-	TXT_DB_free(db->db);
-	OPENSSL_free(db);
-	}

apps/apps.h

@@ -121,9 +121,7 @@
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
 #include <openssl/txt_db.h>
-#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
-#endif
 #include <openssl/ossl_typ.h>
 
 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
@@ -181,57 +179,30 @@ extern BIO *bio_err;
 		do_pipe_sig()
 #  define apps_shutdown()
 #else
-#  ifndef OPENSSL_NO_ENGINE
-#    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
-     defined(OPENSSL_SYS_WIN32)
-#      ifdef _O_BINARY
-#        define apps_startup() \
-			do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
-			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-#      else
-#        define apps_startup() \
-			do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
-			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-#      endif
+#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+   defined(OPENSSL_SYS_WIN32)
+#    ifdef _O_BINARY
+#      define apps_startup() \
+		do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
 #    else
 #      define apps_startup() \
-			do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
-			ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
-			setup_ui_method(); } while(0)
+		do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
 #    endif
-#    define apps_shutdown() \
-			do { CONF_modules_unload(1); destroy_ui_method(); \
-			EVP_cleanup(); ENGINE_cleanup(); \
-			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
-			ERR_free_strings(); } while(0)
 #  else
-#    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
-     defined(OPENSSL_SYS_WIN32)
-#      ifdef _O_BINARY
-#        define apps_startup() \
-			do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
-			setup_ui_method(); } while(0)
-#      else
-#        define apps_startup() \
-			do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
-			setup_ui_method(); } while(0)
-#      endif
-#    else
-#      define apps_startup() \
-			do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
-			ERR_load_crypto_strings(); \
-			setup_ui_method(); } while(0)
-#    endif
-#    define apps_shutdown() \
-			do { CONF_modules_unload(1); destroy_ui_method(); \
-			EVP_cleanup(); \
-			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
-			ERR_free_strings(); } while(0)
+#    define apps_startup() \
+		do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+		ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+		setup_ui_method(); } while(0)
 #  endif
+#  define apps_shutdown() \
+		do { CONF_modules_unload(1); destroy_ui_method(); \
+		EVP_cleanup(); ENGINE_cleanup(); \
+		CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+		ERR_free_strings(); } while(0)
 #endif
 
 typedef struct args_st
@@ -277,9 +248,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
 	const char *pass, ENGINE *e, const char *cert_descrip);
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-#ifndef OPENSSL_NO_ENGINE
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-#endif
 
 int load_config(BIO *err, CONF *cnf);
 char *make_config_name(void);
@@ -287,38 +256,7 @@ char *make_config_name(void);
 /* Functions defined in ca.c and also used in ocsp.c */
 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 			ASN1_GENERALIZEDTIME **pinvtm, char *str);
-
-#define DB_type         0
-#define DB_exp_date     1
-#define DB_rev_date     2
-#define DB_serial       3       /* index - unique */
-#define DB_file         4       
-#define DB_name         5       /* index - unique when active and not disabled */
-#define DB_NUMBER       6
-
-#define DB_TYPE_REV	'R'
-#define DB_TYPE_EXP	'E'
-#define DB_TYPE_VAL	'V'
-
-typedef struct db_attr_st
-	{
-	int unique_subject;
-	} DB_ATTR;
-typedef struct ca_db_st
-	{
-	DB_ATTR attributes;
-	TXT_DB *db;
-	} CA_DB;
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
-CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
-int index_index(CA_DB *db);
-int save_index(char *dbfile, char *suffix, CA_DB *db);
-int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
-void free_index(CA_DB *db);
-int index_name_cmp(const char **a, const char **b);
+int make_serial_index(TXT_DB *db);
 
 X509_NAME *do_subject(char *str, long chtype);
 

apps/asn1pars.c

@@ -304,15 +304,7 @@ bad:
 		num=tmplen;
 		}
 
-	if (offset >= num)
-		{
-		BIO_printf(bio_err, "Error: offset too large\n");
-		goto end;
-		}
-
-	num -= offset;
-
-	if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
+	if (length == 0) length=(unsigned int)num;
 	if(derout) {
 		if(BIO_write(derout, str + offset, length) != (int)length) {
 			BIO_printf(bio_err, "Error writing output\n");

apps/ca.c

@@ -122,7 +122,6 @@
 #define ENV_NEW_CERTS_DIR	"new_certs_dir"
 #define ENV_CERTIFICATE 	"certificate"
 #define ENV_SERIAL		"serial"
-#define ENV_CRLNUMBER		"crlnumber"
 #define ENV_CRL			"crl"
 #define ENV_PRIVATE_KEY		"private_key"
 #define ENV_RANDFILE		"RANDFILE"
@@ -144,6 +143,18 @@
 
 #define ENV_DATABASE		"database"
 
+#define DB_type         0
+#define DB_exp_date     1
+#define DB_rev_date     2
+#define DB_serial       3       /* index - unique */
+#define DB_file         4       
+#define DB_name         5       /* index - unique for active */
+#define DB_NUMBER       6
+
+#define DB_TYPE_REV	'R'
+#define DB_TYPE_EXP	'E'
+#define DB_TYPE_VAL	'V'
+
 /* Additional revocation information types */
 
 #define REV_NONE		0	/* No addditional information */
@@ -185,9 +196,7 @@ static char *ca_usage[]={
 " -extensions ..  - Extension section (override value in config file)\n",
 " -extfile file   - Configuration file with X509v3 extentions to add\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
-#ifndef OPENSSL_NO_ENGINE
 " -engine e       - use engine e, possibly a hardware device.\n",
-#endif
 " -status serial  - Shows certificate status given the serial number\n",
 " -updatedb       - Updates db for expired certificates\n",
 NULL
@@ -200,36 +209,43 @@ extern int EF_ALIGNMENT;
 #endif
 
 static void lookup_fail(char *name,char *tag);
+static unsigned long index_serial_hash(const char **a);
+static int index_serial_cmp(const char **a, const char **b);
+static unsigned long index_name_hash(const char **a);
+static int index_name_qual(char **a);
+static int index_name_cmp(const char **a,const char **b);
+static BIGNUM *load_serial(char *serialfile);
+static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
+		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
 		   BIGNUM *serial, char *subj, int email_dn, char *startdate,
 		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,
 		   int verbose, unsigned long certopt, unsigned long nameopt,
 		   int default_op, int ext_copy);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			CA_DB *db, BIGNUM *serial, char *subj, int email_dn,
+			TXT_DB *db, BIGNUM *serial, char *subj, int email_dn,
 			char *startdate, char *enddate, long days, int batch,
 			char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
 			unsigned long nameopt, int default_op, int ext_copy,
 			ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			 CA_DB *db, BIGNUM *serial,char *subj, int email_dn,
+			 TXT_DB *db, BIGNUM *serial,char *subj, int email_dn,
 			 char *startdate, char *enddate, long days, char *ext_sect,
 			 CONF *conf, int verbose, unsigned long certopt, 
 			 unsigned long nameopt, int default_op, int ext_copy);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,
+	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
 	int email_dn, char *startdate, char *enddate, long days, int batch,
        	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
 	unsigned long certopt, unsigned long nameopt, int default_op,
 	int ext_copy);
-static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
-static int get_certificate_status(const char *ser_status, CA_DB *db);
-static int do_updatedb(CA_DB *db);
+static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, TXT_DB *db);
+static int do_updatedb(TXT_DB *db);
 static int check_time_format(char *str);
 char *make_revocation_str(int rev_type, char *rev_arg);
 int make_revoked(X509_REVOKED *rev, char *str);
@@ -241,6 +257,11 @@ static char *section=NULL;
 static int preserve=0;
 static int msie_hack=0;
 
+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+
 
 int MAIN(int, char **);
 
@@ -277,7 +298,6 @@ int MAIN(int argc, char **argv)
 	char *outfile=NULL;
 	char *outdir=NULL;
 	char *serialfile=NULL;
-	char *crlnumberfile=NULL;
 	char *extensions=NULL;
 	char *extfile=NULL;
 	char *subj=NULL;
@@ -286,7 +306,6 @@ int MAIN(int argc, char **argv)
 	int rev_type = REV_NONE;
 	char *rev_arg = NULL;
 	BIGNUM *serial=NULL;
-	BIGNUM *crlnumber=NULL;
 	char *startdate=NULL;
 	char *enddate=NULL;
 	long days=0;
@@ -299,13 +318,14 @@ int MAIN(int argc, char **argv)
 	X509 *x=NULL;
 	BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
 	char *dbfile=NULL;
-	CA_DB *db=NULL;
+	TXT_DB *db=NULL;
 	X509_CRL *crl=NULL;
 	X509_REVOKED *r=NULL;
 	ASN1_TIME *tmptm;
 	ASN1_INTEGER *tmpser;
 	char **pp,*p,*f;
 	int i,j;
+	long l;
 	const EVP_MD *dgst=NULL;
 	STACK_OF(CONF_VALUE) *attribs=NULL;
 	STACK_OF(X509) *cert_sk=NULL;
@@ -313,11 +333,8 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
-#endif
 	char *tofree=NULL;
-	DB_ATTR db_attr;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -520,13 +537,11 @@ EF_ALIGNMENT=0;
 			rev_arg = *(++argv);
 			rev_type = REV_CA_COMPROMISE;
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else
 			{
 bad:
@@ -547,9 +562,7 @@ bad:
 
 	ERR_load_crypto_strings();
 
-#ifndef OPENSSL_NO_ENGINE
 	e = setup_engine(bio_err, engine, 0);
-#endif
 
 	/*****************************************************************/
 	tofree=NULL;
@@ -558,19 +571,16 @@ bad:
 	if (configfile == NULL)
 		{
 		const char *s=X509_get_default_cert_area();
-		size_t len;
 
 #ifdef OPENSSL_SYS_VMS
-		len = strlen(s)+sizeof(CONFIG_FILE);
-		tofree=OPENSSL_malloc(len);
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
 		strcpy(tofree,s);
 #else
-		len = strlen(s)+sizeof(CONFIG_FILE)+1;
-		tofree=OPENSSL_malloc(len);
-		BUF_strlcpy(tofree,s,len);
-		BUF_strlcat(tofree,"/",len);
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
+		strcpy(tofree,s);
+		strcat(tofree,"/");
 #endif
-		BUF_strlcat(tofree,CONFIG_FILE,len);
+		strcat(tofree,CONFIG_FILE);
 		configfile=tofree;
 		}
 
@@ -587,10 +597,7 @@ bad:
 		goto err;
 		}
 	if(tofree)
-		{
 		OPENSSL_free(tofree);
-		tofree = NULL;
-		}
 
 	if (!load_config(bio_err, conf))
 		goto err;
@@ -641,39 +648,6 @@ bad:
 	if (randfile == NULL)
 		ERR_clear_error();
 	app_RAND_load_file(randfile, bio_err, 0);
-
-	db_attr.unique_subject = 1;
-	p = NCONF_get_string(conf, section, "unique_subject");
-	if (p)
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
-#endif
-		switch(*p)
-			{
-		case 'f': /* false */
-		case 'F': /* FALSE */
-		case 'n': /* no */
-		case 'N': /* NO */
-			db_attr.unique_subject = 0;
-			break;
-		case 't': /* true */
-		case 'T': /* TRUE */
-		case 'y': /* yes */
-		case 'Y': /* YES */
-		default:
-			db_attr.unique_subject = 1;
-			break;
-			}
-		}
-#ifdef RL_DEBUG
-	else
-		BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
-#endif
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
-		db_attr.unique_subject);
-#endif
 	
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
@@ -694,10 +668,17 @@ bad:
 			lookup_fail(section,ENV_DATABASE);
 			goto err;
 			}
-		db = load_index(dbfile,&db_attr);
+		if (BIO_read_filename(in,dbfile) <= 0)
+			{
+			perror(dbfile);
+			BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+			goto err;
+			}
+		db=TXT_DB_read(in,DB_NUMBER);
 		if (db == NULL) goto err;
 
-		if (!index_index(db)) goto err;
+		if (!make_serial_index(db))
+			goto err;
 
 		if (get_certificate_status(ser_status,db) != 1)
 			BIO_printf(bio_err,"Error verifying serial %s!\n",
@@ -857,13 +838,19 @@ bad:
 		lookup_fail(section,ENV_DATABASE);
 		goto err;
 		}
-	db = load_index(dbfile, &db_attr);
+	if (BIO_read_filename(in,dbfile) <= 0)
+		{
+		perror(dbfile);
+		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+		goto err;
+		}
+	db=TXT_DB_read(in,DB_NUMBER);
 	if (db == NULL) goto err;
 
 	/* Lets check some fields */
-	for (i=0; i<sk_num(db->db->data); i++)
+	for (i=0; i<sk_num(db->data); i++)
 		{
-		pp=(char **)sk_value(db->db->data,i);
+		pp=(char **)sk_value(db->data,i);
 		if ((pp[DB_type][0] != DB_TYPE_REV) &&
 			(pp[DB_rev_date][0] != '\0'))
 			{
@@ -914,13 +901,23 @@ bad:
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-		TXT_DB_write(out,db->db);
+		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
-			db->db->data->num);
+			db->data->num);
 		BIO_printf(bio_err,"generating index\n");
 		}
 	
-	if (!index_index(db)) goto err;
+	if (!make_serial_index(db))
+		goto err;
+
+	if (!TXT_DB_create_index(db, DB_name, index_name_qual,
+			LHASH_HASH_FN(index_name_hash),
+			LHASH_COMP_FN(index_name_cmp)))
+		{
+		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
+			db->error,db->arg1,db->arg2);
+		goto err;
+		}
 
 	/*****************************************************************/
 	/* Update the db file for expired certificates */
@@ -943,9 +940,62 @@ bad:
 			}
 	    	else
 			{
-			if (!save_index(dbfile,"new",db)) goto err;
-				
-			if (!rotate_index(dbfile,"new","old")) goto err;
+			out = BIO_new(BIO_s_file());
+			if (out == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+
+#ifndef OPENSSL_SYS_VMS
+			j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
+#else
+			j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
+#endif
+			if (j < 0 || j >= sizeof buf[0])
+				{
+				BIO_printf(bio_err, "file name too long\n");
+				goto err;
+				}
+			if (BIO_write_filename(out,buf[0]) <= 0)
+		  		{
+		    		perror(dbfile);
+		    		BIO_printf(bio_err,"unable to open '%s'\n",
+									dbfile);
+		    		goto err;
+		  		}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			
+			BIO_free(out);
+			out = NULL;
+#ifndef OPENSSL_SYS_VMS
+			j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
+#else
+			j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
+#endif
+			if (j < 0 || j >= sizeof buf[1])
+				{
+				BIO_printf(bio_err, "file name too long\n");
+				goto err;
+				}
+			if (rename(dbfile,buf[1]) < 0)
+		  		{
+		    		BIO_printf(bio_err,
+						"unable to rename %s to %s\n",
+						dbfile, buf[1]);
+		    		perror("reason");
+		    		goto err;
+		  		}
+			if (rename(buf[0],dbfile) < 0)
+				{
+		    		BIO_printf(bio_err,
+						"unable to rename %s to %s\n",
+						buf[0],dbfile);
+		    		perror("reason");
+		    		rename(buf[1],dbfile);
+		    		goto err;
+		  		}
 				
 			if (verbose) BIO_printf(bio_err,
 				"Done. %d entries marked as expired\n",i); 
@@ -971,7 +1021,7 @@ bad:
 			}
 
 		if (verbose)
-			BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
+			BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
 
 		/* We can have sections in the ext file */
 		if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
@@ -1106,7 +1156,7 @@ bad:
 			goto err;
 			}
 
-		if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
+		if ((serial=load_serial(serialfile)) == NULL)
 			{
 			BIO_printf(bio_err,"error while loading serial number\n");
 			goto err;
@@ -1240,9 +1290,38 @@ bad:
 
 			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
 
-			if (!save_serial(serialfile,"new",serial,NULL)) goto err;
+			if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"file name too long\n");
+				goto err;
+				}
 
-			if (!save_index(dbfile, "new", db)) goto err;
+			strcpy(buf[0],serialfile);
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[0],"-new");
+#else
+			strcat(buf[0],".new");
+#endif
+
+			if (!save_serial(buf[0],serial)) goto err;
+
+			strcpy(buf[1],dbfile);
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[1],"-new");
+#else
+			strcat(buf[1],".new");
+#endif
+
+			if (BIO_write_filename(out,buf[1]) <= 0)
+				{
+				perror(dbfile);
+				BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+				goto err;
+				}
+			l=TXT_DB_write(out,db);
+			if (l <= 0) goto err;
 			}
 	
 		if (verbose)
@@ -1250,7 +1329,7 @@ bad:
 		for (i=0; i<sk_X509_num(cert_sk); i++)
 			{
 			int k;
-			char *n;
+			unsigned char *n;
 
 			x=sk_X509_value(cert_sk,i);
 
@@ -1266,19 +1345,15 @@ bad:
 			strcpy(buf[2],outdir);
 
 #ifndef OPENSSL_SYS_VMS
-			BUF_strlcat(buf[2],"/",sizeof(buf[2]));
+			strcat(buf[2],"/");
 #endif
 
-			n=(char *)&(buf[2][strlen(buf[2])]);
+			n=(unsigned char *)&(buf[2][strlen(buf[2])]);
 			if (j > 0)
 				{
 				for (k=0; k<j; k++)
 					{
-					if (n >= &(buf[2][sizeof(buf[2])]))
-						break;
-					BIO_snprintf(n,
-						     &buf[2][0] + sizeof(buf[2]) - n,
-						     "%02X",(unsigned char)*(p++));
+					sprintf((char *)n,"%02X",(unsigned char)*(p++));
 					n+=2;
 					}
 				}
@@ -1304,10 +1379,59 @@ bad:
 		if (sk_X509_num(cert_sk))
 			{
 			/* Rename the database and the serial file */
-			if (!rotate_serial(serialfile,"new","old")) goto err;
+			strncpy(buf[2],serialfile,BSIZE-4);
+			buf[2][BSIZE-4]='\0';
 
-			if (!rotate_index(dbfile,"new","old")) goto err;
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[2],"-old");
+#else
+			strcat(buf[2],".old");
+#endif
 
+			BIO_free(in);
+			BIO_free_all(out);
+			in=NULL;
+			out=NULL;
+			if (rename(serialfile,buf[2]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					serialfile,buf[2]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[0],serialfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					buf[0],serialfile);
+				perror("reason");
+				rename(buf[2],serialfile);
+				goto err;
+				}
+
+			strncpy(buf[2],dbfile,BSIZE-4);
+			buf[2][BSIZE-4]='\0';
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[2],"-old");
+#else
+			strcat(buf[2],".old");
+#endif
+
+			if (rename(dbfile,buf[2]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					dbfile,buf[2]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[1],dbfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					buf[1],dbfile);
+				perror("reason");
+				rename(buf[2],dbfile);
+				goto err;
+				}
 			BIO_printf(bio_err,"Data Base Updated\n");
 			}
 		}
@@ -1338,14 +1462,6 @@ bad:
 				}
 			}
 
-		if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
-			!= NULL)
-			if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
-				{
-				BIO_printf(bio_err,"error while loading CRL number\n");
-				goto err;
-				}
-
 		if (!crldays && !crlhours)
 			{
 			if (!NCONF_get_number(conf,section,
@@ -1374,9 +1490,9 @@ bad:
 
 		ASN1_TIME_free(tmptm);
 
-		for (i=0; i<sk_num(db->db->data); i++)
+		for (i=0; i<sk_num(db->data); i++)
 			{
-			pp=(char **)sk_value(db->db->data,i);
+			pp=(char **)sk_value(db->data,i);
 			if (pp[DB_type][0] == DB_TYPE_REV)
 				{
 				if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1422,24 +1538,14 @@ bad:
 
 		/* Add any extensions asked for */
 
-		if (crl_ext || crlnumberfile != NULL)
+		if (crl_ext)
 			{
 			X509V3_CTX crlctx;
 			X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
 			X509V3_set_nconf(&crlctx, conf);
 
-			if (crl_ext)
-				if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
-					crl_ext, crl)) goto err;
-			if (crlnumberfile != NULL)
-				{
-				tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
-				if (!tmpser) goto err;
-				X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
-				ASN1_INTEGER_free(tmpser);
-				crl_v2 = 1;
-				if (!BN_add_word(crlnumber,1)) goto err;
-				}
+			if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
+				crl_ext, crl)) goto err;
 			}
 		if (crl_ext || crl_v2)
 			{
@@ -1447,17 +1553,9 @@ bad:
 				goto err; /* version 2 CRL */
 			}
 
-		
-		if (crlnumberfile != NULL)	/* we have a CRL number that need updating */
-			if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
-
 		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
 
 		PEM_write_bio_X509_CRL(Sout,crl);
-
-		if (crlnumberfile != NULL)	/* Rename the crlnumber file */
-			if (!rotate_serial(crlnumberfile,"new","old")) goto err;
-
 		}
 	/*****************************************************************/
 	if (dorevoke)
@@ -1478,10 +1576,50 @@ bad:
 			if (j <= 0) goto err;
 			X509_free(revcert);
 
-			if (!save_index(dbfile, "new", db)) goto err;
-
-			if (!rotate_index(dbfile, "new", "old")) goto err;
+			if(strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"filename too long\n");
+				goto err;
+				}
 
+			strcpy(buf[0],dbfile);
+#ifndef OPENSSL_SYS_VMS
+			strcat(buf[0],".new");
+#else
+			strcat(buf[0],"-new");
+#endif
+			if (BIO_write_filename(out,buf[0]) <= 0)
+				{
+				perror(dbfile);
+				BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+				goto err;
+				}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			BIO_free_all(out);
+			out = NULL;
+			BIO_free_all(in);
+			in = NULL;
+			strncpy(buf[1],dbfile,BSIZE-4);
+			buf[1][BSIZE-4]='\0';
+#ifndef OPENSSL_SYS_VMS
+			strcat(buf[1],".old");
+#else
+			strcat(buf[1],"-old");
+#endif
+			if (rename(dbfile,buf[1]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[0],dbfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
+				perror("reason");
+				rename(buf[1],dbfile);
+				goto err;
+				}
 			BIO_printf(bio_err,"Data Base Updated\n"); 
 			}
 		}
@@ -1495,15 +1633,14 @@ err:
 	BIO_free_all(out);
 	BIO_free_all(in);
 
-	if (cert_sk)
-		sk_X509_pop_free(cert_sk,X509_free);
+	sk_X509_pop_free(cert_sk,X509_free);
 
 	if (ret) ERR_print_errors(bio_err);
 	app_RAND_write_file(randfile, bio_err);
-	if (free_key && key)
+	if (free_key)
 		OPENSSL_free(key);
 	BN_free(serial);
-	free_index(db);
+	TXT_DB_free(db);
 	EVP_PKEY_free(pkey);
 	X509_free(x509);
 	X509_CRL_free(crl);
@@ -1518,8 +1655,106 @@ static void lookup_fail(char *name, char *tag)
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}
 
+static unsigned long index_serial_hash(const char **a)
+	{
+	const char *n;
+
+	n=a[DB_serial];
+	while (*n == '0') n++;
+	return(lh_strhash(n));
+	}
+
+static int index_serial_cmp(const char **a, const char **b)
+	{
+	const char *aa,*bb;
+
+	for (aa=a[DB_serial]; *aa == '0'; aa++);
+	for (bb=b[DB_serial]; *bb == '0'; bb++);
+	return(strcmp(aa,bb));
+	}
+
+static unsigned long index_name_hash(const char **a)
+	{ return(lh_strhash(a[DB_name])); }
+
+static int index_name_qual(char **a)
+	{ return(a[0][0] == 'V'); }
+
+static int index_name_cmp(const char **a, const char **b)
+	{ return(strcmp(a[DB_name],
+	     b[DB_name])); }
+
+static BIGNUM *load_serial(char *serialfile)
+	{
+	BIO *in=NULL;
+	BIGNUM *ret=NULL;
+	MS_STATIC char buf[1024];
+	ASN1_INTEGER *ai=NULL;
+
+	if ((in=BIO_new(BIO_s_file())) == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto err;
+		}
+
+	if (BIO_read_filename(in,serialfile) <= 0)
+		{
+		perror(serialfile);
+		goto err;
+		}
+	ai=ASN1_INTEGER_new();
+	if (ai == NULL) goto err;
+	if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
+		{
+		BIO_printf(bio_err,"unable to load number from %s\n",
+			serialfile);
+		goto err;
+		}
+	ret=ASN1_INTEGER_to_BN(ai,NULL);
+	if (ret == NULL)
+		{
+		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+		goto err;
+		}
+err:
+	if (in != NULL) BIO_free(in);
+	if (ai != NULL) ASN1_INTEGER_free(ai);
+	return(ret);
+	}
+
+static int save_serial(char *serialfile, BIGNUM *serial)
+	{
+	BIO *out;
+	int ret=0;
+	ASN1_INTEGER *ai=NULL;
+
+	out=BIO_new(BIO_s_file());
+	if (out == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto err;
+		}
+	if (BIO_write_filename(out,serialfile) <= 0)
+		{
+		perror(serialfile);
+		goto err;
+		}
+
+	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
+		{
+		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
+		goto err;
+		}
+	i2a_ASN1_INTEGER(out,ai);
+	BIO_puts(out,"\n");
+	ret=1;
+err:
+	if (out != NULL) BIO_free_all(out);
+	if (ai != NULL) ASN1_INTEGER_free(ai);
+	return(ret);
+	}
+
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
 	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1581,7 +1816,7 @@ err:
 	}
 
 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
 	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1635,7 +1870,7 @@ err:
 	}
 
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	     STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
+	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
 	     int email_dn, char *startdate, char *enddate, long days, int batch,
 	     int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1653,7 +1888,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	int ok= -1,i,j,last,nid;
 	char *p;
 	CONF_VALUE *cv;
-	char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
+	char *row[DB_NUMBER],**rrow,**irow=NULL;
 	char buf[25];
 
 	tmptm=ASN1_UTCTIME_new();
@@ -1890,19 +2125,15 @@ again2:
 		goto err;
 		}
 
-	if (db->attributes.unique_subject)
+	rrow=TXT_DB_get_by_index(db,DB_name,row);
+	if (rrow != NULL)
 		{
-		rrow=TXT_DB_get_by_index(db->db,DB_name,row);
-		if (rrow != NULL)
-			{
-			BIO_printf(bio_err,
-				"ERROR:There is already a certificate for %s\n",
-				row[DB_name]);
-			}
+		BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n",
+			row[DB_name]);
 		}
-	if (rrow == NULL)
+	else
 		{
-		rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+		rrow=TXT_DB_get_by_index(db,DB_serial,row);
 		if (rrow != NULL)
 			{
 			BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
@@ -1950,7 +2181,7 @@ again2:
 
 #ifdef X509_V3
 	/* Make it an X509 v3 certificate. */
-	if (!X509_set_version(ret,2)) goto err;
+	if (!X509_set_version(x509,2)) goto err;
 #endif
 
 	if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
@@ -2109,7 +2340,7 @@ again2:
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
 		}
-	BUF_strlcpy(row[DB_file],"unknown",8);
+	strcpy(row[DB_file],"unknown");
 	row[DB_type][0]='V';
 	row[DB_type][1]='\0';
 
@@ -2126,10 +2357,10 @@ again2:
 		}
 	irow[DB_NUMBER]=NULL;
 
-	if (!TXT_DB_insert(db->db,irow))
+	if (!TXT_DB_insert(db,irow))
 		{
 		BIO_printf(bio_err,"failed to update database\n");
-		BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
+		BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
 		goto err;
 		}
 	ok=1;
@@ -2180,7 +2411,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 	}
 
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
 	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
 	     unsigned long nameopt, int default_op, int ext_copy)
@@ -2359,7 +2590,7 @@ static int check_time_format(char *str)
 	return(ASN1_UTCTIME_check(&tm));
 	}
 
-static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
+static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
 	{
 	ASN1_UTCTIME *tm=NULL;
 	char *row[DB_NUMBER],**rrow,**irow;
@@ -2384,10 +2615,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 	/* We have to lookup by serial number because name lookup
 	 * skips revoked certs
  	 */
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
 	if (rrow == NULL)
 		{
-		BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
+		BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
 
 		/* We now just add it to the database */
 		row[DB_type]=(char *)OPENSSL_malloc(2);
@@ -2410,7 +2641,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 			BIO_printf(bio_err,"Memory allocation failure\n");
 			goto err;
 			}
-		BUF_strlcpy(row[DB_file],"unknown",8);
+		strcpy(row[DB_file],"unknown");
 		row[DB_type][0]='V';
 		row[DB_type][1]='\0';
 
@@ -2427,10 +2658,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 			}
 		irow[DB_NUMBER]=NULL;
 
-		if (!TXT_DB_insert(db->db,irow))
+		if (!TXT_DB_insert(db,irow))
 			{
 			BIO_printf(bio_err,"failed to update database\n");
-			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
+			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
 			goto err;
 			}
 
@@ -2475,7 +2706,7 @@ err:
 	return(ok);
 	}
 
-static int get_certificate_status(const char *serial, CA_DB *db)
+static int get_certificate_status(const char *serial, TXT_DB *db)
 	{
 	char *row[DB_NUMBER],**rrow;
 	int ok=-1,i;
@@ -2516,7 +2747,7 @@ static int get_certificate_status(const char *serial, CA_DB *db)
 	ok=1;
 
 	/* Search for the certificate */
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
 	if (rrow == NULL)
 		{
 		BIO_printf(bio_err,"Serial %s not present in db.\n",
@@ -2563,7 +2794,7 @@ err:
 	return(ok);
 	}
 
-static int do_updatedb (CA_DB *db)
+static int do_updatedb (TXT_DB *db)
 	{
 	ASN1_UTCTIME	*a_tm = NULL;
 	int i, cnt = 0;
@@ -2589,9 +2820,9 @@ static int do_updatedb (CA_DB *db)
 	else
 		a_y2k = 0;
 
-	for (i = 0; i < sk_num(db->db->data); i++)
+	for (i = 0; i < sk_num(db->data); i++)
 		{
-		rrow = (char **) sk_value(db->db->data, i);
+		rrow = (char **) sk_value(db->data, i);
 
 		if (rrow[DB_type][0] == 'V')
 		 	{
@@ -2734,16 +2965,16 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 
 	if (!str) return NULL;
 
-	BUF_strlcpy(str, (char *)revtm->data, i);
+	strcpy(str, (char *)revtm->data);
 	if (reason)
 		{
-		BUF_strlcat(str, ",", i);
-		BUF_strlcat(str, reason, i);
+		strcat(str, ",");
+		strcat(str, reason);
 		}
 	if (other)
 		{
-		BUF_strlcat(str, ",", i);
-		BUF_strlcat(str, other, i);
+		strcat(str, ",");
+		strcat(str, other);
 		}
 	ASN1_UTCTIME_free(revtm);
 	return str;
@@ -3078,3 +3309,17 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
 
 	return ret;
 	}
+
+int make_serial_index(TXT_DB *db)
+	{
+	if (!TXT_DB_create_index(db, DB_serial, NULL,
+				LHASH_HASH_FN(index_serial_hash),
+				LHASH_COMP_FN(index_serial_cmp)))
+		{
+		BIO_printf(bio_err,
+		  "error creating serial number index:(%ld,%ld,%ld)\n",
+		  			db->error,db->arg1,db->arg2);
+			return 0;
+		}
+	return 1;
+	}

apps/crl.c

@@ -81,7 +81,6 @@ static char *crl_usage[]={
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -hash           - print hash value\n",
-" -fingerprint    - print the crl fingerprint\n",
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
 " -nextupdate     - nextUpdate field\n",

apps/dgst.c

@@ -100,9 +100,7 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 
 	apps_startup();
 
@@ -168,13 +166,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			keyform=str2fmt(*(++argv));
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
@@ -212,9 +208,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
-#endif
 
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
@@ -234,9 +228,7 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
@@ -347,9 +339,8 @@ int MAIN(int argc, char **argv)
 				}
 			if(!out_bin)
 				{
-				size_t len = strlen(name)+strlen(argv[i])+5;
-				tmp=tofree=OPENSSL_malloc(len);
-				BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
+				tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
+				sprintf(tmp,"%s(%s)= ",name,argv[i]);
 				}
 			else
 				tmp="";

apps/dh.c

@@ -87,17 +87,12 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine;
-#endif
+	char *infile,*outfile,*prog,*engine;
 
 	apps_startup();
 
@@ -108,9 +103,7 @@ int MAIN(int argc, char **argv)
 	if (!load_config(bio_err, NULL))
 		goto end;
 
-#ifndef OPENSSL_NO_ENGINE
 	engine=NULL;
-#endif
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -141,13 +134,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -179,17 +170,13 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#endif
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());

apps/dhparam.c

@@ -148,9 +148,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 #ifndef OPENSSL_NO_DSA
@@ -159,10 +157,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
+	char *inrand=NULL,*engine=NULL;
 	int num = 0, g = 0;
 
 	apps_startup();
@@ -204,13 +199,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -256,9 +249,7 @@ bad:
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#endif
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
@@ -268,9 +259,7 @@ bad:
 
 	ERR_load_crypto_strings();
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if (g && !num)
 		num = DEFBITS;

apps/dsa.c

@@ -90,9 +90,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -100,10 +98,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine;
-#endif
+	char *infile,*outfile,*prog,*engine;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -117,9 +112,7 @@ int MAIN(int argc, char **argv)
 	if (!load_config(bio_err, NULL))
 		goto end;
 
-#ifndef OPENSSL_NO_ENGINE
 	engine=NULL;
-#endif
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -160,13 +153,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -198,9 +189,7 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-#endif
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef OPENSSL_NO_IDEA
@@ -218,9 +207,7 @@ bad:
 
 	ERR_load_crypto_strings();
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");

apps/dsaparam.c

@@ -90,9 +90,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
@@ -100,9 +98,7 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 
 	apps_startup();
 
@@ -143,13 +139,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if(strcmp(*argv, "-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine = *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
@@ -197,9 +191,7 @@ bad:
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -genkey       generate a DSA key\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#endif
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}
@@ -243,9 +235,7 @@ bad:
 			}
 		}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if (need_rand)
 		{

apps/enc.c

@@ -100,9 +100,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	static const char magic[]="Salted__";
 	char mbuf[sizeof magic-1];
 	char *strbuf=NULL;
@@ -121,9 +119,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
 	char pname[PROG_NAME_SIZE+1];
-#ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
-#endif
 
 	apps_startup();
 
@@ -167,13 +163,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
@@ -276,9 +270,7 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-#ifndef OPENSSL_NO_ENGINE
 			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
-#endif
 
 			BIO_printf(bio_err,"Cipher Types\n");
 			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
@@ -292,9 +284,7 @@ bad:
 		argv++;
 		}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if (bufsize != NULL)
 		{
@@ -373,9 +363,9 @@ bad:
 			{
 			char buf[200];
 
-			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
-				     OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
-				     (enc)?"encryption":"decryption");
+			sprintf(buf,"enter %s %s password:",
+				OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+				(enc)?"encryption":"decryption");
 			strbuf[0]='\0';
 			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
 			if (i == 0)

apps/engine.c

@@ -56,8 +56,6 @@
  *
  */
 
-#ifndef OPENSSL_NO_ENGINE
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -122,8 +120,8 @@ static int append_buf(char **buf, const char *s, int *size, int step)
 		return 0;
 
 	if (**buf != '\0')
-		BUF_strlcat(*buf, ", ", *size);
-	BUF_strlcat(*buf, s, *size);
+		strcat(*buf, ", ");
+	strcat(*buf, s);
 
 	return 1;
 	}
@@ -520,10 +518,3 @@ end:
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
-#else
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif

apps/gendh.c

@@ -81,17 +81,13 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 	BIO *out=NULL;
 
 	apps_startup();
@@ -119,13 +115,11 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -144,18 +138,14 @@ bad:
 		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
 	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
 		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-#endif
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 		
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)

apps/gendsa.c

@@ -77,9 +77,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@@ -87,9 +85,7 @@ int MAIN(int argc, char **argv)
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
 	const EVP_CIPHER *enc=NULL;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 
 	apps_startup();
 
@@ -115,13 +111,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -173,9 +167,7 @@ bad:
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-#endif
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
@@ -184,9 +176,7 @@ bad:
 		goto end;
 		}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");

apps/genrsa.c

@@ -81,9 +81,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
@@ -92,9 +90,7 @@ int MAIN(int argc, char **argv)
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 	char *inrand=NULL;
 	BIO *out=NULL;
 
@@ -126,13 +122,11 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -183,9 +177,7 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-#endif
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
@@ -199,9 +191,7 @@ bad:
 		goto err;
 	}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if (outfile == NULL)
 		{

apps/makeapps.com

@@ -166,7 +166,7 @@ $!     TCPIP_PROGRAMS = ",S_SERVER,S_CLIENT,SESS_ID,CIPHERS,S_TIME,"
 $!
 $! Setup exceptional compilations
 $!
-$ COMPILEWITH_CC2 = ",S_SERVER,S_CLIENT,"
+$ COMPILEWITH_CC2 = ",S_SOCKET,S_SERVER,S_CLIENT,"
 $!
 $ PHASE := LIB
 $!

apps/ocsp.c

@@ -55,7 +55,6 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
-#ifndef OPENSSL_NO_OCSP
 
 #include <stdio.h>
 #include <string.h>
@@ -68,6 +67,19 @@
 /* Maximum leeway in validity period: default 5 minutes */
 #define MAX_VALIDITY_PERIOD	(5 * 60)
 
+/* CA index.txt definitions */
+#define DB_type         0
+#define DB_exp_date     1
+#define DB_rev_date     2
+#define DB_serial       3       /* index - unique */
+#define DB_file         4       
+#define DB_name         5       /* index - unique for active */
+#define DB_NUMBER       6
+
+#define DB_TYPE_REV	'R'
+#define DB_TYPE_EXP	'E'
+#define DB_TYPE_VAL	'V'
+
 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
 				STACK_OF(OCSP_CERTID) *ids);
 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
@@ -76,12 +88,12 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 				STACK *names, STACK_OF(OCSP_CERTID) *ids,
 				long nsec, long maxage);
 
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
 			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
 			STACK_OF(X509) *rother, unsigned long flags,
 			int nmin, int ndays);
 
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser);
 static BIO *init_responder(char *port);
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
@@ -123,14 +135,13 @@ int MAIN(int argc, char **argv)
 	int accept_count = -1;
 	int badarg = 0;
 	int i;
-	int ignore_err = 0;
 	STACK *reqnames = NULL;
 	STACK_OF(OCSP_CERTID) *ids = NULL;
 
 	X509 *rca_cert = NULL;
 	char *ridx_filename = NULL;
 	char *rca_filename = NULL;
-	CA_DB *rdb = NULL;
+	TXT_DB *rdb = NULL;
 	int nmin = 0, ndays = -1;
 
 	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -183,8 +194,6 @@ int MAIN(int argc, char **argv)
 				}
 			else badarg = 1;
 			}
-		else if (!strcmp(*args, "-ignore_err"))
-			ignore_err = 1;
 		else if (!strcmp(*args, "-noverify"))
 			noverify = 1;
 		else if (!strcmp(*args, "-nonce"))
@@ -514,7 +523,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-serial n          serial number to check\n");
 		BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");
 		BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");
-		BIO_printf (bio_err, "-sign_other file   additional certificates to include in signed request\n");
+		BIO_printf (bio_err, "-sign_certs file   additional certificates to include in signed request\n");
 		BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");
 		BIO_printf (bio_err, "-req_text          print text form of request\n");
 		BIO_printf (bio_err, "-resp_text         print text form of response\n");
@@ -534,10 +543,10 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
 		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
 		BIO_printf (bio_err, "-noverify          don't verify response at all\n");
-		BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
+		BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
 		BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");
 		BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");
-		BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
+		BIO_printf (bio_err, "-no_sig_verify     don't check signature on response\n");
 		BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");
 		BIO_printf (bio_err, "-no_chain          don't chain verify response\n");
 		BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");
@@ -687,9 +696,22 @@ int MAIN(int argc, char **argv)
 
 	if (ridx_filename && !rdb)
 		{
-		rdb = load_index(ridx_filename, NULL);
-		if (!rdb) goto end;
-		if (!index_index(rdb)) goto end;
+		BIO *db_bio = NULL;
+		db_bio = BIO_new_file(ridx_filename, "r");
+		if (!db_bio)
+			{
+			BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename);
+			goto end;
+			}
+		rdb = TXT_DB_read(db_bio, DB_NUMBER);
+		BIO_free(db_bio);
+		if (!rdb)
+			{
+			BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename);
+			goto end;
+			}
+		if (!make_serial_index(rdb))
+			goto end;
 		}
 
 	if (rdb)
@@ -700,12 +722,7 @@ int MAIN(int argc, char **argv)
 		}
 	else if (host)
 		{
-#ifndef OPENSSL_NO_SOCK
 		cbio = BIO_new_connect(host);
-#else
-		BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
-		goto end;
-#endif
 		if (!cbio)
 			{
 			BIO_printf(bio_err, "Error creating connect BIO\n");
@@ -715,16 +732,7 @@ int MAIN(int argc, char **argv)
 		if (use_ssl == 1)
 			{
 			BIO *sbio;
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 			ctx = SSL_CTX_new(SSLv23_client_method());
-#elif !defined(OPENSSL_NO_SSL3)
-			ctx = SSL_CTX_new(SSLv3_client_method());
-#elif !defined(OPENSSL_NO_SSL2)
-			ctx = SSL_CTX_new(SSLv2_client_method());
-#else
-			BIO_printf(bio_err, "SSL is disabled\n");
-			goto end;
-#endif
 			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
 			sbio = BIO_new_ssl(ctx, 1);
 			cbio = BIO_push(sbio, cbio);
@@ -786,8 +794,6 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(out, "Responder Error: %s (%ld)\n",
 				OCSP_response_status_str(i), i);
-		if (ignore_err)
-			goto redo_accept;
 		ret = 0;
 		goto end;
 		}
@@ -873,7 +879,7 @@ end:
 	X509_free(cert);
 	X509_free(rsigner);
 	X509_free(rca_cert);
-	free_index(rdb);
+	TXT_DB_free(rdb);
 	BIO_free_all(cbio);
 	BIO_free_all(acbio);
 	BIO_free(out);
@@ -1015,7 +1021,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 	}
 
 
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
 			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
 			STACK_OF(X509) *rother, unsigned long flags,
 			int nmin, int ndays)
@@ -1107,7 +1113,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
 
 	}
 
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
 	{
 	int i;
 	BIGNUM *bn = NULL;
@@ -1120,7 +1126,7 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
 		itmp = BN_bn2hex(bn);
 	row[DB_serial] = itmp;
 	BN_free(bn);
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
 	OPENSSL_free(itmp);
 	return rrow;
 	}
@@ -1133,11 +1139,7 @@ static BIO *init_responder(char *port)
 	bufbio = BIO_new(BIO_f_buffer());
 	if (!bufbio) 
 		goto err;
-#ifndef OPENSSL_NO_SOCK
 	acbio = BIO_new_accept(port);
-#else
-	BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");
-#endif
 	if (!acbio)
 		goto err;
 	BIO_set_accept_bios(acbio, bufbio);
@@ -1224,4 +1226,3 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
 	return 1;
 	}
 
-#endif

apps/openssl.c

@@ -122,9 +122,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
-#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
-#endif
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
 #include "progs.h"
 #include "s_apps.h"
@@ -163,7 +161,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
 		goto err;
 		}
 
-	if (type < 0 || type >= CRYPTO_NUM_LOCKS)
+	if (type < 0 || type > CRYPTO_NUM_LOCKS)
 		{
 		errstr = "type out of bounds";
 		goto err;

apps/openssl.cnf

@@ -38,14 +38,10 @@ dir		= ./demoCA		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several ctificates with same subject.
 new_certs_dir	= $dir/newcerts		# default place for new certs.
 
 certificate	= $dir/cacert.pem 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
-#crlnumber	= $dir/crlnumber	# the current crl number
-					# must be commented out to leave a V1 CRL
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
@@ -62,7 +58,6 @@ cert_opt 	= ca_default		# Certificate field options
 
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext
 
 default_days	= 365			# how long to certify for

apps/pkcs12.c

@@ -120,9 +120,7 @@ int MAIN(int argc, char **argv)
     char *passin = NULL, *passout = NULL;
     char *inrand = NULL;
     char *CApath = NULL, *CAfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
     char *engine=NULL;
-#endif
 
     apps_startup();
 
@@ -254,13 +252,11 @@ int MAIN(int argc, char **argv)
 			args++;	
 			CAfile = *args;
 		    } else badarg = 1;
-#ifndef OPENSSL_NO_ENGINE
 		} else if (!strcmp(*args,"-engine")) {
 		    if (args[1]) {
 			args++;	
 			engine = *args;
 		    } else badarg = 1;
-#endif
 		} else badarg = 1;
 
 	} else badarg = 1;
@@ -308,18 +304,14 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
-#ifndef OPENSSL_NO_ENGINE
 	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
-#endif
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
     	goto end;
     }
 
-#ifndef OPENSSL_NO_ENGINE
     e = setup_engine(bio_err, engine, 0);
-#endif
 
     if(passarg) {
 	if(export_cert) passargout = passarg;
@@ -557,7 +549,7 @@ int MAIN(int argc, char **argv)
 	    BIO_printf (bio_err, "Can't read Password\n");
 	    goto export_end;
         }
-	if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+	if (!twopass) strcpy(macpass, pass);
 	/* Turn certbags into encrypted authsafe */
 	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
 								 iter, bags);
@@ -658,7 +650,7 @@ int MAIN(int argc, char **argv)
     CRYPTO_pop_info();
 #endif
 
-    if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+    if (!twopass) strcpy(macpass, pass);
 
     if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
     if(macver) {

apps/pkcs7.c

@@ -82,9 +82,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -92,9 +90,7 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
 	int ret=1;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 
 	apps_startup();
 
@@ -102,9 +98,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
-	if (!load_config(bio_err, NULL))
-		goto end;
-
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -141,13 +134,11 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -170,18 +161,14 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#endif
 		ret = 1;
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());

apps/pkcs8.c

@@ -85,9 +85,7 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey=NULL;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
@@ -147,13 +145,11 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*args,"-engine") == 0)
 			{
 			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
-#endif
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -186,15 +182,11 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-#endif
 		return (1);
 	}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
@@ -235,7 +227,7 @@ int MAIN(int argc, char **argv)
 			return (1);
 		}
 		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
-			BIO_printf(bio_err, "Error converting key\n");
+			BIO_printf(bio_err, "Error converting key\n", outfile);
 			ERR_print_errors(bio_err);
 			return (1);
 		}
@@ -259,7 +251,8 @@ int MAIN(int argc, char **argv)
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
 					p8pass, strlen(p8pass),
 					NULL, 0, iter, p8inf))) {
-				BIO_printf(bio_err, "Error encrypting key\n");
+				BIO_printf(bio_err, "Error encrypting key\n",
+								 outfile);
 				ERR_print_errors(bio_err);
 				return (1);
 			}
@@ -302,7 +295,7 @@ int MAIN(int argc, char **argv)
 		}
 
 		if (!p8) {
-			BIO_printf (bio_err, "Error reading key\n");
+			BIO_printf (bio_err, "Error reading key\n", outfile);
 			ERR_print_errors(bio_err);
 			return (1);
 		}
@@ -316,13 +309,13 @@ int MAIN(int argc, char **argv)
 	}
 
 	if (!p8inf) {
-		BIO_printf(bio_err, "Error decrypting key\n");
+		BIO_printf(bio_err, "Error decrypting key\n", outfile);
 		ERR_print_errors(bio_err);
 		return (1);
 	}
 
 	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
-		BIO_printf(bio_err, "Error converting key\n");
+		BIO_printf(bio_err, "Error converting key\n", outfile);
 		ERR_print_errors(bio_err);
 		return (1);
 	}

apps/progs.h

@@ -35,9 +35,7 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
-#ifndef OPENSSL_NO_ENGINE
 extern int engine_main(int argc,char *argv[]);
-#endif
 extern int ocsp_main(int argc,char *argv[]);
 
 #define FUNC_TYPE_GENERAL	1
@@ -94,9 +92,7 @@ FUNCTION functions[] = {
 #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
 #endif
-#ifndef OPENSSL_NO_SPEED
 	{FUNC_TYPE_GENERAL,"speed",speed_main},
-#endif
 #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
 #endif
@@ -115,9 +111,7 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
 	{FUNC_TYPE_GENERAL,"rand",rand_main},
-#ifndef OPENSSL_NO_ENGINE
 	{FUNC_TYPE_GENERAL,"engine",engine_main},
-#endif
 	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
 #ifndef OPENSSL_NO_MD2
 	{FUNC_TYPE_MD,"md2",dgst_main},

apps/rand.c

@@ -76,9 +76,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -86,9 +84,7 @@ int MAIN(int argc, char **argv)
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 
 	apps_startup();
 
@@ -110,7 +106,6 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(argv[i], "-engine") == 0)
 			{
 			if ((argv[i+1] != NULL) && (engine == NULL))
@@ -118,7 +113,6 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
-#endif
 		else if (strcmp(argv[i], "-rand") == 0)
 			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -156,17 +150,13 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-out file             - write to file\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
-#endif
 		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err, "-base64               - encode output\n");
 		goto err;
 		}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 	if (inrand != NULL)

apps/req.c

@@ -135,6 +135,7 @@ static int req_check_len(int len,int n_min,int n_max);
 static int check_end(char *str, char *end);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
+static CONF *config=NULL;
 #endif
 static CONF *req_conf=NULL;
 static int batch=0;
@@ -162,9 +163,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 	char *extensions = NULL;
 	char *req_exts = NULL;
 	const EVP_CIPHER *cipher=NULL;
@@ -212,13 +211,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -432,9 +429,7 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
-#endif
 		BIO_printf(bio_err," -subject       output the request's subject\n");
 		BIO_printf(bio_err," -passin        private key password source\n");
 		BIO_printf(bio_err," -key file      use the private key contained in file\n");
@@ -459,7 +454,7 @@ bad:
 		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
 		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
 		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
-		BIO_printf(bio_err," -nameopt arg    - various certificate name options\n");
+		BIO_printf(bio_err," -nameopt arg   - various certificate name options\n");
 		BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");
 		goto end;
 		}
@@ -623,9 +618,7 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if (keyfile != NULL)
 		{
@@ -824,7 +817,7 @@ loop:
 			if ((x509ss=X509_new()) == NULL) goto end;
 
 			/* Set version to V3 */
-			if(extensions && !X509_set_version(x509ss, 2)) goto end;
+			if(!X509_set_version(x509ss, 2)) goto end;
 			if (serial)
 				{
 				if (!X509_set_serialNumber(x509ss, serial)) goto end;
@@ -1223,39 +1216,33 @@ start:		for (;;)
 				}
 			/* If OBJ not recognised ignore it */
 			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
-			if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
-				>= sizeof buf)
+
+			if(strlen(v->name) > sizeof buf-9)
 			   {
 			   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
 			   return 0;
 			   }
 
+			sprintf(buf,"%s_default",v->name);
 			if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
 				{
 				ERR_clear_error();
 				def="";
 				}
-				
-			BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
+			sprintf(buf,"%s_value",v->name);
 			if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
 				{
 				ERR_clear_error();
 				value=NULL;
 				}
 
-			BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
+			sprintf(buf,"%s_min",v->name);
 			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
-				{
-				ERR_clear_error();
 				n_min = -1;
-				}
 
-			BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
+			sprintf(buf,"%s_max",v->name);
 			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
-				{
-				ERR_clear_error();
 				n_max = -1;
-				}
 
 			if (!add_DN_object(subj,v->value,def,value,nid,
 				n_min,n_max, chtype))
@@ -1288,13 +1275,13 @@ start2:			for (;;)
 				if ((nid=OBJ_txt2nid(type)) == NID_undef)
 					goto start2;
 
-				if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
-					>= sizeof buf)
+				if(strlen(v->name) > sizeof buf-9)
 				   {
 				   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
 				   return 0;
 				   }
 
+				sprintf(buf,"%s_default",type);
 				if ((def=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
 					{
@@ -1303,7 +1290,7 @@ start2:			for (;;)
 					}
 				
 				
-				BIO_snprintf(buf,sizeof buf,"%s_value",type);
+				sprintf(buf,"%s_value",type);
 				if ((value=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
 					{
@@ -1311,11 +1298,11 @@ start2:			for (;;)
 					value=NULL;
 					}
 
-				BIO_snprintf(buf,sizeof buf,"%s_min",type);
+				sprintf(buf,"%s_min",type);
 				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
 					n_min = -1;
 
-				BIO_snprintf(buf,sizeof buf,"%s_max",type);
+				sprintf(buf,"%s_max",type);
 				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
 					n_max = -1;
 
@@ -1397,8 +1384,9 @@ start:
 	(void)BIO_flush(bio_err);
 	if(value != NULL)
 		{
-		BUF_strlcpy(buf,value,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		OPENSSL_assert(strlen(value) < sizeof buf-2);
+		strcpy(buf,value);
+		strcat(buf,"\n");
 		BIO_printf(bio_err,"%s\n",value);
 		}
 	else
@@ -1420,8 +1408,8 @@ start:
 		{
 		if ((def == NULL) || (def[0] == '\0'))
 			return(1);
-		BUF_strlcpy(buf,def,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		strcpy(buf,def);
+		strcat(buf,"\n");
 		}
 	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
 
@@ -1455,8 +1443,9 @@ start:
 	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
-		BUF_strlcpy(buf,value,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		OPENSSL_assert(strlen(value) < sizeof buf-2);
+		strcpy(buf,value);
+		strcat(buf,"\n");
 		BIO_printf(bio_err,"%s\n",value);
 		}
 	else
@@ -1478,8 +1467,8 @@ start:
 		{
 		if ((def == NULL) || (def[0] == '\0'))
 			return(1);
-		BUF_strlcpy(buf,def,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		strcpy(buf,def);
+		strcat(buf,"\n");
 		}
 	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
 

apps/rsa.c

@@ -104,9 +104,7 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 	int modulus=0;
 
 	apps_startup();
@@ -158,13 +156,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-sgckey") == 0)
 			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
@@ -216,17 +212,13 @@ bad:
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-#endif
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");

apps/rsautl.c

@@ -85,9 +85,7 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
-#endif
 	char *keyfile = NULL;
 	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
 	int keyform = FORMAT_PEM;
@@ -97,7 +95,6 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey = NULL;
 	RSA *rsa = NULL;
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
-	char *passargin = NULL, *passin = NULL;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;
 
@@ -125,17 +122,12 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
-		} else if (!strcmp(*argv,"-passin")) {
-			if (--argc < 1) badarg = 1;
-			passargin= *(++argv);
 		} else if (strcmp(*argv,"-keyform") == 0) {
 			if (--argc < 1) badarg = 1;
 			keyform=str2fmt(*(++argv));
-#ifndef OPENSSL_NO_ENGINE
 		} else if(!strcmp(*argv, "-engine")) {
 			if (--argc < 1) badarg = 1;
 			engine = *(++argv);
-#endif
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -170,13 +162,7 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-	}
 
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
@@ -184,7 +170,7 @@ int MAIN(int argc, char **argv)
 	switch(key_type) {
 		case KEY_PRIVKEY:
 		pkey = load_key(bio_err, keyfile, keyform, 0,
-			passin, e, "Private Key");
+			NULL, e, "Private Key");
 		break;
 
 		case KEY_PUBKEY:
@@ -298,7 +284,6 @@ int MAIN(int argc, char **argv)
 	BIO_free_all(out);
 	if(rsa_in) OPENSSL_free(rsa_in);
 	if(rsa_out) OPENSSL_free(rsa_out);
-	if(passin) OPENSSL_free(passin);
 	return ret;
 }
 
@@ -320,10 +305,7 @@ static void usage()
 	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
 	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
-#ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
-	BIO_printf (bio_err, "-passin arg    pass phrase source\n");
-#endif
 
 }
 

apps/s_apps.h

@@ -112,14 +112,6 @@
 #include <sys/types.h>
 #include <openssl/opensslconf.h>
 
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#include <conio.h>
-#endif
-
-#ifdef OPENSSL_SYS_MSDOS
-#define _kbhit kbhit
-#endif
-
 #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
 /* VAX C does not defined fd_set and friends, but it's actually quite simple */
 /* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */

apps/s_client.c

@@ -136,6 +136,10 @@ typedef unsigned int u_int;
 #include <openssl/rand.h>
 #include "s_apps.h"
 
+#ifdef OPENSSL_SYS_WINDOWS
+#include <conio.h>
+#endif
+
 #ifdef OPENSSL_SYS_WINCE
 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
 #ifdef fileno
@@ -217,10 +221,8 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
 	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
 	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
-	BIO_printf(bio_err,"                 only \"smtp\" and \"pop3\" are supported.\n");
-#ifndef OPENSSL_NO_ENGINE
+	BIO_printf(bio_err,"                 only \"smtp\" is supported.\n");
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
-#endif
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 
 	}
@@ -247,16 +249,14 @@ int MAIN(int argc, char **argv)
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
-	int starttls_proto = 0;
+	int smtp_starttls = 0;
 	int prexit = 0, vflags = 0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
 	char *inrand=NULL;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
-#endif
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#ifdef OPENSSL_SYS_WINDOWS
 	struct timeval tv;
 #endif
 
@@ -411,19 +411,15 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			++argv;
 			if (strcmp(*argv,"smtp") == 0)
-				starttls_proto = 1;
-			else if (strcmp(*argv,"pop3") == 0)
-				starttls_proto = 2;
+				smtp_starttls = 1;
 			else
 				goto bad;
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if	(strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id = *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -448,9 +444,7 @@ bad:
 	OpenSSL_add_ssl_algorithms();
 	SSL_load_error_strings();
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine_id, 1);
-#endif
 
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
@@ -585,18 +579,12 @@ re_start:
 	sbuf_off=0;
 
 	/* This is an ugly hack that does a lot of assumptions */
-	if (starttls_proto == 1)
+	if (smtp_starttls)
 		{
 		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
-	if (starttls_proto == 2)
-		{
-		BIO_read(sbio,mbuf,BUFSIZZ);
-		BIO_printf(sbio,"STLS\r\n");
-		BIO_read(sbio,sbuf,BUFSIZZ);
-		}
 
 	for (;;)
 		{
@@ -617,11 +605,11 @@ re_start:
 				print_stuff(bio_c_out,con,full_log);
 				if (full_log > 0) full_log--;
 
-				if (starttls_proto)
+				if (smtp_starttls)
 					{
 					BIO_printf(bio_err,"%s",mbuf);
 					/* We don't need to know any more */
-					starttls_proto = 0;
+					smtp_starttls = 0;
 					}
 
 				if (reconnect)
@@ -640,7 +628,7 @@ re_start:
 
 		if (!ssl_pending)
 			{
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+#ifndef OPENSSL_SYS_WINDOWS
 			if (tty_on)
 				{
 				if (read_tty)  FD_SET(fileno(stdin),&readfds);
@@ -667,8 +655,8 @@ re_start:
 			 * will choke the compiler: if you do have a cast then
 			 * you can either go for (int *) or (void *).
 			 */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-                        /* Under Windows/DOS we make the assumption that we can
+#ifdef OPENSSL_SYS_WINDOWS
+			/* Under Windows we make the assumption that we can
 			 * always write to the tty: therefore if we need to
 			 * write to the tty we just fall through. Otherwise
 			 * we timeout the select every second and see if there
@@ -682,7 +670,7 @@ re_start:
 					tv.tv_usec = 0;
 					i=select(width,(void *)&readfds,(void *)&writefds,
 						 NULL,&tv);
-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+#ifdef OPENSSL_SYS_WINCE
 					if(!i && (!_kbhit() || !read_tty) ) continue;
 #else
 					if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
@@ -851,8 +839,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 				}
 			}
 
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+#ifdef OPENSSL_SYS_WINDOWS
+#ifdef OPENSSL_SYS_WINCE
 		else if (_kbhit())
 #else
 		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))

apps/s_server.c

@@ -140,6 +140,10 @@ typedef unsigned int u_int;
 #include <openssl/rand.h>
 #include "s_apps.h"
 
+#ifdef OPENSSL_SYS_WINDOWS
+#include <conio.h>
+#endif
+
 #ifdef OPENSSL_SYS_WINCE
 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
 #ifdef fileno
@@ -238,9 +242,7 @@ static int s_msg=0;
 static int s_quiet=0;
 
 static int hack=0;
-#ifndef OPENSSL_NO_ENGINE
 static char *engine_id=NULL;
-#endif
 static const char *session_id_prefix=NULL;
 
 #ifdef MONOLITH
@@ -265,9 +267,7 @@ static void s_server_init(void)
 	s_msg=0;
 	s_quiet=0;
 	hack=0;
-#ifndef OPENSSL_NO_ENGINE
 	engine_id=NULL;
-#endif
 	}
 #endif
 
@@ -316,9 +316,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
         BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");
-#ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
-#endif
 	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	}
@@ -492,9 +490,7 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e=NULL;
-#endif
 	char *inrand=NULL;
 
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
@@ -669,13 +665,11 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			session_id_prefix = *(++argv);
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -700,9 +694,7 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine_id, 1);
-#endif
 
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
@@ -913,7 +905,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	unsigned long l;
 	SSL *con=NULL;
 	BIO *sbio;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#ifdef OPENSSL_SYS_WINDOWS
 	struct timeval tv;
 #endif
 
@@ -987,7 +979,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		if (!read_from_sslcon)
 			{
 			FD_ZERO(&readfds);
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+#ifndef OPENSSL_SYS_WINDOWS
 			FD_SET(fileno(stdin),&readfds);
 #endif
 			FD_SET(s,&readfds);
@@ -997,8 +989,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 			 * the compiler: if you do have a cast then you can either
 			 * go for (int *) or (void *).
 			 */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-                        /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
+#ifdef OPENSSL_SYS_WINDOWS
+			/* Under Windows we can't select on stdin: only
 			 * on sockets. As a workaround we timeout the select every
 			 * second and check for any keypress. In a proper Windows
 			 * application we wouldn't do this because it is inefficient.
@@ -1259,13 +1251,7 @@ static int init_ssl_connection(SSL *con)
 	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
 		TLS1_FLAGS_TLS_PADDING_BUG)
 		BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
-#ifndef OPENSSL_NO_KRB5
-	if (con->kssl_ctx->client_princ != NULL)
-		{
-		BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
-			con->kssl_ctx->client_princ);
-		}
-#endif /* OPENSSL_NO_KRB5 */
+
 	return(1);
 	}
 

apps/s_socket.c

@@ -389,7 +389,7 @@ redoit:
 			perror("OPENSSL_malloc");
 			return(0);
 			}
-		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+		strcpy(*host,h1->h_name);
 
 		h2=GetHostByName(*host);
 		if (h2 == NULL)

apps/s_time.c

@@ -502,7 +502,7 @@ int MAIN(int argc, char **argv)
 
 		if (s_www_path != NULL)
 			{
-			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
@@ -557,7 +557,7 @@ next:
 
 	if (s_www_path != NULL)
 		{
-		BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+		sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 		SSL_write(scon,buf,strlen(buf));
 		while (SSL_read(scon,buf,sizeof(buf)) > 0)
 			;
@@ -595,7 +595,7 @@ next:
 
 		if (s_www_path)
 			{
-			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;

apps/smime.c

@@ -104,9 +104,7 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
         int keyform = FORMAT_PEM;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 
 	args = argv + 1;
 	ret = 1;
@@ -168,10 +166,6 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_BINARY;
 		else if (!strcmp (*args, "-nosigs"))
 				flags |= PKCS7_NOSIGS;
-		else if (!strcmp (*args, "-nooldmime"))
-				flags |= PKCS7_NOOLDMIMETYPE;
-		else if (!strcmp (*args, "-crlfeol"))
-				flags |= PKCS7_CRLFEOL;
 		else if (!strcmp (*args, "-crl_check"))
 				store_flags |= X509_V_FLAG_CRL_CHECK;
 		else if (!strcmp (*args, "-crl_check_all"))
@@ -182,13 +176,11 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
-#ifndef OPENSSL_NO_ENGINE
 		} else if (!strcmp(*args,"-engine")) {
 			if (args[1]) {
 				args++;
 				engine = *args;
 			} else badarg = 1;
-#endif
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -338,9 +330,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
 		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
 		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
-#endif
 		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
@@ -349,9 +339,7 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");

apps/speed.c

@@ -58,8 +58,6 @@
 
 /* most of this code has been pilfered from my libdes speed.c program */
 
-#ifndef OPENSSL_NO_SPEED
-
 #undef SECONDS
 #define SECONDS		3	
 #define RSA_SECONDS	10
@@ -372,9 +370,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
-#endif
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
 	long count=0,save_count=0;
@@ -594,7 +590,6 @@ int MAIN(int argc, char **argv)
 			j--;	/* Otherwise, -elapsed gets confused with
 				   an algorithm. */
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
 			{
 			argc--;
@@ -611,7 +606,6 @@ int MAIN(int argc, char **argv)
 			   means all of them should be run) */
 			j--;
 			}
-#endif
 #ifdef HAVE_FORK
 		else if	((argc > 0) && (strcmp(*argv,"-multi") == 0))
 			{
@@ -773,7 +767,6 @@ int MAIN(int argc, char **argv)
 			{
 			dsa_doit[R_DSA_512]=1;
 			dsa_doit[R_DSA_1024]=1;
-			dsa_doit[R_DSA_2048]=1;
 			}
 		else
 #endif
@@ -872,9 +865,7 @@ int MAIN(int argc, char **argv)
 #if defined(TIMES) || defined(USE_TOD)
 			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
-#ifndef OPENSSL_NO_ENGINE
 			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
-#endif
 			BIO_printf(bio_err,"-evp e          use EVP e.\n");
 			BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
 			BIO_printf(bio_err,"-mr             produce machine readable output.\n");
@@ -1007,9 +998,6 @@ int MAIN(int argc, char **argv)
 	c[D_CBC_RC5][0]=count;
 	c[D_CBC_BF][0]=count;
 	c[D_CBC_CAST][0]=count;
-	c[D_CBC_128_AES][0]=count;
-	c[D_CBC_192_AES][0]=count;
-	c[D_CBC_256_AES][0]=count;
 
 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -1035,9 +1023,6 @@ int MAIN(int argc, char **argv)
 		c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
 		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
-		c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
-		c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
-		c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
 		}
 #ifndef OPENSSL_NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
@@ -1408,7 +1393,6 @@ int MAIN(int argc, char **argv)
 				else
 					EVP_EncryptFinal_ex(&ctx,buf,&outl);
 				d=Time_F(STOP);
-				EVP_CIPHER_CTX_cleanup(&ctx);
 				}
 			if (evp_md)
 				{
@@ -1955,4 +1939,3 @@ static int do_multi(int multi)
 	return 1;
 	}
 #endif
-#endif

apps/spkac.c

@@ -92,9 +92,7 @@ int MAIN(int argc, char **argv)
 	CONF *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 
 	apps_startup();
 
@@ -143,13 +141,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
-#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -175,9 +171,7 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
-#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
-#endif
 		goto end;
 		}
 
@@ -187,9 +181,7 @@ bad:
 		goto end;
 	}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if(keyfile) {
 		pkey = load_key(bio_err,

apps/verify.c

@@ -86,9 +86,7 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -144,13 +142,11 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
 				}
-#ifndef OPENSSL_NO_ENGINE
 			else if (strcmp(*argv,"-engine") == 0)
 				{
 				if (--argc < 1) goto end;
 				engine= *(++argv);
 				}
-#endif
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-ignore_critical") == 0)
@@ -174,9 +170,7 @@ int MAIN(int argc, char **argv)
 			break;
 		}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
@@ -225,11 +219,7 @@ int MAIN(int argc, char **argv)
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," [-engine e]");
-#endif
-		BIO_printf(bio_err," cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;

apps/x509.c

@@ -131,9 +131,7 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
-#ifndef OPENSSL_NO_ENGINE
 " -engine e       - use engine e, possibly a hardware device.\n",
-#endif
 " -certopt arg    - various certificate text options\n",
 NULL
 };
@@ -185,9 +183,7 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0, certflag = 0;
-#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#endif
 
 	reqfile=0;
 
@@ -358,13 +354,17 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
 			}
-#ifndef OPENSSL_NO_ENGINE
+		else if (strcmp(*argv,"-setalias") == 0)
+			{
+			if (--argc < 1) goto bad;
+			alias= *(++argv);
+			trustout = 1;
+			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
-#endif
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
@@ -450,9 +450,7 @@ bad:
 		goto end;
 		}
 
-#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
-#endif
 
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);
@@ -1022,31 +1020,31 @@ end:
 	OPENSSL_EXIT(ret);
 	}
 
-static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
+static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
 	{
 	char *buf = NULL, *p;
-	ASN1_INTEGER *bs = NULL;
+	MS_STATIC char buf2[1024];
+	ASN1_INTEGER *bs = NULL, *bs2 = NULL;
+	BIO *io = NULL;
 	BIGNUM *serial = NULL;
-	size_t len;
 
-	len = ((serialfile == NULL)
-		?(strlen(CAfile)+strlen(POSTFIX)+1)
-		:(strlen(serialfile)))+1;
-	buf=OPENSSL_malloc(len);
+	buf=OPENSSL_malloc( ((serialfile == NULL)
+			?(strlen(CAfile)+strlen(POSTFIX)+1)
+			:(strlen(serialfile)))+1);
 	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
 	if (serialfile == NULL)
 		{
-		BUF_strlcpy(buf,CAfile,len);
+		strcpy(buf,CAfile);
 		for (p=buf; *p; p++)
 			if (*p == '.')
 				{
 				*p='\0';
 				break;
 				}
-		BUF_strlcat(buf,POSTFIX,len);
+		strcat(buf,POSTFIX);
 		}
 	else
-		BUF_strlcpy(buf,serialfile,len);
+		strcpy(buf,serialfile);
 	serial=BN_new();
 	bs=ASN1_INTEGER_new();
 	if ((serial == NULL) || (bs == NULL))
@@ -1055,18 +1053,72 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create
 		goto end;
 		}
 
-	serial = load_serial(buf, create, NULL);
-	if (serial == NULL) goto end;
+	io=BIO_new(BIO_s_file());
+	if (io == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	
+	if (BIO_read_filename(io,buf) <= 0)
+		{
+		if (!create)
+			{
+			perror(buf);
+			goto end;
+			}
+		else
+			{
+			ASN1_INTEGER_set(bs,1);
+			BN_one(serial);
+			}
+		}
+	else 
+		{
+		if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
+			{
+			BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		else
+			{
+			serial=BN_bin2bn(bs->data,bs->length,serial);
+			if (serial == NULL)
+				{
+				BIO_printf(bio_err,"error converting bin 2 bn");
+				goto end;
+				}
+			}
+		}
 
 	if (!BN_add_word(serial,1))
 		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
+	if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
+		{ BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
+	if (BIO_write_filename(io,buf) <= 0)
+		{
+		BIO_printf(bio_err,"error attempting to write serial number file\n");
+		perror(buf);
+		goto end;
+		}
+	i2a_ASN1_INTEGER(io,bs2);
+	BIO_puts(io,"\n");
 
-	if (!save_serial(buf, NULL, serial, &bs)) goto end;
-
- end:
+	BIO_free(io);
 	if (buf) OPENSSL_free(buf);
+	ASN1_INTEGER_free(bs2);
 	BN_free(serial);
+	io=NULL;
 	return bs;
+
+	end:
+	if (buf) OPENSSL_free(buf);
+	BIO_free(io);
+	ASN1_INTEGER_free(bs);
+	BN_free(serial);
+	return NULL;
+
 	}
 
 static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
@@ -1088,10 +1140,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 		goto end;
 		}
 	if (sno) bs = sno;
-	else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
+	else if (!(bs = load_serial(CAfile, serialfile, create)))
 		goto end;
 
-/*	if (!X509_STORE_add_cert(ctx,x)) goto end;*/
+	if (!X509_STORE_add_cert(ctx,x)) goto end;
 
 	/* NOTE: this certificate can/should be self signed, unless it was
 	 * a certificate request in which case it is not. */

bugs/SSLv3

@@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when
 doing a re-connect, always takes the first cipher in the cipher list.
 
 If we accept a netscape connection, demand a client cert, have a
-non-self-signed CA which does not have it's CA in netscape, and the
+non-self-sighed CA which does not have it's CA in netscape, and the
 browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta
 
 Netscape browsers do not really notice the server sending a

certs/expired/vsign3.pem

@@ -1,18 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan  7 23:59:59 2004 GMT
------BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
-RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
-rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
-STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
-ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
-pA==
------END CERTIFICATE-----

certs/vsign3.pem

@@ -1,17 +1,18 @@
 subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Aug  1 23:59:59 2028 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
 -----BEGIN CERTIFICATE-----
-MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
-BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
-I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
-lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
-AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
+RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
+rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
+STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
+ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
+pA==
 -----END CERTIFICATE-----

config

@@ -74,27 +74,34 @@ if [ "x$XREL" != "x" ]; then
 		echo "whatever-whatever-sco5"; exit 0
 		;;
 	    4.2MP)
-		case "x${VERSION}" in
-		    x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;;
-		    x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;;
-		    x2*)   echo "whatever-whatever-unixware2";  exit 0 ;;
-		esac
+		if [ "x$VERSION" = "x2.01" ]; then
+		    echo "${MACHINE}-whatever-unixware201"; exit 0
+		elif [ "x$VERSION" = "x2.02" ]; then
+		    echo "${MACHINE}-whatever-unixware202"; exit 0
+		elif [ "x$VERSION" = "x2.03" ]; then
+		    echo "${MACHINE}-whatever-unixware203"; exit 0
+		elif [ "x$VERSION" = "x2.1.1" ]; then
+		    echo "${MACHINE}-whatever-unixware211"; exit 0
+		elif [ "x$VERSION" = "x2.1.2" ]; then
+		    echo "${MACHINE}-whatever-unixware212"; exit 0
+		elif [ "x$VERSION" = "x2.1.3" ]; then
+		    echo "${MACHINE}-whatever-unixware213"; exit 0
+		else
+		    echo "${MACHINE}-whatever-unixware2"; exit 0
+		fi
 		;;
 	    4.2)
-		echo "i386-whatever-unixware1"; exit 0
+		echo "whatever-whatever-unixware1"; exit 0
+		;;
+	    OpenUNIX)
+		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
+		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
+		fi
 		;;
 	    5)
-		case "x${VERSION}" in
-		    # We hardcode i586 in place of ${MACHINE} for the
-		    # following reason. The catch is that even though Pentium
-		    # is minimum requirement for platforms in question,
-		    # ${MACHINE} gets always assigned to i386. Now, problem
-		    # with i386 is that it makes ./config pass 386 to
-		    # ./Configure, which in turn makes make generate
-		    # inefficient SHA-1 (for this moment) code.
-		    x7*)  echo "i586-sco-unixware7";           exit 0 ;;
-		    x8*)  echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;;
-		esac
+		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
+		    echo "${MACHINE}-sco-unixware7"; exit 0
+		fi
 		;;
 	esac
     fi
@@ -134,7 +141,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	case "$HPUXVER" in
 	    1[0-9].*)	# HPUX 10 and 11 targets are unified
-		echo "${MACHINE}-hp-hpux1x"; exit 0
+		echo "${MACHINE}-hp-hpux10"; exit 0
 		;;
 	    *)
 		echo "${MACHINE}-hp-hpux"; exit 0
@@ -189,7 +196,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-bsdi"; exit 0
 	;;
 
-    FreeBSD:*:*:*386*)
+    FreeBSD:*)
         VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
         MACH=`sysctl -n hw.model`
         ARCH='whatever'
@@ -198,6 +205,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
            *486*       ) MACH="i486"     ;;
            Pentium\ II*) MACH="i686"     ;;
            Pentium*    ) MACH="i586"     ;;
+           Alpha*      ) MACH="alpha"    ;;
            *           ) MACH="$MACHINE" ;;
         esac
         case ${MACH} in
@@ -206,10 +214,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
         echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
         ;;
 
-    FreeBSD:*)
-	echo "${MACHINE}-whatever-freebsd"; exit 0
-	;;
-
     NetBSD:*:*:*386*)
         echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
 	;;
@@ -410,10 +414,9 @@ if [ "$SYSTEM" = "HP-UX" ];then
   GCC_BITS="32"
   if [ $GCCVER -ge 30 ]; then
     # PA64 support only came in with gcc 3.0.x.
-    # We check if the preprocessor symbol __LP64__ is defined...
-    if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
-      : # __LP64__ has slipped through, it therefore is not defined
-    else
+    # We look for the preprocessor symbol __LP64__ indicating
+    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
+    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
       GCC_BITS="64"
     fi
   fi
@@ -458,10 +461,6 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
   fi
 fi
 
-if [ "${SYSTEM}" = "AIX" ]; then	# favor vendor cc over gcc
-    (cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc
-fi
-
 CCVER=${CCVER:-0}
 
 # read the output of the embedded GuessOS 
@@ -474,7 +473,7 @@ echo Operating system: $GUESSOS
 # more time that I want to waste at the moment
 case "$GUESSOS" in
   mips2-sgi-irix)
-	CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
 	CPU=${CPU:-0}
 	if [ $CPU -ge 4000 ]; then
 		options="$options -mips2"
@@ -482,7 +481,7 @@ case "$GUESSOS" in
 	OUT="irix-$CC"
 	;;
   mips3-sgi-irix)
-	CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
 	CPU=${CPU:-0}
 	if [ $CPU -ge 5000 ]; then
 		options="$options -mips4"
@@ -498,7 +497,7 @@ case "$GUESSOS" in
 	  echo "         You have about 5 seconds to press Ctrl-C to abort."
 	  (stty -icanon min 0 time 50; read waste) < /dev/tty
 	fi
-        CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
         CPU=${CPU:-0}
         if [ $CPU -ge 5000 ]; then
                 options="$options -mips4"
@@ -548,13 +547,12 @@ EOF
   ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
   i386-apple-darwin*) OUT="darwin-i386-cc" ;;
   sparc64-*-linux2)
-	echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
-	echo "         and wish to build 64-bit library, then you have to"
-	echo "         invoke './Configure linux64-sparcv9' *manually*."
-	if [ "$TEST" = "false" ]; then
-	  echo "          You have about 5 seconds to press Ctrl-C to abort."
-	  (stty -icanon min 0 time 50; read waste) < /dev/tty
-	fi
+	#Before we can uncomment following lines we have to wait at least
+	#till 64-bit glibc for SPARC is operational:-(
+	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+	#echo "         Type return if you want to continue, Ctrl-C to abort."
+	#read waste < /dev/tty
 	OUT="linux-sparcv9" ;;
   sparc-*-linux2)
 	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
@@ -641,8 +639,6 @@ EOF
   *86*-*-solaris2) OUT="solaris-x86-$CC" ;;
   *-*-sunos4) OUT="sunos-$CC" ;;
   alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
-  sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
-  ia64-*-freebsd*) OUT="FreeBSD-ia64" ;;
   *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
   *-freebsd[1-2]*) OUT="FreeBSD" ;;
   *86*-*-netbsd) OUT="NetBSD-x86" ;;
@@ -686,7 +682,7 @@ EOF
 	if [ $CC = "gcc" ];
 	then
 	  if [ $GCC_BITS = "64" ]; then
-	    OUT="hpux64-parisc2-gcc"
+	    OUT="hpux64-parisc-gcc"
 	  else
 	    OUT="hpux-parisc-gcc"
 	  fi
@@ -699,11 +695,9 @@ EOF
 	CPU_VERSION=${CPU_VERSION:-0}
 	# See <sys/unistd.h> for further info on CPU_VERSION.
 	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
-	     echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
-	     echo "         If you wish to build 32-bit library, the you have to"
-	     echo "         invoke './Configure hpux-ia64-cc' *manually*."
+	     echo "NOTICE! 64-bit is the only ABI currently operational on HP-UXi."
+	     echo "        Post request to openssl-dev@openssl.org for 32-bit support."
 	     if [ "$TEST" = "false" ]; then
-		echo "         You have about 5 seconds to press Ctrl-C to abort."
 		(stty -icanon min 0 time 50; read waste) < /dev/tty
 	     fi
 	     OUT="hpux64-ia64-cc"

crypto/Makefile.ssl

@@ -50,7 +50,7 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
 
-all: shared
+all: buildinf.h lib subdirs shared
 
 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
@@ -81,11 +81,11 @@ files:
 	done;
 
 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@for i in $(SDIRS); do \
 	(cd $$i && echo "making links in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
@@ -96,7 +96,7 @@ lib:	$(LIBOBJ)
 	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
-shared: buildinf.h lib subdirs
+shared:
 	if [ -n "$(SHARED_LIBS)" ]; then \
 		(cd ..; $(MAKE) $(SHARED_LIB)); \
 	fi
@@ -141,7 +141,7 @@ depend:
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i && echo "making depend in crypto/$$i..." && \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
 	done;
 
 clean:

crypto/aes/Makefile.ssl

@@ -52,7 +52,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

crypto/aes/aes.h

@@ -56,9 +56,8 @@
 #error AES is disabled.
 #endif
 
-#define AES_ENCRYPT	1
-#define AES_DECRYPT	0
-
+static const int AES_DECRYPT = 0;
+static const int AES_ENCRYPT = 1;
 /* Because array size can't be a const in C, the following two are macros.
    Both sizes are in bytes. */
 #define AES_MAXNR 14
@@ -100,7 +99,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
 	unsigned char *ivec, int *num);
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 	const unsigned long length, const AES_KEY *key,
-	unsigned char ivec[AES_BLOCK_SIZE],
+	unsigned char counter[AES_BLOCK_SIZE],
 	unsigned char ecount_buf[AES_BLOCK_SIZE],
 	unsigned int *num);
 

crypto/aes/aes_cbc.c

@@ -72,7 +72,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 
 	if (AES_ENCRYPT == enc) {
 		while (len >= AES_BLOCK_SIZE) {
-			for(n=0; n < AES_BLOCK_SIZE; ++n)
+			for(n=0; n < sizeof tmp; ++n)
 				tmp[n] = in[n] ^ ivec[n];
 			AES_encrypt(tmp, out, key);
 			memcpy(ivec, out, AES_BLOCK_SIZE);
@@ -86,12 +86,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			for(n=len; n < AES_BLOCK_SIZE; ++n)
 				tmp[n] = ivec[n];
 			AES_encrypt(tmp, tmp, key);
-			memcpy(out, tmp, AES_BLOCK_SIZE);
-			memcpy(ivec, tmp, AES_BLOCK_SIZE);
+			memcpy(out, tmp, len);
+			memcpy(ivec, tmp, sizeof tmp);
 		}			
 	} else {
 		while (len >= AES_BLOCK_SIZE) {
-			memcpy(tmp, in, AES_BLOCK_SIZE);
+			memcpy(tmp, in, sizeof tmp);
 			AES_decrypt(in, out, key);
 			for(n=0; n < AES_BLOCK_SIZE; ++n)
 				out[n] ^= ivec[n];
@@ -101,11 +101,11 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			out += AES_BLOCK_SIZE;
 		}
 		if (len) {
-			memcpy(tmp, in, AES_BLOCK_SIZE);
+			memcpy(tmp, in, sizeof tmp);
 			AES_decrypt(tmp, tmp, key);
 			for(n=0; n < len; ++n)
-				out[n] = tmp[n] ^ ivec[n];
-			memcpy(ivec, tmp, AES_BLOCK_SIZE);
+				out[n] ^= ivec[n];
+			memcpy(ivec, tmp, sizeof tmp);
 		}			
 	}
 }

crypto/aes/aes_core.c

@@ -750,7 +750,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 	rk[2] = GETU32(userKey +  8);
 	rk[3] = GETU32(userKey + 12);
 	if (bits == 128) {
-		while (1) {
+		for (;;) {
 			temp  = rk[3];
 			rk[4] = rk[0] ^
 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
@@ -770,7 +770,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 	rk[4] = GETU32(userKey + 16);
 	rk[5] = GETU32(userKey + 20);
 	if (bits == 192) {
-		while (1) {
+		for (;;) {
 			temp = rk[ 5];
 			rk[ 6] = rk[ 0] ^
 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
@@ -792,7 +792,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 	rk[6] = GETU32(userKey + 24);
 	rk[7] = GETU32(userKey + 28);
 	if (bits == 256) {
-		while (1) {
+		for (;;) {
 			temp = rk[ 7];
 			rk[ 8] = rk[ 0] ^
 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^

crypto/aes/aes_ctr.c

@@ -62,49 +62,19 @@
 /* NOTE: CTR mode is big-endian.  The rest of the AES code
  * is endian-neutral. */
 
-/* increment counter (128-bit int) by 1 */
+/* increment counter (128-bit int) by 2^64 */
 static void AES_ctr128_inc(unsigned char *counter) {
 	unsigned long c;
 
-	/* Grab bottom dword of counter and increment */
+	/* Grab 3rd dword of counter and increment */
 #ifdef L_ENDIAN
-	c = GETU32(counter +  0);
+	c = GETU32(counter + 8);
 	c++;
-	PUTU32(counter +  0, c);
+	PUTU32(counter + 8, c);
 #else
-	c = GETU32(counter + 12);
+	c = GETU32(counter + 4);
 	c++;
-	PUTU32(counter + 12, c);
-#endif
-
-	/* if no overflow, we're done */
-	if (c)
-		return;
-
-	/* Grab 1st dword of counter and increment */
-#ifdef L_ENDIAN
-	c = GETU32(counter +  4);
-	c++;
-	PUTU32(counter +  4, c);
-#else
-	c = GETU32(counter +  8);
-	c++;
-	PUTU32(counter +  8, c);
-#endif
-
-	/* if no overflow, we're done */
-	if (c)
-		return;
-
-	/* Grab 2nd dword of counter and increment */
-#ifdef L_ENDIAN
-	c = GETU32(counter +  8);
-	c++;
-	PUTU32(counter +  8, c);
-#else
-	c = GETU32(counter +  4);
-	c++;
-	PUTU32(counter +  4, c);
+	PUTU32(counter + 4, c);
 #endif
 
 	/* if no overflow, we're done */
@@ -130,16 +100,10 @@ static void AES_ctr128_inc(unsigned char *counter) {
  * encrypted counter is kept in ecount_buf.  Both *num and
  * ecount_buf must be initialised with zeros before the first
  * call to AES_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV.  This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
  */
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 	const unsigned long length, const AES_KEY *key,
-	unsigned char ivec[AES_BLOCK_SIZE],
+	unsigned char counter[AES_BLOCK_SIZE],
 	unsigned char ecount_buf[AES_BLOCK_SIZE],
 	unsigned int *num) {
 
@@ -153,8 +117,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 
 	while (l--) {
 		if (n == 0) {
-			AES_encrypt(ivec, ecount_buf, key);
- 			AES_ctr128_inc(ivec);
+			AES_encrypt(counter, ecount_buf, key);
+			AES_ctr128_inc(counter);
 		}
 		*(out++) = *(in++) ^ ecount_buf[n];
 		n = (n+1) % AES_BLOCK_SIZE;

crypto/asn1/Makefile.ssl

@@ -77,7 +77,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

crypto/asn1/a_d2i_fp.c

@@ -149,12 +149,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 	ASN1_CTX c;
 	int want=HEADER_SIZE;
 	int eos=0;
-#if defined(__GNUC__) && defined(__ia64)
-	/* pathetic compiler bug in all known versions as of Nov. 2002 */
-	long off=0;
-#else
 	int off=0;
-#endif
 	int len=0;
 
 	b=BUF_MEM_new();

crypto/asn1/a_gentm.c

@@ -208,7 +208,6 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	char *p;
 	struct tm *ts;
 	struct tm data;
-	size_t len = 20; 
 
 	if (s == NULL)
 		s=M_ASN1_GENERALIZEDTIME_new();
@@ -220,17 +219,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 		return(NULL);
 
 	p=(char *)s->data;
-	if ((p == NULL) || ((size_t)s->length < len))
+	if ((p == NULL) || (s->length < 16))
 		{
-		p=OPENSSL_malloc(len);
+		p=OPENSSL_malloc(20);
 		if (p == NULL) return(NULL);
 		if (s->data != NULL)
 			OPENSSL_free(s->data);
 		s->data=(unsigned char *)p;
 		}
 
-	BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_GENERALIZEDTIME;
 #ifdef CHARSET_EBCDIC_not

crypto/asn1/a_mbstr.c

@@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
 
 	if((minsize > 0) && (nchar < minsize)) {
 		ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
+		sprintf(strbuf, "%ld", minsize);
 		ERR_add_error_data(2, "minsize=", strbuf);
 		return -1;
 	}
 
 	if((maxsize > 0) && (nchar > maxsize)) {
 		ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
+		sprintf(strbuf, "%ld", maxsize);
 		ERR_add_error_data(2, "maxsize=", strbuf);
 		return -1;
 	}
@@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg)
 
 static int out_utf8(unsigned long value, void *arg)
 {
-	int *outlen;
+	long *outlen;
 	outlen = arg;
 	*outlen += UTF8_putc(NULL, -1, value);
 	return 1;

crypto/asn1/a_strex.c

@@ -279,13 +279,13 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
  * otherwise it is the number of bytes per character
  */
 
-const static signed char tag2nbyte[] = {
+const static char tag2nbyte[] = {
 	-1, -1, -1, -1, -1,	/* 0-4 */
 	-1, -1, -1, -1, -1,	/* 5-9 */
 	-1, -1, 0, -1,		/* 10-13 */
 	-1, -1, -1, -1,		/* 15-17 */
 	-1, 1, 1,		/* 18-20 */
-	-1, 1, 1, 1,		/* 21-24 */
+	-1, 1, -1,-1,		/* 21-24 */
 	-1, 1, -1,		/* 25-27 */
 	4, -1, 2		/* 28-30 */
 };

crypto/asn1/a_strnid.c

@@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 /* Now the tables and helper functions for the string table:
  */
 
-/* size limits: this stuff is taken straight from RFC3280 */
+/* size limits: this stuff is taken straight from RFC2459 */
 
 #define ub_name				32768
 #define ub_common_name			64
@@ -153,8 +153,6 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 #define ub_organization_unit_name	64
 #define ub_title			64
 #define ub_email_address		128
-#define ub_serial_number		64
-
 
 /* This table must be kept in NID order */
 
@@ -172,11 +170,9 @@ static ASN1_STRING_TABLE tbl_standard[] = {
 {NID_givenName,			1, ub_name, DIRSTRING_TYPE, 0},
 {NID_surname,			1, ub_name, DIRSTRING_TYPE, 0},
 {NID_initials,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_serialNumber,		1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
 {NID_friendlyName,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
 {NID_name,			1, ub_name, DIRSTRING_TYPE, 0},
 {NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_domainComponent,		1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
 {NID_ms_csp_name,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
 };
 
@@ -253,38 +249,4 @@ static void st_free(ASN1_STRING_TABLE *tbl)
 	if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
 }
 
-
 IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
-
-#ifdef STRING_TABLE_TEST
-
-main()
-{
-	ASN1_STRING_TABLE *tmp;
-	int i, last_nid = -1;
-
-	for (tmp = tbl_standard, i = 0;
-		i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
-		{
-			if (tmp->nid < last_nid)
-				{
-				last_nid = 0;
-				break;
-				}
-			last_nid = tmp->nid;
-		}
-
-	if (last_nid != 0)
-		{
-		printf("Table order OK\n");
-		exit(0);
-		}
-
-	for (tmp = tbl_standard, i = 0;
-		i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
-			printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
-							OBJ_nid2ln(tmp->nid));
-
-}
-
-#endif

crypto/asn1/a_time.c

@@ -105,10 +105,7 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 
 	ts=OPENSSL_gmtime(&t,&data);
 	if (ts == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
 		return NULL;
-		}
 	if((ts->tm_year >= 50) && (ts->tm_year < 150))
 					return ASN1_UTCTIME_set(s, t);
 	return ASN1_GENERALIZEDTIME_set(s,t);
@@ -128,7 +125,6 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
 	{
 	ASN1_GENERALIZEDTIME *ret;
 	char *str;
-	int newlen;
 
 	if (!ASN1_TIME_check(t)) return NULL;
 
@@ -151,14 +147,12 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
 	/* grow the string */
 	if (!ASN1_STRING_set(ret, NULL, t->length + 2))
 		return NULL;
-	/* ASN1_STRING_set() allocated 'len + 1' bytes. */
-	newlen = t->length + 2 + 1;
 	str = (char *)ret->data;
 	/* Work out the century and prepend */
-	if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
-	else BUF_strlcpy(str, "20", newlen);
+	if (t->data[0] >= '5') strcpy(str, "19");
+	else strcpy(str, "20");
 
-	BUF_strlcat(str, (char *)t->data, newlen);
+	BUF_strlcat(str, (char *)t->data, t->length+2);
 
 	return ret;
 	}

crypto/asn1/a_utctm.c

@@ -188,7 +188,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	char *p;
 	struct tm *ts;
 	struct tm data;
-	size_t len = 20;
 
 	if (s == NULL)
 		s=M_ASN1_UTCTIME_new();
@@ -200,17 +199,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 		return(NULL);
 
 	p=(char *)s->data;
-	if ((p == NULL) || ((size_t)s->length < len))
+	if ((p == NULL) || (s->length < 14))
 		{
-		p=OPENSSL_malloc(len);
+		p=OPENSSL_malloc(20);
 		if (p == NULL) return(NULL);
 		if (s->data != NULL)
 			OPENSSL_free(s->data);
 		s->data=(unsigned char *)p;
 		}
 
-	BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_UTCTIME;
 #ifdef CHARSET_EBCDIC_not

crypto/asn1/asn1.h

@@ -132,7 +132,7 @@ extern "C" {
 #define B_ASN1_NUMERICSTRING	0x0001
 #define B_ASN1_PRINTABLESTRING	0x0002
 #define B_ASN1_T61STRING	0x0004
-#define B_ASN1_TELETEXSTRING	0x0004
+#define B_ASN1_TELETEXSTRING	0x0008
 #define B_ASN1_VIDEOTEXSTRING	0x0008
 #define B_ASN1_IA5STRING	0x0010
 #define B_ASN1_GRAPHICSTRING	0x0020
@@ -980,7 +980,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_TEMPLATE_D2I			 131
 #define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
 #define ASN1_F_ASN1_TEMPLATE_NEW			 133
-#define ASN1_F_ASN1_TIME_SET				 175
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
 #define ASN1_F_ASN1_UNPACK_STRING			 136
@@ -1038,7 +1037,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_DECODE_ERROR				 110
 #define ASN1_R_DECODING_ERROR				 111
 #define ASN1_R_ENCODE_ERROR				 112
-#define ASN1_R_ERROR_GETTING_TIME			 173
 #define ASN1_R_ERROR_LOADING_SECTION			 172
 #define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
 #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114

crypto/asn1/asn1_err.c

@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -100,7 +100,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),	"ASN1_TEMPLATE_EX_D2I"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),	"ASN1_TEMPLATE_NEW"},
-{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0),	"ASN1_TIME_set"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
@@ -161,7 +160,6 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
 {ASN1_R_ENCODE_ERROR                     ,"encode error"},
-{ASN1_R_ERROR_GETTING_TIME               ,"error getting time"},
 {ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
 {ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},

crypto/asn1/asn1_lib.c

@@ -104,12 +104,10 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
 			l<<=7L;
 			l|= *(p++)&0x7f;
 			if (--max == 0) goto err;
-			if (l > (INT_MAX >> 7L)) goto err;
 			}
 		l<<=7L;
 		l|= *(p++)&0x7f;
 		tag=(int)l;
-		if (--max == 0) goto err;
 		}
 	else
 		{ 
@@ -414,8 +412,8 @@ void asn1_add_error(unsigned char *address, int offset)
 	{
 	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 
-	BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
-	BIO_snprintf(buf2,sizeof buf2,"%d",offset);
+	sprintf(buf1,"%lu",(unsigned long)address);
+	sprintf(buf2,"%d",offset);
 	ERR_add_error_data(4,"address=",buf1," offset=",buf2);
 	}
 

crypto/asn1/asn1_par.c

@@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
 
 	p=str;
 	if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
-		BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
+		sprintf(str,"priv [ %d ] ",tag);
 	else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
-		BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
+		sprintf(str,"cont [ %d ]",tag);
 	else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
-		BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
+		sprintf(str,"appl [ %d ]",tag);
 	else p = ASN1_tag2str(tag);
 
 	if (p2 != NULL)

crypto/asn1/asn_moid.c

@@ -87,14 +87,9 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
 			}
 		}
 	return 1;
-	}
-
-static void oid_module_finish(CONF_IMODULE *md)
-	{
-	OBJ_cleanup();
-	}
+}
 
 void ASN1_add_oid_module(void)
 	{
-	CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+	CONF_module_add("oid_section", oid_module_init, 0);
 	}

crypto/asn1/t_pkey.c

@@ -139,9 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off)
 		}
 
 	if (x->d == NULL)
-		BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
+		sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n));
 	else
-		BUF_strlcpy(str,"modulus:",sizeof str);
+		strcpy(str,"modulus:");
 	if (!print(bp,str,x->n,m,off)) goto err;
 	s=(x->d == NULL)?"Exponent:":"publicExponent:";
 	if (!print(bp,s,x->e,m,off)) goto err;

crypto/asn1/tasn_dec.c

@@ -691,7 +691,6 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
 
 int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
 {
-	ASN1_VALUE **opval = NULL;
 	ASN1_STRING *stmp;
 	ASN1_TYPE *typ = NULL;
 	int ret = 0;
@@ -706,7 +705,6 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
 			*pval = (ASN1_VALUE *)typ;
 		} else typ = (ASN1_TYPE *)*pval;
 		if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
-		opval = pval;
 		pval = (ASN1_VALUE **)&typ->value.ptr;
 	}
 	switch(utype) {
@@ -798,12 +796,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
 
 	ret = 1;
 	err:
-	if(!ret)
-		{
-		ASN1_TYPE_free(typ);
-		if (opval)
-			*opval = NULL;
-		}
+	if(!ret) ASN1_TYPE_free(typ);
 	return ret;
 }
 

crypto/asn1/x_long.c

@@ -104,12 +104,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
 	long ltmp;
 	unsigned long utmp;
 	int clen, pad, i;
-	/* this exists to bypass broken gcc optimization */
-	char *cp = (char *)pval;
-
-	/* use memcpy, because we may not be long aligned */
-	memcpy(&ltmp, cp, sizeof(long));
-
+	ltmp = *(long *)pval;
 	if(ltmp == it->size) return -1;
 	/* Convert the long to positive: we subtract one if negative so
 	 * we can cleanly handle the padding if only the MSB of the leading
@@ -141,7 +136,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype,
 	int neg, i;
 	long ltmp;
 	unsigned long utmp = 0;
-	char *cp = (char *)pval;
 	if(len > sizeof(long)) {
 		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
 		return 0;
@@ -164,6 +158,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype,
 		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
 		return 0;
 	}
-	memcpy(cp, &ltmp, sizeof(long));
+	*(long *)pval = ltmp;
 	return 1;
 }

crypto/bf/Makefile.ssl

@@ -22,7 +22,6 @@ BF_ENC=		bf_enc.o
 #DES_ENC=	bx86-elf.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
-ASFLAGS= $(INCLUDES) $(ASFLAG)
 
 GENERAL=Makefile
 TEST=bftest.c
@@ -50,8 +49,14 @@ lib:	$(LIBOBJ)
 	@touch lib
 
 # elf
-asm/bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-	(cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > bx86-elf.s)
+asm/bx86-elf.o: asm/bx86unix.cpp
+	$(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o
+
+# solaris
+asm/bx86-sol.o: asm/bx86unix.cpp
+	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+	as -o asm/bx86-sol.o asm/bx86-sol.s
+	rm -f asm/bx86-sol.s
 
 # a.out
 asm/bx86-out.o: asm/bx86unix.cpp
@@ -68,7 +73,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -98,7 +103,7 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	rm -f asm/bx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 

crypto/bf/asm/.cvsignore

@@ -1,2 +1 @@
 bx86unix.cpp
-bx86-elf.s

crypto/bio/Makefile.ssl

@@ -57,7 +57,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

crypto/bio/b_dump.c

@@ -104,41 +104,38 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
 	for(i=0;i<rows;i++)
 		{
 		buf[0]='\0';	/* start with empty string */
-		BUF_strlcpy(buf,str,sizeof buf);
-		BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
-		BUF_strlcat(buf,tmp,sizeof buf);
+		strcpy(buf,str);
+		sprintf(tmp,"%04x - ",i*dump_width);
+		strcat(buf,tmp);
 		for(j=0;j<dump_width;j++)
 			{
 			if (((i*dump_width)+j)>=len)
 				{
-				BUF_strlcat(buf,"   ",sizeof buf);
+				strcat(buf,"   ");
 				}
 			else
 				{
 				ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
-				BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
-					 j==7?'-':' ');
-				BUF_strlcat(buf,tmp,sizeof buf);
+				sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
+				strcat(buf,tmp);
 				}
 			}
-		BUF_strlcat(buf,"  ",sizeof buf);
+		strcat(buf,"  ");
 		for(j=0;j<dump_width;j++)
 			{
 			if (((i*dump_width)+j)>=len)
 				break;
 			ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
 #ifndef CHARSET_EBCDIC
-			BIO_snprintf(tmp,sizeof tmp,"%c",
-				 ((ch>=' ')&&(ch<='~'))?ch:'.');
+			sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
 #else
-			BIO_snprintf(tmp,sizeof tmp,"%c",
-				 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
-				 ? os_toebcdic[ch]
-				 : '.');
+			sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+				? os_toebcdic[ch]
+				: '.');
 #endif
-			BUF_strlcat(buf,tmp,sizeof buf);
+			strcat(buf,tmp);
 			}
-		BUF_strlcat(buf,"\n",sizeof buf);
+		strcat(buf,"\n");
 		/* if this is the last call then update the ddt_dump thing so that
 		 * we will move the selection point in the debug window 
 		 */
@@ -147,8 +144,7 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
 #ifdef TRUNCATE
 	if (trunc > 0)
 		{
-		BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
-			 len+trunc);
+		sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc);
 		ret+=BIO_write(bio,(char *)buf,strlen(buf));
 		}
 #endif

crypto/bio/b_print.c

@@ -378,7 +378,7 @@ _dopr(
             case 'p':
                 value = (long)va_arg(args, void *);
                 fmtint(sbuffer, buffer, &currlen, maxlen,
-                    value, 16, min, max, flags|DP_F_NUM);
+                    value, 16, min, max, flags);
                 break;
             case 'n': /* XXX */
                 if (cflags == DP_C_SHORT) {
@@ -482,9 +482,8 @@ fmtint(
     int flags)
 {
     int signvalue = 0;
-    char *prefix = "";
     unsigned LLONG uvalue;
-    char convert[DECIMAL_SIZE(value)+3];
+    char convert[DECIMAL_SIZE(value)+1];
     int place = 0;
     int spadlen = 0;
     int zpadlen = 0;
@@ -502,10 +501,6 @@ fmtint(
         else if (flags & DP_F_SPACE)
             signvalue = ' ';
     }
-    if (flags & DP_F_NUM) {
-	if (base == 8) prefix = "0";
-	if (base == 16) prefix = "0x";
-    }
     if (flags & DP_F_UP)
         caps = 1;
     do {
@@ -519,7 +514,7 @@ fmtint(
     convert[place] = 0;
 
     zpadlen = max - place;
-    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
+    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
     if (zpadlen < 0)
         zpadlen = 0;
     if (spadlen < 0)
@@ -541,12 +536,6 @@ fmtint(
     if (signvalue)
         doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
 
-    /* prefix */
-    while (*prefix) {
-	doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
-	prefix++;
-    }
-
     /* zeros */
     if (zpadlen > 0) {
         while (zpadlen > 0) {
@@ -576,12 +565,12 @@ abs_val(LDOUBLE value)
 }
 
 static LDOUBLE
-pow10(int in_exp)
+pow10(int exp)
 {
     LDOUBLE result = 1;
-    while (in_exp) {
+    while (exp) {
         result *= 10;
-        in_exp--;
+        exp--;
     }
     return result;
 }
@@ -652,8 +641,8 @@ fmtfp(
             (caps ? "0123456789ABCDEF"
               : "0123456789abcdef")[intpart % 10];
         intpart = (intpart / 10);
-    } while (intpart && (iplace < sizeof iconvert));
-    if (iplace == sizeof iconvert)
+    } while (intpart && (iplace < sizeof iplace));
+    if (iplace == sizeof iplace)
         iplace--;
     iconvert[iplace] = 0;
 
@@ -664,7 +653,7 @@ fmtfp(
               : "0123456789abcdef")[fracpart % 10];
         fracpart = (fracpart / 10);
     } while (fplace < max);
-    if (fplace == sizeof fconvert)
+    if (fplace == sizeof fplace)
         fplace--;
     fconvert[fplace] = 0;
 
@@ -703,7 +692,7 @@ fmtfp(
      * Decimal point. This should probably use locale to find the correct
      * char to print out.
      */
-    if (max > 0 || (flags & DP_F_NUM)) {
+    if (max > 0) {
         doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
 
         while (fplace > 0)
@@ -836,5 +825,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
 		 * had the buffer been large enough.) */
 		return -1;
 	else
-		return (retlen <= INT_MAX) ? (int)retlen : -1;
+		return (retlen <= INT_MAX) ? retlen : -1;
 	}

crypto/bio/b_sock.c

@@ -492,7 +492,7 @@ void BIO_sock_cleanup(void)
 
 #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
 
-int BIO_socket_ioctl(int fd, long type, void *arg)
+int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
 	{
 	int i;
 
@@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr)
 			}
 		*addr=p;
 		}
-	BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
-		     (unsigned char)(l>>24L)&0xff,
-		     (unsigned char)(l>>16L)&0xff,
-		     (unsigned char)(l>> 8L)&0xff,
-		     (unsigned char)(l     )&0xff,
-		     port);
+	sprintf(*addr,"%d.%d.%d.%d:%d",
+		(unsigned char)(l>>24L)&0xff,
+		(unsigned char)(l>>16L)&0xff,
+		(unsigned char)(l>> 8L)&0xff,
+		(unsigned char)(l     )&0xff,
+		port);
 end:
 	return(ret);
 	}
@@ -742,7 +742,7 @@ int BIO_set_tcp_ndelay(int s, int on)
 int BIO_socket_nbio(int s, int mode)
 	{
 	int ret= -1;
-	int l;
+	unsigned long l;
 
 	l=mode;
 #ifdef FIONBIO

crypto/bio/bf_buff.c

@@ -494,7 +494,6 @@ static int buffer_gets(BIO *b, char *buf, int size)
 			if (i <= 0)
 				{
 				BIO_copy_next_retry(b);
-				*buf='\0';
 				if (i < 0) return((num > 0)?num:i);
 				if (i == 0) return(num);
 				}

crypto/bio/bio.h

@@ -244,7 +244,7 @@ typedef struct bio_method_st
 	long (_far *ctrl)();
 	int (_far *create)();
 	int (_far *destroy)();
-	long (_far *callback_ctrl)();
+	long (_fat *callback_ctrl)();
 	} BIO_METHOD;
 #endif
 
@@ -585,7 +585,7 @@ struct hostent *BIO_gethostbyname(const char *name);
  * and an appropriate error code is set).
  */
 int BIO_sock_error(int sock);
-int BIO_socket_ioctl(int fd, long type, void *arg);
+int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
 int BIO_socket_nbio(int fd,int mode);
 int BIO_get_port(const char *str, unsigned short *port_ptr);
 int BIO_get_host_ip(const char *str, unsigned char *ip);

crypto/bio/bio_cb.c

@@ -70,61 +70,55 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
 	MS_STATIC char buf[256];
 	char *p;
 	long r=1;
-	size_t p_maxlen;
 
 	if (BIO_CB_RETURN & cmd)
 		r=ret;
 
-	BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
+	sprintf(buf,"BIO[%08lX]:",(unsigned long)bio);
 	p= &(buf[14]);
-	p_maxlen = sizeof buf - 14;
 	switch (cmd)
 		{
 	case BIO_CB_FREE:
-		BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
+		sprintf(p,"Free - %s\n",bio->method->name);
 		break;
 	case BIO_CB_READ:
 		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-			BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
-				 bio->num,argi,bio->method->name,bio->num);
+			sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
 		else
-			BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
-				 bio->num,argi,bio->method->name);
+			sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name);
 		break;
 	case BIO_CB_WRITE:
 		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-			BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
-				 bio->num,argi,bio->method->name,bio->num);
+			sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
 		else
-			BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
-				 bio->num,argi,bio->method->name);
+			sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name);
 		break;
 	case BIO_CB_PUTS:
-		BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
+		sprintf(p,"puts() - %s\n",bio->method->name);
 		break;
 	case BIO_CB_GETS:
-		BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
+		sprintf(p,"gets(%d) - %s\n",argi,bio->method->name);
 		break;
 	case BIO_CB_CTRL:
-		BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
+		sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name);
 		break;
 	case BIO_CB_RETURN|BIO_CB_READ:
-		BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
+		sprintf(p,"read return %ld\n",ret);
 		break;
 	case BIO_CB_RETURN|BIO_CB_WRITE:
-		BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
+		sprintf(p,"write return %ld\n",ret);
 		break;
 	case BIO_CB_RETURN|BIO_CB_GETS:
-		BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
+		sprintf(p,"gets return %ld\n",ret);
 		break;
 	case BIO_CB_RETURN|BIO_CB_PUTS:
-		BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
+		sprintf(p,"puts return %ld\n",ret);
 		break;
 	case BIO_CB_RETURN|BIO_CB_CTRL:
-		BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
+		sprintf(p,"ctrl return %ld\n",ret);
 		break;
 	default:
-		BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
+		sprintf(p,"bio callback - unknown type (%d)\n",cmd);
 		break;
 		}
 

crypto/bio/bio_lib.c

@@ -395,8 +395,6 @@ BIO *BIO_pop(BIO *b)
 	if (b == NULL) return(NULL);
 	ret=b->next_bio;
 
-	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
-
 	if (b->prev_bio != NULL)
 		b->prev_bio->next_bio=b->next_bio;
 	if (b->next_bio != NULL)
@@ -404,6 +402,7 @@ BIO *BIO_pop(BIO *b)
 
 	b->next_bio=NULL;
 	b->prev_bio=NULL;
+	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
 	return(ret);
 	}
 

crypto/bio/bss_bio.c

@@ -1,57 +1,4 @@
 /* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
 
 /* Special method for a BIO where the other endpoint is also a BIO
  * of this kind, handled by the same thread (i.e. the "peer" is actually
@@ -555,7 +502,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 		break;
 		
 	case BIO_C_DESTROY_BIO_PAIR:
-		/* Affects both BIOs in the pair -- call just once!
+		/* Effects both BIOs in the pair -- call just once!
 		 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
 		bio_destroy_pair(bio);
 		ret = 1;

crypto/bio/bss_conn.c

@@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 				char buf[16];
 				unsigned char *p = ptr;
 
-				BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
-					     p[0],p[1],p[2],p[3]);
+				sprintf(buf,"%d.%d.%d.%d",
+					p[0],p[1],p[2],p[3]);
 				if (data->param_hostname != NULL)
 					OPENSSL_free(data->param_hostname);
 				data->param_hostname=BUF_strdup(buf);
@@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 				{
 				char buf[DECIMAL_SIZE(int)+1];
 
-				BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
+				sprintf(buf,"%d",*(int *)ptr);
 				if (data->param_port != NULL)
 					OPENSSL_free(data->param_port);
 				data->param_port=BUF_strdup(buf);

crypto/bio/bss_file.c

@@ -213,29 +213,12 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 		b->shutdown=(int)num&BIO_CLOSE;
 		b->ptr=(char *)ptr;
 		b->init=1;
-#if defined(OPENSSL_SYS_WINDOWS)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
+		/* Set correct text/binary mode */
 		if (num & BIO_FP_TEXT)
 			_setmode(fileno((FILE *)ptr),_O_TEXT);
 		else
 			_setmode(fileno((FILE *)ptr),_O_BINARY);
-#elif defined(OPENSSL_SYS_MSDOS)
-		{
-		int fd = fileno((FILE*)ptr);
-		/* Set correct text/binary mode */
-		if (num & BIO_FP_TEXT)
-			_setmode(fd,_O_TEXT);
-		/* Dangerous to set stdin/stdout to raw (unless redirected) */
-		else
-			{
-			if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
-				{
-				if (isatty(fd) <= 0)
-					_setmode(fd,_O_BINARY);
-				}
-			else
-				_setmode(fd,_O_BINARY);
-			}
-		}
 #elif defined(OPENSSL_SYS_OS2)
 		if (num & BIO_FP_TEXT)
 			setmode(fileno((FILE *)ptr), O_TEXT);
@@ -249,22 +232,22 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 		if (num & BIO_FP_APPEND)
 			{
 			if (num & BIO_FP_READ)
-				BUF_strlcpy(p,"a+",sizeof p);
-			else	BUF_strlcpy(p,"a",sizeof p);
+				strcpy(p,"a+");
+			else	strcpy(p,"a");
 			}
 		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-			BUF_strlcpy(p,"r+",sizeof p);
+			strcpy(p,"r+");
 		else if (num & BIO_FP_WRITE)
-			BUF_strlcpy(p,"w",sizeof p);
+			strcpy(p,"w");
 		else if (num & BIO_FP_READ)
-			BUF_strlcpy(p,"r",sizeof p);
+			strcpy(p,"r");
 		else
 			{
 			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
 			ret=0;
 			break;
 			}
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
 		if (!(num & BIO_FP_TEXT))
 			strcat(p,"b");
 		else

crypto/bn/Makefile.ssl

@@ -22,7 +22,14 @@ BN_ASM=		bn_asm.o
 #BN_ASM=	bn86-elf.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
-ASFLAGS= $(INCLUDES) $(ASFLAG)
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAGS=$(CFLAGS)
 
 GENERAL=Makefile
 TEST=bntest.c exptest.c
@@ -66,11 +73,22 @@ lib:	$(LIBOBJ)
 	@touch lib
 
 # elf
-asm/bn86-elf.s:	asm/bn-586.pl ../perlasm/x86asm.pl
-	(cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > bn86-elf.s)
+asm/bn86-elf.o: asm/bn86unix.cpp
+	$(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o
 
-asm/co86-elf.s:	asm/co-586.pl ../perlasm/x86asm.pl
-	(cd asm; $(PERL) co-586.pl elf $(CFLAGS) > co86-elf.s)
+asm/co86-elf.o: asm/co86unix.cpp
+	$(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o
+
+# solaris
+asm/bn86-sol.o: asm/bn86unix.cpp
+	$(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
+	as -o asm/bn86-sol.o asm/bn86-sol.s
+	rm -f asm/bn86-sol.s
+
+asm/co86-sol.o: asm/co86unix.cpp
+	$(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s
+	as -o asm/co86-sol.o asm/co86-sol.s
+	rm -f asm/co86-sol.s
 
 # a.out
 asm/bn86-out.o: asm/bn86unix.cpp
@@ -118,16 +136,11 @@ asm/ia64-cpp.o:	asm/ia64.S
 	$(CC) $(ASFLAGS) -c -o asm/ia64-cpp.o /tmp/ia64.$$$$.s;	\
 	rm -f /tmp/ia64.$$$$.s
 
-asm/x86_64-gcc.o: asm/x86_64-gcc.c
-
-asm/pa-risc2W.o: asm/pa-risc2W.s
-	/usr/ccs/bin/as -o asm/pa-rics2W.o asm/pa-risc2W.s
-
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -163,7 +176,7 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	rm -f asm/co86unix.cpp asm/bn86unix.cpp asm/*-elf.* *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+	rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 

crypto/bn/asm/.cvsignore

@@ -1,4 +1,2 @@
 bn86unix.cpp
 co86unix.cpp
-bn86-elf.s
-co86-elf.s

crypto/bn/asm/bn-586.pl

@@ -11,7 +11,7 @@ require "x86asm.pl";
 &bn_div_words("bn_div_words");
 &bn_add_words("bn_add_words");
 &bn_sub_words("bn_sub_words");
-#&bn_sub_part_words("bn_sub_part_words");
+&bn_sub_part_words("bn_sub_part_words");
 
 &asm_finish();
 

crypto/bn/asm/ia64.S

@@ -1,6 +1,6 @@
 .explicit
 .text
-.ident	"ia64.S, Version 2.0"
+.ident	"ia64.S, Version 1.1"
 .ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
 
 //
@@ -13,35 +13,6 @@
 // disclaimed.
 // ====================================================================
 //
-// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
-// different from Itanium to this module viewpoint. Most notably, is it
-// "wider" than Itanium? Can you experience loop scalability as
-// discussed in commentary sections? Not really:-( Itanium2 has 6
-// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
-// spin twice as fast, as I need 8 IALU ports. Amount of floating point
-// ports is the same, i.e. 2, while I need 4. In other words, to this
-// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
-// essentially different in respect to this module, and a re-tune was
-// required. Well, because some intruction latencies has changed. Most
-// noticeably those intensively used:
-//
-//			Itanium	Itanium2
-//	ldf8		9	6		L2 hit
-//	ld8		2	1		L1 hit
-//	getf		2	5
-//	xma[->getf]	7[+1]	4[+0]
-//	add[->st8]	1[+1]	1[+0]
-//
-// What does it mean? You might ratiocinate that the original code
-// should run just faster... Because sum of latencies is smaller...
-// Wrong! Note that getf latency increased. This means that if a loop is
-// scheduled for lower latency (and they are), then it will suffer from
-// stall condition and the code will therefore turn anti-scalable, e.g.
-// original bn_mul_words spun at 5*n or 2.5 times slower than expected
-// on Itanium2! What to do? Reschedule loops for Itanium2? But then
-// Itanium would exhibit anti-scalability. So I've chosen to reschedule
-// for worst latency for every instruction aiming for best *all-round*
-// performance.  
 
 // Q.	How much faster does it get?
 // A.	Here is the output from 'openssl speed rsa dsa' for vanilla
@@ -178,27 +149,12 @@ bn_add_words:
 	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
 					}
 	.body
-{ .mib;
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-	addp4		r14=0,r32		// rp
-#else
-	mov		r14=r32			// rp
-#endif
+{ .mib;	mov		r14=r32			// rp
 	mov		r9=pr		};;
-{ .mii;
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-	addp4		r15=0,r33		// ap
-#else
-	mov		r15=r33			// ap
-#endif
+{ .mii;	mov		r15=r33			// ap
 	mov		ar.lc=r10
 	mov		ar.ec=6		}
-{ .mib;
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-	addp4		r16=0,r34		// bp
-#else
-	mov		r16=r34			// bp
-#endif
+{ .mib;	mov		r16=r34			// bp
 	mov		pr.rot=1<<16	};;
 
 .L_bn_add_words_ctop:
@@ -218,7 +174,7 @@ bn_add_words:
 
 { .mii;
 (p59)	add		r8=1,r8		// return value
-	mov		pr=r9,0x1ffff
+	mov		pr=r9,-1
 	mov		ar.lc=r3	}
 { .mbb;	nop.b		0x0
 	br.ret.sptk.many	b0	};;
@@ -246,27 +202,12 @@ bn_sub_words:
 	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
 					}
 	.body
-{ .mib;
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-	addp4		r14=0,r32		// rp
-#else
-	mov		r14=r32			// rp
-#endif
+{ .mib;	mov		r14=r32			// rp
 	mov		r9=pr		};;
-{ .mii;
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-	addp4		r15=0,r33		// ap
-#else
-	mov		r15=r33			// ap
-#endif
+{ .mii;	mov		r15=r33			// ap
 	mov		ar.lc=r10
 	mov		ar.ec=6		}
-{ .mib;
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-	addp4		r16=0,r34		// bp
-#else
-	mov		r16=r34			// bp
-#endif
+{ .mib;	mov		r16=r34			// bp
 	mov		pr.rot=1<<16	};;
 
 .L_bn_sub_words_ctop:
@@ -286,7 +227,7 @@ bn_sub_words:
 
 { .mii;
 (p59)	add		r8=1,r8		// return value
-	mov		pr=r9,0x1ffff
+	mov		pr=r9,-1
 	mov		ar.lc=r3	}
 { .mbb;	nop.b		0x0
 	br.ret.sptk.many	b0	};;
@@ -312,7 +253,7 @@ bn_mul_words:
 #ifdef XMA_TEMPTATION
 { .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;
 #else
-{ .mfi;	alloc		r2=ar.pfs,4,12,0,16	};;
+{ .mfi;	alloc		r2=ar.pfs,4,4,0,8	};;
 #endif
 { .mib;	mov		r8=r0			// return value
 	cmp4.le		p6,p0=r34,r0
@@ -325,30 +266,24 @@ bn_mul_words:
 
 	.body
 { .mib;	setf.sig	f8=r35	// w
-	mov		pr.rot=0x800001<<16
-			// ------^----- serves as (p50) at first (p27)
+	mov		pr.rot=0x400001<<16
+			// ------^----- serves as (p48) at first (p26)
 	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
 					}
 
 #ifndef XMA_TEMPTATION
 
-{ .mii;
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-	addp4		r14=0,r32	// rp
-	addp4		r15=0,r33	// ap
-#else
-	mov		r14=r32		// rp
-	mov		r15=r33		// ap
-#endif
+{ .mii;	mov		r14=r32	// rp
+	mov		r15=r33	// ap
 	mov		ar.lc=r10	}
-{ .mii;	mov		r40=0	// serves as r35 at first (p27)
-	mov		ar.ec=13	};;
+{ .mii;	mov		r39=0	// serves as r33 at first (p26)
+	mov		ar.ec=12	};;
 
-// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
-// L2 cache (i.e. 9 ticks away) as floating point load/store instructions
+// This loop spins in 2*(n+11) ticks. It's scheduled for data in L2
+// cache (i.e. 9 ticks away) as floating point load/store instructions
 // bypass L1 cache and L2 latency is actually best-case scenario for
-// ldf8. The loop is not scalable and shall run in 2*(n+12) even on
-// "wider" IA-64 implementations. It's a trade-off here. n+24 loop
+// ldf8. The loop is not scalable and shall run in 2*(n+11) even on
+// "wider" IA-64 implementations. It's a trade-off here. n+22 loop
 // would give us ~5% in *overall* performance improvement on "wider"
 // IA-64, but would hurt Itanium for about same because of longer
 // epilogue. As it's a matter of few percents in either case I've
@@ -356,25 +291,25 @@ bn_mul_words:
 // this very instruction sequence in bn_mul_add_words loop which in
 // turn is scalable).
 .L_bn_mul_words_ctop:
-{ .mfi;	(p25)	getf.sig	r36=f52			// low
-	(p21)	xmpy.lu		f48=f37,f8
-	(p28)	cmp.ltu		p54,p50=r41,r39	}
+{ .mfi;	(p25)	getf.sig	r36=f49			// low
+	(p21)	xmpy.lu		f45=f37,f8
+	(p27)	cmp.ltu		p52,p48=r39,r38	}
 { .mfi;	(p16)	ldf8		f32=[r15],8
-	(p21)	xmpy.hu		f40=f37,f8
+	(p21)	xmpy.hu		f38=f37,f8
 	(p0)	nop.i		0x0		};;
-{ .mii;	(p25)	getf.sig	r32=f44			// high
-	.pred.rel	"mutex",p50,p54
-	(p50)	add		r40=r38,r35		// (p27)
-	(p54)	add		r40=r38,r35,1	}	// (p27)
-{ .mfb;	(p28)	st8		[r14]=r41,8
+{ .mii;	(p26)	getf.sig	r32=f43			// high
+	.pred.rel	"mutex",p48,p52
+	(p48)	add		r38=r37,r33		// (p26)
+	(p52)	add		r38=r37,r33,1	}	// (p26)
+{ .mfb;	(p27)	st8		[r14]=r39,8
 	(p0)	nop.f		0x0
 	br.ctop.sptk	.L_bn_mul_words_ctop	};;
 .L_bn_mul_words_cend:
 
 { .mii;	nop.m		0x0
-.pred.rel	"mutex",p51,p55
-(p51)	add		r8=r36,r0
-(p55)	add		r8=r36,r0,1	}
+.pred.rel	"mutex",p49,p53
+(p49)	add		r8=r34,r0
+(p53)	add		r8=r34,r0,1	}
 { .mfb;	nop.m	0x0
 	nop.f	0x0
 	nop.b	0x0			}
@@ -409,7 +344,7 @@ bn_mul_words:
 #endif	// XMA_TEMPTATION
 
 { .mii;	nop.m		0x0
-	mov		pr=r9,0x1ffff
+	mov		pr=r9,-1
 	mov		ar.lc=r3	}
 { .mfb;	rum		1<<5		// clear um.mfh
 	nop.f		0x0
@@ -441,69 +376,59 @@ bn_mul_add_words:
 
 	.body
 { .mib;	setf.sig	f8=r35	// w
-	mov		pr.rot=0x800001<<16
-			// ------^----- serves as (p50) at first (p27)
+	mov		pr.rot=0x400001<<16
+			// ------^----- serves as (p48) at first (p26)
 	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
 					}
-{ .mii;
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-	addp4		r14=0,r32	// rp
-	addp4		r15=0,r33	// ap
-#else
-	mov		r14=r32		// rp
-	mov		r15=r33		// ap
-#endif
+{ .mii;	mov		r14=r32	// rp
+	mov		r15=r33	// ap
 	mov		ar.lc=r10	}
-{ .mii;	mov		r40=0	// serves as r35 at first (p27)
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-	addp4		r18=0,r32	// rp copy
-#else
-	mov		r18=r32		// rp copy
-#endif
-	mov		ar.ec=15	};;
+{ .mii;	mov		r39=0	// serves as r33 at first (p26)
+	mov		r18=r32	// rp copy
+	mov		ar.ec=14	};;
 
-// This loop spins in 3*(n+14) ticks on Itanium and should spin in
-// 2*(n+14) on "wider" IA-64 implementations (to be verified with new
+// This loop spins in 3*(n+13) ticks on Itanium and should spin in
+// 2*(n+13) on "wider" IA-64 implementations (to be verified with new
 // <EFBFBD>-architecture manuals as they become available). As usual it's
 // possible to compress the epilogue, down to 10 in this case, at the
 // cost of scalability. Compressed (and therefore non-scalable) loop
-// running at 3*(n+11) would buy you ~10% on Itanium but take ~35%
+// running at 3*(n+10) would buy you ~10% on Itanium but take ~35%
 // from "wider" IA-64 so let it be scalable! Special attention was
 // paid for having the loop body split at 64-byte boundary. ld8 is
 // scheduled for L1 cache as the data is more than likely there.
 // Indeed, bn_mul_words has put it there a moment ago:-)
 .L_bn_mul_add_words_ctop:
-{ .mfi;	(p25)	getf.sig	r36=f52			// low
-	(p21)	xmpy.lu		f48=f37,f8
-	(p28)	cmp.ltu		p54,p50=r41,r39	}
+{ .mfi;	(p25)	getf.sig	r36=f49			// low
+	(p21)	xmpy.lu		f45=f37,f8
+	(p27)	cmp.ltu		p52,p48=r39,r38	}
 { .mfi;	(p16)	ldf8		f32=[r15],8
-	(p21)	xmpy.hu		f40=f37,f8
-	(p28)	add		r45=r45,r41	};;
-{ .mii;	(p25)	getf.sig	r32=f44			// high
-	.pred.rel	"mutex",p50,p54
-	(p50)	add		r40=r38,r35		// (p27)
-	(p54)	add		r40=r38,r35,1	}	// (p27)
-{ .mfb;	(p28)	cmp.ltu.unc	p60,p0=r45,r41
+	(p21)	xmpy.hu		f38=f37,f8
+	(p27)	add		r43=r43,r39	};;
+{ .mii;	(p26)	getf.sig	r32=f43			// high
+	.pred.rel	"mutex",p48,p52
+	(p48)	add		r38=r37,r33		// (p26)
+	(p52)	add		r38=r37,r33,1	}	// (p26)
+{ .mfb;	(p27)	cmp.ltu.unc	p56,p0=r43,r39
 	(p0)	nop.f		0x0
 	(p0)	nop.b		0x0		}
-{ .mii;	(p27)	ld8		r44=[r18],8
-	(p62)	cmp.eq.or	p61,p0=-1,r46
-	(p62)	add		r46=1,r46	}
-{ .mfb;	(p30)	st8		[r14]=r47,8
+{ .mii;	(p26)	ld8		r42=[r18],8
+	(p58)	cmp.eq.or	p57,p0=-1,r44
+	(p58)	add		r44=1,r44	}
+{ .mfb;	(p29)	st8		[r14]=r45,8
 	(p0)	nop.f		0x0
 	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
 .L_bn_mul_add_words_cend:
 
 { .mii;	nop.m		0x0
-.pred.rel	"mutex",p53,p57
-(p53)	add		r8=r38,r0
-(p57)	add		r8=r38,r0,1	}
+.pred.rel	"mutex",p51,p55
+(p51)	add		r8=r36,r0
+(p55)	add		r8=r36,r0,1	}
 { .mfb;	nop.m	0x0
 	nop.f	0x0
 	nop.b	0x0			};;
 { .mii;
-(p63)	add		r8=1,r8
-	mov		pr=r9,0x1ffff
+(p59)	add		r8=1,r8
+	mov		pr=r9,-1
 	mov		ar.lc=r3	}
 { .mfb;	rum		1<<5		// clear um.mfh
 	nop.f		0x0
@@ -536,10 +461,6 @@ bn_sqr_words:
 	mov	r9=pr			};;
 
 	.body
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-{ .mii; addp4		r32=0,r32
-	addp4		r33=0,r33	};;
-#endif
 { .mib;
 	mov		pr.rot=1<<16
 	brp.loop.imp	.L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
@@ -571,7 +492,7 @@ bn_sqr_words:
 .L_bn_sqr_words_cend:
 
 { .mii;	nop.m		0x0
-	mov		pr=r9,0x1ffff
+	mov		pr=r9,-1
 	mov		ar.lc=r3	}
 { .mfb;	rum		1<<5		// clear um.mfh
 	nop.f		0x0
@@ -605,14 +526,7 @@ bn_sqr_comba8:
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
 { .mii;	alloc	r2=ar.pfs,2,1,0,0
-	addp4	r33=0,r33
-	addp4	r32=0,r32		};;
-{ .mii;
-#else
-{ .mii;	alloc	r2=ar.pfs,2,1,0,0
-#endif
 	mov	r34=r33
 	add	r14=8,r33		};;
 	.body
@@ -673,14 +587,7 @@ bn_mul_comba8:
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
 { .mii;	alloc	r2=ar.pfs,3,0,0,0
-	addp4	r33=0,r33
-	addp4	r34=0,r34		};;
-{ .mii;	addp4	r32=0,r32
-#else
-{ .mii;	alloc   r2=ar.pfs,3,0,0,0
-#endif
 	add	r14=8,r33
 	add	r17=8,r34		}
 	.body
@@ -1231,14 +1138,7 @@ bn_sqr_comba4:
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-{ .mii;	alloc   r2=ar.pfs,2,1,0,0
-	addp4	r32=0,r32
-	addp4	r33=0,r33		};;
-{ .mii;
-#else
 { .mii;	alloc	r2=ar.pfs,2,1,0,0
-#endif
 	mov	r34=r33
 	add	r14=8,r33		};;
 	.body
@@ -1264,14 +1164,7 @@ bn_mul_comba4:
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && defined(_ILP32)
-{ .mii;	alloc   r2=ar.pfs,3,0,0,0
-	addp4	r33=0,r33
-	addp4	r34=0,r34		};;
-{ .mii;	addp4	r32=0,r32
-#else
 { .mii;	alloc	r2=ar.pfs,3,0,0,0
-#endif
 	add	r14=8,r33
 	add	r17=8,r34		}
 	.body
@@ -1571,7 +1464,7 @@ bn_div_words:
 	or	r8=r8,r33
 	mov	ar.pfs=r2		};;
 { .mii;	shr.u	r9=H,I			// remainder if anybody wants it
-	mov	pr=r10,0x1ffff		}
+	mov	pr=r10,-1		}
 { .mfb;	br.ret.sptk.many	b0	};;
 
 // Unsigned 64 by 32 (well, by 64 for the moment) bit integer division

crypto/bn/asm/pa-risc2.s

@@ -747,8 +747,8 @@ bn_div_words
 	.PROC
 	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
 	.IMPORT	BN_num_bits_word,CODE
-	;--- not PIC	.IMPORT	__iob,DATA
-	;--- not PIC	.IMPORT	fprintf,CODE
+	.IMPORT	__iob,DATA
+	.IMPORT	fprintf,CODE
 	.IMPORT	abort,CODE
 	.IMPORT	$$div2U,MILLICODE
 	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
@@ -844,12 +844,12 @@ $0006001A
         MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
         EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
 $D2
-        ;--- not PIC	ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
-        ;--- not PIC	LDIL    LR'C$7,%r21     ;offset 0xa24
-        ;--- not PIC	LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
-        ;--- not PIC	.CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
-        ;--- not PIC	B,L     fprintf,%r2     ;offset 0xa2c
-        ;--- not PIC	LDO     RR'C$7(%r21),%r25       ;offset 0xa30
+        ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
+        LDIL    LR'C$7,%r21     ;offset 0xa24
+        LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
+        .CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
+        B,L     fprintf,%r2     ;offset 0xa2c
+        LDO     RR'C$7(%r21),%r25       ;offset 0xa30
         .CALL           ;
         B,L     abort,%r2       ;offset 0xa34
         NOP             ;offset 0xa38
@@ -1605,14 +1605,14 @@ bn_mul_comba4
 	.PROCEND	
 
 
-;--- not PIC	.SPACE	$TEXT$
-;--- not PIC	.SUBSPA	$CODE$
-;--- not PIC	.SPACE	$PRIVATE$,SORT=16
-;--- not PIC	.IMPORT	$global$,DATA
-;--- not PIC	.SPACE	$TEXT$
-;--- not PIC	.SUBSPA	$CODE$
-;--- not PIC	.SUBSPA	$LIT$,ACCESS=0x2c
-;--- not PIC	C$7
-;--- not PIC	.ALIGN	8
-;--- not PIC	.STRINGZ	"Division would overflow (%d)\n"
+	.SPACE	$TEXT$
+	.SUBSPA	$CODE$
+	.SPACE	$PRIVATE$,SORT=16
+	.IMPORT	$global$,DATA
+	.SPACE	$TEXT$
+	.SUBSPA	$CODE$
+	.SUBSPA	$LIT$,ACCESS=0x2c
+C$7
+	.ALIGN	8
+	.STRINGZ	"Division would overflow (%d)\n"
 	.END

crypto/bn/asm/vms.mar

@@ -172,7 +172,7 @@ n=12 ;(AP)	n	by value (input)
 ; }
 ;
 ; Using EDIV would be very easy, if it didn't do signed calculations.
-; Any time any of the input numbers are signed, there are problems,
+; Any time, any of the input numbers are signed, there are problems,
 ; usually with integer overflow, at which point it returns useless
 ; data (the quotient gets the value of l, and the remainder becomes 0).
 ;
@@ -180,26 +180,21 @@ n=12 ;(AP)	n	by value (input)
 ; it by 2 (unsigned), do the division, multiply the resulting quotient
 ; and remainder by 2, add the bit that was dropped when dividing by 2
 ; to the remainder, and do some adjustment so the remainder doesn't
-; end up larger than the divisor.  For some cases when the divisor is
-; negative (from EDIV's point of view, i.e. when the highest bit is set),
-; dividing the dividend by 2 isn't enough, and since some operations
-; might generate integer overflows even when the dividend is divided by
-; 4 (when the high part of the shifted down dividend ends up being exactly
-; half of the divisor, the result is the quotient 0x80000000, which is
-; negative...) it needs to be divided by 8.  Furthermore, the divisor needs
-; to be divided by 2 (unsigned) as well, to avoid more problems with the sign.
-; In this case, a little extra fiddling with the remainder is required.
+; end up larger than the divisor.  This method works as long as the
+; divisor is positive, so we'll keep that (with a small adjustment)
+; as the main method.
+; For some cases when the divisor is negative (from EDIV's point of
+; view, i.e. when the highest bit is set), dividing the dividend by
+; 2 isn't enough, it needs to be divided by 4.  Furthermore, the
+; divisor needs to be divided by 2 (unsigned) as well, to avoid more
+; problems with the sign.  In this case, a little extra fiddling with
+; the remainder is required.
 ;
 ; So, the simplest way to handle this is always to divide the dividend
-; by 8, and to divide the divisor by 2 if it's highest bit is set.
-; After EDIV has been used, the quotient gets multiplied by 8 if the
-; original divisor was positive, otherwise 4.  The remainder, oddly
-; enough, is *always* multiplied by 8.
-; NOTE: in the case mentioned above, where the high part of the shifted
-; down dividend ends up being exactly half the shifted down divisor, we
-; end up with a 33 bit quotient.  That's no problem however, it usually
-; means we have ended up with a too large remainder as well, and the
-; problem is fixed by the last part of the algorithm (next paragraph).
+; by 4, and to divide the divisor by 2 if it's highest bit is set.
+; After EDIV has been used, the quotient gets multiplied by 4 if the
+; original divisor was positive, otherwise 2.  The remainder, oddly
+; enough, is *always* multiplied by 4.
 ;
 ; The routine ends with comparing the resulting remainder with the
 ; original divisor and if the remainder is larger, subtract the
@@ -209,19 +204,15 @@ n=12 ;(AP)	n	by value (input)
 ; The complete algorithm looks like this:
 ;
 ; d'    = d
-; l'    = l & 7
-; [h,l] = [h,l] >> 3
+; l'    = l & 3
+; [h,l] = [h,l] >> 2
 ; [q,r] = floor([h,l] / d)	# This is the EDIV operation
 ; if (q < 0) q = -q		# I doubt this is necessary any more
 ;
-; r'    = r >> 29
-; if (d' >= 0)
-;   q'  = q >> 29
-;   q   = q << 3
-; else
-;   q'  = q >> 30
-;   q   = q << 2
-; r     = (r << 3) + l'
+; r'    = r >> 30
+; if (d' >= 0) q = q << 1
+; q     = q << 1
+; r     = (r << 2) + l'
 ;
 ; if (d' < 0)
 ;   {
@@ -229,14 +220,14 @@ n=12 ;(AP)	n	by value (input)
 ;     while ([r',r] < 0)
 ;       {
 ;         [r',r] = [r',r] + d
-;         [q',q] = [q',q] - 1
+;         q = q - 1
 ;       }
 ;   }
 ;
-; while ([r',r] >= d')
+; while ([r',r] >= d)
 ;   {
-;     [r',r] = [r',r] - d'
-;     [q',q] = [q',q] + 1
+;     [r',r] = [r',r] - d
+;     q = q + 1
 ;   }
 ;
 ; return q
@@ -245,37 +236,31 @@ h=4 ;(AP)	h	by value (input)
 l=8 ;(AP)	l	by value (input)
 d=12 ;(AP)	d	by value (input)
 
-;r2 = l, q
-;r3 = h, r
-;r4 = d
-;r5 = l'
-;r6 = r'
-;r7 = d'
-;r8 = q'
+;lprim=r5
+;rprim=r6
+;dprim=r7
+
 
 	.psect	code,nowrt
 
-.entry	bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8>
+.entry	bn_div_words,^m<r2,r3,r4,r5,r6,r7>
 	movl	l(ap),r2
 	movl	h(ap),r3
 	movl	d(ap),r4
 
-	bicl3	#^XFFFFFFF8,r2,r5 ; l' = l & 7
-	bicl3	#^X00000007,r2,r2
+	bicl3	#^XFFFFFFFC,r2,r5 ; l' = l & 3
+	bicl3	#^X00000003,r2,r2
 
-	bicl3	#^XFFFFFFF8,r3,r6
-	bicl3	#^X00000007,r3,r3
+	bicl3	#^XFFFFFFFC,r3,r6
+	bicl3	#^X00000003,r3,r3
         
 	addl	r6,r2
-
-	rotl	#-3,r2,r2	; l = l >> 3
-	rotl	#-3,r3,r3	; h = h >> 3
+	rotl	#-2,r2,r2	; l = l >> 2
+	rotl	#-2,r3,r3	; h = h >> 2
                 
+	movl	#0,r6
 	movl	r4,r7		; d' = d
 
-	movl	#0,r6		; r' = 0
-	movl	#0,r8		; q' = 0
-
 	tstl	r4
 	beql	666$		; Uh-oh, the divisor is 0...
 	bgtr	1$
@@ -292,55 +277,44 @@ d=12 ;(AP)	d	by value (input)
 3$:     
 	tstl	r7
 	blss	4$
-	rotl	#3,r2,r2	;   q = q << 3
-	bicl3	#^XFFFFFFF8,r2,r8 ;    q' gets the high bits from q
-	bicl3	#^X00000007,r2,r2
-	bsb	41$
-4$:				; else
-	rotl	#2,r2,r2	;   q = q << 2
-	bicl3	#^XFFFFFFFC,r2,r8 ;   q' gets the high bits from q
-	bicl3	#^X00000003,r2,r2
-41$:
-	rotl	#3,r3,r3	; r = r << 3
-	bicl3	#^XFFFFFFF8,r3,r6 ; r' gets the high bits from r
-	bicl3	#^X00000007,r3,r3
+	ashl	#1,r2,r2	; q = q << 1
+4$:     
+	ashl	#1,r2,r2	; q = q << 1
+	rotl	#2,r3,r3	; r = r << 2
+	bicl3	#^XFFFFFFFC,r3,r6 ; r' gets the high bits from r
+	bicl3	#^X00000003,r3,r3
 	addl	r5,r3		; r = r + l'
 
 	tstl	r7
 	bgeq	5$
 	bitl	#1,r7
-	beql	5$		; if d' < 0 && d' & 1
-	subl	r2,r3		;   [r',r] = [r',r] - [q',q]
-	sbwc	r8,r6
+	beql	5$		; if d < 0 && d & 1
+	subl	r2,r3		;   [r',r] = [r',r] - q
+	sbwc	#0,r6
 45$:
 	bgeq	5$		;   while r < 0
-	decl	r2		;     [q',q] = [q',q] - 1
-	sbwc	#0,r8
-	addl	r7,r3		;     [r',r] = [r',r] + d'
+	decl	r2		;     q = q - 1
+	addl	r7,r3		;     [r',r] = [r',r] + d
 	adwc	#0,r6
 	brb	45$
 
-; The return points are placed in the middle to keep a short distance from
-; all the branch points
-42$:
-;	movl	r3,r1
-	movl	r2,r0
-	ret
-666$:
-	movl	#^XFFFFFFFF,r0
-	ret
-
 5$:
 	tstl	r6
 	bneq	6$
 	cmpl	r3,r7
 	blssu	42$		; while [r',r] >= d'
 6$:
-	subl	r7,r3		;   [r',r] = [r',r] - d'
+	subl	r7,r3		;   [r',r] = [r',r] - d
 	sbwc	#0,r6
-	incl	r2		;   [q',q] = [q',q] + 1
-	adwc	#0,r8
+	incl	r2		;   q = q + 1
 	brb	5$	
+42$:
+;	movl	r3,r1
+	movl	r2,r0
+	ret
+666$:
+	movl	#^XFFFFFFFF,r0
+	ret
 
 	.title	vax_bn_add_words  unsigned add of two arrays
 ;

crypto/bn/asm/x86_64-gcc.c

@@ -1,575 +0,0 @@
-/*
- * x86_64 BIGNUM accelerator version 0.1, December 2002.
- *
- * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- *
- * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
- *    versions, like 1.0...
- * A. Well, that's because this code is basically a quick-n-dirty
- *    proof-of-concept hack. As you can see it's implemented with
- *    inline assembler, which means that you're bound to GCC and that
- *    there must be a room for fine-tuning.
- *
- * Q. Why inline assembler?
- * A. x86_64 features own ABI I'm not familiar with. Which is why
- *    I decided to let the compiler take care of subroutine
- *    prologue/epilogue as well as register allocation.
- *
- * Q. How much faster does it get?
- * A. Unfortunately people sitting on x86_64 hardware are prohibited
- *    to disclose the performance numbers, so they (SuSE labs to be
- *    specific) wouldn't tell me. However! Very similar coding technique
- *    (reaching out for 128-bit result from 64x64-bit multiplication)
- *    results in >3 times performance improvement on MIPS and I see no
- *    reason why gain on x86_64 would be so much different:-)
- */
-
-#define BN_ULONG unsigned long
-
-/*
- * "m"(a), "+m"(r)	is the way to favor DirectPath <20>-code;
- * "g"(0)		let the compiler to decide where does it
- *			want to keep the value of zero;
- */
-#define mul_add(r,a,word,carry) do {	\
-	register BN_ULONG high,low;	\
-	asm ("mulq %3"			\
-		: "=a"(low),"=d"(high)	\
-		: "a"(word),"m"(a)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(carry),"+d"(high)\
-		: "a"(low),"g"(0)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+m"(r),"+d"(high)	\
-		: "r"(carry),"g"(0)	\
-		: "cc");		\
-	carry=high;			\
-	} while (0)
-
-#define mul(r,a,word,carry) do {	\
-	register BN_ULONG high,low;	\
-	asm ("mulq %3"			\
-		: "=a"(low),"=d"(high)	\
-		: "a"(word),"g"(a)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(carry),"+d"(high)\
-		: "a"(low),"g"(0)	\
-		: "cc");		\
-	(r)=carry, carry=high;		\
-	} while (0)
-
-#define sqr(r0,r1,a)			\
-	asm ("mulq %2"			\
-		: "=a"(r0),"=d"(r1)	\
-		: "a"(a)		\
-		: "cc");
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG c1=0;
-
-	if (num <= 0) return(c1);
-
-	while (num&~3)
-		{
-		mul_add(rp[0],ap[0],w,c1);
-		mul_add(rp[1],ap[1],w,c1);
-		mul_add(rp[2],ap[2],w,c1);
-		mul_add(rp[3],ap[3],w,c1);
-		ap+=4; rp+=4; num-=4;
-		}
-	if (num)
-		{
-		mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
-		mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
-		mul_add(rp[2],ap[2],w,c1); return c1;
-		}
-	
-	return(c1);
-	} 
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG c1=0;
-
-	if (num <= 0) return(c1);
-
-	while (num&~3)
-		{
-		mul(rp[0],ap[0],w,c1);
-		mul(rp[1],ap[1],w,c1);
-		mul(rp[2],ap[2],w,c1);
-		mul(rp[3],ap[3],w,c1);
-		ap+=4; rp+=4; num-=4;
-		}
-	if (num)
-		{
-		mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
-		mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
-		mul(rp[2],ap[2],w,c1);
-		}
-	return(c1);
-	} 
-
-void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
-        {
-	if (n <= 0) return;
-
-	while (n&~3)
-		{
-		sqr(r[0],r[1],a[0]);
-		sqr(r[2],r[3],a[1]);
-		sqr(r[4],r[5],a[2]);
-		sqr(r[6],r[7],a[3]);
-		a+=4; r+=8; n-=4;
-		}
-	if (n)
-		{
-		sqr(r[0],r[1],a[0]); if (--n == 0) return;
-		sqr(r[2],r[3],a[1]); if (--n == 0) return;
-		sqr(r[4],r[5],a[2]);
-		}
-	}
-
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-{	BN_ULONG ret,waste;
-
-	asm ("divq	%4"
-		: "=a"(ret),"=d"(waste)
-		: "a"(l),"d"(h),"g"(d)
-		: "cc");
-
-	return ret;
-}
-
-BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
-{ BN_ULONG ret,i;
-
-	if (n <= 0) return 0;
-
-	asm (
-	"	subq	%2,%2		\n"
-	".align 16			\n"
-	"1:	movq	(%4,%2,8),%0	\n"
-	"	adcq	(%5,%2,8),%0	\n"
-	"	movq	%0,(%3,%2,8)	\n"
-	"	leaq	1(%2),%2	\n"
-	"	loop	1b		\n"
-	"	sbbq	%0,%0		\n"
-		: "+a"(ret),"+c"(n),"+r"(i)
-		: "r"(rp),"r"(ap),"r"(bp)
-		: "cc"
-	);
-
-  return ret&1;
-}
-
-#ifndef SIMICS
-BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
-{ BN_ULONG ret,i;
-
-	if (n <= 0) return 0;
-
-	asm (
-	"	subq	%2,%2		\n"
-	".align 16			\n"
-	"1:	movq	(%4,%2,8),%0	\n"
-	"	sbbq	(%5,%2,8),%0	\n"
-	"	movq	%0,(%3,%2,8)	\n"
-	"	leaq	1(%2),%2	\n"
-	"	loop	1b		\n"
-	"	sbbq	%0,%0		\n"
-		: "+a"(ret),"+c"(n),"+r"(i)
-		: "r"(rp),"r"(ap),"r"(bp)
-		: "cc"
-	);
-
-  return ret&1;
-}
-#else
-/* Simics 1.4<7 has buggy sbbq:-( */
-#define BN_MASK2 0xffffffffffffffffL
-BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-        {
-	BN_ULONG t1,t2;
-	int c=0;
-
-	if (n <= 0) return((BN_ULONG)0);
-
-	for (;;)
-		{
-		t1=a[0]; t2=b[0];
-		r[0]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		t1=a[1]; t2=b[1];
-		r[1]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		t1=a[2]; t2=b[2];
-		r[2]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		t1=a[3]; t2=b[3];
-		r[3]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		a+=4;
-		b+=4;
-		r+=4;
-		}
-	return(c);
-	}
-#endif
-
-/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
-/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
-
-#if 0
-/* original macros are kept for reference purposes */
-#define mul_add_c(a,b,c0,c1,c2) {	\
-	BN_ULONG ta=(a),tb=(b);		\
-	t1 = ta * tb;			\
-	t2 = BN_UMULT_HIGH(ta,tb);	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define mul_add_c2(a,b,c0,c1,c2) {	\
-	BN_ULONG ta=(a),tb=(b),t0;	\
-	t1 = BN_UMULT_HIGH(ta,tb);	\
-	t0 = ta * tb;			\
-	t2 = t1+t1; c2 += (t2<t1)?1:0;	\
-	t1 = t0+t0; t2 += (t1<t0)?1:0;	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-#else
-#define mul_add_c(a,b,c0,c1,c2)	do {	\
-	asm ("mulq %3"			\
-		: "=a"(t1),"=d"(t2)	\
-		: "a"(a),"m"(b)		\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c0),"+d"(t2)	\
-		: "a"(t1),"g"(0)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c1),"+r"(c2)	\
-		: "d"(t2),"g"(0)	\
-		: "cc");		\
-	} while (0)
-
-#define sqr_add_c(a,i,c0,c1,c2)	do {	\
-	asm ("mulq %2"			\
-		: "=a"(t1),"=d"(t2)	\
-		: "a"(a[i])		\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c0),"+d"(t2)	\
-		: "a"(t1),"g"(0)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c1),"+r"(c2)	\
-		: "d"(t2),"g"(0)	\
-		: "cc");		\
-	} while (0)
-
-#define mul_add_c2(a,b,c0,c1,c2) do {	\
-	asm ("mulq %3"			\
-		: "=a"(t1),"=d"(t2)	\
-		: "a"(a),"m"(b)		\
-		: "cc");		\
-	asm ("addq %0,%0; adcq %2,%1"	\
-		: "+d"(t2),"+r"(c2)	\
-		: "g"(0)		\
-		: "cc");		\
-	asm ("addq %0,%0; adcq %2,%1"	\
-		: "+a"(t1),"+d"(t2)	\
-		: "g"(0)		\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c0),"+d"(t2)	\
-		: "a"(t1),"g"(0)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c1),"+r"(c2)	\
-		: "d"(t2),"g"(0)	\
-		: "cc");		\
-	} while (0)
-#endif
-
-#define sqr_add_c2(a,i,j,c0,c1,c2)	\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-	BN_ULONG bl,bh;
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[4],b[0],c2,c3,c1);
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	mul_add_c(a[0],b[4],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[0],b[5],c3,c1,c2);
-	mul_add_c(a[1],b[4],c3,c1,c2);
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	mul_add_c(a[4],b[1],c3,c1,c2);
-	mul_add_c(a[5],b[0],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[6],b[0],c1,c2,c3);
-	mul_add_c(a[5],b[1],c1,c2,c3);
-	mul_add_c(a[4],b[2],c1,c2,c3);
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	mul_add_c(a[2],b[4],c1,c2,c3);
-	mul_add_c(a[1],b[5],c1,c2,c3);
-	mul_add_c(a[0],b[6],c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	mul_add_c(a[0],b[7],c2,c3,c1);
-	mul_add_c(a[1],b[6],c2,c3,c1);
-	mul_add_c(a[2],b[5],c2,c3,c1);
-	mul_add_c(a[3],b[4],c2,c3,c1);
-	mul_add_c(a[4],b[3],c2,c3,c1);
-	mul_add_c(a[5],b[2],c2,c3,c1);
-	mul_add_c(a[6],b[1],c2,c3,c1);
-	mul_add_c(a[7],b[0],c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	mul_add_c(a[7],b[1],c3,c1,c2);
-	mul_add_c(a[6],b[2],c3,c1,c2);
-	mul_add_c(a[5],b[3],c3,c1,c2);
-	mul_add_c(a[4],b[4],c3,c1,c2);
-	mul_add_c(a[3],b[5],c3,c1,c2);
-	mul_add_c(a[2],b[6],c3,c1,c2);
-	mul_add_c(a[1],b[7],c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	mul_add_c(a[2],b[7],c1,c2,c3);
-	mul_add_c(a[3],b[6],c1,c2,c3);
-	mul_add_c(a[4],b[5],c1,c2,c3);
-	mul_add_c(a[5],b[4],c1,c2,c3);
-	mul_add_c(a[6],b[3],c1,c2,c3);
-	mul_add_c(a[7],b[2],c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	mul_add_c(a[7],b[3],c2,c3,c1);
-	mul_add_c(a[6],b[4],c2,c3,c1);
-	mul_add_c(a[5],b[5],c2,c3,c1);
-	mul_add_c(a[4],b[6],c2,c3,c1);
-	mul_add_c(a[3],b[7],c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	mul_add_c(a[4],b[7],c3,c1,c2);
-	mul_add_c(a[5],b[6],c3,c1,c2);
-	mul_add_c(a[6],b[5],c3,c1,c2);
-	mul_add_c(a[7],b[4],c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	mul_add_c(a[7],b[5],c1,c2,c3);
-	mul_add_c(a[6],b[6],c1,c2,c3);
-	mul_add_c(a[5],b[7],c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	mul_add_c(a[6],b[7],c2,c3,c1);
-	mul_add_c(a[7],b[6],c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	mul_add_c(a[7],b[7],c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-	BN_ULONG bl,bh;
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}
-
-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-	{
-	BN_ULONG bl,bh;
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	sqr_add_c2(a,4,0,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,5,0,c3,c1,c2);
-	sqr_add_c2(a,4,1,c3,c1,c2);
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	sqr_add_c2(a,4,2,c1,c2,c3);
-	sqr_add_c2(a,5,1,c1,c2,c3);
-	sqr_add_c2(a,6,0,c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	sqr_add_c2(a,7,0,c2,c3,c1);
-	sqr_add_c2(a,6,1,c2,c3,c1);
-	sqr_add_c2(a,5,2,c2,c3,c1);
-	sqr_add_c2(a,4,3,c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	sqr_add_c(a,4,c3,c1,c2);
-	sqr_add_c2(a,5,3,c3,c1,c2);
-	sqr_add_c2(a,6,2,c3,c1,c2);
-	sqr_add_c2(a,7,1,c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	sqr_add_c2(a,7,2,c1,c2,c3);
-	sqr_add_c2(a,6,3,c1,c2,c3);
-	sqr_add_c2(a,5,4,c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	sqr_add_c(a,5,c2,c3,c1);
-	sqr_add_c2(a,6,4,c2,c3,c1);
-	sqr_add_c2(a,7,3,c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	sqr_add_c2(a,7,4,c3,c1,c2);
-	sqr_add_c2(a,6,5,c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	sqr_add_c(a,6,c1,c2,c3);
-	sqr_add_c2(a,7,5,c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	sqr_add_c2(a,7,6,c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	sqr_add_c(a,7,c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
-
-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-	{
-	BN_ULONG bl,bh;
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}

crypto/bn/bn.h

@@ -248,8 +248,6 @@ typedef struct bn_blinding_st
 	BIGNUM *A;
 	BIGNUM *Ai;
 	BIGNUM *mod; /* just a reference */
-	unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
-				  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
 	} BN_BLINDING;
 
 /* Used for montgomery multiplication */

crypto/bn/bn_div.c

@@ -150,20 +150,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 	    q;					\
 	})
 #  define REMAINDER_IS_ALREADY_CALCULATED
-#  elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
-   /*
-    * Same story here, but it's 128-bit by 64-bit division. Wow!
-    *					<appro@fy.chalmers.se>
-    */
-#  define bn_div_words(n0,n1,d0)		\
-	({  asm volatile (			\
-		"divq	%4"			\
-		: "=a"(q), "=d"(rem)		\
-		: "a"(n1), "d"(n0), "g"(d0)	\
-		: "cc");			\
-	    q;					\
-	})
-#  define REMAINDER_IS_ALREADY_CALCULATED
 #  endif /* __<cpu> */
 # endif /* __GNUC__ */
 #endif /* OPENSSL_NO_ASM */
@@ -282,11 +268,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 			q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
 #else
 			q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-				n0, n1, d0, q);
-#endif
 #endif
 
 #ifndef REMAINDER_IS_ALREADY_CALCULATED
@@ -311,18 +292,11 @@ X) -> 0x%08X\n",
 			BN_ULONG t2l,t2h,ql,qh;
 
 			q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-				n0, n1, d0, q);
-#endif
 #ifndef REMAINDER_IS_ALREADY_CALCULATED
 			rem=(n1-q*d0)&BN_MASK2;
 #endif
 
-#if defined(BN_UMULT_LOHI)
-			BN_UMULT_LOHI(t2l,t2h,d1,q);
-#elif defined(BN_UMULT_HIGH)
+#ifdef BN_UMULT_HIGH
 			t2l = d1 * q;
 			t2h = BN_UMULT_HIGH(d1,q);
 #else