Update README.

'OpenSSL_1_0_0-stable'.

CHANGES

@@ -2,7 +2,21 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
+ Changes between 0.9.8k and 1.0  [xx XXX xxxx]
+
+  *) Support use of registered digest and cipher names for dgst and cipher
+     commands instead of having to add each one as a special case. So now
+     you can do:
+
+        openssl sha256 foo
+
+     as well as:
+
+        openssl dgst -sha256 foo
+
+     and this works for ENGINE based algorithms too.
+
+     [Steve Henson]
 
   *) Update Gost ENGINE to support parameter files.
      [Victor B. Wagner <vitus@cryptocom.ru>]
@@ -749,7 +763,27 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
 
- Changes between 0.9.8j and 0.9.8k  [xx XXX xxxx]
+ Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
+
+  *) Add 2.5.4.* OIDs
+     [Ilya O. <vrghost@gmail.com>]
+
+ Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
+
+  *) Don't set val to NULL when freeing up structures, it is freed up by
+     underlying code. If sizeof(void *) > sizeof(long) this can result in
+     zeroing past the valid field. (CVE-2009-0789)
+     [Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
+
+  *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
+     checked correctly. This would allow some invalid signed attributes to
+     appear to verify correctly. (CVE-2009-0591)
+     [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+  *) Reject UniversalString and BMPString types with invalid lengths. This
+     prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
+     a legal length. (CVE-2009-0590)
+     [Steve Henson]
 
   *) Set S/MIME signing as the default purpose rather than setting it 
      unconditionally. This allows applications to override it at the store

FAQ

@@ -78,7 +78,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8j was released on Jan 7th, 2009.
+OpenSSL 0.9.8k was released on Mar 25th, 2009.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:

NEWS

@@ -5,8 +5,49 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.8k and OpenSSL 1.0:
+
+
+      o RFC3280 path validation: sufficient to process PKITS tests.
+      o Integrated support for PVK files and keyblobs.
+      o Change default private key format to PKCS#8.
+      o CMS support: able to process all examples in RFCXXXX
+      o Streaming ASN1 encode support for PKCS#7 and CMS.
+      o Multiple signer and signer add support for PKCS#7 and CMS.
+      o ASN1 printing support.
+      o Whirlpool hash algorithm added.
+      o RFC3161 time stamp support.
+      o New generalised public key API supporting ENGINE based algorithms.
+      o New generalised public key API utilities.
+      o New ENGINE supporting GOST algorithms.
+      o SSL/TLS GOST ciphersuite support.
+      o PKCS#7 and CMS GOST support.
+      o RFC4279 PSK ciphersuite support.
+      o Supported points format extension for ECC ciphersuites.
+      o ecdsa-with-SHA224/256/384/512 signature types.
+      o dsa-with-SHA224 and dsa-with-SHA256 signature types.
+      o Opaque PRF Input TLS extension support.
+
+  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
+
+      o Fix various build issues.
+      o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
+
+  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j:
+
+      o Fix security issue (CVE-2008-5077)
+      o Merge FIPS 140-2 branch code.
+
+  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h:
+
+      o CryptoAPI ENGINE support.
+      o Various precautionary measures.
+      o Fix for bugs affecting certificate request creation.
+      o Support for local machine keyset attribute in PKCS#12 files.
+
   Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:
 
+      o Backport of CMS functionality to 0.9.8.
       o Fixes for bugs introduced with 0.9.8f.
 
   Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.9-dev XX xxx XXXX
+ OpenSSL 1.0.0-beta1 01 Apr 2009
 
  Copyright (c) 1998-2008 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

STATUS

@@ -1,10 +1,10 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2008/05/28 22:30:28 $
+  ______________                           $Date: 2009/04/01 08:47:27 $
 
   DEVELOPMENT STATE
 
-    o  OpenSSL 0.9.9:  Under development...
+    o  OpenSSL 1.0.0-beta1: Released on Aptil 1st, 2009
     o  OpenSSL 0.9.8h: Released on May       28th, 2008
     o  OpenSSL 0.9.8g: Released on October   19th, 2007
     o  OpenSSL 0.9.8f: Released on October   11th, 2007

TABLE

@@ -1366,7 +1366,7 @@ $multilib     =
 
 *** debug-ben-debug
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$cflags       = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 

apps/dgst.c

@@ -598,7 +598,14 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			}
 		}
 	else
+		{
 		len=BIO_gets(bp,(char *)buf,BUFSIZE);
+		if (len <0) 
+			{
+			ERR_print_errors(bio_err);
+			return 1;
+			}
+		}
 
 	if(binout) BIO_write(out, buf, len);
 	else 

apps/openssl.c

@@ -392,6 +392,21 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
 		{ ret=0; goto end; }
 	f.name=argv[0];
 	fp=lh_FUNCTION_retrieve(prog,&f);
+	if (fp == NULL)
+		{
+		if (EVP_get_digestbyname(argv[0]))
+			{
+			f.type = FUNC_TYPE_MD;
+			f.func = dgst_main;
+			fp = &f;
+			}
+		else if (EVP_get_cipherbyname(argv[0]))
+			{
+			f.type = FUNC_TYPE_CIPHER;
+			f.func = enc_main;
+			fp = &f;
+			}
+		}
 	if (fp != NULL)
 		{
 		ret=fp->func(argc,argv);

apps/x509.c

@@ -114,7 +114,7 @@ static const char *x509_usage[]={
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
 " -ocspid         - print OCSP hash values for the subject name and public key\n",
-" -ocspurl        - print OCSP Responder URL(s)\n",
+" -ocsp_uri       - print OCSP Responder URL(s)\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",

crypto/asn1/asn1.h

@@ -1278,6 +1278,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_BAD_OBJECT_HEADER			 102
 #define ASN1_R_BAD_PASSWORD_READ			 103
 #define ASN1_R_BAD_TAG					 104
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 214
 #define ASN1_R_BN_LIB					 105
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
 #define ASN1_R_BUFFER_TOO_SMALL				 107
@@ -1369,6 +1370,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
 #define ASN1_R_UNEXPECTED_EOC				 159
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 215
 #define ASN1_R_UNKNOWN_FORMAT				 160
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162

crypto/asn1/asn1_err.c

@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -176,7 +176,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV),	"PKCS5_pbe2_set_iv"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET),	"PKCS5_pbe_set"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR),	"PKCS5_pbe_set0_algor"},
-{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),	"SMIME_read_asn1"},
+{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),	"SMIME_read_ASN1"},
 {ERR_FUNC(ASN1_F_SMIME_TEXT),	"SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),	"X509_CINF_NEW"},
 {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_add0_revoked"},
@@ -199,6 +199,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
 {ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
 {ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
+{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
 {ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
 {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
 {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
@@ -290,6 +291,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
 {ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
+{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
 {ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
 {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},

crypto/asn1/tasn_dec.c

@@ -613,7 +613,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
 
 	err:
 	ASN1_template_free(val, tt);
-	*val = NULL;
 	return 0;
 	}
 
@@ -762,7 +761,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
 
 	err:
 	ASN1_template_free(val, tt);
-	*val = NULL;
 	return 0;
 	}
 
@@ -1016,6 +1014,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
 		case V_ASN1_SET:
 		case V_ASN1_SEQUENCE:
 		default:
+		if (utype == V_ASN1_BMPSTRING && (len & 1))
+			{
+			ASN1err(ASN1_F_ASN1_EX_C2I,
+					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+			goto err;
+			}
+		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
+			{
+			ASN1err(ASN1_F_ASN1_EX_C2I,
+					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+			goto err;
+			}
 		/* All based on ASN1_STRING and handled the same */
 		if (!*pval)
 			{

crypto/cms/cms_smime.c

@@ -419,7 +419,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
 			{
 			si = sk_CMS_SignerInfo_value(sinfos, i);
-			if (!CMS_SignerInfo_verify_content(si, cmsbio))
+			if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
 				{
 				CMSerr(CMS_F_CMS_VERIFY,
 					CMS_R_CONTENT_VERIFY_ERROR);

crypto/des/enc_read.c

@@ -150,7 +150,7 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
 	/* first - get the length */
 	while (net_num < HDRSIZE) 
 		{
-#ifndef _WIN32
+#ifndef OPENSSL_SYS_WIN32
 		i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
 #else
 		i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
@@ -176,7 +176,11 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
 	net_num=0;
 	while (net_num < rnum)
 		{
+#ifndef OPENSSL_SYS_WIN32
 		i=read(fd,(void *)&(net[net_num]),rnum-net_num);
+#else
+		i=_read(fd,(void *)&(net[net_num]),rnum-net_num);
+#endif
 #ifdef EINTR
 		if ((i == -1) && (errno == EINTR)) continue;
 #endif

crypto/evp/bio_md.c

@@ -130,8 +130,8 @@ static int md_read(BIO *b, char *out, int outl)
 		{
 		if (ret > 0)
 			{
-			EVP_DigestUpdate(ctx,(unsigned char *)out,
-				(unsigned int)ret);
+			if (EVP_DigestUpdate(ctx,(unsigned char *)out,
+				(unsigned int)ret)<=0) return (-1);
 			}
 		}
 	BIO_clear_retry_flags(b);
@@ -253,7 +253,9 @@ static int md_gets(BIO *bp, char *buf, int size)
 	ctx=bp->ptr;
 	if (size < ctx->digest->md_size)
 		return(0);
-	EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);
+	if (EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret)<=0) 
+		return -1;
+		
 	return((int)ret);
 	}
 

crypto/objects/obj_dat.h

@@ -62,12 +62,12 @@
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 859
-#define NUM_SN 852
-#define NUM_LN 852
-#define NUM_OBJ 806
+#define NUM_NID 893
+#define NUM_SN 886
+#define NUM_LN 886
+#define NUM_OBJ 840
 
-static const unsigned char lvalues[5722]={
+static const unsigned char lvalues[5824]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -874,6 +874,40 @@ static const unsigned char lvalues[5722]={
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */
 0x55,0x1D,0x2E,                              /* [5710] OBJ_freshest_crl */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,     /* [5713] OBJ_id_on_permanentIdentifier */
+0x55,0x04,0x0E,                              /* [5721] OBJ_searchGuide */
+0x55,0x04,0x0F,                              /* [5724] OBJ_businessCategory */
+0x55,0x04,0x10,                              /* [5727] OBJ_postalAddress */
+0x55,0x04,0x12,                              /* [5730] OBJ_postOfficeBox */
+0x55,0x04,0x13,                              /* [5733] OBJ_physicalDeliveryOfficeName */
+0x55,0x04,0x14,                              /* [5736] OBJ_telephoneNumber */
+0x55,0x04,0x15,                              /* [5739] OBJ_telexNumber */
+0x55,0x04,0x16,                              /* [5742] OBJ_teletexTerminalIdentifier */
+0x55,0x04,0x17,                              /* [5745] OBJ_facsimileTelephoneNumber */
+0x55,0x04,0x18,                              /* [5748] OBJ_x121Address */
+0x55,0x04,0x19,                              /* [5751] OBJ_internationaliSDNNumber */
+0x55,0x04,0x1A,                              /* [5754] OBJ_registeredAddress */
+0x55,0x04,0x1B,                              /* [5757] OBJ_destinationIndicator */
+0x55,0x04,0x1C,                              /* [5760] OBJ_preferredDeliveryMethod */
+0x55,0x04,0x1D,                              /* [5763] OBJ_presentationAddress */
+0x55,0x04,0x1E,                              /* [5766] OBJ_supportedApplicationContext */
+0x55,0x04,0x1F,                              /* [5769] OBJ_member */
+0x55,0x04,0x20,                              /* [5772] OBJ_owner */
+0x55,0x04,0x21,                              /* [5775] OBJ_roleOccupant */
+0x55,0x04,0x22,                              /* [5778] OBJ_seeAlso */
+0x55,0x04,0x23,                              /* [5781] OBJ_userPassword */
+0x55,0x04,0x24,                              /* [5784] OBJ_userCertificate */
+0x55,0x04,0x25,                              /* [5787] OBJ_cACertificate */
+0x55,0x04,0x26,                              /* [5790] OBJ_authorityRevocationList */
+0x55,0x04,0x27,                              /* [5793] OBJ_certificateRevocationList */
+0x55,0x04,0x28,                              /* [5796] OBJ_crossCertificatePair */
+0x55,0x04,0x2F,                              /* [5799] OBJ_enhancedSearchGuide */
+0x55,0x04,0x30,                              /* [5802] OBJ_protocolInformation */
+0x55,0x04,0x31,                              /* [5805] OBJ_distinguishedName */
+0x55,0x04,0x32,                              /* [5808] OBJ_uniqueMember */
+0x55,0x04,0x33,                              /* [5811] OBJ_houseIdentifier */
+0x55,0x04,0x34,                              /* [5814] OBJ_supportedAlgorithms */
+0x55,0x04,0x35,                              /* [5817] OBJ_deltaRevocationList */
+0x55,0x04,0x36,                              /* [5820] OBJ_dmdName */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -1928,7 +1962,7 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},
 {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},
 {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},
-{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0},
+{"street","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0},
 {"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0},
 {"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0},
 {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,
@@ -2262,6 +2296,61 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 	&(lvalues[5710]),0},
 {"id-on-permanentIdentifier","Permanent Identifier",
 	NID_id_on_permanentIdentifier,8,&(lvalues[5713]),0},
+{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5721]),0},
+{"businessCategory","businessCategory",NID_businessCategory,3,
+	&(lvalues[5724]),0},
+{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5727]),0},
+{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5730]),0},
+{"physicalDeliveryOfficeName","physicalDeliveryOfficeName",
+	NID_physicalDeliveryOfficeName,3,&(lvalues[5733]),0},
+{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3,
+	&(lvalues[5736]),0},
+{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5739]),0},
+{"teletexTerminalIdentifier","teletexTerminalIdentifier",
+	NID_teletexTerminalIdentifier,3,&(lvalues[5742]),0},
+{"facsimileTelephoneNumber","facsimileTelephoneNumber",
+	NID_facsimileTelephoneNumber,3,&(lvalues[5745]),0},
+{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5748]),0},
+{"internationaliSDNNumber","internationaliSDNNumber",
+	NID_internationaliSDNNumber,3,&(lvalues[5751]),0},
+{"registeredAddress","registeredAddress",NID_registeredAddress,3,
+	&(lvalues[5754]),0},
+{"destinationIndicator","destinationIndicator",
+	NID_destinationIndicator,3,&(lvalues[5757]),0},
+{"preferredDeliveryMethod","preferredDeliveryMethod",
+	NID_preferredDeliveryMethod,3,&(lvalues[5760]),0},
+{"presentationAddress","presentationAddress",NID_presentationAddress,
+	3,&(lvalues[5763]),0},
+{"supportedApplicationContext","supportedApplicationContext",
+	NID_supportedApplicationContext,3,&(lvalues[5766]),0},
+{"member","member",NID_member,3,&(lvalues[5769]),0},
+{"owner","owner",NID_owner,3,&(lvalues[5772]),0},
+{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5775]),0},
+{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5778]),0},
+{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5781]),0},
+{"userCertificate","userCertificate",NID_userCertificate,3,
+	&(lvalues[5784]),0},
+{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5787]),0},
+{"authorityRevocationList","authorityRevocationList",
+	NID_authorityRevocationList,3,&(lvalues[5790]),0},
+{"certificateRevocationList","certificateRevocationList",
+	NID_certificateRevocationList,3,&(lvalues[5793]),0},
+{"crossCertificatePair","crossCertificatePair",
+	NID_crossCertificatePair,3,&(lvalues[5796]),0},
+{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide,
+	3,&(lvalues[5799]),0},
+{"protocolInformation","protocolInformation",NID_protocolInformation,
+	3,&(lvalues[5802]),0},
+{"distinguishedName","distinguishedName",NID_distinguishedName,3,
+	&(lvalues[5805]),0},
+{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5808]),0},
+{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3,
+	&(lvalues[5811]),0},
+{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms,
+	3,&(lvalues[5814]),0},
+{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList,
+	3,&(lvalues[5817]),0},
+{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5820]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -2458,10 +2547,12 @@ static const unsigned int sn_objs[NUM_SN]={
 501,	/* "audio" */
 177,	/* "authorityInfoAccess" */
 90,	/* "authorityKeyIdentifier" */
+882,	/* "authorityRevocationList" */
 87,	/* "basicConstraints" */
 365,	/* "basicOCSPResponse" */
 285,	/* "biometricInfo" */
 494,	/* "buildingName" */
+860,	/* "businessCategory" */
 691,	/* "c2onb191v4" */
 692,	/* "c2onb191v5" */
 697,	/* "c2onb239v4" */
@@ -2482,6 +2573,7 @@ static const unsigned int sn_objs[NUM_SN]={
 696,	/* "c2tnb239v3" */
 701,	/* "c2tnb359v1" */
 703,	/* "c2tnb431r1" */
+881,	/* "cACertificate" */
 483,	/* "cNAMERecord" */
 179,	/* "caIssuers" */
 785,	/* "caRepository" */
@@ -2490,6 +2582,7 @@ static const unsigned int sn_objs[NUM_SN]={
 677,	/* "certicom-arc" */
 771,	/* "certificateIssuer" */
 89,	/* "certificatePolicies" */
+883,	/* "certificateRevocationList" */
 54,	/* "challengePassword" */
 407,	/* "characteristic-two-field" */
 395,	/* "clearance" */
@@ -2500,6 +2593,7 @@ static const unsigned int sn_objs[NUM_SN]={
 153,	/* "crlBag" */
 103,	/* "crlDistributionPoints" */
 88,	/* "crlNumber" */
+884,	/* "crossCertificatePair" */
 806,	/* "cryptocom" */
 805,	/* "cryptopro" */
 500,	/* "dITRedirect" */
@@ -2508,9 +2602,13 @@ static const unsigned int sn_objs[NUM_SN]={
 434,	/* "data" */
 390,	/* "dcobject" */
 140,	/* "deltaCRL" */
+891,	/* "deltaRevocationList" */
 107,	/* "description" */
+871,	/* "destinationIndicator" */
 28,	/* "dhKeyAgreement" */
 382,	/* "directory" */
+887,	/* "distinguishedName" */
+892,	/* "dmdName" */
 174,	/* "dnQualifier" */
 447,	/* "document" */
 471,	/* "documentAuthor" */
@@ -2533,12 +2631,14 @@ static const unsigned int sn_objs[NUM_SN]={
 792,	/* "ecdsa-with-Specified" */
 48,	/* "emailAddress" */
 132,	/* "emailProtection" */
+885,	/* "enhancedSearchGuide" */
 389,	/* "enterprises" */
 384,	/* "experimental" */
 172,	/* "extReq" */
 56,	/* "extendedCertificateAttributes" */
 126,	/* "extendedKeyUsage" */
 372,	/* "extendedStatus" */
+867,	/* "facsimileTelephoneNumber" */
 462,	/* "favouriteDrink" */
 857,	/* "freshestCRL" */
 453,	/* "friendlyCountry" */
@@ -2565,6 +2665,7 @@ static const unsigned int sn_objs[NUM_SN]={
 486,	/* "homePostalAddress" */
 473,	/* "homeTelephoneNumber" */
 466,	/* "host" */
+889,	/* "houseIdentifier" */
 442,	/* "iA5StringSyntax" */
 783,	/* "id-DHBasedMac" */
 824,	/* "id-Gost28147-89-CryptoPro-A-ParamSet" */
@@ -2794,6 +2895,7 @@ static const unsigned int sn_objs[NUM_SN]={
 748,	/* "inhibitAnyPolicy" */
 101,	/* "initials" */
 647,	/* "international-organizations" */
+869,	/* "internationaliSDNNumber" */
 142,	/* "invalidityDate" */
 294,	/* "ipsecEndSystem" */
 295,	/* "ipsecTunnel" */
@@ -2811,6 +2913,7 @@ static const unsigned int sn_objs[NUM_SN]={
 493,	/* "mailPreferenceOption" */
 467,	/* "manager" */
 809,	/* "md_gost94" */
+875,	/* "member" */
 182,	/* "member-body" */
 51,	/* "messageDigest" */
 383,	/* "mgmt" */
@@ -2846,12 +2949,14 @@ static const unsigned int sn_objs[NUM_SN]={
 681,	/* "onBasis" */
 491,	/* "organizationalStatus" */
 475,	/* "otherMailbox" */
+876,	/* "owner" */
 489,	/* "pagerTelephoneNumber" */
 374,	/* "path" */
 112,	/* "pbeWithMD5AndCast5CBC" */
 499,	/* "personalSignature" */
 487,	/* "personalTitle" */
 464,	/* "photo" */
+863,	/* "physicalDeliveryOfficeName" */
 437,	/* "pilot" */
 439,	/* "pilotAttributeSyntax" */
 438,	/* "pilotAttributeType" */
@@ -2877,8 +2982,12 @@ static const unsigned int sn_objs[NUM_SN]={
 47,	/* "pkcs9" */
 401,	/* "policyConstraints" */
 747,	/* "policyMappings" */
+862,	/* "postOfficeBox" */
+861,	/* "postalAddress" */
 661,	/* "postalCode" */
 683,	/* "ppBasis" */
+872,	/* "preferredDeliveryMethod" */
+873,	/* "presentationAddress" */
 816,	/* "prf-gostr3411-94" */
 406,	/* "prime-field" */
 409,	/* "prime192v1" */
@@ -2890,13 +2999,16 @@ static const unsigned int sn_objs[NUM_SN]={
 415,	/* "prime256v1" */
 385,	/* "private" */
 84,	/* "privateKeyUsagePeriod" */
+886,	/* "protocolInformation" */
 663,	/* "proxyCertInfo" */
 510,	/* "pseudonym" */
 435,	/* "pss" */
 286,	/* "qcStatements" */
 457,	/* "qualityLabelledData" */
 450,	/* "rFC822localPart" */
+870,	/* "registeredAddress" */
 400,	/* "role" */
+877,	/* "roleOccupant" */
 448,	/* "room" */
 463,	/* "roomNumber" */
  6,	/* "rsaEncryption" */
@@ -2909,6 +3021,7 @@ static const unsigned int sn_objs[NUM_SN]={
 290,	/* "sbgp-ipAddrBlock" */
 292,	/* "sbgp-routerIdentifier" */
 159,	/* "sdsiCertificate" */
+859,	/* "searchGuide" */
 704,	/* "secp112r1" */
 705,	/* "secp112r2" */
 706,	/* "secp128r1" */
@@ -2943,6 +3056,7 @@ static const unsigned int sn_objs[NUM_SN]={
 733,	/* "sect571k1" */
 734,	/* "sect571r1" */
 386,	/* "security" */
+878,	/* "seeAlso" */
 394,	/* "selected-attribute-types" */
 105,	/* "serialNumber" */
 129,	/* "serverAuth" */
@@ -3081,14 +3195,19 @@ static const unsigned int sn_objs[NUM_SN]={
 454,	/* "simpleSecurityObject" */
 496,	/* "singleLevelQuality" */
 387,	/* "snmpv2" */
-660,	/* "streetAddress" */
+660,	/* "street" */
 85,	/* "subjectAltName" */
 769,	/* "subjectDirectoryAttributes" */
 398,	/* "subjectInfoAccess" */
 82,	/* "subjectKeyIdentifier" */
 498,	/* "subtreeMaximumQuality" */
 497,	/* "subtreeMinimumQuality" */
+890,	/* "supportedAlgorithms" */
+874,	/* "supportedApplicationContext" */
 402,	/* "targetInformation" */
+864,	/* "telephoneNumber" */
+866,	/* "teletexTerminalIdentifier" */
+865,	/* "telexNumber" */
 459,	/* "textEncodedORAddress" */
 293,	/* "textNotice" */
 133,	/* "timeStamping" */
@@ -3096,9 +3215,12 @@ static const unsigned int sn_objs[NUM_SN]={
 682,	/* "tpBasis" */
 375,	/* "trustRoot" */
 436,	/* "ucl" */
+888,	/* "uniqueMember" */
 55,	/* "unstructuredAddress" */
 49,	/* "unstructuredName" */
+880,	/* "userCertificate" */
 465,	/* "userClass" */
+879,	/* "userPassword" */
 373,	/* "valid" */
 678,	/* "wap" */
 679,	/* "wap-wsg" */
@@ -3114,6 +3236,7 @@ static const unsigned int sn_objs[NUM_SN]={
 741,	/* "wap-wsg-idm-ecid-wtls8" */
 742,	/* "wap-wsg-idm-ecid-wtls9" */
 804,	/* "whirlpool" */
+868,	/* "x121Address" */
 503,	/* "x500UniqueIdentifier" */
 158,	/* "x509Certificate" */
 160,	/* "x509Crl" */
@@ -3284,11 +3407,13 @@ static const unsigned int ln_objs[NUM_LN]={
 484,	/* "associatedDomain" */
 485,	/* "associatedName" */
 501,	/* "audio" */
+882,	/* "authorityRevocationList" */
 91,	/* "bf-cbc" */
 93,	/* "bf-cfb" */
 92,	/* "bf-ecb" */
 94,	/* "bf-ofb" */
 494,	/* "buildingName" */
+860,	/* "businessCategory" */
 691,	/* "c2onb191v4" */
 692,	/* "c2onb191v5" */
 697,	/* "c2onb239v4" */
@@ -3309,6 +3434,7 @@ static const unsigned int ln_objs[NUM_LN]={
 696,	/* "c2tnb239v3" */
 701,	/* "c2tnb359v1" */
 703,	/* "c2tnb431r1" */
+881,	/* "cACertificate" */
 483,	/* "cNAMERecord" */
 751,	/* "camellia-128-cbc" */
 757,	/* "camellia-128-cfb" */
@@ -3336,6 +3462,7 @@ static const unsigned int ln_objs[NUM_LN]={
 152,	/* "certBag" */
 677,	/* "certicom-arc" */
 517,	/* "certificate extensions" */
+883,	/* "certificateRevocationList" */
 54,	/* "challengePassword" */
 407,	/* "characteristic-two-field" */
 395,	/* "clearance" */
@@ -3346,6 +3473,7 @@ static const unsigned int ln_objs[NUM_LN]={
 53,	/* "countersignature" */
 14,	/* "countryName" */
 153,	/* "crlBag" */
+884,	/* "crossCertificatePair" */
 806,	/* "cryptocom" */
 805,	/* "cryptopro" */
 500,	/* "dITRedirect" */
@@ -3353,6 +3481,7 @@ static const unsigned int ln_objs[NUM_LN]={
 495,	/* "dSAQuality" */
 434,	/* "data" */
 390,	/* "dcObject" */
+891,	/* "deltaRevocationList" */
 31,	/* "des-cbc" */
 643,	/* "des-cdmf" */
 30,	/* "des-cfb" */
@@ -3371,10 +3500,13 @@ static const unsigned int ln_objs[NUM_LN]={
 63,	/* "des-ede3-ofb" */
 45,	/* "des-ofb" */
 107,	/* "description" */
+871,	/* "destinationIndicator" */
 80,	/* "desx-cbc" */
 28,	/* "dhKeyAgreement" */
 11,	/* "directory services (X.500)" */
 378,	/* "directory services - algorithms" */
+887,	/* "distinguishedName" */
+892,	/* "dmdName" */
 174,	/* "dnQualifier" */
 447,	/* "document" */
 471,	/* "documentAuthor" */
@@ -3404,7 +3536,9 @@ static const unsigned int ln_objs[NUM_LN]={
 792,	/* "ecdsa-with-Specified" */
 48,	/* "emailAddress" */
 632,	/* "encrypted track 2" */
+885,	/* "enhancedSearchGuide" */
 56,	/* "extendedCertificateAttributes" */
+867,	/* "facsimileTelephoneNumber" */
 462,	/* "favouriteDrink" */
 453,	/* "friendlyCountry" */
 490,	/* "friendlyCountryName" */
@@ -3426,6 +3560,7 @@ static const unsigned int ln_objs[NUM_LN]={
 486,	/* "homePostalAddress" */
 473,	/* "homeTelephoneNumber" */
 466,	/* "host" */
+889,	/* "houseIdentifier" */
 442,	/* "iA5StringSyntax" */
 381,	/* "iana" */
 824,	/* "id-Gost28147-89-CryptoPro-A-ParamSet" */
@@ -3640,6 +3775,7 @@ static const unsigned int ln_objs[NUM_LN]={
 676,	/* "identified-organization" */
 461,	/* "info" */
 101,	/* "initials" */
+869,	/* "internationaliSDNNumber" */
 749,	/* "ipsec3" */
 750,	/* "ipsec4" */
 181,	/* "iso" */
@@ -3666,6 +3802,7 @@ static const unsigned int ln_objs[NUM_LN]={
  8,	/* "md5WithRSAEncryption" */
 95,	/* "mdc2" */
 96,	/* "mdc2WithRSA" */
+875,	/* "member" */
 602,	/* "merchant initiated auth" */
 514,	/* "message extensions" */
 51,	/* "messageDigest" */
@@ -3680,6 +3817,7 @@ static const unsigned int ln_objs[NUM_LN]={
 491,	/* "organizationalStatus" */
 18,	/* "organizationalUnitName" */
 475,	/* "otherMailbox" */
+876,	/* "owner" */
 489,	/* "pagerTelephoneNumber" */
 782,	/* "password based MAC" */
 374,	/* "path" */
@@ -3700,6 +3838,7 @@ static const unsigned int ln_objs[NUM_LN]={
 499,	/* "personalSignature" */
 487,	/* "personalTitle" */
 464,	/* "photo" */
+863,	/* "physicalDeliveryOfficeName" */
 437,	/* "pilot" */
 439,	/* "pilotAttributeSyntax" */
 438,	/* "pilotAttributeType" */
@@ -3722,8 +3861,12 @@ static const unsigned int ln_objs[NUM_LN]={
 22,	/* "pkcs7-signedData" */
 151,	/* "pkcs8ShroudedKeyBag" */
 47,	/* "pkcs9" */
+862,	/* "postOfficeBox" */
+861,	/* "postalAddress" */
 661,	/* "postalCode" */
 683,	/* "ppBasis" */
+872,	/* "preferredDeliveryMethod" */
+873,	/* "presentationAddress" */
 406,	/* "prime-field" */
 409,	/* "prime192v1" */
 410,	/* "prime192v2" */
@@ -3732,6 +3875,7 @@ static const unsigned int ln_objs[NUM_LN]={
 413,	/* "prime239v2" */
 414,	/* "prime239v3" */
 415,	/* "prime256v1" */
+886,	/* "protocolInformation" */
 510,	/* "pseudonym" */
 435,	/* "pss" */
 286,	/* "qcStatements" */
@@ -3749,10 +3893,12 @@ static const unsigned int ln_objs[NUM_LN]={
 122,	/* "rc5-cfb" */
 121,	/* "rc5-ecb" */
 123,	/* "rc5-ofb" */
+870,	/* "registeredAddress" */
 460,	/* "rfc822Mailbox" */
 117,	/* "ripemd160" */
 119,	/* "ripemd160WithRSA" */
 400,	/* "role" */
+877,	/* "roleOccupant" */
 448,	/* "room" */
 463,	/* "roomNumber" */
 19,	/* "rsa" */
@@ -3766,6 +3912,7 @@ static const unsigned int ln_objs[NUM_LN]={
 290,	/* "sbgp-ipAddrBlock" */
 292,	/* "sbgp-routerIdentifier" */
 159,	/* "sdsiCertificate" */
+859,	/* "searchGuide" */
 704,	/* "secp112r1" */
 705,	/* "secp112r2" */
 706,	/* "secp128r1" */
@@ -3800,6 +3947,7 @@ static const unsigned int ln_objs[NUM_LN]={
 733,	/* "sect571k1" */
 734,	/* "sect571r1" */
 635,	/* "secure device signature" */
+878,	/* "seeAlso" */
 777,	/* "seed-cbc" */
 779,	/* "seed-cfb" */
 776,	/* "seed-ecb" */
@@ -3942,17 +4090,25 @@ static const unsigned int ln_objs[NUM_LN]={
 660,	/* "streetAddress" */
 498,	/* "subtreeMaximumQuality" */
 497,	/* "subtreeMinimumQuality" */
+890,	/* "supportedAlgorithms" */
+874,	/* "supportedApplicationContext" */
 100,	/* "surname" */
+864,	/* "telephoneNumber" */
+866,	/* "teletexTerminalIdentifier" */
+865,	/* "telexNumber" */
 459,	/* "textEncodedORAddress" */
 293,	/* "textNotice" */
 106,	/* "title" */
 682,	/* "tpBasis" */
 436,	/* "ucl" */
  0,	/* "undefined" */
+888,	/* "uniqueMember" */
 55,	/* "unstructuredAddress" */
 49,	/* "unstructuredName" */
+880,	/* "userCertificate" */
 465,	/* "userClass" */
 458,	/* "userId" */
+879,	/* "userPassword" */
 373,	/* "valid" */
 678,	/* "wap" */
 679,	/* "wap-wsg" */
@@ -3968,6 +4124,7 @@ static const unsigned int ln_objs[NUM_LN]={
 741,	/* "wap-wsg-idm-ecid-wtls8" */
 742,	/* "wap-wsg-idm-ecid-wtls9" */
 804,	/* "whirlpool" */
+868,	/* "x121Address" */
 503,	/* "x500UniqueIdentifier" */
 158,	/* "x509Certificate" */
 160,	/* "x509Crl" */
@@ -4009,13 +4166,47 @@ static const unsigned int obj_objs[NUM_OBJ]={
 18,	/* OBJ_organizationalUnitName       2 5 4 11 */
 106,	/* OBJ_title                        2 5 4 12 */
 107,	/* OBJ_description                  2 5 4 13 */
+859,	/* OBJ_searchGuide                  2 5 4 14 */
+860,	/* OBJ_businessCategory             2 5 4 15 */
+861,	/* OBJ_postalAddress                2 5 4 16 */
 661,	/* OBJ_postalCode                   2 5 4 17 */
+862,	/* OBJ_postOfficeBox                2 5 4 18 */
+863,	/* OBJ_physicalDeliveryOfficeName   2 5 4 19 */
+864,	/* OBJ_telephoneNumber              2 5 4 20 */
+865,	/* OBJ_telexNumber                  2 5 4 21 */
+866,	/* OBJ_teletexTerminalIdentifier    2 5 4 22 */
+867,	/* OBJ_facsimileTelephoneNumber     2 5 4 23 */
+868,	/* OBJ_x121Address                  2 5 4 24 */
+869,	/* OBJ_internationaliSDNNumber      2 5 4 25 */
+870,	/* OBJ_registeredAddress            2 5 4 26 */
+871,	/* OBJ_destinationIndicator         2 5 4 27 */
+872,	/* OBJ_preferredDeliveryMethod      2 5 4 28 */
+873,	/* OBJ_presentationAddress          2 5 4 29 */
+874,	/* OBJ_supportedApplicationContext  2 5 4 30 */
+875,	/* OBJ_member                       2 5 4 31 */
+876,	/* OBJ_owner                        2 5 4 32 */
+877,	/* OBJ_roleOccupant                 2 5 4 33 */
+878,	/* OBJ_seeAlso                      2 5 4 34 */
+879,	/* OBJ_userPassword                 2 5 4 35 */
+880,	/* OBJ_userCertificate              2 5 4 36 */
+881,	/* OBJ_cACertificate                2 5 4 37 */
+882,	/* OBJ_authorityRevocationList      2 5 4 38 */
+883,	/* OBJ_certificateRevocationList    2 5 4 39 */
+884,	/* OBJ_crossCertificatePair         2 5 4 40 */
 173,	/* OBJ_name                         2 5 4 41 */
 99,	/* OBJ_givenName                    2 5 4 42 */
 101,	/* OBJ_initials                     2 5 4 43 */
 509,	/* OBJ_generationQualifier          2 5 4 44 */
 503,	/* OBJ_x500UniqueIdentifier         2 5 4 45 */
 174,	/* OBJ_dnQualifier                  2 5 4 46 */
+885,	/* OBJ_enhancedSearchGuide          2 5 4 47 */
+886,	/* OBJ_protocolInformation          2 5 4 48 */
+887,	/* OBJ_distinguishedName            2 5 4 49 */
+888,	/* OBJ_uniqueMember                 2 5 4 50 */
+889,	/* OBJ_houseIdentifier              2 5 4 51 */
+890,	/* OBJ_supportedAlgorithms          2 5 4 52 */
+891,	/* OBJ_deltaRevocationList          2 5 4 53 */
+892,	/* OBJ_dmdName                      2 5 4 54 */
 510,	/* OBJ_pseudonym                    2 5 4 65 */
 400,	/* OBJ_role                         2 5 4 72 */
 769,	/* OBJ_subject_directory_attributes 2 5 29 9 */

crypto/objects/obj_mac.h

@@ -2049,6 +2049,7 @@
 #define NID_stateOrProvinceName		16
 #define OBJ_stateOrProvinceName		OBJ_X509,8L
 
+#define SN_streetAddress		"street"
 #define LN_streetAddress		"streetAddress"
 #define NID_streetAddress		660
 #define OBJ_streetAddress		OBJ_X509,9L
@@ -2063,6 +2064,7 @@
 #define NID_organizationalUnitName		18
 #define OBJ_organizationalUnitName		OBJ_X509,11L
 
+#define SN_title		"title"
 #define LN_title		"title"
 #define NID_title		106
 #define OBJ_title		OBJ_X509,12L
@@ -2071,10 +2073,114 @@
 #define NID_description		107
 #define OBJ_description		OBJ_X509,13L
 
+#define LN_searchGuide		"searchGuide"
+#define NID_searchGuide		859
+#define OBJ_searchGuide		OBJ_X509,14L
+
+#define LN_businessCategory		"businessCategory"
+#define NID_businessCategory		860
+#define OBJ_businessCategory		OBJ_X509,15L
+
+#define LN_postalAddress		"postalAddress"
+#define NID_postalAddress		861
+#define OBJ_postalAddress		OBJ_X509,16L
+
 #define LN_postalCode		"postalCode"
 #define NID_postalCode		661
 #define OBJ_postalCode		OBJ_X509,17L
 
+#define LN_postOfficeBox		"postOfficeBox"
+#define NID_postOfficeBox		862
+#define OBJ_postOfficeBox		OBJ_X509,18L
+
+#define LN_physicalDeliveryOfficeName		"physicalDeliveryOfficeName"
+#define NID_physicalDeliveryOfficeName		863
+#define OBJ_physicalDeliveryOfficeName		OBJ_X509,19L
+
+#define LN_telephoneNumber		"telephoneNumber"
+#define NID_telephoneNumber		864
+#define OBJ_telephoneNumber		OBJ_X509,20L
+
+#define LN_telexNumber		"telexNumber"
+#define NID_telexNumber		865
+#define OBJ_telexNumber		OBJ_X509,21L
+
+#define LN_teletexTerminalIdentifier		"teletexTerminalIdentifier"
+#define NID_teletexTerminalIdentifier		866
+#define OBJ_teletexTerminalIdentifier		OBJ_X509,22L
+
+#define LN_facsimileTelephoneNumber		"facsimileTelephoneNumber"
+#define NID_facsimileTelephoneNumber		867
+#define OBJ_facsimileTelephoneNumber		OBJ_X509,23L
+
+#define LN_x121Address		"x121Address"
+#define NID_x121Address		868
+#define OBJ_x121Address		OBJ_X509,24L
+
+#define LN_internationaliSDNNumber		"internationaliSDNNumber"
+#define NID_internationaliSDNNumber		869
+#define OBJ_internationaliSDNNumber		OBJ_X509,25L
+
+#define LN_registeredAddress		"registeredAddress"
+#define NID_registeredAddress		870
+#define OBJ_registeredAddress		OBJ_X509,26L
+
+#define LN_destinationIndicator		"destinationIndicator"
+#define NID_destinationIndicator		871
+#define OBJ_destinationIndicator		OBJ_X509,27L
+
+#define LN_preferredDeliveryMethod		"preferredDeliveryMethod"
+#define NID_preferredDeliveryMethod		872
+#define OBJ_preferredDeliveryMethod		OBJ_X509,28L
+
+#define LN_presentationAddress		"presentationAddress"
+#define NID_presentationAddress		873
+#define OBJ_presentationAddress		OBJ_X509,29L
+
+#define LN_supportedApplicationContext		"supportedApplicationContext"
+#define NID_supportedApplicationContext		874
+#define OBJ_supportedApplicationContext		OBJ_X509,30L
+
+#define SN_member		"member"
+#define NID_member		875
+#define OBJ_member		OBJ_X509,31L
+
+#define SN_owner		"owner"
+#define NID_owner		876
+#define OBJ_owner		OBJ_X509,32L
+
+#define LN_roleOccupant		"roleOccupant"
+#define NID_roleOccupant		877
+#define OBJ_roleOccupant		OBJ_X509,33L
+
+#define SN_seeAlso		"seeAlso"
+#define NID_seeAlso		878
+#define OBJ_seeAlso		OBJ_X509,34L
+
+#define LN_userPassword		"userPassword"
+#define NID_userPassword		879
+#define OBJ_userPassword		OBJ_X509,35L
+
+#define LN_userCertificate		"userCertificate"
+#define NID_userCertificate		880
+#define OBJ_userCertificate		OBJ_X509,36L
+
+#define LN_cACertificate		"cACertificate"
+#define NID_cACertificate		881
+#define OBJ_cACertificate		OBJ_X509,37L
+
+#define LN_authorityRevocationList		"authorityRevocationList"
+#define NID_authorityRevocationList		882
+#define OBJ_authorityRevocationList		OBJ_X509,38L
+
+#define LN_certificateRevocationList		"certificateRevocationList"
+#define NID_certificateRevocationList		883
+#define OBJ_certificateRevocationList		OBJ_X509,39L
+
+#define LN_crossCertificatePair		"crossCertificatePair"
+#define NID_crossCertificatePair		884
+#define OBJ_crossCertificatePair		OBJ_X509,40L
+
 #define SN_name		"name"
 #define LN_name		"name"
 #define NID_name		173
@@ -2085,6 +2191,7 @@
 #define NID_givenName		99
 #define OBJ_givenName		OBJ_X509,42L
 
+#define SN_initials		"initials"
 #define LN_initials		"initials"
 #define NID_initials		101
 #define OBJ_initials		OBJ_X509,43L
@@ -2102,6 +2209,38 @@
 #define NID_dnQualifier		174
 #define OBJ_dnQualifier		OBJ_X509,46L
 
+#define LN_enhancedSearchGuide		"enhancedSearchGuide"
+#define NID_enhancedSearchGuide		885
+#define OBJ_enhancedSearchGuide		OBJ_X509,47L
+
+#define LN_protocolInformation		"protocolInformation"
+#define NID_protocolInformation		886
+#define OBJ_protocolInformation		OBJ_X509,48L
+
+#define LN_distinguishedName		"distinguishedName"
+#define NID_distinguishedName		887
+#define OBJ_distinguishedName		OBJ_X509,49L
+
+#define LN_uniqueMember		"uniqueMember"
+#define NID_uniqueMember		888
+#define OBJ_uniqueMember		OBJ_X509,50L
+
+#define LN_houseIdentifier		"houseIdentifier"
+#define NID_houseIdentifier		889
+#define OBJ_houseIdentifier		OBJ_X509,51L
+
+#define LN_supportedAlgorithms		"supportedAlgorithms"
+#define NID_supportedAlgorithms		890
+#define OBJ_supportedAlgorithms		OBJ_X509,52L
+
+#define LN_deltaRevocationList		"deltaRevocationList"
+#define NID_deltaRevocationList		891
+#define OBJ_deltaRevocationList		OBJ_X509,53L
+
+#define SN_dmdName		"dmdName"
+#define NID_dmdName		892
+#define OBJ_dmdName		OBJ_X509,54L
+
 #define LN_pseudonym		"pseudonym"
 #define NID_pseudonym		510
 #define OBJ_pseudonym		OBJ_X509,65L

crypto/objects/obj_mac.num

@@ -856,3 +856,37 @@ hmac		855
 LocalKeySet		856
 freshest_crl		857
 id_on_permanentIdentifier		858
+searchGuide		859
+businessCategory		860
+postalAddress		861
+postOfficeBox		862
+physicalDeliveryOfficeName		863
+telephoneNumber		864
+telexNumber		865
+teletexTerminalIdentifier		866
+facsimileTelephoneNumber		867
+x121Address		868
+internationaliSDNNumber		869
+registeredAddress		870
+destinationIndicator		871
+preferredDeliveryMethod		872
+presentationAddress		873
+supportedApplicationContext		874
+member		875
+owner		876
+roleOccupant		877
+seeAlso		878
+userPassword		879
+userCertificate		880
+cACertificate		881
+authorityRevocationList		882
+certificateRevocationList		883
+crossCertificatePair		884
+enhancedSearchGuide		885
+protocolInformation		886
+distinguishedName		887
+uniqueMember		888
+houseIdentifier		889
+supportedAlgorithms		890
+deltaRevocationList		891
+dmdName		892

crypto/objects/obj_xref.h

@@ -1,4 +1,4 @@
-/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
+/* AUTOGENERATED BY crypto/objects/objxref.pl, DO NOT EDIT */
 
 typedef struct
 	{

crypto/objects/objects.txt

@@ -664,18 +664,52 @@ X509 5			: 			: serialNumber
 X509 6			: C			: countryName
 X509 7			: L			: localityName
 X509 8			: ST			: stateOrProvinceName
-X509 9			:			: streetAddress
+X509 9			: street		: streetAddress
 X509 10			: O			: organizationName
 X509 11			: OU			: organizationalUnitName
-X509 12			: 			: title
+X509 12			: title			: title
 X509 13			: 			: description
-X509 17			:			: postalCode
+X509 14			: 			: searchGuide
+X509 15			: 			: businessCategory
+X509 16			: 			: postalAddress
+X509 17			: 			: postalCode
+X509 18			: 			: postOfficeBox
+X509 19			: 			: physicalDeliveryOfficeName
+X509 20			: 			: telephoneNumber
+X509 21			: 			: telexNumber
+X509 22			: 			: teletexTerminalIdentifier
+X509 23			: 			: facsimileTelephoneNumber
+X509 24			: 			: x121Address
+X509 25			: 			: internationaliSDNNumber
+X509 26			: 			: registeredAddress
+X509 27			: 			: destinationIndicator
+X509 28			: 			: preferredDeliveryMethod
+X509 29			: 			: presentationAddress
+X509 30			: 			: supportedApplicationContext
+X509 31			: member		:
+X509 32			: owner			:
+X509 33			: 			: roleOccupant
+X509 34			: seeAlso		:
+X509 35			: 			: userPassword
+X509 36			: 			: userCertificate
+X509 37			: 			: cACertificate
+X509 38			: 			: authorityRevocationList
+X509 39			: 			: certificateRevocationList
+X509 40			: 			: crossCertificatePair
 X509 41			: name			: name
 X509 42			: GN			: givenName
-X509 43			: 			: initials
+X509 43			: initials		: initials
 X509 44			: 			: generationQualifier
 X509 45			: 			: x500UniqueIdentifier
 X509 46			: dnQualifier		: dnQualifier
+X509 47			: 			: enhancedSearchGuide
+X509 48			: 			: protocolInformation
+X509 49			: 			: distinguishedName
+X509 50			: 			: uniqueMember
+X509 51			: 			: houseIdentifier
+X509 52			: 			: supportedAlgorithms
+X509 53			: 			: deltaRevocationList
+X509 54			: dmdName		:
 X509 65			:			: pseudonym
 X509 72			: role			: role
 

crypto/opensslv.h

@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x00909000L
+#define OPENSSL_VERSION_NUMBER	0x10000001L
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.9-fips-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-fips-beta1 xx XXX xxxx"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.9-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-beta1 xx XXX xxxx"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
@@ -83,7 +83,7 @@
  * should only keep the versions that are binary compatible with the current.
  */
 #define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "0.9.9"
+#define SHLIB_VERSION_NUMBER "1.0.0"
 
 
 #endif /* HEADER_OPENSSLV_H */

crypto/stack/safestack.h

@@ -1967,29 +1967,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
 #define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
 
-#define sk_X509_POLICY_REF_new(cmp) SKM_sk_new(X509_POLICY_REF, (cmp))
-#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)
-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))
-#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))
-#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))
-#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))
-#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)
-#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))
-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))
-
 #define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp))
 #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
 #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))

doc/crypto/SSLeay_version.pod

@@ -1,74 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSLeay_version - retrieve version/build information about OpenSSL library
-
-=head1 SYNOPSIS
-
- #include <openssl/crypto.h>
-
- const char *SSLeay_version(int type);
-
-=head1 DESCRIPTION
-
-SSLeay_version() returns a pointer to a constant string describing the
-version of the OpenSSL library or giving information about the library
-build.
-
-The following B<type> values are supported:
-
-=over 4
-
-=item SSLEAY_VERSION
-
-The version of the OpenSSL library including the release date.
-
-=item SSLEAY_CFLAGS
-
-The compiler flags set for the compilation process in the form
-"compiler: ..."  if available or "compiler: information not available"
-otherwise.
-
-=item SSLEAY_BUILT_ON
-
-The date of the build process in the form "built on: ..." if available
-or "built on: date not available" otherwise.
-
-=item SSLEAY_PLATFORM
-
-The "Configure" target of the library build in the form "platform: ..."
-if available or "platform: information not available" otherwise.
-
-=item SSLEAY_DIR
-
-The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
-if available or "OPENSSLDIR: N/A" otherwise.
-
-=back
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item "not available"
-
-An invalid value for B<type> was given.
-
-=item Pointer to constant string
-
-Textual description.
-
-=back
-
-=head1 SEE ALSO
-
-L<crypto(3)|crypto(3)>
-
-=head1 HISTORY
-
-B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
-
-=cut

engines/ccgost/gost_ameth.c

@@ -807,18 +807,18 @@ static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 	return -2;
 }	
 
-int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder) 
+static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder) 
 {
    int nid=gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
    return i2d_ASN1_OBJECT(OBJ_nid2obj(nid),pder);
 }
-int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder) 
+static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder) 
 {
    int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)));
    return i2d_ASN1_OBJECT(OBJ_nid2obj(nid),pder);
 }
 
-int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
+static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
 {
 	ASN1_OBJECT *obj=NULL;
 	DSA *dsa = EVP_PKEY_get0(pkey);
@@ -837,7 +837,7 @@ int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
 	return 1;
 }	
 
-int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) {
+static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) {
 	ASN1_OBJECT *obj=NULL;
 	int nid;
 	EC_KEY *ec = EVP_PKEY_get0(pkey);

openssl.spec

@@ -1,6 +1,6 @@
-%define libmaj 0
-%define libmin 9
-%define librel 9
+%define libmaj 1
+%define libmin 0
+%define librel 0
 #%define librev a
 Release: 1
 

test/Makefile

@@ -573,7 +573,11 @@ ideatest.o: ../include/openssl/opensslconf.h ideatest.c
 igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h
 igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
 igetest.o: ../include/openssl/rand.h igetest.c
-jpaketest.o: ../include/openssl/opensslconf.h jpaketest.c
+jpaketest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+jpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+jpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+jpaketest.o: ../include/openssl/symhacks.h jpaketest.c
 md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h

util/libeay.num

@@ -2815,7 +2815,7 @@ FIPS_allow_md5                          3256	NOEXIST::FUNCTION:
 DES_ede3_cfb_encrypt                    3257	EXIST::FUNCTION:DES
 EVP_des_ede3_cfb8                       3258	EXIST::FUNCTION:DES
 FIPS_rand_seeded                        3259	NOEXIST::FUNCTION:
-AES_cfbr_encrypt_block                  3260	NOEXIST::FUNCTION:AES
+AES_cfbr_encrypt_block                  3260	NOEXIST::FUNCTION:
 AES_cfb8_encrypt                        3261	EXIST::FUNCTION:AES
 FIPS_rand_seed                          3262	NOEXIST::FUNCTION:
 FIPS_corrupt_des                        3263	NOEXIST::FUNCTION:
@@ -3385,7 +3385,7 @@ Camellia_cfb128_encrypt                 3785	EXIST::FUNCTION:CAMELLIA
 Camellia_cfb1_encrypt                   3786	EXIST::FUNCTION:CAMELLIA
 Camellia_cfb8_encrypt                   3787	EXIST::FUNCTION:CAMELLIA
 Camellia_ctr128_encrypt                 3788	EXIST::FUNCTION:CAMELLIA
-Camellia_cfbr_encrypt_block             3789	NOEXIST::FUNCTION:CAMELLIA
+Camellia_cfbr_encrypt_block             3789	NOEXIST::FUNCTION:
 Camellia_decrypt                        3790	EXIST::FUNCTION:CAMELLIA
 Camellia_ecb_encrypt                    3791	EXIST::FUNCTION:CAMELLIA
 Camellia_encrypt                        3792	EXIST::FUNCTION:CAMELLIA
@@ -3652,8 +3652,10 @@ CMS_set1_eContentType                   4040	EXIST::FUNCTION:CMS
 CMS_ReceiptRequest_create0              4041	EXIST::FUNCTION:CMS
 CMS_add1_signer                         4042	EXIST::FUNCTION:CMS
 CMS_RecipientInfo_set0_pkey             4043	EXIST::FUNCTION:CMS
-ENGINE_set_load_ssl_client_cert_function 4044	EXIST::FUNCTION:ENGINE
-ENGINE_get_ssl_client_cert_function     4045	EXIST::FUNCTION:ENGINE
+ENGINE_set_load_ssl_client_cert_function 4044	EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_ld_ssl_clnt_cert_fn          4044	EXIST:VMS:FUNCTION:ENGINE
+ENGINE_get_ssl_client_cert_function     4045	EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_ssl_client_cert_fn           4045	EXIST:VMS:FUNCTION:ENGINE
 ENGINE_load_ssl_client_cert             4046	EXIST::FUNCTION:ENGINE
 ENGINE_load_capi                        4047	EXIST::FUNCTION:CAPIENG,ENGINE,STATIC_ENGINE
 OPENSSL_isservice                       4048	NOEXIST::FUNCTION:
@@ -4155,3 +4157,5 @@ TS_TST_INFO_get_ext_by_critical         4531	EXIST::FUNCTION:
 EVP_PKEY_CTX_new_id                     4532	EXIST::FUNCTION:
 TS_REQ_get_ext_by_OBJ                   4533	EXIST::FUNCTION:
 TS_CONF_set_signer_cert                 4534	EXIST::FUNCTION:
+X509_NAME_hash_old                      4535	EXIST::FUNCTION:
+ASN1_TIME_set_string                    4536	EXIST::FUNCTION:

util/mk1mf.pl

@@ -1062,6 +1062,7 @@ sub read_options
 		"no-rfc3779" => 0,
 		"no-montasm" => 0,
 		"no-shared" => 0,
+		"no-store" => 0,
 		"no-zlib" => 0,
 		"no-zlib-dynamic" => 0,
 		);

util/ssleay.num

@@ -254,5 +254,6 @@ PEM_read_bio_SSL_SESSION                302	EXIST::FUNCTION:
 SSL_CTX_set_psk_server_callback         303	EXIST::FUNCTION:PSK
 SSL_get_psk_identity                    304	EXIST::FUNCTION:PSK
 PEM_write_SSL_SESSION                   305	EXIST:!WIN16:FUNCTION:
-SSL_set_session_ticket_ext		306	EXIST::FUNCTION:TLSEXT
-SSL_set_session_secret_cb		307	EXIST::FUNCTION:TLSEXT
+SSL_set_session_ticket_ext              306	EXIST::FUNCTION:
+SSL_set_session_secret_cb               307	EXIST::FUNCTION:
+SSL_set_session_ticket_ext_cb           308	EXIST::FUNCTION: