update versions and dates for release

produce an error (CVE-2011-3207)

Fix TLS ephemeral DH crash bug (CVE-2011-3210)

CHANGES

@@ -2,6 +2,41 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
+
+  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+     [Kaspar Brand <ossl@velox.ch>]
+
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH. (CVE-2011-3210)
+     [Adam Langley (Google)]
+
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
+  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+     signature public key algorithm by using OID xref utilities instead.
+     Before this you could only use some ECC ciphersuites with SHA1 only.
+     [Steve Henson]
+
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+	http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
+ Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
+
+  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix bug in string printing code: if *any* escaping is enabled we must
+     escape the escape character (backslash) or the resulting string is
+     ambiguous.
+     [Steve Henson]
+
  Changes between 1.0.0b and 1.0.0c  [2 Dec 2010]
 
   *) Disable code workaround for ancient and obsolete Netscape browsers
@@ -872,11 +907,50 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
   
- Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
+ Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
+
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH.
+     [Adam Langley (Google)]
+
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+	http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
+ Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
+
+  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix bug in string printing code: if *any* escaping is enabled we must
+     escape the escape character (backslash) or the resulting string is
+     ambiguous.
+     [Steve Henson]
+
+ Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
+
+  *) Disable code workaround for ancient and obsolete Netscape browsers
+     and servers: an attacker can use it in a ciphersuite downgrade attack.
+     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+     [Steve Henson]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
 
   *) Fix extension code to avoid race conditions which can result in a buffer
      overrun vulnerability: resumed sessions must not be modified as they can
      be shared by multiple threads. CVE-2010-3864
+     [Steve Henson]
 
   *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
      [Steve Henson]

FAQ

@@ -82,7 +82,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0c was released on Dec 2nd, 2010.
+OpenSSL 1.0.0e was released on Sep 6th, 2011.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:

INSTALL.VMS

@@ -71,7 +71,7 @@ the top to understand how to use them.  However, if you want to
 compile all you can get, the simplest is to use MAKEVMS.COM in the top
 directory.  The syntax is the following:
 
-  @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
+  @MAKEVMS <option> <bits> <debug-p> [<compiler>]
 
 <option> must be one of the following:
 
@@ -87,24 +87,11 @@ directory.  The syntax is the following:
       TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
       APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
 
-<rsaref-p> must be one of the following:
+<bits> must be one of the following:
 
-      RSAREF    compile using the RSAREF Library
-      NORSAREF  compile without using RSAREF
-
-Note 0: The RSAREF library IS NO LONGER NEEDED.  The RSA patent
-        expires September 20, 2000, and RSA Security chose to make
-        the algorithm public domain two weeks before that.
-
-Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
-        and you have to download it.  RSA Security doesn't carry it
-        any more, but there are a number of places where you can find
-        it.  You have to get the ".tar-Z" file as the ".zip" file
-        doesn't have the directory structure stored.  You have to
-        extract the file into the [.RSAREF] directory as that is where
-        the scripts will look for the files.
-
-Note 2: I have never done this, so I've no idea if it works or not.
+      ""        compile using default pointer size
+      32        compile using 32 bit pointer size
+      64        compile using 64 bit pointer size
 
 <debug-p> must be one of the following:
 
@@ -117,12 +104,13 @@ Note 2: I have never done this, so I've no idea if it works or not.
       GNUC      For GNU C.
 
 
-You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
-where xxx is VAX or AXP.  You will find the SSL library in [.xxx.EXE.SSL],
-named LIBSSL.OLB, and you will find a bunch of useful programs in
-[.xxx.EXE.APPS].  However, these shouldn't be used right off unless it's
-just to test them.  For production use, make sure you install first, see
-Installation below.
+You will find the crypto library in [.xxx.EXE.CRYPTO] (where xxx is VAX,
+ALPHA or IA64), called SSL_LIBCRYPTO32.OLB or SSL_LIBCRYPTO.OLB depending
+on how it was built.  You will find the SSL library in [.xxx.EXE.SSL],
+named SSL_LIBSSL32.OLB or SSL_LIBSSL.OLB, and you will find a bunch of
+useful programs in [.xxx.EXE.APPS].  However, these shouldn't be used
+right off unless it's just to test them.  For production use, make sure
+you install first, see Installation below.
 
 Note 1: Some programs in this package require a TCP/IP library.
 
@@ -170,12 +158,14 @@ Installation:
 
 Installation is easy, just do the following:
 
-  @INSTALL <root>
+  @INSTALL <root> <bits>
 
 <root> is the directory in which everything will be installed,
 subdirectories, libraries, header files, programs and startup command
 procedures.
 
+<bits> works the same way as for MAKEVMS.COM
+
 N.B.: INSTALL.COM builds a new directory structure, different from
 the directory tree where you have now build OpenSSL.
 
@@ -196,6 +186,10 @@ following command procedures:
         sets up the symbols to the applications.  Should be called
         from for example SYS$MANAGER:SYLOGIN.COM 
 
+  OPENSSL_UNDO.COM
+
+	deassigns the logical names created with OPENSSL_STARTUP.COM.
+
 The logical names that are set up are the following:
 
   SSLROOT       a dotted concealed logical name pointing at the
@@ -203,7 +197,6 @@ The logical names that are set up are the following:
 
   SSLCERTS      Initially an empty directory, this is the default
 		location for certificate files.
-  SSLMISC	Various scripts.
   SSLPRIVATE	Initially an empty directory, this is the default
 		location for private key files.
 
@@ -211,8 +204,9 @@ The logical names that are set up are the following:
 		programs.
   SSLINCLUDE    Contains the header files needed if you want to
 		compile programs with libcrypto or libssl.
-  SSLLIB        Contains the OpenSSL library files (LIBCRYPTO.OLB
-		and LIBSSL.OLB) themselves.
+  SSLLIB        Contains the OpenSSL library files themselves:
+  		- SSL_LIBCRYPTO32.OLB and SSL_LIBSSL32.OLB or
+		- SSL_LIBCRYPTO.OLB and SSL_LIBSSL.OLB
 
   OPENSSL	Same as SSLINCLUDE.  This is because the standard
 		way to include OpenSSL header files from version
@@ -296,4 +290,4 @@ have any ideas.
 
 --
 Richard Levitte <richard@levitte.org>
-2000-02-27
+2000-02-27, 2011-03-18

LICENSE

@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

NEWS

@@ -5,6 +5,18 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
+
+      o Fix for CRL vulnerability issue CVE-2011-3207
+      o Fix for ECDH crashes CVE-2011-3210
+      o Protection against EC timing attacks.
+      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
+
+      o Fix for security issue CVE-2011-0014
+
   Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
 
       o Fix for security issue CVE-2010-4180
@@ -24,7 +36,7 @@
       o Fix for security issue CVE-2010-1633.
       o GOST MAC and CFB fixes.
 
-  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0:
+  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0:
 
       o RFC3280 path validation: sufficient to process PKITS tests.
       o Integrated support for PVK files and keyblobs.
@@ -47,6 +59,19 @@
       o Opaque PRF Input TLS extension support.
       o Updated time routines to avoid OS limitations.
 
+  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+
+      o Fix for security issue CVE-2011-0014
+
+  Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
+
+      o Fix for security issue CVE-2010-4180
+      o Fix for CVE-2010-4252
+
+  Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
+
+      o Fix for security issue CVE-2010-3864.
+
   Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
 
       o Fix for security issue CVE-2010-0742.

README

@@ -1,7 +1,7 @@
 
- OpenSSL 1.0.0c 2 Dec 2010
+ OpenSSL 1.0.0e 6 Sep 2011
 
- Copyright (c) 1998-2010 The OpenSSL Project
+ Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

STATUS

@@ -1,14 +1,21 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2010/12/02 18:29:03 $
+  ______________                           $Date: 2011/09/06 13:01:41 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 1.1.0:  Under development...
+    o  OpenSSL 1.0.1:  Under development...
+    o  OpenSSL 1.0.0e: Released on September  6th, 2011
+    o  OpenSSL 1.0.0d: Released on February   8nd, 2011
     o  OpenSSL 1.0.0c: Released on December   2nd, 2010
     o  OpenSSL 1.0.0b: Released on November  16th, 2010
     o  OpenSSL 1.0.0a: Released on June      1st,  2010
     o  OpenSSL 1.0.0:  Released on March     29th, 2010
+    o  OpenSSL 0.9.8r: Released on February   8nd, 2011
+    o  OpenSSL 0.9.8q: Released on December   2nd, 2010
+    o  OpenSSL 0.9.8p: Released on November  16th, 2010
+    o  OpenSSL 0.9.8o: Released on June       1st, 2010
     o  OpenSSL 0.9.8n: Released on March     24th, 2010
     o  OpenSSL 0.9.8m: Released on February  25th, 2010
     o  OpenSSL 0.9.8l: Released on November   5th, 2009

VMS/install-vms.com

@@ -0,0 +1,67 @@
+$! install-vms.com -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 23-MAY-1998 19:22
+$!
+$! P1	root of the directory tree
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if p1 .eqs. ""
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "Should be the directory where you want things installed."
+$   exit
+$ endif
+$
+$ if (f$getsyi( "cpu") .lt. 128)
+$ then
+$   arch = "VAX"
+$ else
+$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch .eqs. "") then arch = "UNK"
+$ endif
+$
+$ root = f$parse( P1, "[]A.;0", , , "SYNTAX_ONLY, NO_CONCEAL")- "A.;0"
+$ root_dev = f$parse( root, , , "device", "syntax_only")
+$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
+   "[000000." - "][" - "[" - "]"
+$ root = root_dev + "[" + root_dir
+$
+$ define /nolog wrk_sslroot 'root'.] /translation_attributes = concealed
+$ define /nolog wrk_sslinclude wrk_sslroot:[include]
+$
+$ if f$parse( "wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse( "wrk_sslinclude:") .eqs. "" then -
+   create /directory /log wrk_sslinclude:
+$ if f$parse( "wrk_sslroot:[vms]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[vms]
+$!
+$ copy /log /protection = world:re openssl_startup.com wrk_sslroot:[vms]
+$ copy /log /protection = world:re openssl_undo.com wrk_sslroot:[vms]
+$ copy /log /protection = world:re openssl_utils.com wrk_sslroot:[vms]
+$!
+$ tidy:
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslinclude
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!

VMS/install.com

@@ -1,79 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 23-MAY-1998 19:22
-$!
-$! P1	root of the directory tree
-$!
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	IF (F$GETSYI("CPU").LT.128)
-$	THEN
-$	    ARCH := VAX
-$	ELSE
-$	    ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$	    IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLINCLUDE:
-$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
-$
-$	IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
-	   DELETE WRK_SSLINCLUDE:vms_idhacks.h;*
-$
-$	OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
-$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
-$	WRITE SF "$! Startup file for Openssl"
-$	WRITE SF "$!"
-$	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
-$	WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
-$	WRITE SF "$!"
-$	WRITE SF "$! P1	a qualifier to DEFINE.  For example ""/SYSTEM"" to get the logical names"
-$	WRITE SF "$!	defined in the system logical name table."
-$	WRITE SF "$!"
-$	WRITE SF "$	IF (F$GETSYI(""CPU"").LT.128)"
-$	WRITE SF "$	THEN"
-$	WRITE SF "$	    ARCH := VAX"
-$	WRITE SF "$	ELSE"
-$	WRITE SF "$	    ARCH = F$EDIT( F$GETSYI( ""ARCH_NAME""), ""UPCASE"")"
-$	WRITE SF "$	    IF (ARCH .EQS. """") THEN ARCH = ""UNK"""
-$	WRITE SF "$	ENDIF"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLROOT		",ROOT,".] /TRANS=CONC"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLLIB		SSLROOT:['ARCH'_LIB]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLINCLUDE	SSLROOT:[INCLUDE]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLEXE		SSLROOT:['ARCH'_EXE]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLCERTS	SSLROOT:[CERTS]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLPRIVATE	SSLROOT:[PRIVATE]"
-$	WRITE SF "$"
-$	WRITE SF "$!	This is program can include <openssl/{foo}.h>"
-$	WRITE SF "$	DEFINE/NOLOG'P1	OPENSSL		SSLINCLUDE:"
-$	WRITE SF "$"
-$	WRITE SF "$	IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
-$	WRITE SF "	   @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
-$	WRITE SF "$"
-$	WRITE SF "$	EXIT"
-$	CLOSE SF
-$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
-$
-$	COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_UTILS.COM
-$
-$	EXIT

VMS/mkshared.com

@@ -1,85 +1,162 @@
-$! MKSHARED.COM -- script to created shareable images on VMS
+$! MKSHARED.COM -- Create shareable images.
 $!
-$! No command line parameters.  This should be run at the start of the source
-$! tree (the same directory where one finds INSTALL.VMS).
+$! P1: "64" for 64-bit pointers.
 $!
-$! Input:	[.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB
-$!		[.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]LIBSSL.OLB
-$! Output:	[.xxx.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
-$!		[.xxx.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
+$! P2: Zlib object library path (optional).
+$!
+$! Input:	[.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO[32].OLB
+$!		[.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]SSL_LIBSSL[32].OLB
+$! Output:	[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO_SHR[32].OPT,.MAP,.EXE
+$!		[.xxx.EXE.SSL]SSL_LIBSSL_SRH[32].OPT,.MAP,.EXE
 $!
 $! So far, tests have only been made on VMS for Alpha.  VAX will come in time.
 $! ===========================================================================
-$
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$! Save the original default device:[directory].
+$!
+$ def_orig = f$environment( "default")
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$! SET DEFAULT to the main kit directory.
+$!
+$ proc = f$environment("procedure")
+$ proc = f$parse( "A.;", proc)- "A.;"
+$ set default 'proc'
+$ set default [-]
+$!
 $! ----- Prepare info for processing: version number and file info
 $ gosub read_version_info
 $ if libver .eqs. ""
 $ then
 $   write sys$error "ERROR: Couldn't find any library version info..."
-$   exit
+$   go to tidy:
 $ endif
 $
-$ if (f$getsyi("cpu").lt.128)
+$ if (f$getsyi("cpu") .lt. 128)
 $ then
-$     arch := VAX
-$ else
-$     arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$     if (arch .eqs. "") then arch = "UNK"
-$ endif
-$
-$ if arch .nes. "VAX"
-$ then
-$   arch_vax = 0
-$   libid  = "Crypto"
-$   libnum = "[.UTIL]LIBEAY.NUM"
-$   libdir = "[.''ARCH'.EXE.CRYPTO]"
-$   libolb = "''libdir'LIBCRYPTO.OLB"
-$   libopt = "''libdir'LIBCRYPTO.OPT"
-$   libmap = "''libdir'LIBCRYPTO.MAP"
-$   libgoal= "''libdir'LIBCRYPTO.EXE"
-$   libref = ""
-$   gosub create_nonvax_shr
-$   libid  = "SSL"
-$   libnum = "[.UTIL]SSLEAY.NUM"
-$   libdir = "[.''ARCH'.EXE.SSL]"
-$   libolb = "''libdir'LIBSSL.OLB"
-$   libopt = "''libdir'LIBSSL.OPT"
-$   libmap = "''libdir'LIBSSL.MAP"
-$   libgoal= "''libdir'LIBSSL.EXE"
-$   libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
-$   gosub create_nonvax_shr
-$ else
 $   arch_vax = 1
+$   arch = "VAX"
+$ else
+$   arch_vax = 0
+$   arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$   if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$ archd = arch
+$ lib32 = "32"
+$ shr = "SHR32"
+$!
+$ if (p1 .nes. "")
+$ then
+$   if (p1 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$     lib32 = ""
+$     shr = "SHR"
+$   else
+$     if (p1 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ ZLIB = p2
+$ zlib_lib = ""
+$ if (ZLIB .nes. "")
+$ then
+$   file2 = f$parse( ZLIB, "libz.olb", , , "syntax_only")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     write sys$output ""
+$     write sys$output "The Option ", ZLIB, " Is Invalid."
+$     write sys$output "    Can't find library: ''file2'"
+$     write sys$output ""
+$     goto tidy
+$   endif
+$   zlib_lib = ", ''file2' /library"
+$ endif
+$!
+$ if (arch_vax)
+$ then
 $   libtit = "CRYPTO_TRANSFER_VECTOR"
 $   libid  = "Crypto"
 $   libnum = "[.UTIL]LIBEAY.NUM"
-$   libdir = "[.''ARCH'.EXE.CRYPTO]"
-$   libmar = "''libdir'LIBCRYPTO.MAR"
-$   libolb = "''libdir'LIBCRYPTO.OLB"
-$   libopt = "''libdir'LIBCRYPTO.OPT"
-$   libobj = "''libdir'LIBCRYPTO.OBJ"
-$   libmap = "''libdir'LIBCRYPTO.MAP"
-$   libgoal= "''libdir'LIBCRYPTO.EXE"
+$   libdir = "[.''ARCHD'.EXE.CRYPTO]"
+$   libmar = "''libdir'SSL_LIBCRYPTO_''shr'.MAR"
+$   libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
+$   libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
+$   libobj = "''libdir'SSL_LIBCRYPTO_''shr'.OBJ"
+$   libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
+$   libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
 $   libref = ""
 $   libvec = "LIBCRYPTO"
-$   gosub create_vax_shr
+$   if f$search( libolb) .nes. "" then gosub create_vax_shr
 $   libtit = "SSL_TRANSFER_VECTOR"
 $   libid  = "SSL"
 $   libnum = "[.UTIL]SSLEAY.NUM"
-$   libdir = "[.''ARCH'.EXE.SSL]"
-$   libmar = "''libdir'LIBSSL.MAR"
-$   libolb = "''libdir'LIBSSL.OLB"
-$   libopt = "''libdir'LIBSSL.OPT"
-$   libobj = "''libdir'LIBSSL.OBJ"
-$   libmap = "''libdir'LIBSSL.MAP"
-$   libgoal= "''libdir'LIBSSL.EXE"
-$   libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
+$   libdir = "[.''ARCHD'.EXE.SSL]"
+$   libmar = "''libdir'SSL_LIBSSL_''shr'.MAR"
+$   libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
+$   libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
+$   libobj = "''libdir'SSL_LIBSSL_''shr'.OBJ"
+$   libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
+$   libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
+$   libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
 $   libvec = "LIBSSL"
-$   gosub create_vax_shr
+$   if f$search( libolb) .nes. "" then gosub create_vax_shr
+$ else
+$   libid  = "Crypto"
+$   libnum = "[.UTIL]LIBEAY.NUM"
+$   libdir = "[.''ARCHD'.EXE.CRYPTO]"
+$   libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
+$   libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
+$   libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
+$   libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
+$   libref = ""
+$   if f$search( libolb) .nes. "" then gosub create_nonvax_shr
+$   libid  = "SSL"
+$   libnum = "[.UTIL]SSLEAY.NUM"
+$   libdir = "[.''ARCHD'.EXE.SSL]"
+$   libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
+$   libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
+$   libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
+$   libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
+$   libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
+$   if f$search( libolb) .nes. "" then gosub create_nonvax_shr
 $ endif
+$!
+$ tidy:
+$!
+$! Close any open files.
+$!
+$ if (f$trnlnm( "libnum", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close libnum
+$!
+$ if (f$trnlnm( "mar", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close mar
+$!
+$ if (f$trnlnm( "opt", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close opt
+$!
+$ if (f$trnlnm( "vf", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close vf
+$!
+$! Restore the original default device:[directory].
+$!
+$ set default 'def_orig'
 $ exit
 $
-$! ----- Soubroutines to build the shareable libraries
+$! ----- Subroutines to build the shareable libraries
 $! For each supported architecture, there's a main shareable library
 $! creator, which is called from the main code above.
 $! The creator will define a number of variables to tell the next levels of
@@ -111,9 +188,9 @@ $! ----- Subroutines for non-VAX
 $! -----
 $! The creator routine
 $ create_nonvax_shr:
-$   open/write opt 'libopt'
+$   open /write opt 'libopt'
 $   write opt "identification=""",libid," ",libverstr,""""
-$   write opt libolb,"/lib"
+$   write opt libolb, " /library"
 $   if libref .nes. "" then write opt libref,"/SHARE"
 $   write opt "SYMBOL_VECTOR=(-"
 $   libfirstentry := true
@@ -124,7 +201,8 @@ $   gosub read_func_num
 $   write opt ")"
 $   write opt "GSMATCH=",libvmatch,",",libver
 $   close opt
-$   link/map='libmap'/full/share='libgoal' 'libopt'/option
+$   link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
+     'zlib_lib'
 $   return
 $
 $! The record writer routine
@@ -158,7 +236,7 @@ $! ----- Subroutines for VAX
 $! -----
 $! The creator routine
 $ create_vax_shr:
-$   open/write mar 'libmar'
+$   open /write mar 'libmar'
 $   type sys$input:/out=mar:
 ;
 ; Transfer vector for VAX shareable image
@@ -193,10 +271,10 @@ $!   libwriter := write_vax_vtransfer_entry
 $!   gosub read_func_num
 $   write mar "	.END"
 $   close mar
-$   open/write opt 'libopt'
+$   open /write opt 'libopt'
 $   write opt "identification=""",libid," ",libverstr,""""
 $   write opt libobj
-$   write opt libolb,"/lib"
+$   write opt libolb, " /library"
 $   if libref .nes. "" then write opt libref,"/SHARE"
 $   type sys$input:/out=opt:
 !
@@ -215,7 +293,8 @@ $   libwriter := write_vax_psect_attr
 $   gosub read_func_num
 $   close opt
 $   macro/obj='libobj' 'libmar'
-$   link/map='libmap'/full/share='libgoal' 'libopt'/option
+$   link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
+     'zlib_lib'
 $   return
 $
 $! The record writer routine for VAX functions
@@ -237,9 +316,9 @@ $   return
 $
 $! ----- Common subroutines
 $! -----
-$! The .num file reader.  This one has great responsability.
+$! The .num file reader.  This one has great responsibility.
 $ read_func_num:
-$   open libnum 'libnum'
+$   open /read libnum 'libnum'
 $   goto read_nums
 $
 $ read_nums:
@@ -247,27 +326,30 @@ $   libentrynum=0
 $   liblastentry:=false
 $   entrycount=0
 $   loop:
-$     read/end=loop_end/err=loop_end libnum line
-$     entrynum=f$int(f$element(1," ",f$edit(line,"COMPRESS,TRIM")))
-$     entryinfo=f$element(2," ",f$edit(line,"COMPRESS,TRIM"))
-$     curentry=f$element(0," ",f$edit(line,"COMPRESS,TRIM"))
-$     info_exist=f$element(0,":",entryinfo)
-$     info_platforms=","+f$element(1,":",entryinfo)+","
-$     info_kind=f$element(2,":",entryinfo)
-$     info_algorithms=","+f$element(3,":",entryinfo)+","
+$     read /end=loop_end /err=loop_end libnum line
+$     lin = f$edit( line, "COMPRESS,TRIM")
+$!    Skip a "#" comment line.
+$     if (f$extract( 0, 1, lin) .eqs. "#") then goto loop
+$     entrynum = f$int(f$element( 1, " ", lin))
+$     entryinfo = f$element( 2, " ", lin)
+$     curentry = f$element( 0, " ", lin)
+$     info_exist = f$element( 0, ":", entryinfo)
+$     info_platforms = ","+ f$element(1, ":", entryinfo)+ ","
+$     info_kind = f$element( 2, ":", entryinfo)
+$     info_algorithms = ","+ f$element( 3, ":", entryinfo)+ ","
 $     if info_exist .eqs. "NOEXIST" then goto loop
 $     truesum = 0
 $     falsesum = 0
 $     negatives = 1
 $     plat_i = 0
 $     loop1:
-$       plat_entry = f$element(plat_i,",",info_platforms)
+$       plat_entry = f$element( plat_i, ",", info_platforms)
 $       plat_i = plat_i + 1
 $       if plat_entry .eqs. "" then goto loop1
 $       if plat_entry .nes. ","
 $       then
 $         if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
-$         if f$getsyi("CPU") .lt. 128
+$         if (arch_vax)
 $         then
 $           if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then -
 $             truesum = truesum + 1
@@ -276,6 +358,7 @@ $             falsesum = falsesum + 1
 $         endif
 $!
 $         if ((plat_entry .eqs. "VMS") .or. -
+            ((plat_entry .eqs. "ZLIB") .and. (ZLIB .nes. "")) .or. -
             (arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then -
             truesum = truesum + 1
 $!
@@ -345,7 +428,7 @@ $
 $! The version number reader
 $ read_version_info:
 $   libver = ""
-$   open/read vf [.CRYPTO]OPENSSLV.H
+$   open /read vf [.CRYPTO]OPENSSLV.H
 $   loop_rvi:
 $     read/err=endloop_rvi/end=endloop_rvi vf rvi_line
 $     if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -

VMS/openssl_startup.com

@@ -0,0 +1,108 @@
+$!
+$! Startup file for OpenSSL 1.x.
+$!
+$! 2011-03-05 SMS.
+$!
+$! This procedure must reside in the OpenSSL installation directory.
+$! It will fail if it is copied to a different location.
+$!
+$! P1  qualifier(s) for DEFINE.  For example, "/SYSTEM" to get the
+$!     logical names defined in the system logical name table.
+$!
+$! P2  "64", to use executables which were built with 64-bit pointers.
+$!
+$! Good (default) and bad status values.
+$!
+$ status =    %x00010001 ! RMS$_NORMAL, normal successful completion.
+$ rms_e_fnf = %x00018292 ! RMS$_FNF, file not found.
+$!
+$! Prepare for problems.
+$!
+$ orig_dev_dir = f$environment( "DEFAULT")
+$ on control_y then goto clean_up
+$ on error then goto clean_up
+$!
+$! Determine hardware architecture.
+$!
+$ if (f$getsyi( "cpu") .lt. 128)
+$ then
+$   arch_name = "VAX"
+$ else
+$   arch_name = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch_name .eqs. "") then arch_name = "UNK"
+$ endif
+$!
+$ if (p2 .eqs. "64")
+$ then
+$   arch_name_exe = arch_name+ "_64"
+$ else
+$   arch_name_exe = arch_name
+$ endif
+$!
+$! Derive the OpenSSL installation device:[directory] from the location
+$! of this command procedure.
+$!
+$ proc = f$environment( "procedure")
+$ proc_dev_dir = f$parse( "A.;", proc, , , "no_conceal") - "A.;"
+$ proc_dev = f$parse( proc_dev_dir, , , "device", "syntax_only")
+$ proc_dir = f$parse( proc_dev_dir, , , "directory", "syntax_only") - -
+   ".][000000"- "[000000."- "]["- "["- "]"
+$ proc_dev_dir = proc_dev+ "["+ proc_dir+ "]"
+$ set default 'proc_dev_dir'
+$ set default [-]
+$ ossl_dev_dir = f$environment( "default")
+$!
+$! Check existence of expected directories (to see if this procedure has
+$! been moved away from its proper place).
+$!
+$ if ((f$search( "certs.dir;1") .eqs. "") .or. -
+   (f$search( "include.dir;1") .eqs. "") .or. -
+   (f$search( "private.dir;1") .eqs. "") .or. -
+   (f$search( "vms.dir;1") .eqs. ""))
+$ then
+$    write sys$output -
+      "   Can't find expected common OpenSSL directories in:"
+$    write sys$output "   ''ossl_dev_dir'"
+$    status = rms_e_fnf
+$    goto clean_up
+$ endif
+$!
+$ if ((f$search( "''arch_name_exe'_exe.dir;1") .eqs. "") .or. -
+   (f$search( "''arch_name'_lib.dir;1") .eqs. ""))
+$ then
+$    write sys$output -
+      "   Can't find expected architecture-specific OpenSSL directories in:"
+$    write sys$output "   ''ossl_dev_dir'"
+$    status = rms_e_fnf
+$    goto clean_up
+$ endif
+$!
+$! All seems well (enough).  Define the OpenSSL logical names.
+$!
+$ ossl_root = ossl_dev_dir- "]"+ ".]"
+$ define /translation_attributes = concealed /nolog'p1 SSLROOT 'ossl_root'
+$ define /nolog 'p1' SSLCERTS     sslroot:[certs]
+$ define /nolog 'p1' SSLINCLUDE   sslroot:[include]
+$ define /nolog 'p1' SSLPRIVATE   sslroot:[private]
+$ define /nolog 'p1' SSLEXE       sslroot:['arch_name_exe'_exe]
+$ define /nolog 'p1' SSLLIB       sslroot:['arch_name'_lib]
+$!
+$! Defining OPENSSL lets a C program use "#include <openssl/{foo}.h>":
+$ define /nolog 'p1' OPENSSL      SSLINCLUDE:
+$!
+$! Run a site-specific procedure, if it exists.
+$!
+$ if f$search( "sslroot:[vms]openssl_systartup.com") .nes."" then -
+   @ sslroot:[vms]openssl_systartup.com
+$!
+$! Restore the original default dev:[dir] (if known).
+$!
+$ clean_up:
+$!
+$ if (f$type( orig_dev_dir) .nes. "")
+$ then
+$    set default 'orig_dev_dir'
+$ endif
+$!
+$ EXIT 'status'
+$!

VMS/openssl_undo.com

@@ -0,0 +1,20 @@
+$!
+$! Deassign OpenSSL logical names.
+$!
+$ call deass "OPENSSL" "''p1'"
+$ call deass "SSLCERTS" "''p1'"
+$ call deass "SSLEXE" "''p1'"
+$ call deass "SSLINCLUDE" "''p1'"
+$ call deass "SSLLIB" "''p1'"
+$ call deass "SSLPRIVATE" "''p1'"
+$ call deass "SSLROOT" "''p1'"
+$!
+$ exit
+$!
+$deass: subroutine
+$ if (f$trnlnm( p1) .nes. "")
+$ then
+$    deassign 'p2' 'p1'
+$ endif
+$ endsubroutine
+$!

apps/CA.com

@@ -37,14 +37,25 @@ $ VERIFY = openssl + " verify"
 $ X509   = openssl + " x509"
 $ PKCS12 = openssl + " pkcs12"
 $ echo   = "write sys$Output"
+$ RET = 1
 $!
-$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
-$ CATOP  := 's'.demoCA
-$ CAKEY  := ]cakey.pem
-$ CACERT := ]cacert.pem
+$! 2010-12-20 SMS.
+$! Use a concealed logical name to reduce command line lengths, to
+$! avoid DCL errors on VAX:
+$!     %DCL-W-TKNOVF, command element is too long - shorten
+$! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate
+$! quickly.)
+$!
+$ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]"
+$ define /translation_attributes = concealed CATOP 'CATOP'
+$!
+$ on error then goto clean_up
+$ on control_y then goto clean_up
+$!
+$ CAKEY  = "CATOP:[private]cakey.pem"
+$ CACERT = "CATOP:[000000]cacert.pem"
 $
 $ __INPUT := SYS$COMMAND
-$ RET = 1
 $!
 $ i = 1
 $opt_loop:
@@ -55,7 +66,7 @@ $
 $ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
 $ THEN
 $   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
-$   exit
+$   goto clean_up
 $ ENDIF
 $!
 $ IF (prog_opt .EQS. "-input")
@@ -69,7 +80,7 @@ $!
 $ IF (prog_opt .EQS. "-newcert")
 $ THEN
 $   ! Create a certificate.
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
 $   RET=$STATUS
 $   echo "Certificate (and private key) is in newreq.pem"
@@ -79,7 +90,7 @@ $!
 $ IF (prog_opt .EQS. "-newreq")
 $ THEN
 $   ! Create a certificate request
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
 $   RET=$STATUS
 $   echo "Request (and private key) is in newreq.pem"
@@ -90,41 +101,40 @@ $ IF (prog_opt .EQS. "-newca")
 $ THEN
 $   ! If explicitly asked for or it doesn't exist then setup the directory
 $   ! structure that Eric likes to manage things.
-$   IF F$SEARCH(CATOP+"]serial.") .EQS. ""
+$   IF F$SEARCH( "CATOP:[000000]serial.") .EQS. ""
 $   THEN
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
+$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000]
+$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs]
+$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl]
+$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts]
+$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private]
 $
-$     OPEN   /WRITE ser_file 'CATOP']serial. 
+$     OPEN /WRITE ser_file CATOP:[000000]serial. 
 $     WRITE ser_file "01"
 $     CLOSE ser_file
-$     APPEND/NEW NL: 'CATOP']index.txt
+$     APPEND /NEW_VERSION NL: CATOP:[000000]index.txt
 $
 $     ! The following is to make sure access() doesn't get confused.  It
 $     ! really needs one file in the directory to give correct answers...
-$     COPY NLA0: 'CATOP'.certs].;
-$     COPY NLA0: 'CATOP'.crl].;
-$     COPY NLA0: 'CATOP'.newcerts].;
-$     COPY NLA0: 'CATOP'.private].;
+$     COPY NLA0: CATOP:[certs].;
+$     COPY NLA0: CATOP:[crl].;
+$     COPY NLA0: CATOP:[newcerts].;
+$     COPY NLA0: CATOP:[private].;
 $   ENDIF
 $!
-$   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
+$   IF F$SEARCH( CAKEY) .EQS. ""
 $   THEN
 $     READ '__INPUT' FILE -
-	   /PROMPT="CA certificate filename (or enter to create)"
+       /PROMPT="CA certificate filename (or enter to create): "
 $     IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
 $     THEN
-$       COPY 'FILE' 'CATOP'.private'CAKEY'
-$	RET=$STATUS
+$       COPY 'FILE' 'CAKEY'
+$       RET=$STATUS
 $     ELSE
 $       echo "Making CA certificate ..."
-$       DEFINE/USER SYS$INPUT '__INPUT'
-$       REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
-		       -out 'CATOP''CACERT' 'DAYS'
-$	RET=$STATUS
+$       DEFINE /USER_MODE SYS$INPUT '__INPUT'
+$       REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS'
+$       RET=$STATUS
 $     ENDIF
 $   ENDIF
 $   GOTO opt_loop_continue
@@ -135,16 +145,16 @@ $ THEN
 $   i = i + 1
 $   cname = P'i'
 $   IF cname .EQS. "" THEN cname = "My certificate"
-$   PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT -
-	   -out newcert.p12 -export -name "''cname'"
+$   PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' -
+     -out newcert.p12 -export -name "''cname'"
 $   RET=$STATUS
-$   exit RET
+$   goto clean_up
 $ ENDIF
 $!
 $ IF (prog_opt .EQS. "-xsign")
 $ THEN
 $!
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   CA -policy policy_anything -infiles newreq.pem
 $   RET=$STATUS
 $   GOTO opt_loop_continue
@@ -153,7 +163,7 @@ $!
 $ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
 $ THEN
 $!   
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
 $   RET=$STATUS
 $   type newcert.pem
@@ -165,9 +175,9 @@ $ IF (prog_opt .EQS. "-signcert")
 $  THEN
 $!   
 $   echo "Cert passphrase will be requested twice - bug?"
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
 y
 y
@@ -182,17 +192,17 @@ $!
 $   i = i + 1
 $   IF (p'i' .EQS. "")
 $   THEN
-$     DEFINE/USER SYS$INPUT '__INPUT'
-$     VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
+$     DEFINE /USER_MODE SYS$INPUT '__INPUT'
+$     VERIFY "-CAfile" 'CACERT' newcert.pem
 $   ELSE
 $     j = i
 $    verify_opt_loop:
 $     IF j .GT. 8 THEN GOTO verify_opt_loop_end
 $     IF p'j' .NES. ""
 $     THEN 
-$       DEFINE/USER SYS$INPUT '__INPUT'
+$       DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $       __tmp = p'j'
-$       VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
+$       VERIFY "-CAfile" 'CACERT' '__tmp'
 $       tmp=$STATUS
 $       IF tmp .NE. 0 THEN RET=tmp
 $     ENDIF
@@ -208,8 +218,8 @@ $ IF (prog_opt .NES. "")
 $ THEN
 $!   
 $   echo "Unknown argument ''prog_opt'"
-$   
-$   EXIT 3
+$   RET = 3
+$   goto clean_up
 $ ENDIF
 $
 $opt_loop_continue:
@@ -217,4 +227,10 @@ $ i = i + 1
 $ GOTO opt_loop
 $
 $opt_loop_end:
+$!
+$clean_up:
+$!
+$ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then -
+   deassign /process CATOP
+$!
 $ EXIT 'RET'

apps/apps.c

@@ -798,7 +798,9 @@ X509 *load_cert(BIO *err, const char *file, int format,
 	if (file == NULL)
 		{
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
 		setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
 		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
 		}
@@ -899,7 +901,9 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 	if (file == NULL && maybe_stdin)
 		{
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
 		setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
 		BIO_set_fp(key,stdin,BIO_NOCLOSE);
 		}
@@ -988,7 +992,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
 	if (file == NULL && maybe_stdin)
 		{
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
 		setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
 		BIO_set_fp(key,stdin,BIO_NOCLOSE);
 		}

apps/asn1pars.c

@@ -408,6 +408,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
 
 	atyp = ASN1_generate_nconf(genstr, cnf);
 	NCONF_free(cnf);
+	cnf = NULL;
 
 	if (!atyp)
 		return -1;

apps/enc.c

@@ -393,8 +393,10 @@ bad:
 
 	if (inf == NULL)
 	        {
+#ifndef OPENSSL_NO_SETVBUF_IONBF
 		if (bufsize != NULL)
 			setvbuf(stdin, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	        }
 	else
@@ -447,8 +449,10 @@ bad:
 	if (outf == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifndef OPENSSL_NO_SETVBUF_IONBF
 		if (bufsize != NULL)
 			setvbuf(stdout, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

apps/install-apps.com

@@ -0,0 +1,107 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1  root of the directory tree
+$! P2  "64" for 64-bit pointers.
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if (p1 .eqs. "")
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "It should be the directory where you want things installed."
+$   exit
+$ endif
+$!
+$ if (f$getsyi("cpu") .lt. 128)
+$ then
+$   arch = "VAX"
+$ else
+$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$ archd = arch
+$!
+$ if (p2 .nes. "")
+$ then
+$   if (p2 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$   else
+$     if (p2 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
+$ root_dev = f$parse(root,,,"device","syntax_only")
+$ root_dir = f$parse(root,,,"directory","syntax_only") - -
+   "[000000." - "][" - "[" - "]"
+$ root = root_dev + "[" + root_dir
+$!
+$ define /nolog wrk_sslroot 'root'.] /trans=conc
+$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe]
+$!
+$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse("wrk_sslxexe:") .eqs. "" then -
+   create /directory /log wrk_sslxexe:
+$!
+$ exe := openssl
+$!
+$ exe_dir := [-.'archd'.exe.apps]
+$!
+$! Executables.
+$!
+$ i = 0
+$ loop_exe:
+$   e = f$edit(f$element( i, ",", exe), "trim")
+$   i = i + 1
+$   if e .eqs. "," then goto loop_exe_end
+$   set noon
+$   file = exe_dir+ e+ ".exe"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxexe: /log
+$   endif
+$   set on
+$ goto loop_exe
+$ loop_exe_end:
+$!
+$! Miscellaneous.
+$!
+$ set noon
+$ copy /protection = w:re ca.com wrk_sslxexe:ca.com /log
+$ copy /protection = w:re openssl-vms.cnf wrk_sslroot:[000000]openssl.cnf /log
+$ set on
+$!
+$ tidy:
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslxexe
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!

apps/install.com

@@ -1,65 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1	root of the directory tree
-$!
-$
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT -
-		  "Should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	IF (F$GETSYI("CPU").LT.128)
-$	THEN
-$	    ARCH := VAX
-$	ELSE
-$	    ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$	    IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLEXE WRK_SSLROOT:['ARCH'_EXE]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLEXE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLEXE:
-$
-$	EXE := openssl
-$
-$	EXE_DIR := [-.'ARCH'.EXE.APPS]
-$
-$	I = 0
-$ LOOP_EXE: 
-$	E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
-$	I = I + 1
-$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
-$	SET NOON
-$	IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
-$	THEN
-$	  COPY 'EXE_DIR''E'.EXE WRK_SSLEXE:'E'.EXE/log
-$	  SET FILE/PROT=W:RE WRK_SSLEXE:'E'.EXE
-$	ENDIF
-$	SET ON
-$	GOTO LOOP_EXE
-$ LOOP_EXE_END:
-$
-$	SET NOON
-$	COPY CA.COM WRK_SSLEXE:CA.COM/LOG
-$	SET FILE/PROT=W:RE WRK_SSLEXE:CA.COM
-$	COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
-$	SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
-$	SET ON
-$
-$	EXIT

apps/makeapps.com

@@ -39,11 +39,35 @@ $!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
 $!
 $!  P5, if defined, sets a choice of programs to compile.
 $!
+$!  P6, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
+$!
+$!      ""       Compile with default (/NOPOINTER_SIZE)
+$!      32       Compile with /POINTER_SIZE=32 (SHORT)
+$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
+$!
+$!  P7, if defined, specifies a directory where ZLIB files (zlib.h,
+$!  libz.olb) may be found.  Optionally, a non-default object library
+$!  name may be included ("dev:[dir]libz_64.olb", for example).
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on control_c then goto exit
 $!
 $! Define A TCP/IP Library That We Will Need To Link To.
 $! (That Is, If We Need To Link To One.)
 $!
 $ TCPIP_LIB = ""
+$ ZLIB_LIB = ""
 $!
 $! Check What Architecture We Are Using.
 $!
@@ -67,37 +91,53 @@ $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ OPT_FILE = ""
+$ POINTER_SIZE = ""
+$!
 $! Define what programs should be compiled
 $!
 $ PROGRAMS := OPENSSL
 $!
-$! Define The CRYPTO Library.
-$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
-$!
-$! Define The SSL Library.
-$!
-$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
-$!
-$! Define The OBJ Directory.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.APPS]
-$!
-$! Define The EXE Directory.
-$!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS]
-$!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
 $ GOSUB CHECK_OPTIONS
 $!
+$! Define The CRYPTO Library.
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
+$!
+$! Define The SSL Library.
+$!
+$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB
+$!
+$! Define The OBJ and EXE Directories.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.APPS]
+$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.APPS]
+$!
+$! Specify the destination directory in any /MAP option.
+$!
+$ if (LINKMAP .eqs. "MAP")
+$ then
+$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
+$ endif
+$!
+$! Add the location prefix to the linker options file name.
+$!
+$ if (OPT_FILE .nes. "")
+$ then
+$   OPT_FILE = EXE_DIR+ OPT_FILE
+$ endif
+$!
 $! Initialise logical names and such
 $!
 $ GOSUB INITIALISE
 $!
 $! Tell The User What Kind of Machine We Run On.
 $!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
 $!
 $! Check To See If The OBJ Directory Exists.
 $!
@@ -145,6 +185,9 @@ $ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+-
 	      	"S_TIME,APPS,S_CB,S_SOCKET,APP_RAND,VERSION,SESS_ID,"+-
 	      	"CIPHERS,NSEQ,PKCS12,PKCS8,PKEY,PKEYPARAM,PKEYUTL,"+ -
 	      	"SPKAC,SMIME,CMS,RAND,ENGINE,OCSP,PRIME,TS"
+$!
+$ LIB_OPENSSL = LIB_OPENSSL+ ",VMS_DECC_INIT"
+$!
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
      TCPIP_PROGRAMS = ",OPENSSL,"
@@ -202,7 +245,7 @@ $   LIB_COUNTER = -1
 $!
 $!  Create a .OPT file for the object files
 $!
-$   OPEN/WRITE OBJECTS 'EXE_DIR''CURRENT_APP'.OPT
+$   OPEN /WRITE OBJECTS 'EXE_DIR''CURRENT_APP'.OPT
 $!
 $!  Top Of The File Loop.
 $!
@@ -289,34 +332,18 @@ $   GOTO NEXT_APP
 $ ENDIF
 $!
 $! Link The Program.
-$! Check To See If We Are To Link With A Specific TCP/IP Library.
 $!
 $ ON WARNING THEN GOTO NEXT_APP
 $!
-$ IF (TCPIP_LIB.NES."")
-$ THEN
-$!
 $! Don't Link With The RSAREF Routines And TCP/IP Library.
 $!
-$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
-	'EXE_DIR''CURRENT_APP'.OPT/OPTION, -
-        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
-        'TCPIP_LIB','OPT_FILE'/OPTION
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
-$!
-$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
-	'EXE_DIR''CURRENT_APP'.OPT/OPTION, -
-        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
-        'OPT_FILE'/OPTION
-$!
-$! End The TCP/IP Library Check.
-$!
-$ ENDIF
+$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXE='EXE_FILE' -
+  'EXE_DIR''CURRENT_APP'.OPT /OPTIONS, -
+  'SSL_LIB' /LIBRARY, -
+  'CRYPTO_LIB' /LIBRARY -
+  'TCPIP_LIB' -
+  'ZLIB_LIB' -
+  ,'OPT_FILE' /OPTIONS
 $!
 $! Go Back And Do It Again.
 $!
@@ -351,7 +378,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable VAX C Runtime Library.
 !
 SYS$SHARE:VAXCRTL.EXE/SHARE
@@ -380,7 +407,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable C Runtime Library.
 !
 GNU_CC:[000000]GCCLIB/LIBRARY
@@ -415,7 +442,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable DEC C Runtime Library.
 !
 SYS$SHARE:DECC$SHR.EXE/SHARE
@@ -430,7 +457,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For non-VAX To Link Agianst 
+! Default System Options File For non-VAX To Link Against 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -514,14 +541,15 @@ $!
 $ IF (P1.EQS."NODEBUG")
 $ THEN
 $!
-$!   P1 Is NODEBUG, So Compile Without Debugger Information.
+$!  P1 Is NODEBUG, So Compile Without Debugger Information.
 $!
-$    DEBUGGER  = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$   DEBUGGER  = "NODEBUG"
+$   LINKMAP = "NOMAP"
+$   TRACEBACK = "NOTRACEBACK" 
+$   GCC_OPTIMIZE = "OPTIMIZE"
+$   CC_OPTIMIZE = "OPTIMIZE"
+$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
 $!
 $! Else...
 $!
@@ -535,6 +563,7 @@ $!
 $!    Compile With Debugger Information.
 $!
 $     DEBUGGER  = "DEBUG"
+$     LINKMAP = "MAP"
 $     TRACEBACK = "TRACEBACK"
 $     GCC_OPTIMIZE = "NOOPTIMIZE"
 $     CC_OPTIMIZE = "NOOPTIMIZE"
@@ -542,7 +571,7 @@ $     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
 $     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
 $   ELSE
 $!
-$!    Tell The User Entered An Invalid Option..
+$!    Tell The User Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
@@ -563,6 +592,87 @@ $! End The P1 Check.
 $!
 $ ENDIF
 $!
+$! Check P6 (POINTER_SIZE).
+$!
+$ IF (P6 .NES. "") .AND. (ARCH .NES. "VAX")
+$ THEN
+$!
+$   IF (P6 .EQS. "32")
+$   THEN
+$     POINTER_SIZE = " /POINTER_SIZE=32"
+$   ELSE
+$     POINTER_SIZE = F$EDIT( P6, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
+$     THEN
+$       ARCHD = ARCH+ "_64"
+$       LIB32 = ""
+$       IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=")
+$       THEN
+$!        Explicit user choice: "64" or "64=ARGV".
+$         IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64"
+$       ELSE
+$         SET NOON
+$         DEFINE /USER_MODE SYS$OUTPUT NL:
+$         DEFINE /USER_MODE SYS$ERROR NL:
+$         CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL:
+$         IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000
+$         THEN
+$           ! If we got here, it means DCL complained like this:
+$           ! %DCL-W-NOVALU, value not allowed - remove value specification
+$           !  \64=\
+$           !
+$           ! If the compiler was run, logicals defined in /USER would
+$           ! have been deassigned automatically.  However, when DCL
+$           ! complains, they aren't, so we do it here (it might be
+$           ! unnecessary, but just in case there will be another error
+$           ! message further on that we don't want to miss)
+$           DEASSIGN /USER_MODE SYS$ERROR
+$           DEASSIGN /USER_MODE SYS$OUTPUT
+$         ELSE
+$           POINTER_SIZE = POINTER_SIZE + "=ARGV"
+$         ENDIF
+$         SET ON
+$       ENDIF
+$       POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'"
+$!
+$     ELSE
+$!
+$!      Tell The User Entered An Invalid Option.
+$!
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", P6, -
+         " Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT -
+         "    """"  :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32  :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
+$       WRITE SYS$OUTPUT ""
+$! 
+$!      Time To EXIT.
+$!
+$       EXIT
+$!
+$     ENDIF
+$!
+$   ENDIF
+$!
+$! End The P6 (POINTER_SIZE) Check.
+$!
+$ ENDIF
+$!
+$! Set basic C compiler /INCLUDE directories.
+$!
+$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
+$!
 $! Check To See If P2 Is Blank.
 $!
 $ IF (P2.EQS."")
@@ -663,11 +773,64 @@ $ CCDEFS = "MONOLITH"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$! Check To See If We Have A ZLIB Option.
+$!
+$ ZLIB = P7
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$   file1 = f$parse( "A.;", ZLIB)- "A.;"
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     EXIT
+$   endif
+$!
+$   CCDEFS = """ZLIB=1"", "+ CCDEFS
+$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
+$   ZLIB_LIB = ", ''file2' /library"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
 $ THEN
@@ -690,13 +853,13 @@ $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
+       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
+       " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -724,7 +887,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -733,7 +896,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -756,11 +919,11 @@ $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
 $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -802,7 +965,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -828,13 +991,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+	  TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -848,7 +1011,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -873,7 +1036,7 @@ $   CCDEFS = CCDEFS + ",TCPIP_TYPE_''P3'"
 $!
 $!  Print info
 $!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
 $!
 $!  Else The User Entered An Invalid Argument.
 $!
@@ -903,13 +1066,13 @@ $ IF COMPILER .EQS. "DECC"
 $ THEN
 $   IF CCDISABLEWARNINGS .NES. ""
 $   THEN
-$     CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $   ENDIF
 $ ELSE
 $   CCDISABLEWARNINGS = ""
 $ ENDIF
-$ CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
-$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$ CC2 = CC + " /DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
+$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $! Show user the result
 $!
@@ -975,7 +1138,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
 $! Set up the logical name OPENSSL to point at the include directory
 $!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$ DEFINE OPENSSL /NOLOG '__INCLUDE'
 $!
 $! Done
 $!
@@ -983,15 +1146,24 @@ $ RETURN
 $!
 $ CLEANUP:
 $!
-$! Restore the logical name OPENSSL if it had a value
+$! Restore the saved logical name OPENSSL, if it had a value.
 $!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$   DEASSIGN OPENSSL
-$ ELSE
-$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
+$ if (f$type( __SAVE_OPENSSL) .nes. "")
+$ then
+$   IF __SAVE_OPENSSL .EQS. ""
+$   THEN
+$     DEASSIGN OPENSSL
+$   ELSE
+$     DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
+$   ENDIF
+$ endif
+$!
+$! Close any open files.
+$!
+$ if (f$trnlnm( "objects", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close objects
 $!
 $! Done
 $!
 $ RETURN
+$!

apps/openssl.c

@@ -212,8 +212,13 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
 		}
 	}
 
+#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
+# define ARGV _Argv
+#else
+# define ARGV Argv
+#endif
 
-int main(int Argc, char *Argv[])
+int main(int Argc, char *ARGV[])
 	{
 	ARGS arg;
 #define PROG_NAME_SIZE	39
@@ -227,7 +232,55 @@ int main(int Argc, char *Argv[])
 	char **argv,*p;
 	LHASH_OF(FUNCTION) *prog=NULL;
 	long errline;
- 
+
+#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
+	/* 2011-03-22 SMS.
+	 * If we have 32-bit pointers everywhere, then we're safe, and
+	 * we bypass this mess, as on non-VMS systems.  (See ARGV,
+	 * above.)
+	 * Problem 1: Compaq/HP C before V7.3 always used 32-bit
+	 * pointers for argv[].
+	 * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
+	 * everywhere else, we always allocate and use a 64-bit
+	 * duplicate of argv[].
+	 * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
+	 * to NULL-terminate a 64-bit argv[].  (As this was written, the
+	 * compiler ECO was available only on IA64.)
+	 * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
+	 * 64-bit argv[argc] for NULL, and, if necessary, use a
+	 * (properly) NULL-terminated (64-bit) duplicate of argv[].
+	 * The same code is used in either case to duplicate argv[].
+	 * Some of these decisions could be handled in preprocessing,
+	 * but the code tends to get even uglier, and the penalty for
+	 * deciding at compile- or run-time is tiny.
+	 */
+	char **Argv = NULL;
+	int free_Argv = 0;
+
+	if ((sizeof( _Argv) < 8)        /* 32-bit argv[]. */
+# if !defined( VMS_TRUST_ARGV)
+	 || (_Argv[ Argc] != NULL)      /* Untrusted argv[argc] not NULL. */
+# endif
+		)
+		{
+		int i;
+		Argv = OPENSSL_malloc( (Argc+ 1)* sizeof( char *));
+		if (Argv == NULL)
+			{ ret = -1; goto end; }
+		for(i = 0; i < Argc; i++)
+			Argv[i] = _Argv[i];
+		Argv[ Argc] = NULL;     /* Certain NULL termination. */
+		free_Argv = 1;
+		}
+	else
+		{
+		/* Use the known-good 32-bit argv[] (which needs the
+		 * type cast to satisfy the compiler), or the trusted or
+		 * tested-good 64-bit argv[] as-is. */
+		Argv = (char **)_Argv;
+		}
+#endif /* defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) */
+
 	arg.data=NULL;
 	arg.count=0;
 
@@ -373,6 +426,13 @@ end:
 		BIO_free(bio_err);
 		bio_err=NULL;
 		}
+#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
+	/* Free any duplicate Argv[] storage. */
+	if (free_Argv)
+		{
+		OPENSSL_free(Argv);
+		}
+#endif
 	OPENSSL_EXIT(ret);
 	}
 

apps/pkcs12.c

@@ -647,7 +647,7 @@ int MAIN(int argc, char **argv)
 
     if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
 
-    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+    if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
     if(macver) {
 #ifdef CRYPTO_MDEBUG
     CRYPTO_push_info("verify MAC");

apps/speed.c

@@ -2703,6 +2703,7 @@ static int do_multi(int multi)
 				else
 					rsa_results[k][1]=d;
 				}
+#ifndef OPENSSL_NO_DSA
 			else if(!strncmp(buf,"+F3:",4))
 				{
 				int k;
@@ -2724,6 +2725,7 @@ static int do_multi(int multi)
 				else
 					dsa_results[k][1]=d;
 				}
+#endif
 #ifndef OPENSSL_NO_ECDSA
 			else if(!strncmp(buf,"+F4:",4))
 				{

apps/vms_decc_init.c

@@ -0,0 +1,188 @@
+#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
+ defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
+# define USE_DECC_INIT 1
+#endif
+
+#ifdef USE_DECC_INIT
+
+/*
+ * 2010-04-26 SMS.
+ *
+ *----------------------------------------------------------------------
+ *
+ *       decc_init()
+ *
+ *    On non-VAX systems, uses LIB$INITIALIZE to set a collection of C
+ *    RTL features without using the DECC$* logical name method.
+ *
+ *----------------------------------------------------------------------
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unixlib.h>
+
+
+/* Global storage. */
+
+/* Flag to sense if decc_init() was called. */
+
+int decc_init_done = -1;
+
+
+/* Structure to hold a DECC$* feature name and its desired value. */
+
+typedef struct
+{
+    char *name;
+    int value;
+} decc_feat_t;
+
+
+/* Array of DECC$* feature names and their desired values.
+ * Note: DECC$ARGV_PARSE_STYLE is the urgent one.
+ */
+
+decc_feat_t decc_feat_array[] =
+{
+ /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
+ { "DECC$ARGV_PARSE_STYLE", 1 },
+
+ /* Preserve case for file names on ODS5 disks. */
+ { "DECC$EFS_CASE_PRESERVE", 1 },
+
+ /* Enable multiple dots (and most characters) in ODS5 file names,
+  * while preserving VMS-ness of ";version".
+  */
+ { "DECC$EFS_CHARSET", 1 },
+
+ /* List terminator. */
+ { (char *)NULL, 0 }
+};
+
+
+/* LIB$INITIALIZE initialization function. */
+
+static void decc_init( void)
+{
+    char *openssl_debug_decc_init;
+    int verbose = 0;
+    int feat_index;
+    int feat_value;
+    int feat_value_max;
+    int feat_value_min;
+    int i;
+    int sts;
+
+    /* Get debug option. */
+    openssl_debug_decc_init = getenv( "OPENSSL_DEBUG_DECC_INIT");
+    if (openssl_debug_decc_init != NULL)
+    {
+        verbose = strtol( openssl_debug_decc_init, NULL, 10);
+        if (verbose <= 0)
+        {
+            verbose = 1;
+        }
+    }
+
+    /* Set the global flag to indicate that LIB$INITIALIZE worked. */
+    decc_init_done = 1;
+
+    /* Loop through all items in the decc_feat_array[]. */
+
+    for (i = 0; decc_feat_array[ i].name != NULL; i++)
+    {
+        /* Get the feature index. */
+        feat_index = decc$feature_get_index( decc_feat_array[ i].name);
+        if (feat_index >= 0)
+        {
+            /* Valid item.  Collect its properties. */
+            feat_value = decc$feature_get_value( feat_index, 1);
+            feat_value_min = decc$feature_get_value( feat_index, 2);
+            feat_value_max = decc$feature_get_value( feat_index, 3);
+
+            /* Check the validity of our desired value. */
+            if ((decc_feat_array[ i].value >= feat_value_min) &&
+             (decc_feat_array[ i].value <= feat_value_max))
+            {
+                /* Valid value.  Set it if necessary. */
+                if (feat_value != decc_feat_array[ i].value)
+                {
+                    sts = decc$feature_set_value( feat_index,
+                     1,
+                     decc_feat_array[ i].value);
+
+                     if (verbose > 1)
+                     {
+                         fprintf( stderr, " %s = %d, sts = %d.\n",
+                          decc_feat_array[ i].name,
+                          decc_feat_array[ i].value,
+                          sts);
+                     }
+                }
+            }
+            else
+            {
+                /* Invalid DECC feature value. */
+                fprintf( stderr,
+                 " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
+                 feat_value,
+                 feat_value_min, decc_feat_array[ i].name, feat_value_max);
+            }
+        }
+        else
+        {
+            /* Invalid DECC feature name. */
+            fprintf( stderr,
+             " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[ i].name);
+        }
+    }
+
+    if (verbose > 0)
+    {
+        fprintf( stderr, " DECC_INIT complete.\n");
+    }
+}
+
+/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */
+
+#pragma nostandard
+
+/* Establish the LIB$INITIALIZE PSECTs, with proper alignment and
+ * other attributes.  Note that "nopic" is significant only on VAX.
+ */
+#pragma extern_model save
+
+#if __INITIAL_POINTER_SIZE == 64
+# define PSECT_ALIGN 3
+#else
+# define PSECT_ALIGN 2
+#endif
+
+#pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
+const int spare[ 8] = { 0 };
+
+#pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
+void (*const x_decc_init)() = decc_init;
+
+#pragma extern_model restore
+
+/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */
+
+#pragma extern_model save
+
+int LIB$INITIALIZE( void);
+
+#pragma extern_model strict_refdef
+int dmy_lib$initialize = (int) LIB$INITIALIZE;
+
+#pragma extern_model restore
+
+#pragma standard
+
+#else /* def USE_DECC_INIT */
+
+/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
+int decc_init_dummy( void);
+
+#endif /* def USE_DECC_INIT */

config

@@ -825,6 +825,10 @@ esac
 #  options="$options -DATALLA"
 #fi
 
+($CC -Wa,--help -c -o /dev/null -x assembler /dev/null 2>&1 | \
+ grep \\--noexecstack) 2>&1 > /dev/null && \
+  options="$options -Wa,--noexecstack"
+
 # gcc < 2.8 does not support -march=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
 then

crypto/LPdir_vms.c

@@ -40,22 +40,18 @@
 #ifndef LPDIR_H
 #include "LPdir.h"
 #endif
+#include "vms_rms.h"
 
-/* Because some compiler options hide this macor */
+/* Some compiler options hide EVMSERR. */
 #ifndef EVMSERR
-#define EVMSERR		65535  /* error for non-translatable VMS errors */
+# define EVMSERR	65535  /* error for non-translatable VMS errors */
 #endif
 
 struct LP_dir_context_st
 {
   unsigned long VMS_context;
-#ifdef NAML$C_MAXRSS
-  char filespec[NAML$C_MAXRSS+1];
-  char result[NAML$C_MAXRSS+1];
-#else
-  char filespec[256];
-  char result[256];
-#endif
+  char filespec[ NAMX_MAXRSS+ 1];
+  char result[ NAMX_MAXRSS+ 1];
   struct dsc$descriptor_d filespec_dsc;
   struct dsc$descriptor_d result_dsc;
 };
@@ -66,6 +62,16 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
   char *p, *r;
   size_t l;
   unsigned long flags = 0;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+        char *ctx_filespec_32p;
+# pragma pointer_size restore
+        char ctx_filespec_32[ NAMX_MAXRSS+ 1];
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
 #ifdef NAML$C_MAXRSS
   flags |= LIB$M_FIL_LONG_NAMES;
 #endif
@@ -93,13 +99,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 
       filespeclen += 4;		/* "*.*;" */
 
-      if (filespeclen >
-#ifdef NAML$C_MAXRSS
-	  NAML$C_MAXRSS
-#else
-	  255
-#endif
-	  )
+      if (filespeclen > NAMX_MAXRSS)
 	{
 	  errno = ENAMETOOLONG;
 	  return 0;
@@ -115,14 +115,21 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 
       strcpy((*ctx)->filespec,directory);
       strcat((*ctx)->filespec,"*.*;");
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define CTX_FILESPEC ctx_filespec_32p
+        /* Copy the file name to storage with a 32-bit pointer. */
+        ctx_filespec_32p = ctx_filespec_32;
+        strcpy( ctx_filespec_32p, (*ctx)->filespec);
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define CTX_FILESPEC (*ctx)->filespec
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
       (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
       (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
       (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
-      (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
-      (*ctx)->result_dsc.dsc$w_length = 0;
-      (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-      (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
-      (*ctx)->result_dsc.dsc$a_pointer = 0;
+      (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
     }
 
   (*ctx)->result_dsc.dsc$w_length = 0;

crypto/alphacpuid.pl

@@ -99,19 +99,19 @@ OPENSSL_cleanse:
 	beq	$0,.Laligned
 
 .Little:
+	subq	$0,8,$0
 	ldq_u	$1,0($16)
 	mov	$16,$2
 .Lalign:
 	mskbl	$1,$16,$1
 	lda	$16,1($16)
 	subq	$17,1,$17
-	subq	$0,1,$0
+	addq	$0,1,$0
 	beq	$17,.Lout
 	bne	$0,.Lalign
 .Lout:	stq_u	$1,0($2)
 	beq	$17,.Ldone
 	bic	$17,7,$at
-	mov	$17,$0
 	beq	$at,.Little
 
 .Laligned:
@@ -120,9 +120,7 @@ OPENSSL_cleanse:
 	lda	$16,8($16)
 	bic	$17,7,$at
 	bne	$at,.Laligned
-	beq	$17,.Ldone
-	mov	$17,$0
-	br	.Little
+	bne	$17,.Little
 .Ldone: ret	($26)
 .end	OPENSSL_cleanse
 ___

crypto/asn1/a_object.c

@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
 				goto err;
 				}
-			if (!use_bn && l > (ULONG_MAX / 10L))
+			if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
 				{
 				use_bn = 1;
 				if (!bl)
@@ -293,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
 	/* Sanity check OID encoding: can't have leading 0x80 in
 	 * subidentifiers, see: X.690 8.19.2
 	 */
-	for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+	for (i = 0, p = *pp; i < len; i++, p++)
 		{
 		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
 			{

crypto/asn1/a_strex.c

@@ -74,6 +74,11 @@
 
 #define CHARTYPE_BS_ESC		(ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
 
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+		  ASN1_STRFLGS_ESC_QUOTE | \
+		  ASN1_STRFLGS_ESC_CTRL | \
+		  ASN1_STRFLGS_ESC_MSB)
+
 
 /* Three IO functions for sending data to memory, a BIO and
  * and a FILE pointer.
@@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ch
 		if(!io_ch(arg, tmphex, 3)) return -1;
 		return 3;
 	}
+	/* If we get this far and do any escaping at all must escape 
+	 * the escape character itself: backslash.
+	 */
+	if (chtmp == '\\' && flags & ESC_FLAGS) {
+		if(!io_ch(arg, "\\\\", 2)) return -1;
+		return 2;
+	}
 	if(!io_ch(arg, &chtmp, 1)) return -1;
 	return 1;
 }
@@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = {
 	4, -1, 2		/* 28-30 */
 };
 
-#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
-		  ASN1_STRFLGS_ESC_QUOTE | \
-		  ASN1_STRFLGS_ESC_CTRL | \
-		  ASN1_STRFLGS_ESC_MSB)
-
 /* This is the main function, print out an
  * ASN1_STRING taking note of various escape
  * and display options. Returns number of

crypto/asn1/a_strnid.c

@@ -95,7 +95,7 @@ unsigned long ASN1_STRING_get_default_mask(void)
  * default:   the default value, Printable, T61, BMP.
  */
 
-int ASN1_STRING_set_default_mask_asc(char *p)
+int ASN1_STRING_set_default_mask_asc(const char *p)
 {
 	unsigned long mask;
 	char *end;

crypto/asn1/ameth_lib.c

@@ -172,7 +172,6 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
 	{
 	const EVP_PKEY_ASN1_METHOD *t;
-	ENGINE *e;
 
 	for (;;)
 		{
@@ -184,6 +183,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
 	if (pe)
 		{
 #ifndef OPENSSL_NO_ENGINE
+		ENGINE *e;
 		/* type will contain the final unaliased type */
 		e = ENGINE_get_pkey_asn1_meth_engine(type);
 		if (e)

crypto/asn1/asn1.h

@@ -1067,7 +1067,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
 
 void ASN1_STRING_set_default_mask(unsigned long mask);
-int ASN1_STRING_set_default_mask_asc(char *p);
+int ASN1_STRING_set_default_mask_asc(const char *p);
 unsigned long ASN1_STRING_get_default_mask(void);
 int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
 					int inform, unsigned long mask);

crypto/asn1/bio_ndef.c

@@ -57,9 +57,6 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 
-#ifndef OPENSSL_SYSNAME_NETWARE
-#include <memory.h>
-#endif
 #include <stdio.h>
 
 /* Experimental NDEF ASN1 BIO support routines */

crypto/asn1/x_name.c

@@ -214,7 +214,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
 	*val = nm.a;
 	*in = p;
 	return ret;
-	err:
+err:
+        if (nm.x != NULL)
+		X509_NAME_free(nm.x);
 	ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
 	return 0;
 }
@@ -464,7 +466,8 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
 			}
 		else
 			{
-			*to++ = tolower(*from++);
+			*to++ = tolower(*from);
+			from++;
 			i++;
 			}
 		}

crypto/bio/b_sock.c

@@ -551,7 +551,30 @@ int BIO_socket_ioctl(int fd, long type, void *arg)
 #ifdef __DJGPP__
 	i=ioctlsocket(fd,type,(char *)arg);
 #else
-	i=ioctlsocket(fd,type,arg);
+# if defined(OPENSSL_SYS_VMS)
+	/* 2011-02-18 SMS.
+	 * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
+	 * observe that all the consumers pass in an "unsigned long *",
+	 * so we arrange a local copy with a short pointer, and use
+	 * that, instead.
+	 */
+#  if __INITIAL_POINTER_SIZE == 64
+#   define ARG arg_32p
+#   pragma pointer_size save
+#   pragma pointer_size 32
+	unsigned long arg_32;
+	unsigned long *arg_32p;
+#   pragma pointer_size restore
+	arg_32p = &arg_32;
+	arg_32 = *((unsigned long *) arg);
+#  else /* __INITIAL_POINTER_SIZE == 64 */
+#   define ARG arg
+#  endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+# else /* defined(OPENSSL_SYS_VMS) */
+#  define ARG arg
+# endif /* defined(OPENSSL_SYS_VMS) [else] */
+
+	i=ioctlsocket(fd,type,ARG);
 #endif /* __DJGPP__ */
 	if (i < 0)
 		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
@@ -660,6 +683,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 	 * note that commonly IPv6 wildchard socket can service
 	 * IPv4 connections just as well...  */
 	memset(&hint,0,sizeof(hint));
+	hint.ai_flags = AI_PASSIVE;
 	if (h)
 		{
 		if (strchr(h,':'))
@@ -672,7 +696,10 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 #endif
 			}
 	    	else if (h[0]=='*' && h[1]=='\0')
+			{
+			hint.ai_family = AF_INET;
 			h=NULL;
+			}
 		}
 
 	if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;

crypto/bio/bss_dgram.c

@@ -57,7 +57,6 @@
  *
  */
 
-#ifndef OPENSSL_NO_DGRAM
 
 #include <stdio.h>
 #include <errno.h>
@@ -65,6 +64,7 @@
 #include "cryptlib.h"
 
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_DGRAM
 
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
 #include <sys/timeb.h>
@@ -308,7 +308,6 @@ static int dgram_read(BIO *b, char *out, int outl)
 			OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
 			sa.len.i = (int)sa.len.s;
 			}
-		dgram_reset_rcv_timeout(b);
 
 		if ( ! data->connected  && ret >= 0)
 			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
@@ -322,6 +321,8 @@ static int dgram_read(BIO *b, char *out, int outl)
 				data->_errno = get_last_socket_error();
 				}
 			}
+
+		dgram_reset_rcv_timeout(b);
 		}
 	return(ret);
 	}
@@ -340,7 +341,7 @@ static int dgram_write(BIO *b, const char *in, int inl)
 
 		if (data->peer.sa.sa_family == AF_INET)
 			peerlen = sizeof(data->peer.sa_in);
-#if OPENSSL_USE_IVP6
+#if OPENSSL_USE_IPV6
 		else if (data->peer.sa.sa_family == AF_INET6)
 			peerlen = sizeof(data->peer.sa_in6);
 #endif
@@ -745,9 +746,13 @@ static int BIO_dgram_should_retry(int i)
 		{
 		err=get_last_socket_error();
 
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
-		if ((i == -1) && (err == 0))
-			return(1);
+#if defined(OPENSSL_SYS_WINDOWS)
+	/* If the socket return value (i) is -1
+	 * and err is unexpectedly 0 at this point,
+	 * the error code was overwritten by
+	 * another system call before this error
+	 * handling is called.
+	 */
 #endif
 
 		return(BIO_dgram_non_fatal_error(err));
@@ -810,7 +815,6 @@ int BIO_dgram_non_fatal_error(int err)
 		}
 	return(0);
 	}
-#endif
 
 static void get_current_time(struct timeval *t)
 	{
@@ -828,3 +832,5 @@ static void get_current_time(struct timeval *t)
 	gettimeofday(t, NULL);
 #endif
 	}
+
+#endif

crypto/bio/bss_file.c

@@ -123,6 +123,7 @@ BIO *BIO_new_file(const char *filename, const char *mode)
 
 #if defined(_WIN32) && defined(CP_UTF8)
 	int sz, len_0 = (int)strlen(filename)+1;
+	DWORD flags;
 
 	/*
 	 * Basically there are three cases to cover: a) filename is
@@ -136,17 +137,22 @@ BIO *BIO_new_file(const char *filename, const char *mode)
 	 * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
 	 * back to fopen...
 	 */
-	if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS,
+	if ((sz=MultiByteToWideChar(CP_UTF8,(flags=MB_ERR_INVALID_CHARS),
+					filename,len_0,NULL,0))>0 ||
+	    (GetLastError()==ERROR_INVALID_FLAGS &&
+	     (sz=MultiByteToWideChar(CP_UTF8,(flags=0),
 					filename,len_0,NULL,0))>0)
+	   )
 		{
 		WCHAR  wmode[8];
 		WCHAR *wfilename = _alloca(sz*sizeof(WCHAR));
 
-		if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS,
+		if (MultiByteToWideChar(CP_UTF8,flags,
 					filename,len_0,wfilename,sz) &&
 		    MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1,
 			    		wmode,sizeof(wmode)/sizeof(wmode[0])) &&
-		    (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT
+		    (file=_wfopen(wfilename,wmode))==NULL &&
+		    (errno==ENOENT || errno==EBADF)
 		   )	/* UTF-8 decode succeeded, but no file, filename
 			 * could still have been locale-ized... */
 			file = fopen(filename,mode);

crypto/bio/bss_log.c

@@ -75,6 +75,15 @@
 #  include <descrip.h>
 #  include <lib$routines.h>
 #  include <starlet.h>
+/* Some compiler options may mask the declaration of "_malloc32". */
+#  if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#    if __INITIAL_POINTER_SIZE == 64
+#      pragma pointer_size save
+#      pragma pointer_size 32
+    void * _malloc32  (__size_t);
+#      pragma pointer_size restore
+#    endif /* __INITIAL_POINTER_SIZE == 64 */
+#  endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */
 #elif defined(__ultrix)
 #  include <sys/syslog.h>
 #elif defined(OPENSSL_SYS_NETWARE)
@@ -300,7 +309,24 @@ static void xopenlog(BIO* bp, char* name, int level)
 static void xsyslog(BIO *bp, int priority, const char *string)
 {
 	struct dsc$descriptor_s opc_dsc;
+
+/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+# define OPCDEF_TYPE __char_ptr32
+# define OPCDEF_MALLOC _malloc32
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define OPCDEF_TYPE char *
+# define OPCDEF_MALLOC OPENSSL_malloc
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
 	struct opcdef *opcdef_p;
+
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size restore
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
 	char buf[10240];
 	unsigned int len;
         struct dsc$descriptor_s buf_dsc;
@@ -326,8 +352,8 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 
 	lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
 
-	/* we know there's an 8 byte header.  That's documented */
-	opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
+	/* We know there's an 8-byte header.  That's documented. */
+	opcdef_p = OPCDEF_MALLOC( 8+ len);
 	opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
 	memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
 	opcdef_p->opc$l_ms_rqstid = 0;
@@ -335,7 +361,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 
 	opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
 	opc_dsc.dsc$b_class = DSC$K_CLASS_S;
-	opc_dsc.dsc$a_pointer = (char *)opcdef_p;
+	opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p;
 	opc_dsc.dsc$w_length = len + 8;
 
 	sys$sndopr(opc_dsc, 0);

crypto/bn/asm/alpha-mont.pl

@@ -41,7 +41,7 @@ $j="s4";
 $m1="s5";
 
 $code=<<___;
-#indef __linux__
+#ifdef __linux__
 #include <asm/regdef.h>
 #else
 #include <asm.h>

crypto/bn/asm/s390x-mont.pl

@@ -69,8 +69,8 @@ bn_mul_mont:
 	cghi	$num,16		#
 	lghi	%r2,0		#
 	blr	%r14		# if($num<16) return 0;
-	cghi	$num,128	#
-	bhr	%r14		# if($num>128) return 0;
+	cghi	$num,96		#
+	bhr	%r14		# if($num>96) return 0;
 
 	stmg	%r3,%r15,24($sp)
 

crypto/bn/bn.h

@@ -253,6 +253,24 @@ extern "C" {
 #define BN_HEX_FMT2	"%08X"
 #endif
 
+/* 2011-02-22 SMS.
+ * In various places, a size_t variable or a type cast to size_t was
+ * used to perform integer-only operations on pointers.  This failed on
+ * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is
+ * still only 32 bits.  What's needed in these cases is an integer type
+ * with the same size as a pointer, which size_t is not certain to be. 
+ * The only fix here is VMS-specific.
+ */
+#if defined(OPENSSL_SYS_VMS)
+# if __INITIAL_POINTER_SIZE == 64
+#  define PTR_SIZE_INT long long
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define PTR_SIZE_INT int
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+#else /* defined(OPENSSL_SYS_VMS) */
+# define PTR_SIZE_INT size_t
+#endif /* defined(OPENSSL_SYS_VMS) [else] */
+
 #define BN_DEFAULT_BITS	1280
 
 #define BN_FLG_MALLOCED		0x01

crypto/bn/bn_gf2m.c

@@ -545,6 +545,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 		{
 		while (!BN_is_odd(u))
 			{
+			if (BN_is_zero(u)) goto err;
 			if (!BN_rshift1(u, u)) goto err;
 			if (BN_is_odd(b))
 				{

crypto/bn/bn_mont.c

@@ -277,7 +277,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
 	m1|=m2;			/* (al!=ri) */
 	m1|=(0-(size_t)v);	/* (al!=ri || v) */
 	m1&=~m2;		/* (al!=ri || v) && !al>ri */
-	nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
+	nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m1)|((PTR_SIZE_INT)ap&m1));
 	}
 
 	/* 'i<ri' is chosen to eliminate dependency on input data, even

crypto/bn/bn_nist.c

@@ -354,7 +354,7 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_192_TOP],
 		 c_d[BN_NIST_192_TOP],
 		*res;
-	size_t   mask;
+	PTR_SIZE_INT mask;
 	static const BIGNUM _bignum_nist_p_192_sqr = {
 		(BN_ULONG *)_nist_p_192_sqr,
 		sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
@@ -405,9 +405,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
 	 * this is what happens below, but without explicit if:-) a.
 	 */
-	mask  = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)
+	 (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_192_TOP);
 	r->top = BN_NIST_192_TOP;
 	bn_correct_top(r);
@@ -438,8 +439,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_224_TOP],
 		 c_d[BN_NIST_224_TOP],
 		*res;
-	size_t   mask;
-	union { bn_addsub_f f; size_t p; } u;
+	PTR_SIZE_INT mask;
+	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
 	static const BIGNUM _bignum_nist_p_224_sqr = {
 		(BN_ULONG *)_nist_p_224_sqr,
 		sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
@@ -510,16 +511,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 		 * to be compared to the modulus and conditionally
 		 * adjusted by *subtracting* the latter. */
 		carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+		mask = 0-(PTR_SIZE_INT)carry;
+		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+		 ((PTR_SIZE_INT)bn_add_words&~mask);
 		}
 	else
 		carry = 1;
 
 	/* otherwise it's effectively same as in BN_nist_mod_192... */
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_224_TOP);
 	r->top = BN_NIST_224_TOP;
 	bn_correct_top(r);
@@ -549,8 +552,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_256_TOP],
 		 c_d[BN_NIST_256_TOP],
 		*res;
-	size_t   mask;
-	union { bn_addsub_f f; size_t p; } u;
+	PTR_SIZE_INT mask;
+	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
 	static const BIGNUM _bignum_nist_p_256_sqr = {
 		(BN_ULONG *)_nist_p_256_sqr,
 		sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
@@ -629,15 +632,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	else if (carry < 0)
 		{
 		carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+		mask = 0-(PTR_SIZE_INT)carry;
+		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+		 ((PTR_SIZE_INT)bn_add_words&~mask);
 		}
 	else
 		carry = 1;
 
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_256_TOP);
 	r->top = BN_NIST_256_TOP;
 	bn_correct_top(r);
@@ -671,8 +676,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_384_TOP],
 		 c_d[BN_NIST_384_TOP],
 		*res;
-	size_t	 mask;
-	union { bn_addsub_f f; size_t p; } u;
+	PTR_SIZE_INT mask;
+	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
 	static const BIGNUM _bignum_nist_p_384_sqr = {
 		(BN_ULONG *)_nist_p_384_sqr,
 		sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
@@ -754,15 +759,17 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	else if (carry < 0)
 		{
 		carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+		mask = 0-(PTR_SIZE_INT)carry;
+		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+		 ((PTR_SIZE_INT)bn_add_words&~mask);
 		}
 	else
 		carry = 1;
 
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_384_TOP);
 	r->top = BN_NIST_384_TOP;
 	bn_correct_top(r);
@@ -781,7 +788,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	BN_ULONG *r_d, *a_d = a->d,
 		 t_d[BN_NIST_521_TOP],
 		 val,tmp,*res;
-	size_t	mask;
+	PTR_SIZE_INT mask;
 	static const BIGNUM _bignum_nist_p_521_sqr = {
 		(BN_ULONG *)_nist_p_521_sqr,
 		sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
@@ -826,8 +833,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	r_d[i] &= BN_NIST_521_TOP_MASK;
 
 	bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
-	mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-	res  = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask));
+	mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
+	res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d,res,BN_NIST_521_TOP);
 	r->top = BN_NIST_521_TOP;
 	bn_correct_top(r);

crypto/comp/c_rle.c

@@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
 	{
 	int i;
 
-	if (olen < (ilen-1))
+	if (ilen == 0 || olen < (ilen-1))
 		{
 		/* ZZZZZZZZZZZZZZZZZZZZZZ */
 		return(-1);
@@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
 		}
 	return(ilen-1);
 	}
-

crypto/conf/conf_api.c

@@ -64,6 +64,7 @@
 #endif
 
 #include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>

crypto/cryptlib.c

@@ -731,7 +731,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
 	case DLL_THREAD_ATTACH:
 		break;
 	case DLL_THREAD_DETACH:
-		ERR_remove_state(0);
 		break;
 	case DLL_PROCESS_DETACH:
 		break;

crypto/crypto-lib.com

@@ -47,11 +47,33 @@ $!  P6, if defined, sets a choice of crypto methods to compile.
 $!  WARNING: this should only be done to recompile some part of an already
 $!  fully compiled library.
 $!
+$!  P7, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
+$!
+$!      ""       Compile with default (/NOPOINTER_SIZE)
+$!      32       Compile with /POINTER_SIZE=32 (SHORT)
+$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]).
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
+$!
+$!  P8, if defined, specifies a directory where ZLIB files (zlib.h,
+$!  libz.olb) may be found.  Optionally, a non-default object library
+$!  name may be included ("dev:[dir]libz_64.olb", for example).
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
 $!
 $! Define A TCP/IP Library That We Will Need To Link To.
 $! (That Is, If We Need To Link To One.)
 $!
 $ TCPIP_LIB = ""
+$ ZLIB_LIB = ""
 $!
 $! Check Which Architecture We Are Using.
 $!
@@ -75,6 +97,11 @@ $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ OPT_FILE = ""
+$ POINTER_SIZE = ""
+$!
 $! Define The Different Encryption Types.
 $! NOTE: Some might think this list ugly.  However, it's made this way to
 $! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
@@ -91,25 +118,37 @@ $ ENCRYPT_TYPES = "Basic,"+ -
 		  "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
 		  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
 		  "STORE,CMS,PQUEUE,TS,JPAKE"
-$! Define The OBJ Directory.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
-$!
-$! Define The EXE Directory.
-$!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
 $ GOSUB CHECK_OPTIONS
 $!
+$! Define The OBJ and EXE Directories.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.CRYPTO]
+$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]
+$!
+$! Specify the destination directory in any /MAP option.
+$!
+$ if (LINKMAP .eqs. "MAP")
+$ then
+$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
+$ endif
+$!
+$! Add the location prefix to the linker options file name.
+$!
+$ if (OPT_FILE .nes. "")
+$ then
+$   OPT_FILE = EXE_DIR+ OPT_FILE
+$ endif
+$!
 $! Initialise logical names and such
 $!
 $ GOSUB INITIALISE
 $!
 $! Tell The User What Kind of Machine We Run On.
 $!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
 $!
 $!
 $! Check To See If The Architecture Specific OBJ Directory Exists.
@@ -140,11 +179,11 @@ $ ENDIF
 $!
 $! Define The Library Name.
 $!
-$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB
+$ LIB_NAME := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
 $!
 $! Define The CRYPTO-LIB We Are To Use.
 $!
-$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB
+$ CRYPTO_LIB := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
 $!
 $! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
 $!
@@ -193,7 +232,7 @@ $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
 $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
 	"cmll_cfb,cmll_ctr"
 $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
-$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128,cts128"
+$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128"
 $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
      LIB_BN_ASM = "bn_asm"
@@ -301,15 +340,23 @@ $ LIB_JPAKE = "jpake,jpake_err"
 $!
 $! Setup exceptional compilations
 $!
-$ ! Add definitions for no threads on OpenVMS 7.1 and higher
+$ CC3_SHOWN = 0
+$ CC4_SHOWN = 0
+$ CC5_SHOWN = 0
+$ CC6_SHOWN = 0
+$!
+$! The following lists must have leading and trailing commas, and no
+$! embedded spaces.  (They are scanned for ",name,".)
+$!
+$ ! Add definitions for no threads on OpenVMS 7.1 and higher.
 $ COMPILEWITH_CC3 = ",bss_rtcp,"
-$ ! Disable the DOLLARID warning
-$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir"
-$ ! Disable disjoint optimization
+$ ! Disable the DOLLARID warning.  Not needed with /STANDARD=RELAXED.
+$ COMPILEWITH_CC4 = "" !!! ",a_utctm,bss_log,o_time,o_dir,"
+$ ! Disable disjoint optimization on VAX with DECC.
 $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
                     "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
-$ ! Disable the MIXLINKAGE warning
-$ COMPILEWITH_CC6 = ",enc_read,set_key,"
+$ ! Disable the MIXLINKAGE warning.
+$ COMPILEWITH_CC6 = "" !!! ",enc_read,set_key,"
 $!
 $! Figure Out What Other Modules We Are To Build.
 $!
@@ -515,31 +562,60 @@ $   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File.  (",BUILDALL,",",STATE,"
 $ ENDIF
 $ IF (MODULE_NAME.NES."")
 $ THEN 
-$   WRITE SYS$OUTPUT "	",FILE_NAME,""
+$   WRITE SYS$OUTPUT "        ",FILE_NAME,""
 $ ENDIF
 $!
 $! Compile The File.
 $!
 $ ON ERROR THEN GOTO NEXT_FILE
-$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME)
+$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ ","
 $ IF FILE_NAME - ".mar" .NES. FILE_NAME
 $ THEN
 $   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $ ELSE
 $   IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
 $   THEN
+$     write sys$output "        \Using special rule (3)"
+$     if (.not. CC3_SHOWN)
+$     then
+$       CC3_SHOWN = 1
+$       x = "    "+ CC3
+$       write /symbol sys$output x
+$     endif
 $     CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $   ELSE
 $     IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
 $     THEN
+$       write /symbol sys$output "        \Using special rule (4)"
+$       if (.not. CC4_SHOWN)
+$       then
+$         CC4_SHOWN = 1
+$         x = "    "+ CC4
+$         write /symbol sys$output x
+$       endif
 $       CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $     ELSE
-$       IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
+$       IF CC5_DIFFERENT .AND. -
+         (COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5)
 $       THEN
+$         write sys$output "        \Using special rule (5)"
+$         if (.not. CC5_SHOWN)
+$         then
+$           CC5_SHOWN = 1
+$           x = "    "+ CC5
+$           write /symbol sys$output x
+$         endif
 $         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $       ELSE
 $         IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
 $         THEN
+$           write sys$output "        \Using special rule (6)"
+$           if (.not. CC6_SHOWN)
+$           then
+$             CC6_SHOWN = 1
+$             x = "    "+ CC6
+$             write /symbol sys$output x
+$           endif
 $           CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $         ELSE
 $           CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
@@ -586,38 +662,22 @@ $!   SHOW SYMBOL APPLICATION*
 $!
 $! Tell the user what happens
 $!
-$   WRITE SYS$OUTPUT "	",APPLICATION,".exe"
+$   WRITE SYS$OUTPUT "        ",APPLICATION,".exe"
 $!
 $! Link The Program.
 $!
 $   ON ERROR THEN GOTO NEXT_APPLICATION
 $!
-$! Check To See If We Are To Link With A Specific TCP/IP Library.
+$!  Link With A TCP/IP Library.
 $!
-$   IF (TCPIP_LIB.NES."")
-$   THEN
+$   LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' -
+     /EXE='EXE_DIR''APPLICATION'.EXE -
+     'OBJ_DIR''APPLICATION_OBJECTS', -
+     'CRYPTO_LIB'/LIBRARY -
+     'TCPIP_LIB' -
+     'ZLIB_LIB' -
+     ,'OPT_FILE' /OPTIONS
 $!
-$!    Link With A TCP/IP Library.
-$!
-$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
-          'OBJ_DIR''APPLICATION_OBJECTS', -
-	  'CRYPTO_LIB'/LIBRARY, -
-          'TCPIP_LIB','OPT_FILE'/OPTION
-$!
-$! Else...
-$!
-$   ELSE
-$!
-$!    Don't Link With A TCP/IP Library.
-$!
-$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
-          'OBJ_DIR''APPLICATION_OBJECTS',-
-	  'CRYPTO_LIB'/LIBRARY, -
-          'OPT_FILE'/OPTION
-$!
-$! End The TCP/IP Library Check.
-$!
-$   ENDIF
 $   GOTO NEXT_APPLICATION
 $  APPLICATION_DONE:
 $ ENDIF
@@ -656,7 +716,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable VAX C Runtime Library.
 !
 SYS$SHARE:VAXCRTL.EXE/SHARE
@@ -685,7 +745,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable C Runtime Library.
 !
 GNU_CC:[000000]GCCLIB/LIBRARY
@@ -720,7 +780,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable DEC C Runtime Library.
 !
 SYS$SHARE:DECC$SHR.EXE/SHARE
@@ -735,7 +795,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For non-VAX To Link Agianst 
+! Default System Options File For non-VAX To Link Against 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -756,7 +816,7 @@ $ ENDIF
 $!
 $!  Tell The User What Linker Option File We Are Using.
 $!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
 $!
 $! Time To RETURN.
 $!
@@ -803,8 +863,8 @@ $     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.E
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
 $     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
@@ -825,15 +885,16 @@ $!
 $ IF (P2.EQS."NODEBUG")
 $ THEN
 $!
-$!   P2 Is NODEBUG, So Compile Without The Debugger Information.
+$!  P2 Is NODEBUG, So Compile Without The Debugger Information.
 $!
-$    DEBUGGER = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    MACRO_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$   DEBUGGER = "NODEBUG"
+$   LINKMAP = "NOMAP"
+$   TRACEBACK = "NOTRACEBACK" 
+$   GCC_OPTIMIZE = "OPTIMIZE"
+$   CC_OPTIMIZE = "OPTIMIZE"
+$   MACRO_OPTIMIZE = "OPTIMIZE"
+$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
 $ ELSE
 $!
 $!  Check To See If We Are To Compile With Debugger Information.
@@ -844,6 +905,7 @@ $!
 $!    Compile With Debugger Information.
 $!
 $     DEBUGGER = "DEBUG"
+$     LINKMAP = "MAP"
 $     TRACEBACK = "TRACEBACK"
 $     GCC_OPTIMIZE = "NOOPTIMIZE"
 $     CC_OPTIMIZE = "NOOPTIMIZE"
@@ -852,7 +914,7 @@ $     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
 $     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
 $   ELSE 
 $!
-$!    They Entered An Invalid Option..
+$!    They Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
@@ -907,6 +969,60 @@ $! End The P5 Check.
 $!
 $ ENDIF
 $!
+$! Check P7 (POINTER_SIZE).
+$!
+$ IF (P7 .NES. "") .AND. (ARCH .NES. "VAX")
+$ THEN
+$!
+$   IF (P7 .EQS. "32")
+$   THEN
+$     POINTER_SIZE = " /POINTER_SIZE=32"
+$   ELSE
+$     POINTER_SIZE = F$EDIT( P7, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
+$     THEN
+$       ARCHD = ARCH+ "_64"
+$       LIB32 = ""
+$       POINTER_SIZE = " /POINTER_SIZE=64"
+$     ELSE
+$!
+$!      Tell The User Entered An Invalid Option.
+$!
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", P7, -
+         " Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT -
+         "    """"       :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32       :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
+$       WRITE SYS$OUTPUT ""
+$! 
+$!      Time To EXIT.
+$!
+$       EXIT
+$!
+$     ENDIF
+$!
+$   ENDIF
+$!
+$! End The P7 (POINTER_SIZE) Check.
+$!
+$ ENDIF
+$!
+$! Set basic C compiler /INCLUDE directories.
+$!
+$ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ -
+   "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1]"
+$!
 $! Check To See If P3 Is Blank.
 $!
 $ IF (P3.EQS."")
@@ -1007,11 +1123,64 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$! Check To See If We Have A ZLIB Option.
+$!
+$ ZLIB = P8
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$   file1 = f$parse( "A.;", ZLIB)- "A.;"
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     EXIT
+$   endif
+$!
+$   CCDEFS = """ZLIB=1"", "+ CCDEFS
+$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
+$   ZLIB_LIB = ", ''file2' /library"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
 $ THEN
@@ -1034,14 +1203,14 @@ $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
-	   CCEXTRAFLAGS
+$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
+       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
+       " /INCLUDE=(''CC_INCLUDES')"+ -
+       CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -1070,7 +1239,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+       "/INCLUDE=(''CC_INCLUDES')"+ -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1080,7 +1249,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -1102,12 +1271,12 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+       "/INCLUDE=(''CC_INCLUDES')"+ -
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -1128,22 +1297,24 @@ $       CC6DISABLEWARNINGS = "MIXLINKAGE"
 $     ELSE
 $       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
 $       CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
-$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $     ENDIF
-$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$     CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
+$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$     CC6DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
 $   ELSE
 $     CCDISABLEWARNINGS = ""
 $     CC4DISABLEWARNINGS = ""
 $     CC6DISABLEWARNINGS = ""
 $   ENDIF
-$   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
-$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $   IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
 $   THEN
-$     CC5 = CC + "/OPTIMIZE=NODISJOINT"
+$     CC5 = CC + " /OPTIMIZE=NODISJOINT"
+$     CC5_DIFFERENT = 1
 $   ELSE
-$     CC5 = CC + "/NOOPTIMIZE"
+$     CC5 = CC
+$     CC5_DIFFERENT = 0
 $   ENDIF
 $   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
 $   CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
@@ -1196,7 +1367,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -1222,13 +1393,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+	  TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -1242,7 +1413,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -1263,7 +1434,7 @@ $   ENDIF
 $!
 $!  Print info
 $!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
 $!
 $!  Else The User Entered An Invalid Argument.
 $!

crypto/dsa/dsa_ossl.c

@@ -148,15 +148,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
 	s=BN_new();
 	if (s == NULL) goto err;
-
-	/* reject a excessive digest length (currently at most
-	 * dsa-with-SHA256 is supported) */
-	if (dlen > SHA256_DIGEST_LENGTH)
-		{
-		reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
-		goto err;
-		}
-
 	ctx=BN_CTX_new();
 	if (ctx == NULL) goto err;
 
@@ -325,15 +316,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
 		return -1;
 		}
-
-	/* reject a excessive digest length (currently at most
-	 * dsa-with-SHA256 is supported) */
-	if (dgst_len > SHA256_DIGEST_LENGTH)
-		{
-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return -1;
-		}
-
 	BN_init(&u1);
 	BN_init(&u2);
 	BN_init(&t1);

crypto/dsa/dsa_pmeth.c

@@ -187,6 +187,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		case EVP_PKEY_CTRL_MD:
 		if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_dsa    &&
+		    EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA    &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
 			{

crypto/dso/dso_dlfcn.c

@@ -85,6 +85,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 # define HAVE_DLINFO 1
 # if defined(_AIX) || defined(__CYGWIN__) || \
      defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
+     (defined(__osf__) && !defined(RTLD_NEXT))     || \
      (defined(__OpenBSD__) && !defined(RTLD_SELF))
 #  undef HAVE_DLINFO
 # endif

crypto/dso/dso_vms.c

@@ -68,8 +68,20 @@
 #include <stsdef.h>
 #include <descrip.h>
 #include <starlet.h>
+#include "vms_rms.h"
 #endif
 
+/* Some compiler options may mask the declaration of "_malloc32". */
+#if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    void * _malloc32  (__size_t);
+#  pragma pointer_size restore
+# endif /* __INITIAL_POINTER_SIZE == 64 */
+#endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */
+
+
 #ifndef OPENSSL_SYS_VMS
 DSO_METHOD *DSO_METHOD_vms(void)
 	{
@@ -121,14 +133,13 @@ typedef struct dso_internal_st
 	/* This should contain the name only, no directory,
 	 * no extension, nothing but a name. */
 	struct dsc$descriptor_s filename_dsc;
-	char filename[FILENAME_MAX+1];
+	char filename[ NAMX_MAXRSS+ 1];
 	/* This contains whatever is not in filename, if needed.
 	 * Normally not defined. */
 	struct dsc$descriptor_s imagename_dsc;
-	char imagename[FILENAME_MAX+1];
+	char imagename[ NAMX_MAXRSS+ 1];
 	} DSO_VMS_INTERNAL;
 
-
 DSO_METHOD *DSO_METHOD_vms(void)
 	{
 	return(&dso_meth_vms);
@@ -139,7 +150,22 @@ static int vms_load(DSO *dso)
 	void *ptr = NULL;
 	/* See applicable comments in dso_dl.c */
 	char *filename = DSO_convert_filename(dso, NULL);
-	DSO_VMS_INTERNAL *p;
+
+/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */
+#if __INITIAL_POINTER_SIZE == 64
+# define DSO_MALLOC _malloc32
+# pragma pointer_size save
+# pragma pointer_size 32
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define DSO_MALLOC OPENSSL_malloc
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+	DSO_VMS_INTERNAL *p = NULL;
+
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size restore
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
 	const char *sp1, *sp2;	/* Search result */
 
 	if(filename == NULL)
@@ -192,7 +218,7 @@ static int vms_load(DSO *dso)
 		goto err;
 		}
 
-	p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL));
+	p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL));
 	if(p == NULL)
 		{
 		DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE);
@@ -290,18 +316,38 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym)
 	int flags = 0;
 #endif
 	struct dsc$descriptor_s symname_dsc;
-	*sym = NULL;
 
-	symname_dsc.dsc$w_length = strlen(symname);
-	symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	symname_dsc.dsc$b_class = DSC$K_CLASS_S;
-	symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define SYMNAME symname_32p
+# pragma pointer_size save
+# pragma pointer_size 32
+	char *symname_32p;
+# pragma pointer_size restore
+	char symname_32[ NAMX_MAXRSS+ 1];
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define SYMNAME ((char *) symname)
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+	*sym = NULL;
 
 	if((dso == NULL) || (symname == NULL))
 		{
 		DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER);
 		return;
 		}
+
+#if __INITIAL_POINTER_SIZE == 64
+	/* Copy the symbol name to storage with a 32-bit pointer. */
+	symname_32p = symname_32;
+	strcpy( symname_32p, symname);
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+	symname_dsc.dsc$w_length = strlen(SYMNAME);
+	symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+	symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+	symname_dsc.dsc$a_pointer = SYMNAME;
+
 	if(sk_void_num(dso->meth_data) < 1)
 		{
 		DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR);
@@ -372,64 +418,60 @@ static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
 	return sym;
 	}
 
+
 static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2)
 	{
 	int status;
 	int filespec1len, filespec2len;
 	struct FAB fab;
-#ifdef NAML$C_MAXRSS
-	struct NAML nam;
-	char esa[NAML$C_MAXRSS];
-#else
-	struct NAM nam;
-	char esa[NAM$C_MAXRSS];
-#endif
+	struct NAMX_STRUCT nam;
+	char esa[ NAMX_MAXRSS+ 1];
 	char *merged;
 
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define FILESPEC1 filespec1_32p;
+# define FILESPEC2 filespec2_32p;
+# pragma pointer_size save
+# pragma pointer_size 32
+	char *filespec1_32p;
+	char *filespec2_32p;
+# pragma pointer_size restore
+	char filespec1_32[ NAMX_MAXRSS+ 1];
+	char filespec2_32[ NAMX_MAXRSS+ 1];
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define FILESPEC1 ((char *) filespec1)
+# define FILESPEC2 ((char *) filespec2)
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
 	if (!filespec1) filespec1 = "";
 	if (!filespec2) filespec2 = "";
 	filespec1len = strlen(filespec1);
 	filespec2len = strlen(filespec2);
 
-	fab = cc$rms_fab;
-#ifdef NAML$C_MAXRSS
-	nam = cc$rms_naml;
-#else
-	nam = cc$rms_nam;
-#endif
+#if __INITIAL_POINTER_SIZE == 64
+	/* Copy the file names to storage with a 32-bit pointer. */
+	filespec1_32p = filespec1_32;
+	filespec2_32p = filespec2_32;
+	strcpy( filespec1_32p, filespec1);
+	strcpy( filespec2_32p, filespec2);
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
 
-	fab.fab$l_fna = (char *)filespec1;
-	fab.fab$b_fns = filespec1len;
-	fab.fab$l_dna = (char *)filespec2;
-	fab.fab$b_dns = filespec2len;
-#ifdef NAML$C_MAXRSS
-	if (filespec1len > NAM$C_MAXRSS)
-		{
-		fab.fab$l_fna = 0;
-		fab.fab$b_fns = 0;
-		nam.naml$l_long_filename = (char *)filespec1;
-		nam.naml$l_long_filename_size = filespec1len;
-		}
-	if (filespec2len > NAM$C_MAXRSS)
-		{
-		fab.fab$l_dna = 0;
-		fab.fab$b_dns = 0;
-		nam.naml$l_long_defname = (char *)filespec2;
-		nam.naml$l_long_defname_size = filespec2len;
-		}
-	nam.naml$l_esa = esa;
-	nam.naml$b_ess = NAM$C_MAXRSS;
-	nam.naml$l_long_expand = esa;
-	nam.naml$l_long_expand_alloc = sizeof(esa);
-	nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
-	nam.naml$v_no_short_upcase = 1;
-	fab.fab$l_naml = &nam;
-#else
-	nam.nam$l_esa = esa;
-	nam.nam$b_ess = NAM$C_MAXRSS;
-	nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
-	fab.fab$l_nam = &nam;
-#endif
+	fab = cc$rms_fab;
+	nam = CC_RMS_NAMX;
+
+	FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNA = FILESPEC1;
+	FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNS = filespec1len;
+	FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNA = FILESPEC2;
+	FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNS = filespec2len;
+	NAMX_DNA_FNA_SET( fab)
+
+	nam.NAMX_ESA = esa;
+	nam.NAMX_ESS = NAMX_MAXRSS;
+	nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD;
+	SET_NAMX_NO_SHORT_UPCASE( nam);
+
+	fab.FAB_NAMX = &nam;
 
 	status = sys$parse(&fab, 0, 0);
 
@@ -460,33 +502,12 @@ static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2)
 			}
 		return(NULL);
 		}
-#ifdef NAML$C_MAXRSS
-	if (nam.naml$l_long_expand_size)
-		{
-		merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1);
-		if(!merged)
-			goto malloc_err;
-		strncpy(merged, nam.naml$l_long_expand,
-			nam.naml$l_long_expand_size);
-		merged[nam.naml$l_long_expand_size] = '\0';
-		}
-	else
-		{
-		merged = OPENSSL_malloc(nam.naml$b_esl + 1);
-		if(!merged)
-			goto malloc_err;
-		strncpy(merged, nam.naml$l_esa,
-			nam.naml$b_esl);
-		merged[nam.naml$b_esl] = '\0';
-		}
-#else
-	merged = OPENSSL_malloc(nam.nam$b_esl + 1);
+
+	merged = OPENSSL_malloc( nam.NAMX_ESL+ 1);
 	if(!merged)
 		goto malloc_err;
-	strncpy(merged, nam.nam$l_esa,
-		nam.nam$b_esl);
-	merged[nam.nam$b_esl] = '\0';
-#endif
+	strncpy( merged, nam.NAMX_ESA, nam.NAMX_ESL);
+	merged[ nam.NAMX_ESL] = '\0';
 	return(merged);
  malloc_err:
 	DSOerr(DSO_F_VMS_MERGER,

crypto/ec/ec2_smpl.c

@@ -937,6 +937,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT
 		{
 		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
 		}
+
+	if (EC_POINT_is_at_infinity(group, b))
+		return 1;
 	
 	if (a->Z_is_one && b->Z_is_one)
 		{

crypto/ec/ec_key.c

@@ -304,7 +304,13 @@ int EC_KEY_check_key(const EC_KEY *eckey)
 		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
-	
+
+	if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
+		{
+		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+		goto err;
+		}
+
 	if ((ctx = BN_CTX_new()) == NULL)
 		goto err;
 	if ((point = EC_POINT_new(eckey->group)) == NULL)

crypto/ec/ecp_smpl.c

@@ -1406,6 +1406,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *
 		{
 		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
 		}
+
+	if (EC_POINT_is_at_infinity(group, b))
+		return 1;
 	
 	if (a->Z_is_one && b->Z_is_one)
 		{

crypto/ecdsa/ecdsatest.c

@@ -168,10 +168,9 @@ int fbytes(unsigned char *buf, int num)
 		return 0;
 		}
 	fbytes_counter ++;
-	ret = BN_bn2bin(tmp, buf);	
-	if (ret == 0 || ret != num)
+	if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
 		ret = 0;
-	else
+	else 
 		ret = 1;
 	if (tmp)
 		BN_free(tmp);

crypto/ecdsa/ecs_ossl.c

@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
 			}
 		while (BN_is_zero(k));
 
+		/* We do not want timing information to leak the length of k,
+		 * so we compute G*k using an equivalent scalar of fixed
+		 * bit-length. */
+
+		if (!BN_add(k, k, order)) goto err;
+		if (BN_num_bits(k) <= BN_num_bits(order))
+			if (!BN_add(k, k, order)) goto err;
+
 		/* compute r the x-coordinate of generator * k */
 		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
 		{

crypto/engine/engine.h

@@ -677,6 +677,7 @@ typedef struct st_dynamic_fns {
  * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
 typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
 #define IMPLEMENT_DYNAMIC_CHECK_FN() \
+	OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
 	OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
 		if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
 		return 0; }
@@ -699,6 +700,8 @@ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
 typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
 				const dynamic_fns *fns);
 #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+	OPENSSL_EXPORT \
+	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
 	OPENSSL_EXPORT \
 	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
 		if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \

crypto/evp/evp_test.c

@@ -435,6 +435,7 @@ int main(int argc,char **argv)
 	    EXIT(3);
 	    }
 	}
+	fclose(f);
 
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_cleanup();

crypto/hmac/hm_pmeth.c

@@ -147,6 +147,8 @@ static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
 
 static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 	{
+	HMAC_PKEY_CTX *hctx = ctx->data;
+	HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT);
 	EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
 	mctx->update = int_update;
 	return 1;

crypto/install-crypto.com

@@ -0,0 +1,196 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
+$!
+$! P1  root of the directory tree
+$! P2  "64" for 64-bit pointers.
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if (p1 .eqs. "")
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "It should be the directory where you want things installed."
+$     exit
+$ endif
+$!
+$ if (f$getsyi( "cpu") .lt. 128)
+$ then
+$   arch = "VAX"
+$ else
+$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$ archd = arch
+$ lib32 = "32"
+$ shr = "_SHR32"
+$!
+$ if (p2 .nes. "")
+$ then
+$   if (p2 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$     lib32 = ""
+$     shr = "_SHR"
+$   else
+$     if (p2 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
+$ root_dev = f$parse( root, , , "device", "syntax_only")
+$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
+   "[000000." - "][" - "[" - "]"
+$ root = root_dev + "[" + root_dir
+$!
+$ define /nolog wrk_sslroot 'root'.] /trans=conc
+$ define /nolog wrk_sslinclude wrk_sslroot:[include]
+$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
+$!
+$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse("wrk_sslinclude:") .eqs. "" then -
+   create /directory /log wrk_sslinclude:
+$ if f$parse("wrk_sslxlib:") .eqs. "" then -
+   create /directory /log wrk_sslxlib:
+$!
+$ sdirs := , -
+   'archd', -
+   objects, -
+   md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, -
+   des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, -
+   bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, -
+   buffer, bio, stack, lhash, rand, err, -
+   evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, -
+   ui, krb5, -
+   store, cms, pqueue, ts, jpake
+$!
+$ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
+$ exheader_'archd' := opensslconf.h
+$ exheader_objects := objects.h, obj_mac.h
+$ exheader_md2 := md2.h
+$ exheader_md4 := md4.h
+$ exheader_md5 := md5.h
+$ exheader_sha := sha.h
+$ exheader_mdc2 := mdc2.h
+$ exheader_hmac := hmac.h
+$ exheader_ripemd := ripemd.h
+$ exheader_whrlpool := whrlpool.h
+$ exheader_des := des.h, des_old.h
+$ exheader_aes := aes.h
+$ exheader_rc2 := rc2.h
+$ exheader_rc4 := rc4.h
+$ exheader_rc5 := rc5.h
+$ exheader_idea := idea.h
+$ exheader_bf := blowfish.h
+$ exheader_cast := cast.h
+$ exheader_camellia := camellia.h
+$ exheader_seed := seed.h
+$ exheader_modes := modes.h
+$ exheader_bn := bn.h
+$ exheader_ec := ec.h
+$ exheader_rsa := rsa.h
+$ exheader_dsa := dsa.h
+$ exheader_ecdsa := ecdsa.h
+$ exheader_dh := dh.h
+$ exheader_ecdh := ecdh.h
+$ exheader_dso := dso.h
+$ exheader_engine := engine.h
+$ exheader_buffer := buffer.h
+$ exheader_bio := bio.h
+$ exheader_stack := stack.h, safestack.h
+$ exheader_lhash := lhash.h
+$ exheader_rand := rand.h
+$ exheader_err := err.h
+$ exheader_evp := evp.h
+$ exheader_asn1 := asn1.h, asn1_mac.h, asn1t.h
+$ exheader_pem := pem.h, pem2.h
+$ exheader_x509 := x509.h, x509_vfy.h
+$ exheader_x509v3 := x509v3.h
+$ exheader_conf := conf.h, conf_api.h
+$ exheader_txt_db := txt_db.h
+$ exheader_pkcs7 := pkcs7.h
+$ exheader_pkcs12 := pkcs12.h
+$ exheader_comp := comp.h
+$ exheader_ocsp := ocsp.h
+$ exheader_ui := ui.h, ui_compat.h
+$ exheader_krb5 := krb5_asn.h
+$! exheader_store := store.h, str_compat.h
+$ exheader_store := store.h
+$ exheader_cms := cms.h
+$ exheader_pqueue := pqueue.h
+$ exheader_ts := ts.h
+$ exheader_jpake := jpake.h
+$ libs := ssl_libcrypto
+$!
+$ exe_dir := [-.'archd'.exe.crypto]
+$!
+$! Header files.
+$!
+$ i = 0
+$ loop_sdirs: 
+$   d = f$edit( f$element( i, ",", sdirs), "trim")
+$   i = i + 1
+$   if d .eqs. "," then goto loop_sdirs_end
+$   tmp = exheader_'d'
+$   if (d .nes. "") then d = "."+ d
+$   copy /protection = w:re ['d']'tmp' wrk_sslinclude: /log
+$ goto loop_sdirs
+$ loop_sdirs_end:
+$!
+$! Object libraries, shareable images.
+$!
+$ i = 0
+$ loop_lib: 
+$   e = f$edit( f$element( i, ",", libs), "trim")
+$   i = i + 1
+$   if e .eqs. "," then goto loop_lib_end
+$   set noon
+$   file = exe_dir+ e+ lib32+ ".olb"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxlib: /log
+$   endif
+$!
+$   file = exe_dir+ e+ shr+ ".exe"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxlib: /log
+$   endif
+$   set on
+$ goto loop_lib
+$ loop_lib_end:
+$!
+$ tidy:
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslinclude
+$ call deass wrk_sslxlib
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!

crypto/install.com

@@ -1,150 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
-$!
-$! P1	root of the directory tree
-$!
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT -
-		  "It should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	IF (F$GETSYI("CPU").LT.128)
-$	THEN
-$	    ARCH := VAX
-$	ELSE
-$	    ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$	    IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB]
-$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLLIB:
-$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLINCLUDE:
-$
-$	SDIRS := ,-
-		 _'ARCH',-
-		 OBJECTS,-
-		 MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
-		 DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
-		 BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
-		 BUFFER,BIO,STACK,LHASH,RAND,ERR,-
-		 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
-		 UI,KRB5,-
-		 STORE,CMS,PQUEUE,TS,JPAKE
-$	EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
-$	EXHEADER__'ARCH' := opensslconf.h
-$	EXHEADER_OBJECTS := objects.h,obj_mac.h
-$	EXHEADER_MD2 := md2.h
-$	EXHEADER_MD4 := md4.h
-$	EXHEADER_MD5 := md5.h
-$	EXHEADER_SHA := sha.h
-$	EXHEADER_MDC2 := mdc2.h
-$	EXHEADER_HMAC := hmac.h
-$	EXHEADER_RIPEMD := ripemd.h
-$	EXHEADER_WHRLPOOL := whrlpool.h
-$	EXHEADER_DES := des.h,des_old.h
-$	EXHEADER_AES := aes.h
-$	EXHEADER_RC2 := rc2.h
-$	EXHEADER_RC4 := rc4.h
-$	EXHEADER_RC5 := rc5.h
-$	EXHEADER_IDEA := idea.h
-$	EXHEADER_BF := blowfish.h
-$	EXHEADER_CAST := cast.h
-$	EXHEADER_CAMELLIA := camellia.h
-$	EXHEADER_SEED := seed.h
-$	EXHEADER_MODES := modes.h
-$	EXHEADER_BN := bn.h
-$	EXHEADER_EC := ec.h
-$	EXHEADER_RSA := rsa.h
-$	EXHEADER_DSA := dsa.h
-$	EXHEADER_ECDSA := ecdsa.h
-$	EXHEADER_DH := dh.h
-$	EXHEADER_ECDH := ecdh.h
-$	EXHEADER_DSO := dso.h
-$	EXHEADER_ENGINE := engine.h
-$	EXHEADER_BUFFER := buffer.h
-$	EXHEADER_BIO := bio.h
-$	EXHEADER_STACK := stack.h,safestack.h
-$	EXHEADER_LHASH := lhash.h
-$	EXHEADER_RAND := rand.h
-$	EXHEADER_ERR := err.h
-$	EXHEADER_EVP := evp.h
-$	EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
-$	EXHEADER_PEM := pem.h,pem2.h
-$	EXHEADER_X509 := x509.h,x509_vfy.h
-$	EXHEADER_X509V3 := x509v3.h
-$	EXHEADER_CONF := conf.h,conf_api.h
-$	EXHEADER_TXT_DB := txt_db.h
-$	EXHEADER_PKCS7 := pkcs7.h
-$	EXHEADER_PKCS12 := pkcs12.h
-$	EXHEADER_COMP := comp.h
-$	EXHEADER_OCSP := ocsp.h
-$	EXHEADER_UI := ui.h,ui_compat.h
-$	EXHEADER_KRB5 := krb5_asn.h
-$!	EXHEADER_STORE := store.h,str_compat.h
-$	EXHEADER_STORE := store.h
-$	EXHEADER_CMS := cms.h
-$	EXHEADER_PQUEUE := pqueue.h
-$	EXHEADER_TS := ts.h
-$	EXHEADER_JPAKE := jpake.h
-$	LIBS := LIBCRYPTO
-$
-$	EXE_DIR := [-.'ARCH'.EXE.CRYPTO]
-$
-$	I = 0
-$ LOOP_SDIRS: 
-$	D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
-$	I = I + 1
-$	IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
-$	tmp = EXHEADER_'D'
-$	IF D .EQS. ""
-$	THEN
-$	  COPY 'tmp' WRK_SSLINCLUDE: /LOG
-$	ELSE
-$	  COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
-$	ENDIF
-$	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
-$	GOTO LOOP_SDIRS
-$ LOOP_SDIRS_END:
-$
-$	I = 0
-$ LOOP_LIB: 
-$	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
-$	I = I + 1
-$	IF E .EQS. "," THEN GOTO LOOP_LIB_END
-$	SET NOON
-$	IF F$SEARCH(EXE_DIR+E+".OLB") .NES. ""
-$	THEN
-$	  COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log
-$	  SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB
-$	ENDIF
-$	! Preparing for the time when we have shareable images
-$	IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
-$	THEN
-$	  COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log
-$	  SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE
-$	ENDIF
-$	SET ON
-$	GOTO LOOP_LIB
-$ LOOP_LIB_END:
-$
-$	EXIT

crypto/o_time.c

@@ -64,12 +64,18 @@
 #include "o_time.h"
 
 #ifdef OPENSSL_SYS_VMS
-# include <libdtdef.h>
-# include <lib$routines.h>
-# include <lnmdef.h>
-# include <starlet.h>
-# include <descrip.h>
-# include <stdlib.h>
+# if __CRTL_VER >= 70000000 && \
+     (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE)
+#  define VMS_GMTIME_OK
+# endif
+# ifndef VMS_GMTIME_OK
+#  include <libdtdef.h>
+#  include <lib$routines.h>
+#  include <lnmdef.h>
+#  include <starlet.h>
+#  include <descrip.h>
+#  include <stdlib.h>
+# endif /* ndef VMS_GMTIME_OK */
 #endif
 
 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
@@ -81,7 +87,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
 	   so we don't even look at the return value */
 	gmtime_r(timer,result);
 	ts = result;
-#elif !defined(OPENSSL_SYS_VMS)
+#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
 	ts = gmtime(timer);
 	if (ts == NULL)
 		return NULL;
@@ -89,7 +95,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
 	memcpy(result, ts, sizeof(struct tm));
 	ts = result;
 #endif
-#ifdef OPENSSL_SYS_VMS
+#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK)
 	if (ts == NULL)
 		{
 		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");

crypto/ocsp/ocsp_lib.c

@@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
 
 	char *host, *port;
 
-	/* dup the buffer since we are going to mess with it */
-	buf = BUF_strdup(url);
-	if (!buf) goto mem_err;
-
 	*phost = NULL;
 	*pport = NULL;
 	*ppath = NULL;
 
+	/* dup the buffer since we are going to mess with it */
+	buf = BUF_strdup(url);
+	if (!buf) goto mem_err;
+
 	/* Check for initial colon */
 	p = strchr(buf, ':');
 

crypto/opensslv.h

@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x1000003f
+#define OPENSSL_VERSION_NUMBER	0x1000005fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0c-fips 2 Dec 2010"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0e-fips 6 Sep 2011"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0c 2 Dec 2010"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0e 6 Sep 2011"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 

crypto/perlasm/cbc.pl

@@ -158,7 +158,6 @@ sub cbc
 	&jmp_ptr($count);
 
 &set_label("ej7");
-	&xor("edx",		"edx") if $ppro; # ppro friendly
 	&movb(&HB("edx"),	&BP(6,$in,"",0));
 	&shl("edx",8);
 &set_label("ej6");
@@ -170,7 +169,6 @@ sub cbc
 	&jmp(&label("ejend"));
 &set_label("ej3");
 	&movb(&HB("ecx"),	&BP(2,$in,"",0));
-	&xor("ecx",		"ecx") if $ppro; # ppro friendly
 	&shl("ecx",8);
 &set_label("ej2");
 	&movb(&HB("ecx"),	&BP(1,$in,"",0));

crypto/rand/rand_vms.c

@@ -69,6 +69,17 @@
 # pragma message disable DOLLARID
 #endif
 
+/* Use 32-bit pointers almost everywhere.  Define the type to which to
+ * cast a pointer passed to an external function.
+ */
+#if __INITIAL_POINTER_SIZE == 64
+# define PTR_T __void_ptr64
+# pragma pointer_size save
+# pragma pointer_size 32
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define PTR_T void *
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
 static struct items_data_st
 	{
 	short length, code;	/* length is amount of bytes */
@@ -125,11 +136,12 @@ int RAND_poll(void)
 		{
 		if (status == SS$_NORMAL)
 			{
-			RAND_add(data_buffer, total_length, total_length/2);
+			RAND_add( (PTR_T)data_buffer, total_length,
+			 total_length/2);
 			}
 		}
 	sys$gettim(iosb);
-	RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2);
+	RAND_add( (PTR_T)iosb, sizeof(iosb), sizeof(iosb)/2);
 	return 1;
 }
 

crypto/rand/randfile.c

@@ -144,7 +144,9 @@ int RAND_load_file(const char *file, long bytes)
 	   * I/O because we will waste system entropy. 
 	   */
 	  bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+#ifndef OPENSSL_NO_SETVBUF_IONBF
 	  setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 	}
 #endif
 	for (;;)

crypto/rsa/rsa_oaep.c

@@ -189,34 +189,40 @@ int PKCS1_MGF1(unsigned char *mask, long len,
 	EVP_MD_CTX c;
 	unsigned char md[EVP_MAX_MD_SIZE];
 	int mdlen;
+	int rv = -1;
 
 	EVP_MD_CTX_init(&c);
 	mdlen = EVP_MD_size(dgst);
 	if (mdlen < 0)
-		return -1;
+		goto err;
 	for (i = 0; outlen < len; i++)
 		{
 		cnt[0] = (unsigned char)((i >> 24) & 255);
 		cnt[1] = (unsigned char)((i >> 16) & 255);
 		cnt[2] = (unsigned char)((i >> 8)) & 255;
 		cnt[3] = (unsigned char)(i & 255);
-		EVP_DigestInit_ex(&c,dgst, NULL);
-		EVP_DigestUpdate(&c, seed, seedlen);
-		EVP_DigestUpdate(&c, cnt, 4);
+		if (!EVP_DigestInit_ex(&c,dgst, NULL)
+			|| !EVP_DigestUpdate(&c, seed, seedlen)
+			|| !EVP_DigestUpdate(&c, cnt, 4))
+			goto err;
 		if (outlen + mdlen <= len)
 			{
-			EVP_DigestFinal_ex(&c, mask + outlen, NULL);
+			if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL))
+				goto err;
 			outlen += mdlen;
 			}
 		else
 			{
-			EVP_DigestFinal_ex(&c, md, NULL);
+			if (!EVP_DigestFinal_ex(&c, md, NULL))
+				goto err;
 			memcpy(mask + outlen, md, len - outlen);
 			outlen = len;
 			}
 		}
+	rv = 0;
+	err:
 	EVP_MD_CTX_cleanup(&c);
-	return 0;
+	return rv;
 	}
 
 static int MGF1(unsigned char *mask, long len, const unsigned char *seed,

crypto/stack/safestack.h

@@ -2033,79 +2033,79 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 
 #define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
 #define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
-#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i))
+#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i))
 #define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
-#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i)
+#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
+#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i)
 #define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val))
 #define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
 #define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
 #define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
-#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr))
+#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr))
 #define sk_OPENSSL_STRING_set_cmp_func(st, cmp)  \
 	((int (*)(const char * const *,const char * const *)) \
-	sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp)))
+	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp)))
 #define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
 #define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st))
+#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st))
 #define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
 #define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
 
 
-#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
-#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i))
-#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
-#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i)
-#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
-#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr))
-#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
-	((int (*)(const void * const *,const void * const *)) \
-	sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st))
-#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
-
-
 #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
 #define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
-#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i))
+#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i))
 #define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
-#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
+#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
+#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
 #define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
 #define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
 #define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
 #define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
-#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
+#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
 #define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp)  \
 	((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
-	sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
 #define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
 #define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st))
+#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st))
 #define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
 #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
 
 
+#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
+#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
+#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
+#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
+	((int (*)(const void * const *,const void * const *)) \
+	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
+#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
+
+
 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
 	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \

crypto/ts/ts_verify_ctx.c

@@ -56,7 +56,6 @@
  *
  */
 
-#include <assert.h>
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/ts.h>
@@ -74,7 +73,7 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
 
 void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
 	{
-	assert(ctx != NULL);
+	OPENSSL_assert(ctx != NULL);
 	memset(ctx, 0, sizeof(TS_VERIFY_CTX));
 	}
 
@@ -116,7 +115,7 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
 	ASN1_OCTET_STRING *msg;
 	const ASN1_INTEGER *nonce;
 
-	assert(req != NULL);
+	OPENSSL_assert(req != NULL);
 	if (ret)
 		TS_VERIFY_CTX_cleanup(ret);
 	else

crypto/vms_rms.h

@@ -0,0 +1,51 @@
+
+#ifdef NAML$C_MAXRSS
+
+# define CC_RMS_NAMX cc$rms_naml
+# define FAB_NAMX fab$l_naml
+# define FAB_OR_NAML( fab, naml) naml
+# define FAB_OR_NAML_DNA naml$l_long_defname
+# define FAB_OR_NAML_DNS naml$l_long_defname_size
+# define FAB_OR_NAML_FNA naml$l_long_filename
+# define FAB_OR_NAML_FNS naml$l_long_filename_size
+# define NAMX_ESA naml$l_long_expand
+# define NAMX_ESL naml$l_long_expand_size
+# define NAMX_ESS naml$l_long_expand_alloc
+# define NAMX_NOP naml$b_nop
+# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1
+
+# if __INITIAL_POINTER_SIZE == 64
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \
+   fab.fab$l_fna = (__char_ptr32) -1;
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \
+   fab.fab$l_fna = (char *) -1;
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+# define NAMX_MAXRSS NAML$C_MAXRSS
+# define NAMX_STRUCT NAML
+
+#else /* def NAML$C_MAXRSS */
+
+# define CC_RMS_NAMX cc$rms_nam
+# define FAB_NAMX fab$l_nam
+# define FAB_OR_NAML( fab, naml) fab
+# define FAB_OR_NAML_DNA fab$l_dna
+# define FAB_OR_NAML_DNS fab$b_dns
+# define FAB_OR_NAML_FNA fab$l_fna
+# define FAB_OR_NAML_FNS fab$b_fns
+# define NAMX_ESA nam$l_esa
+# define NAMX_ESL nam$b_esl
+# define NAMX_ESS nam$b_ess
+# define NAMX_NOP nam$b_nop
+# define NAMX_DNA_FNA_SET(fab)
+# define NAMX_MAXRSS NAM$C_MAXRSS
+# define NAMX_STRUCT NAM
+# ifdef NAM$M_NO_SHORT_UPCASE
+#  define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1
+# else /* def NAM$M_NO_SHORT_UPCASE */
+#  define SET_NAMX_NO_SHORT_UPCASE( nam)
+# endif /* def NAM$M_NO_SHORT_UPCASE [else] */
+
+#endif /* def NAML$C_MAXRSS [else] */
+

crypto/x509/x509_vfy.c

@@ -703,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
 	x = sk_X509_value(ctx->chain, cnum);
 	ctx->current_cert = x;
 	ctx->current_issuer = NULL;
+	ctx->current_crl_score = 0;
 	ctx->current_reasons = 0;
 	while (ctx->current_reasons != CRLDP_ALL_REASONS)
 		{
@@ -2015,6 +2016,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 	ctx->error_depth=0;
 	ctx->current_cert=NULL;
 	ctx->current_issuer=NULL;
+	ctx->current_crl=NULL;
+	ctx->current_crl_score=0;
+	ctx->current_reasons=0;
 	ctx->tree = NULL;
 	ctx->parent = NULL;
 

crypto/x509v3/v3_addr.c

@@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
   unsigned char addr[ADDR_RAW_BUF_LEN];
   int i, n;
 
+  if (bs->length < 0)
+    return 0;
   switch (afi) {
   case IANA_AFI_IPV4:
+    if (bs->length > 4)
+      return 0;
     addr_expand(addr, bs, 4, fill);
     BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
     break;
   case IANA_AFI_IPV6:
+    if (bs->length > 16)
+      return 0;
     addr_expand(addr, bs, 16, fill);
     for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
       ;

crypto/x509v3/v3_asid.c

@@ -61,7 +61,6 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <assert.h>
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
@@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
 {
   const ASIdOrRange *a = *a_, *b = *b_;
 
-  assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+  OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
 	 (a->type == ASIdOrRange_range && a->u.range != NULL &&
 	  a->u.range->min != NULL && a->u.range->max != NULL));
 
-  assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+  OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
 	 (b->type == ASIdOrRange_range && b->u.range != NULL &&
 	  b->u.range->min != NULL && b->u.range->max != NULL));
 
@@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
   if (*choice == NULL) {
     if ((*choice = ASIdentifierChoice_new()) == NULL)
       return 0;
-    assert((*choice)->u.inherit == NULL);
+    OPENSSL_assert((*choice)->u.inherit == NULL);
     if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
       return 0;
     (*choice)->type = ASIdentifierChoice_inherit;
@@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
   if (*choice == NULL) {
     if ((*choice = ASIdentifierChoice_new()) == NULL)
       return 0;
-    assert((*choice)->u.asIdsOrRanges == NULL);
+    OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
     (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
     if ((*choice)->u.asIdsOrRanges == NULL)
       return 0;
@@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
 			    ASN1_INTEGER **min,
 			    ASN1_INTEGER **max)
 {
-  assert(aor != NULL && min != NULL && max != NULL);
+  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
   switch (aor->type) {
   case ASIdOrRange_id:
     *min = aor->u.id;
@@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 int v3_asid_is_canonical(ASIdentifiers *asid)
 {
   return (asid == NULL ||
-	  (ASIdentifierChoice_is_canonical(asid->asnum) ||
+	  (ASIdentifierChoice_is_canonical(asid->asnum) &&
 	   ASIdentifierChoice_is_canonical(asid->rdi)));
 }
 
@@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
   /*
    * We have a list.  Sort it.
    */
-  assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
+  OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
   sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
 
   /*
@@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     /*
      * Make sure we're properly sorted (paranoia).
      */
-    assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
 
     /*
      * Check for overlaps.
@@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     }
   }
 
-  assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+  OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
 
   ret = 1;
 
@@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
   X509 *x;
 
-  assert(chain != NULL && sk_X509_num(chain) > 0);
-  assert(ctx != NULL || ext != NULL);
-  assert(ctx == NULL || ctx->verify_cb != NULL);
+  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+  OPENSSL_assert(ctx != NULL || ext != NULL);
+  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
 
   /*
    * Figure out where to start.  If we don't have an extension to
@@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   } else {
     i = 0;
     x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
     if ((ext = x->rfc3779_asid) == NULL)
       goto done;
   }
@@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
    */
   for (i++; i < sk_X509_num(chain); i++) {
     x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
     if (x->rfc3779_asid == NULL) {
       if (child_as != NULL || child_rdi != NULL)
 	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   /*
    * Trust anchor can't inherit.
    */
-  assert(x != NULL);
+  OPENSSL_assert(x != NULL);
   if (x->rfc3779_asid != NULL) {
     if (x->rfc3779_asid->asnum != NULL &&
 	x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)

doc/ssl/ssl.pod

@@ -158,7 +158,7 @@ Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
 
 Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
 
-=item cosnt SSL_METHOD *B<TLSv1_server_method>(void);
+=item const SSL_METHOD *B<TLSv1_server_method>(void);
 
 Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
 

engines/ccgost/gost_crypt.c

@@ -495,7 +495,8 @@ int  gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
 int gost_imit_init_cpa(EVP_MD_CTX *ctx)
 	{
 	struct ossl_gost_imit_ctx *c = ctx->md_data;
-	memset(c->buffer,0,16);
+	memset(c->buffer,0,sizeof(c->buffer));
+	memset(c->partial_block,0,sizeof(c->partial_block));
 	c->count = 0;
 	c->bytes_left=0;
 	c->key_meshing=1;

engines/e_capi.c

@@ -1814,6 +1814,8 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
 #include <openssl/engine.h>
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
 IMPLEMENT_DYNAMIC_CHECK_FN()
 #else

engines/e_capi_err.h

@@ -55,6 +55,10 @@
 #ifndef HEADER_CAPI_ERR_H
 #define HEADER_CAPI_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.

engines/e_gmp.c

@@ -471,6 +471,8 @@ static int bind_fn(ENGINE *e, const char *id)
 IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
 #else
 OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
 #endif
 #endif /* !OPENSSL_NO_DYNAMIC_ENGINE */

engines/e_padlock.c

@@ -108,6 +108,8 @@ static ENGINE *ENGINE_padlock (void);
 # endif
 #endif
 
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+
 void ENGINE_load_padlock (void)
 {
 /* On non-x86 CPUs it just returns. */
@@ -120,6 +122,8 @@ void ENGINE_load_padlock (void)
 #endif
 }
 
+#endif
+
 #ifdef COMPILE_HW_PADLOCK
 /* We do these includes here to avoid header problems on platforms that
    do not have the VIA padlock anyway... */
@@ -1218,6 +1222,8 @@ static RAND_METHOD padlock_rand = {
 #else  /* !COMPILE_HW_PADLOCK */
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
 IMPLEMENT_DYNAMIC_CHECK_FN()
 #endif

engines/makeengines.com

@@ -28,11 +28,35 @@ $!
 $!  P6	if defined, denotes which engines to build.  If not defined,
 $!	all available engines are built.
 $!
+$!  P7, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
+$!
+$!	""	Compile with default (/NOPOINTER_SIZE)
+$!	32	Compile with /POINTER_SIZE=32 (SHORT)
+$!	64	Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
+$!
+$!  P8, if defined, specifies a directory where ZLIB files (zlib.h,
+$!  libz.olb) may be found.  Optionally, a non-default object library
+$!  name may be included ("dev:[dir]libz_64.olb", for example).
+$!
 $!-----------------------------------------------------------------------------
 $!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on control_c then goto exit
+$!
 $! Set the default TCP/IP library to link against if needed
 $!
 $ TCPIP_LIB = ""
+$ ZLIB_LIB = ""
 $!
 $! Check What Architecture We Are Using.
 $!
@@ -56,6 +80,11 @@ $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ OPT_FILE = ""
+$ POINTER_SIZE = ""
+$!
 $! Set the names of the engines we want to build
 $! NOTE: Some might think this list ugly.  However, it's made this way to
 $! reflect the LIBNAMES variable in Makefile as closely as possible,
@@ -72,19 +101,7 @@ $!
 $ IF (ARCH .NES. "VAX") THEN -
        ENGINES = ENGINES+ ",ccgost"
 $!
-$! Set the goal directories, and create them if necessary
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.ENGINES]
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.ENGINES]
-$ IF F$PARSE(OBJ_DIR) .EQS. "" THEN CREATE/DIRECTORY 'OBJ_DIR'
-$ IF F$PARSE(EXE_DIR) .EQS. "" THEN CREATE/DIRECTORY 'EXE_DIR'
-$!
-$! Set the goal files, and create them if necessary
-$!
-$ CRYPTO_LIB :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
-$ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB'
-$!
-$! OK, time to check options and initialise
+$! Check options.
 $!
 $ OPT_PHASE = P1
 $ ACCEPT_PHASE = "ALL,ENGINES"
@@ -92,8 +109,39 @@ $ OPT_DEBUG = P2
 $ OPT_COMPILER = P3
 $ OPT_TCPIP_LIB = P4
 $ OPT_SPECIAL_THREADS = P5
+$ OPT_POINTER_SIZE = P7
+$ ZLIB = P8
 $
 $ GOSUB CHECK_OPTIONS
+$!
+$! Set the goal directories, and create them if necessary
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.ENGINES]
+$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.ENGINES]
+$ IF F$PARSE(OBJ_DIR) .EQS. "" THEN CREATE/DIRECTORY 'OBJ_DIR'
+$ IF F$PARSE(EXE_DIR) .EQS. "" THEN CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! Set the goal files, and create them if necessary
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
+$ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB'
+$!
+$! Specify the destination directory in any /MAP option.
+$!
+$ if (LINKMAP .eqs. "MAP")
+$ then
+$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
+$ endif
+$!
+$! Add the location prefix to the linker options file name.
+$!
+$ if (OPT_FILE .nes. "")
+$ then
+$   OPT_FILE = EXE_DIR+ OPT_FILE
+$ endif
+$!
+$! Initialise.
+$!
 $ GOSUB INITIALISE
 $ GOSUB CHECK_OPT_FILE
 $!
@@ -172,7 +220,7 @@ $! Create a .OPT file for the object files (for a real engine name).
 $!
 $ IF ENGINE_NAME .NES. ""
 $ THEN
-$   OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT
+$   OPEN /WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT
 $ ENDIF
 $!
 $! Here's the start of per-engine module loop.
@@ -257,18 +305,14 @@ $! For shareable libraries, we need to do things a little differently
 $! depending on if we link with a TCP/IP library or not.
 $!
 $ ENGINE_OPT := SYS$DISK:[]'ARCH'.OPT
-$ IF TCPIP_LIB .NES. ""
-$ THEN
-$   LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
-	'EXE_DIR''ENGINE_NAME'.OPT/OPTION'TV_OBJ', -
-	'CRYPTO_LIB'/LIBRARY, -
-	'ENGINE_OPT'/OPTION,'TCPIP_LIB','OPT_FILE'/OPTION
-$ ELSE
-$   LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
-	'EXE_DIR''ENGINE_NAME'.OPT/OPTION'TV_OBJ', -
-        'CRYPTO_LIB'/LIBRARY, -
-	'ENGINE_OPT'/OPTION,'OPT_FILE'/OPTION
-$ ENDIF
+$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
+   'EXE_DIR''ENGINE_NAME'.OPT /OPTIONS -
+   'TV_OBJ', -
+   'CRYPTO_LIB' /LIBRARY, -
+   'ENGINE_OPT' /OPTIONS -
+   'TCPIP_LIB' -
+   'ZLIB_LIB' -
+   ,'OPT_FILE' /OPTIONS
 $!
 $! Next engine
 $!
@@ -302,7 +346,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable VAX C Runtime Library.
 !
 SYS$SHARE:VAXCRTL.EXE/SHARE
@@ -331,7 +375,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable C Runtime Library.
 !
 GNU_CC:[000000]GCCLIB/LIBRARY
@@ -366,7 +410,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable DEC C Runtime Library.
 !
 SYS$SHARE:DECC$SHR.EXE/SHARE
@@ -381,7 +425,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For non-VAX To Link Agianst 
+! Default System Options File For non-VAX To Link Against 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -453,8 +497,8 @@ $     IF ("," + ACCEPT_PHASE + ",") - ",ENGINES," -
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " where 'xxx' stands for:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 architecture."
+$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha architecture."
+$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 architecture."
 $     WRITE SYS$OUTPUT "    VAX      :  VAX architecture."
 $     WRITE SYS$OUTPUT ""
 $!
@@ -475,15 +519,16 @@ $!
 $ IF (OPT_DEBUG.EQS."NODEBUG")
 $ THEN
 $!
-$!   OPT_DEBUG Is NODEBUG, So Compile Without The Debugger Information.
+$!  OPT_DEBUG Is NODEBUG, So Compile Without The Debugger Information.
 $!
-$    DEBUGGER = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    MACRO_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$   DEBUGGER = "NODEBUG"
+$   LINKMAP = "NOMAP"
+$   TRACEBACK = "NOTRACEBACK" 
+$   GCC_OPTIMIZE = "OPTIMIZE"
+$   CC_OPTIMIZE = "OPTIMIZE"
+$   MACRO_OPTIMIZE = "OPTIMIZE"
+$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
 $ ELSE
 $!
 $!  Check To See If We Are To Compile With Debugger Information.
@@ -494,6 +539,7 @@ $!
 $!    Compile With Debugger Information.
 $!
 $     DEBUGGER = "DEBUG"
+$     LINKMAP = "MAP"
 $     TRACEBACK = "TRACEBACK"
 $     GCC_OPTIMIZE = "NOOPTIMIZE"
 $     CC_OPTIMIZE = "NOOPTIMIZE"
@@ -502,7 +548,7 @@ $     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
 $     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
 $   ELSE 
 $!
-$!    They Entered An Invalid Option..
+$!    They Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",OPT_DEBUG," Is Invalid.  The Valid Options Are:"
@@ -557,6 +603,59 @@ $! End The OPT_SPECIAL_THREADS Check.
 $!
 $ ENDIF
 $!
+$! Check OPT_POINTER_SIZE (P7).
+$!
+$ IF (OPT_POINTER_SIZE .NES. "") .AND. (ARCH .NES. "VAX")
+$ THEN
+$!
+$   IF (OPT_POINTER_SIZE .EQS. "32")
+$   THEN
+$     POINTER_SIZE = " /POINTER_SIZE=32"
+$   ELSE
+$     POINTER_SIZE = F$EDIT( OPT_POINTER_SIZE, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
+$     THEN
+$       ARCHD = ARCH+ "_64"
+$       LIB32 = ""
+$       POINTER_SIZE = " /POINTER_SIZE=64"
+$     ELSE
+$!
+$!      Tell The User Entered An Invalid Option.
+$!
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", OPT_POINTER_SIZE, -
+         " Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT -
+         "    """"       :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32       :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
+$       WRITE SYS$OUTPUT ""
+$! 
+$!      Time To EXIT.
+$!
+$       EXIT
+$!
+$     ENDIF
+$!
+$   ENDIF
+$!
+$! End The OPT_POINTER_SIZE Check.
+$!
+$ ENDIF
+$!
+$! Set basic C compiler /INCLUDE directories.
+$!
+$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[.VENDOR_DEFNS]"
+$!
 $! Check To See If OPT_COMPILER Is Blank.
 $!
 $ IF (OPT_COMPILER.EQS."")
@@ -657,11 +756,63 @@ $ CCDEFS = "TCPIP_TYPE_''OPT_TCPIP_LIB',DSO_VMS"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$! Check To See If We Have A ZLIB Option.
+$!
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$   file1 = f$parse( "A.;", ZLIB)- "A.;"
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     EXIT
+$   endif
+$!
+$   CCDEFS = """ZLIB=1"", "+ CCDEFS
+$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
+$   ZLIB_LIB = ", ''file2' /library"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $ IF (OPT_COMPILER.EQS."VAXC").OR.(OPT_COMPILER.EQS."DECC").OR.(OPT_COMPILER.EQS."GNUC")
 $ THEN
@@ -684,14 +835,14 @@ $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.VENDOR_DEFNS])" + -
-	   CCEXTRAFLAGS
+$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
+       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
+       " /INCLUDE=(''CC_INCLUDES') " + -
+       CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -720,7 +871,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   "/INCLUDE=(''CC_INCLUDES')" + -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -730,7 +881,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -752,12 +903,12 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   "/INCLUDE=(''CC_INCLUDES')" + -
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -773,12 +924,12 @@ $   IF COMPILER .EQS. "DECC"
 $   THEN
 $     IF CCDISABLEWARNINGS .NES. ""
 $     THEN
-$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $     ENDIF
 $   ELSE
 $     CCDISABLEWARNINGS = ""
 $   ENDIF
-$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $!  Show user the result
 $!
@@ -808,8 +959,12 @@ $ ENDIF
 $!
 $! Build a MACRO command for the architecture at hand
 $!
-$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
-$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$   MACRO = "MACRO/''DEBUGGER'"
+$ ELSE
+$   MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$ ENDIF
 $!
 $!  Show user the result
 $!
@@ -829,7 +984,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -855,13 +1010,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+	  TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -875,7 +1030,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -896,7 +1051,7 @@ $   ENDIF
 $!
 $!  Print info
 $!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
 $!
 $!  Else The User Entered An Invalid Argument.
 $!
@@ -939,7 +1094,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
 $! Set up the logical name OPENSSL to point at the include directory
 $!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$ DEFINE OPENSSL /NOLOG '__INCLUDE'
 $!
 $! Done
 $!
@@ -947,15 +1102,24 @@ $ RETURN
 $!
 $ CLEANUP:
 $!
-$! Restore the logical name OPENSSL if it had a value
+$! Restore the saved logical name OPENSSL, if it had a value.
 $!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$   DEASSIGN OPENSSL
-$ ELSE
-$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
+$ if (f$type( __SAVE_OPENSSL) .nes. "")
+$ then
+$   IF __SAVE_OPENSSL .EQS. ""
+$   THEN
+$     DEASSIGN OPENSSL
+$   ELSE
+$     DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
+$   ENDIF
+$ endif
+$!
+$! Close any open files.
+$!
+$ if (f$trnlnm( "objects", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close objects
 $!
 $! Done
 $!
 $ RETURN
+$!

install.com

@@ -3,99 +3,134 @@ $!
 $! Author: Richard Levitte <richard@levitte.org>
 $! Time of creation: 22-MAY-1998 10:13
 $!
-$! P1	root of the directory tree
+$! P1  root of the directory tree
+$! P2  "64" for 64-bit pointers.
 $!
-$	DEF_ORIG = F$ENVIRONMENT( "DEFAULT")
-$	ON ERROR THEN GOTO TIDY
-$	ON CONTROL_C THEN GOTO TIDY
-$
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT -
-		  "It Should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	IF (F$GETSYI("CPU").LT.128)
-$	THEN
-$	    ARCH := VAX
-$	ELSE
-$	    ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$	    IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ def_orig = f$environment( "default")
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if (p1 .eqs. "")
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "It should be the directory where you want things installed."
+$   exit
+$ endif
+$!
+$ if (f$getsyi("cpu") .lt. 128)
+$ then
+$   arch = "VAX"
+$ else
+$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$ archd = arch
+$!
+$ if (p2 .nes. "")
+$ then
+$   if (p2 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$   else
+$     if (p2 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
+$ root_dev = f$parse( root, , , "device", "syntax_only")
+$ root_dir = f$parse( root, , , "directory", "syntax_only") -
 		   - ".][000000" - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLXLIB WRK_SSLROOT:['ARCH'_LIB]
-$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
-$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$	DEFINE/NOLOG WRK_SSLXEXE WRK_SSLROOT:['ARCH'_EXE]
-$	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
-$	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
-$
+$ root = root_dev + "[" + root_dir
+$!
+$ define /nolog wrk_sslroot 'root'.] /trans=conc
+$ define /nolog wrk_sslcerts wrk_sslroot:[certs]
+$ define /nolog wrk_sslinclude wrk_sslroot:[include]
+$ define /nolog wrk_ssllib wrk_sslroot:[lib]
+$ define /nolog wrk_sslprivate wrk_sslroot:[private]
+$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe]
+$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
 $!
 $! Exhibit the destination directory.
 $!
-$	WRITE SYS$OUTPUT "   Installing to (WRK_SSLROOT) ="
-$	WRITE SYS$OUTPUT "    ''f$trnlnm( "WRK_SSLROOT")'"
-$	WRITE SYS$OUTPUT ""
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLXEXE:
-$	IF F$PARSE("WRK_SSLXLIB:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLXLIB:
-$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLLIB:
-$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLINCLUDE:
-$	IF F$PARSE("WRK_SSLCERTS:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLCERTS:
-$	IF F$PARSE("WRK_SSLPRIVATE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLPRIVATE:
-$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
-$
-$	SDIRS := CRYPTO,SSL,APPS,VMS!,RSAREF,TEST,TOOLS
-$	EXHEADER := e_os2.h
-$
-$	COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER'
-$
-$	I = 0
-$ LOOP_SDIRS: 
-$	D = F$ELEMENT(I, ",", SDIRS)
-$	I = I + 1
-$	IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
-$	WRITE SYS$OUTPUT "Installing ",D," files."
-$	SET DEFAULT [.'D']
-$	@INSTALL 'ROOT']
-$	SET DEFAULT [-]
-$	GOTO LOOP_SDIRS
-$ LOOP_SDIRS_END:
-$
-$	WRITE SYS$OUTPUT ""
-$	WRITE SYS$OUTPUT "	Installation done!"
-$	WRITE SYS$OUTPUT ""
-$	WRITE SYS$OUTPUT "	You might want to purge ",ROOT,"...]"
-$	WRITE SYS$OUTPUT ""
-$
-$ TIDY:
-$	SET DEFAULT 'DEF_ORIG'
-$
-$	DEASSIGN WRK_SSLROOT
-$	DEASSIGN WRK_SSLXLIB
-$	DEASSIGN WRK_SSLLIB
-$	DEASSIGN WRK_SSLINCLUDE
-$	DEASSIGN WRK_SSLXEXE
-$	DEASSIGN WRK_SSLCERTS
-$	DEASSIGN WRK_SSLPRIVATE
-$
-$	EXIT
+$ write sys$output "   Installing to (WRK_SSLROOT) ="
+$ write sys$output "    ''f$trnlnm( "wrk_sslroot")'"
+$ write sys$output ""
+$!
+$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse("wrk_sslxexe:") .eqs. "" then -
+   create /directory /log wrk_sslxexe:
+$ if f$parse("wrk_sslxlib:") .eqs. "" then -
+   create /directory /log wrk_sslxlib:
+$ if f$parse("wrk_ssllib:") .eqs. "" then -
+   create /directory /log wrk_ssllib:
+$ if f$parse("wrk_sslinclude:") .eqs. "" then -
+   create /directory /log wrk_sslinclude:
+$ if f$parse("wrk_sslcerts:") .eqs. "" then -
+   create /directory /log wrk_sslcerts:
+$ if f$parse("wrk_sslprivate:") .eqs. "" then -
+   create /directory /log wrk_sslprivate:
+$ if f$parse("wrk_sslroot:[VMS]") .EQS. "" THEN -
+   create /directory /log wrk_sslroot:[VMS]
+$!
+$ sdirs := CRYPTO, SSL, APPS, VMS !!!, RSAREF, TEST, TOOLS
+$ exheader := e_os2.h
+$!
+$ copy /protection = w:re 'exheader' wrk_sslinclude: /log
+$!
+$ i = 0
+$ loop_sdirs: 
+$   d = f$edit( f$element(i, ",", sdirs), "trim")
+$   i = i + 1
+$   if d .eqs. "," then goto loop_sdirs_end
+$   write sys$output "Installing ", d, " files."
+$   set default [.'d']
+$   @ install-'d'.com 'root'] 'p2'
+$   set default 'def_orig'
+$ goto loop_sdirs
+$ loop_sdirs_end:
+$!
+$ write sys$output ""
+$ write sys$output "	Installation done!"
+$ write sys$output ""
+$ if (f$search( root+ "...]*.*;-1") .nes. "")
+$ then
+$   write sys$output "	You might want to purge ", root, "...]"
+$   write sys$output ""
+$ endif
+$!
+$ tidy:
+$!
+$ set default 'def_orig'
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslcerts
+$ call deass wrk_sslinclude
+$ call deass wrk_ssllib
+$ call deass wrk_sslprivate
+$ call deass wrk_sslxexe
+$ call deass wrk_sslxlib
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!

makevms.com

@@ -15,7 +15,7 @@ $! The "xxx" denotes the machine architecture of ALPHA, IA64 or VAX.
 $!
 $! This procedures accepts two command line options listed below.
 $!
-$! Specify one of the following build options for P1.
+$! P1 specifies one of the following build options:
 $!
 $!      ALL       Just build "everything".
 $!      CONFIG    Just build the "[.CRYPTO._xxx]OPENSSLCONF.H" file.
@@ -31,14 +31,21 @@ $!      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
 $!      APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
 $!      ENGINES   Just build the "[.xxx.EXE.ENGINES]" application programs for OpenSSL.
 $!
+$! P2, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
 $!
-$! P2 is ignored (it was used to denote if RSAref should be used or not,
-$! and is simply kept so surrounding scripts don't get confused)
+$!      ""       Compile with default (/NOPOINTER_SIZE).
+$!      32       Compile with /POINTER_SIZE=32 (SHORT).
+$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]).
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
 $!
-$! Specify DEBUG or NODEBUG as P3 to compile with or without debugging
-$! information.
+$! P3 specifies DEBUG or NODEBUG, to compile with or without debugging
+$!    information.
 $!
-$! Specify which compiler as P4 to try to compile under.
+$! P4 specifies which compiler to try to compile under.
 $!
 $!	  VAXC	 For VAX C.
 $!	  DECC	 For DEC C.
@@ -60,8 +67,18 @@ $!	NONE		to avoid specifying which TCP/IP implementation to
 $!			use at build time (this works with DEC C).  This is
 $!			the default.
 $!
-$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up).
 $!
+$! P7, if defined, specifies a directory where ZLIB files (zlib.h,
+$! libz.olb) may be found.  Optionally, a non-default object library
+$! name may be included ("dev:[dir]libz_64.olb", for example).
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
 $!
 $ DEF_ORIG = F$ENVIRONMENT( "DEFAULT")
 $ ON ERROR THEN GOTO TIDY
@@ -99,6 +116,10 @@ $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ POINTER_SIZE = ""
+$!
 $! Get VMS version.
 $!
 $ VMS_VERSION = f$edit( f$getsyi( "VERSION"), "TRIM")
@@ -173,12 +194,12 @@ $ CONFIG:
 $!
 $! Tell The User We Are Creating The [.CRYPTO._xxx]OPENSSLCONF.H File.
 $!
-$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']OPENSSLCONF.H Include File."
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO.''ARCHD']OPENSSLCONF.H Include File."
 $!
 $! First, make sure the directory exists.
 $!
-$ IF F$PARSE("SYS$DISK:[.CRYPTO._''ARCH']") .EQS. "" THEN -
-     CREATE/DIRECTORY SYS$DISK:[.CRYPTO._'ARCH']
+$ IF F$PARSE("SYS$DISK:[.CRYPTO.''ARCHD']") .EQS. "" THEN -
+     CREATE/DIRECTORY SYS$DISK:[.CRYPTO.'ARCHD']
 $!
 $! Different tar/UnZip versions/option may have named the file differently
 $ IF F$SEARCH("[.crypto]opensslconf.h_in") .NES. ""
@@ -204,7 +225,7 @@ $!
 $! Create The [.CRYPTO._xxx]OPENSSLCONF.H File.
 $! Make sure it has the right format.
 $!
-$ OSCH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']OPENSSLCONF.H"
+$ OSCH_NAME = "SYS$DISK:[.CRYPTO.''ARCHD']OPENSSLCONF.H"
 $ CREATE /FDL=SYS$INPUT: 'OSCH_NAME'
 RECORD
         FORMAT stream_lf
@@ -223,7 +244,7 @@ $ WRITE H_FILE "# define OPENSSL_SYS_VMS"
 $ WRITE H_FILE "#endif"
 $
 $! One of the best way to figure out what the list should be is to do
-$! the followin on a Unix system:
+$! the following on a Unix system:
 $!   grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq
 $! For that reason, the list will also always end up in alphabetical order
 $ CONFIG_LOGICALS := AES,-
@@ -321,7 +342,7 @@ $
 $! Architecture specific rule addtions
 $ IF ARCH .EQS. "VAX"
 $ THEN
-$   ! Disable algorithms that require 64 bit integers in C
+$   ! Disable algorithms that require 64-bit integers in C
 $   CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + -
 			   ";/GOST" + -
 			   ";/WHIRLPOOL"
@@ -350,7 +371,8 @@ $
 $! Apply cascading disable rules
 $ CONFIG_DISABLE_I = 0
 $ CONFIG_DISABLE_LOOP0:
-$   CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";",CONFIG_DISABLE_RULES),"TRIM")
+$   CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";", -
+     CONFIG_DISABLE_RULES),"TRIM")
 $   CONFIG_DISABLE_I = CONFIG_DISABLE_I + 1
 $   IF CONFIG_DISABLE_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP0
 $   IF CONFIG_DISABLE_E .EQS. ";" THEN GOTO CONFIG_DISABLE_LOOP0_END
@@ -360,7 +382,8 @@ $   CONFIG_DISABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_DISABLE_E),"TRIM")
 $   TO_DISABLE := YES
 $   CONFIG_ALGO_I = 0
 $   CONFIG_DISABLE_LOOP1:
-$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_DISABLE_ALGOS),"TRIM")
+$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",", -
+       CONFIG_DISABLE_ALGOS),"TRIM")
 $     CONFIG_ALGO_I = CONFIG_ALGO_I + 1
 $     IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP1
 $     IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP1_END
@@ -377,7 +400,8 @@ $   IF TO_DISABLE
 $   THEN
 $     CONFIG_DEPENDENT_I = 0
 $     CONFIG_DISABLE_LOOP2:
-$	CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_DISABLE_DEPENDENTS),"TRIM")
+$	CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",", -
+         CONFIG_DISABLE_DEPENDENTS),"TRIM")
 $	CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1
 $	IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP2
 $	IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP2_END
@@ -385,7 +409,8 @@ $       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES
 $       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO
 $	! Better not to assume defaults at this point...
 $	CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
-$	WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'"
+$	WRITE SYS$ERROR -
+         "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'"
 $	GOTO CONFIG_DISABLE_LOOP2
 $     CONFIG_DISABLE_LOOP2_END:
 $   ENDIF
@@ -395,7 +420,8 @@ $
 $! Apply cascading enable rules
 $ CONFIG_ENABLE_I = 0
 $ CONFIG_ENABLE_LOOP0:
-$   CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";",CONFIG_ENABLE_RULES),"TRIM")
+$   CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";", -
+     CONFIG_ENABLE_RULES),"TRIM")
 $   CONFIG_ENABLE_I = CONFIG_ENABLE_I + 1
 $   IF CONFIG_ENABLE_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP0
 $   IF CONFIG_ENABLE_E .EQS. ";" THEN GOTO CONFIG_ENABLE_LOOP0_END
@@ -405,7 +431,8 @@ $   CONFIG_ENABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_ENABLE_E),"TRIM")
 $   TO_ENABLE := YES
 $   CONFIG_ALGO_I = 0
 $   CONFIG_ENABLE_LOOP1:
-$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_ENABLE_ALGOS),"TRIM")
+$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",", -
+       CONFIG_ENABLE_ALGOS),"TRIM")
 $     CONFIG_ALGO_I = CONFIG_ALGO_I + 1
 $     IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP1
 $     IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP1_END
@@ -422,7 +449,8 @@ $   IF TO_ENABLE
 $   THEN
 $     CONFIG_DEPENDENT_I = 0
 $     CONFIG_ENABLE_LOOP2:
-$	CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_ENABLE_DEPENDENTS),"TRIM")
+$	CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",", -
+         CONFIG_ENABLE_DEPENDENTS),"TRIM")
 $	CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1
 $	IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP2
 $	IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP2_END
@@ -430,7 +458,8 @@ $       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO
 $       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES
 $	! Better not to assume defaults at this point...
 $	CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
-$	WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'"
+$	WRITE SYS$ERROR -
+         "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'"
 $	GOTO CONFIG_ENABLE_LOOP2
 $     CONFIG_ENABLE_LOOP2_END:
 $   ENDIF
@@ -460,6 +489,17 @@ $   ENDIF
 $   GOTO CONFIG_LOG_LOOP2
 $ CONFIG_LOG_LOOP2_END:
 $!
+$ WRITE H_FILE ""
+$ WRITE H_FILE "/* 2011-02-23 SMS."
+$ WRITE H_FILE " * On VMS (V8.3), setvbuf() doesn't support a 64-bit"
+$ WRITE H_FILE " * ""in"" pointer, and the help says:"
+$ WRITE H_FILE " *       Please note that the previously documented"
+$ WRITE H_FILE " *       value _IONBF is not supported."
+$ WRITE H_FILE " * So, skip it on VMS."
+$ WRITE H_FILE " */"
+$ WRITE H_FILE "#define OPENSSL_NO_SETVBUF_IONBF"
+$ WRITE H_FILE ""
+$!
 $! Add in the common "crypto/opensslconf.h.in".
 $!
 $ TYPE 'OPENSSLCONF_H_IN' /OUTPUT=H_FILE:
@@ -552,7 +592,7 @@ $ CLOSE H_FILE
 $!
 $! Purge The [.CRYPTO._xxx]OPENSSLCONF.H file
 $!
-$ PURGE SYS$DISK:[.CRYPTO._'ARCH']OPENSSLCONF.H
+$ PURGE SYS$DISK:[.CRYPTO.'ARCHD']OPENSSLCONF.H
 $!
 $! That's All, Time To RETURN.
 $!
@@ -564,11 +604,11 @@ $ BUILDINF:
 $!
 $! Tell The User We Are Creating The [.CRYPTO._xxx]BUILDINF.H File.
 $!
-$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']BUILDINF.H Include File."
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO.''ARCHD']BUILDINF.H Include File."
 $!
 $! Create The [.CRYPTO._xxx]BUILDINF.H File.
 $!
-$ BIH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']BUILDINF.H"
+$ BIH_NAME = "SYS$DISK:[.CRYPTO.''ARCHD']BUILDINF.H"
 $ CREATE /FDL=SYS$INPUT: 'BIH_NAME'
 RECORD
         FORMAT stream_lf
@@ -581,8 +621,19 @@ $ TIME = F$TIME()
 $!
 $! Write The [.CRYPTO._xxx]BUILDINF.H File.
 $!
-$! WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */"
-$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'"""
+$ CFLAGS = ""
+$ if (POINTER_SIZE .nes. "")
+$ then
+$   CFLAGS = CFLAGS+ "/POINTER_SIZE=''POINTER_SIZE'"
+$ endif
+$ if (ZLIB .nes. "")
+$ then
+$   if (CFLAGS .nes. "") then CFLAGS = CFLAGS+ " "
+$   CFLAGS = CFLAGS+ "/DEFINE=ZLIB"
+$ endif
+$! 
+$ WRITE H_FILE "#define CFLAGS ""''CFLAGS'"""
+$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCHD' ''VMS_VERSION'"""
 $ WRITE H_FILE "#define DATE ""''TIME'"" "
 $!
 $! Close The [.CRYPTO._xxx]BUILDINF.H File.
@@ -591,7 +642,7 @@ $ CLOSE H_FILE
 $!
 $! Purge The [.CRYPTO._xxx]BUILDINF.H File.
 $!
-$ PURGE SYS$DISK:[.CRYPTO._'ARCH']BUILDINF.H
+$ PURGE SYS$DISK:[.CRYPTO.'ARCHD']BUILDINF.H
 $!
 $! Delete [.CRYPTO]BUILDINF.H File, as there might be some residue from Unix.
 $!
@@ -606,44 +657,58 @@ $! Copy a lot of files around.
 $!
 $ SOFTLINKS: 
 $!
-$! Tell The User We Are Partly Rebuilding The [.APPS] Directory.
+$!!!! Tell The User We Are Partly Rebuilding The [.APPS] Directory.
+$!!!!
+$!!! WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File."
+$!!!!
+$!!! DELETE SYS$DISK:[.APPS]MD4.C;*
+$!!!!
+$!!!! Copy MD4.C from [.CRYPTO.MD4] into [.APPS]
+$!!!!
+$!!! COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS]
 $!
-$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File."
+$! Ensure that the [.include.openssl] directory contains a full set of
+$! real header files.  The distribution kit may have left real or fake
+$! symlinks there.  Rather than think about what's there, simply delete
+$! the destination files (fake or real symlinks) before copying the real
+$! header files in.  (Copying a real header file onto a real symlink
+$! merely duplicates the real header file at its source.)
 $!
-$ DELETE SYS$DISK:[.APPS]MD4.C;*
+$! Tell The User We Are Rebuilding The [.include.openssl] Directory.
 $!
-$! Copy MD4.C from [.CRYPTO.MD4] into [.APPS]
+$ WRITE SYS$OUTPUT "Rebuilding The '[.include.openssl]' Directory."
 $!
-$ COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS]
+$! First, make sure the directory exists.  If it did exist, delete all
+$! the existing header files (or fake or real symlinks).
 $!
-$! Tell The User We Are Rebuilding The [.INCLUDE.OPENSSL] Directory.
-$!
-$ WRITE SYS$OUTPUT "Rebuilding The '[.INCLUDE.OPENSSL]' Directory."
-$!
-$! First, make sure the directory exists
-$!
-$ IF F$PARSE("SYS$DISK:[.INCLUDE.OPENSSL]") .EQS. "" THEN -
-     CREATE/DIRECTORY SYS$DISK:[.INCLUDE.OPENSSL]
+$ if f$parse( "sys$disk:[.include.openssl]") .eqs. ""
+$ then
+$   create /directory sys$disk:[.include.openssl]
+$ else
+$   delete sys$disk:[.include.openssl]*.h;*
+$ endif
 $!
 $! Copy All The ".H" Files From The Main Directory.
 $!
 $ EXHEADER := e_os2.h
-$ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
+$ copy 'exheader' sys$disk:[.include.openssl]
 $!
 $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.
 $!
-$ SDIRS := ,-
-   _'ARCH',-
-   OBJECTS,-
-   MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
-   DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,-
-   BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
-   BUFFER,BIO,STACK,LHASH,RAND,ERR,-
-   EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,-
-   STORE,CMS,PQUEUE,TS,JPAKE
-$ EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
-$ EXHEADER__'ARCH' := opensslconf.h
-$ EXHEADER_OBJECTS := objects.h,obj_mac.h
+$ SDIRS := , -
+   'ARCHD', -
+   OBJECTS, -
+   MD2, MD4, MD5, SHA, MDC2, HMAC, RIPEMD, WHRLPOOL, -
+   DES, AES, RC2, RC4, RC5, IDEA, BF, CAST, CAMELLIA, SEED, MODES, -
+   BN, EC, RSA, DSA, ECDSA, DH, ECDH, DSO, ENGINE, -
+   BUFFER, BIO, STACK, LHASH, RAND, ERR, -
+   EVP, ASN1, PEM, X509, X509V3, CONF, TXT_DB, PKCS7, PKCS12, -
+   COMP, OCSP, UI, KRB5, -
+   STORE, CMS, PQUEUE, TS, JPAKE
+$!
+$ EXHEADER_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
+$ EXHEADER_'ARCHD' := opensslconf.h
+$ EXHEADER_OBJECTS := objects.h, obj_mac.h
 $ EXHEADER_MD2 := md2.h
 $ EXHEADER_MD4 := md4.h
 $ EXHEADER_MD5 := md5.h
@@ -652,7 +717,7 @@ $ EXHEADER_MDC2 := mdc2.h
 $ EXHEADER_HMAC := hmac.h
 $ EXHEADER_RIPEMD := ripemd.h
 $ EXHEADER_WHRLPOOL := whrlpool.h
-$ EXHEADER_DES := des.h,des_old.h
+$ EXHEADER_DES := des.h, des_old.h
 $ EXHEADER_AES := aes.h
 $ EXHEADER_RC2 := rc2.h
 $ EXHEADER_RC4 := rc4.h
@@ -674,66 +739,64 @@ $ EXHEADER_DSO := dso.h
 $ EXHEADER_ENGINE := engine.h
 $ EXHEADER_BUFFER := buffer.h
 $ EXHEADER_BIO := bio.h
-$ EXHEADER_STACK := stack.h,safestack.h
+$ EXHEADER_STACK := stack.h, safestack.h
 $ EXHEADER_LHASH := lhash.h
 $ EXHEADER_RAND := rand.h
 $ EXHEADER_ERR := err.h
 $ EXHEADER_EVP := evp.h
-$ EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
-$ EXHEADER_PEM := pem.h,pem2.h
-$ EXHEADER_X509 := x509.h,x509_vfy.h
+$ EXHEADER_ASN1 := asn1.h, asn1_mac.h, asn1t.h
+$ EXHEADER_PEM := pem.h, pem2.h
+$ EXHEADER_X509 := x509.h, x509_vfy.h
 $ EXHEADER_X509V3 := x509v3.h
-$ EXHEADER_CONF := conf.h,conf_api.h
+$ EXHEADER_CONF := conf.h, conf_api.h
 $ EXHEADER_TXT_DB := txt_db.h
 $ EXHEADER_PKCS7 := pkcs7.h
 $ EXHEADER_PKCS12 := pkcs12.h
 $ EXHEADER_COMP := comp.h
 $ EXHEADER_OCSP := ocsp.h
-$ EXHEADER_UI := ui.h,ui_compat.h
+$ EXHEADER_UI := ui.h, ui_compat.h
 $ EXHEADER_KRB5 := krb5_asn.h
-$!EXHEADER_STORE := store.h,str_compat.h
+$!!! EXHEADER_STORE := store.h, str_compat.h
 $ EXHEADER_STORE := store.h
 $ EXHEADER_CMS := cms.h
 $ EXHEADER_PQUEUE := pqueue.h
 $ EXHEADER_TS := ts.h
 $ EXHEADER_JPAKE := jpake.h
-$
-$ I = 0
-$ LOOP_SDIRS: 
-$ D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
-$ I = I + 1
-$ IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
-$ tmp = EXHEADER_'D'
-$ IF D .EQS. ""
-$ THEN
-$   COPY [.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
-$ ELSE
-$   COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
-$ ENDIF
-$ GOTO LOOP_SDIRS
-$ LOOP_SDIRS_END:
+$!
+$ i = 0
+$ loop_sdirs:
+$   sdir = f$edit( f$element( i, ",", sdirs), "trim")
+$   i = i + 1
+$   if (sdir .eqs. ",") then goto loop_sdirs_end
+$   hdr_list = exheader_'sdir'
+$   if (sdir .nes. "") then sdir = "."+ sdir
+$   copy [.crypto'sdir']'hdr_list' sys$disk:[.include.openssl]
+$ goto loop_sdirs
+$ loop_sdirs_end:
 $!
 $! Copy All The ".H" Files From The [.SSL] Directory.
 $!
-$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
-$ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
+$! (keep these in the same order as ssl/Makefile)
+$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h
+$ copy sys$disk:[.ssl]'exheader' sys$disk:[.include.openssl]
 $!
-$! Purge all doubles
+$! Purge the [.include.openssl] header files.
 $!
-$ PURGE SYS$DISK:[.INCLUDE.OPENSSL]*.H
+$ purge sys$disk:[.include.openssl]*.h
 $!
 $! That's All, Time To RETURN.
 $!
 $ RETURN
 $!
-$! Build The "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library.
+$! Build The "[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO''LIB32'.OLB" Library.
 $!
 $ CRYPTO:
 $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$ WRITE SYS$OUTPUT -
+   "Building The [.",ARCHD,".EXE.CRYPTO]SSL_LIBCRYPTO''LIB32'.OLB Library."
 $!
 $! Go To The [.CRYPTO] Directory.
 $!
@@ -741,11 +804,13 @@ $ SET DEFAULT SYS$DISK:[.CRYPTO]
 $!
 $! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
 $!  
-$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'"
+$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
+   "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications.
 $!  
-$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'"
+$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
+   "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -755,14 +820,15 @@ $! Time To RETURN.
 $!
 $ RETURN
 $!
-$! Build The "[.xxx.EXE.SSL]LIBSSL.OLB" Library.
+$! Build The "[.xxx.EXE.SSL]SSL_LIBSSL''LIB32'.OLB" Library.
 $!
 $ SSL:
 $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.SSL]LIBSSL.OLB Library."
+$ WRITE SYS$OUTPUT -
+   "Building The [.",ARCHD,".EXE.SSL]SSL_LIBSSL''LIB32'.OLB Library."
 $!
 $! Go To The [.SSL] Directory.
 $!
@@ -770,7 +836,8 @@ $ SET DEFAULT SYS$DISK:[.SSL]
 $!
 $! Build The [.xxx.EXE.SSL]LIBSSL.OLB Library.
 $!
-$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
+   "''ISSEVEN'" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -787,7 +854,8 @@ $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building DECNet Based SSL Engine, [.",ARCH,".EXE.SSL]SSL_TASK.EXE"
+$ WRITE SYS$OUTPUT -
+   "Building DECNet Based SSL Engine, [.",ARCHD,".EXE.SSL]SSL_TASK.EXE"
 $!
 $! Go To The [.SSL] Directory.
 $!
@@ -795,7 +863,8 @@ $ SET DEFAULT SYS$DISK:[.SSL]
 $!
 $! Build The [.xxx.EXE.SSL]SSL_TASK.EXE
 $!
-$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
+   "''ISSEVEN'" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -812,7 +881,7 @@ $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building The OpenSSL [.",ARCH,".EXE.TEST] Test Utilities."
+$ WRITE SYS$OUTPUT "Building The OpenSSL [.",ARCHD,".EXE.TEST] Test Utilities."
 $!
 $! Go To The [.TEST] Directory.
 $!
@@ -820,7 +889,8 @@ $ SET DEFAULT SYS$DISK:[.TEST]
 $!
 $! Build The Test Programs.
 $!
-$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" -
+   "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -837,7 +907,7 @@ $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.APPS] Applications."
+$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCHD,".EXE.APPS] Applications."
 $!
 $! Go To The [.APPS] Directory.
 $!
@@ -845,7 +915,8 @@ $ SET DEFAULT SYS$DISK:[.APPS]
 $!
 $! Build The Application Programs.
 $!
-$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" -
+   "" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -862,7 +933,7 @@ $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.ENGINES] Engines."
+$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCHD,".EXE.ENGINES] Engines."
 $!
 $! Go To The [.ENGINES] Directory.
 $!
@@ -870,7 +941,8 @@ $ SET DEFAULT SYS$DISK:[.ENGINES]
 $!
 $! Build The Application Programs.
 $!
-$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'"
+$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
+   "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -927,9 +999,9 @@ $!
 $!    Tell The User We Don't Know What They Want.
 $!
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "USAGE:   @MAKEVMS.COM [Target] [not-used option] [Debug option] <Compiler>"
+$     WRITE SYS$OUTPUT "USAGE:   @MAKEVMS.COM [Target] [Pointer size] [Debug option] <Compiler>"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL NORSAREF NODEBUG "
+$     WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL """" NODEBUG "
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Target ",P1," Is Invalid.  The Valid Target Options Are:"
 $     WRITE SYS$OUTPUT ""
@@ -949,8 +1021,8 @@ $     WRITE SYS$OUTPUT "    ENGINES  :  To Build Just The ENGINES"
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
 $     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
@@ -966,6 +1038,54 @@ $! End The P1 Check.
 $!
 $ ENDIF
 $!
+$! Check P2 (POINTER_SIZE).
+$!
+$ IF (P2 .NES. "") .AND. (ARCH .NES. "VAX")
+$ THEN
+$!
+$   IF (P2 .EQS. "32")
+$   THEN
+$     POINTER_SIZE = "32"
+$   ELSE
+$     POINTER_SIZE = F$EDIT( P2, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
+$     THEN
+$       ARCHD = ARCH+ "_64"
+$       LIB32 = ""
+$     ELSE
+$!
+$!      Tell The User Entered An Invalid Option.
+$!
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", P2, -
+         " Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT -
+         "    """"       :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32       :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
+$       WRITE SYS$OUTPUT ""
+$! 
+$!      Time To EXIT.
+$!
+$       GOTO TIDY
+$!
+$     ENDIF
+$!
+$   ENDIF
+$!
+$! End The P2 (POINTER_SIZE) Check.
+$!
+$ ENDIF
+$!
 $! Check To See If P3 Is Blank.
 $!
 $ IF (P3.EQS."NODEBUG")
@@ -992,7 +1112,7 @@ $!  Else...
 $!
 $   ELSE
 $!
-$!    Tell The User Entered An Invalid Option..
+$!    Tell The User Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
@@ -1071,7 +1191,7 @@ $! Else...
 $!
 $ ELSE
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $   IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC")!.OR.(P4.EQS."LINK")
 $   THEN
@@ -1170,7 +1290,8 @@ $! End The P4 Check.
 $!
 $ ENDIF
 $!
-$! Time to check the contents of P5, and to make sure we get the correct library.
+$! Time to check the contents of P5, and to make sure we get the correct
+$! library.
 $!
 $ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" -
      .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE"
@@ -1183,7 +1304,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Tell the user
 $!
@@ -1217,7 +1338,7 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Tell the user
 $!
@@ -1234,7 +1355,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Tell the user
 $!
@@ -1344,11 +1465,69 @@ $! End The P6 Check.
 $!
 $ ENDIF
 $!
+$!
+$! Check To See If We Have A ZLIB Option.
+$!
+$ ZLIB = P7
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     GOTO TIDY
+$   endif
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
 $!  Time To RETURN...
 $!
 $ RETURN
 $!
 $ TIDY:
+$!
+$! Close any open files.
+$!
+$ if (f$trnlnm( "h_file", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close h_file
+$!
+$! Restore the original default device:[directory].
+$!
 $ SET DEFAULT 'DEF_ORIG'
+$!
 $ EXIT
 $!

ms/uplink.c

@@ -40,7 +40,8 @@ void OPENSSL_Uplink (volatile void **table, int index)
      * should be sufficient [it prohibits compiler to reorder memory
      * access instructions]. */
     do {
-	len = _stprintf (msg,_T("OPENSSL_Uplink(%p,%02X): "),table,index);
+	len = _sntprintf (msg,sizeof(msg)/sizeof(TCHAR),
+			  _T("OPENSSL_Uplink(%p,%02X): "),table,index);
 	_tcscpy (msg+len,_T("unimplemented function"));
 
 	if ((h=apphandle)==NULL)

openssl.spec

@@ -2,15 +2,15 @@
 %define libmaj 1
 %define libmin 0
 %define librel 0
-%define librev c
+%define librev e
 Release: 1
 
 %define openssldir /var/ssl
 
 Summary: Secure Sockets Layer and cryptography libraries and tools
 Name: openssl
-Version: %{libmaj}.%{libmin}.%{librel}
-#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+#Version: %{libmaj}.%{libmin}.%{librel}
+Version: %{libmaj}.%{libmin}.%{librel}%{librev}
 Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
 Copyright: Freely distributable
 Group: System Environment/Libraries

ssl/bio_ssl.c

@@ -348,7 +348,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
 		break;
 	case BIO_C_SET_SSL:
 		if (ssl != NULL)
+			{
 			ssl_free(b);
+			if (!ssl_new(b))
+				return 0;
+			}
 		b->shutdown=(int)num;
 		ssl=(SSL *)ptr;
 		((BIO_SSL *)b->ptr)->ssl=ssl;

ssl/d1_both.c

@@ -153,7 +153,7 @@
 #endif
 
 static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
-static unsigned char bitmask_end_values[]   = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
+static unsigned char bitmask_end_values[]   = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
 
 /* XDTLS:  figure out the right values */
 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -464,20 +464,9 @@ again:
 
 	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
 
-	s->d1->handshake_read_seq++;
-	/* we just read a handshake message from the other side:
-	 * this means that we don't need to retransmit of the
-	 * buffered messages.  
-	 * XDTLS: may be able clear out this
-	 * buffer a little sooner (i.e if an out-of-order
-	 * handshake message/record is received at the record
-	 * layer.  
-	 * XDTLS: exception is that the server needs to
-	 * know that change cipher spec and finished messages
-	 * have been received by the client before clearing this
-	 * buffer.  this can simply be done by waiting for the
-	 * first data  segment, but is there a better way?  */
-	dtls1_clear_record_buffer(s);
+	/* Don't change sequence numbers while listening */
+	if (!s->d1->listen)
+		s->d1->handshake_read_seq++;
 
 	s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
 	return s->init_num;
@@ -813,9 +802,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 
 	/* 
 	 * if this is a future (or stale) message it gets buffered
-	 * (or dropped)--no further processing at this time 
+	 * (or dropped)--no further processing at this time
+	 * While listening, we accept seq 1 (ClientHello with cookie)
+	 * although we're still expecting seq 0 (ClientHello)
 	 */
-	if ( msg_hdr.seq != s->d1->handshake_read_seq)
+	if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
 		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
 
 	len = msg_hdr.msg_len;
@@ -1322,7 +1313,8 @@ unsigned char *
 dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
 			unsigned long len, unsigned long frag_off, unsigned long frag_len)
 	{
-	if ( frag_off == 0)
+	/* Don't change sequence numbers while listening */
+	if (frag_off == 0 && !s->d1->listen)
 		{
 		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
 		s->d1->next_handshake_write_seq++;

ssl/d1_clnt.c

@@ -407,7 +407,8 @@ int dtls1_connect(SSL *s)
 
 		case SSL3_ST_CW_CHANGE_A:
 		case SSL3_ST_CW_CHANGE_B:
-			dtls1_start_timer(s);
+			if (!s->hit)
+				dtls1_start_timer(s);
 			ret=dtls1_send_change_cipher_spec(s,
 				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
 			if (ret <= 0) goto end;
@@ -442,7 +443,8 @@ int dtls1_connect(SSL *s)
 
 		case SSL3_ST_CW_FINISHED_A:
 		case SSL3_ST_CW_FINISHED_B:
-			dtls1_start_timer(s);
+			if (!s->hit)
+				dtls1_start_timer(s);
 			ret=dtls1_send_finished(s,
 				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
 				s->method->ssl3_enc->client_finished_label,

ssl/d1_enc.c

@@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send)
 		if (!send)
 			{
 			if (l == 0 || l%bs != 0)
-				{
-				SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-				return 0;
-				}
+				return -1;
 			}
 		
 		EVP_Cipher(ds,rec->data,rec->input,l);

ssl/d1_lib.c

@@ -129,26 +129,33 @@ int dtls1_new(SSL *s)
 	return(1);
 	}
 
-void dtls1_free(SSL *s)
+static void dtls1_clear_queues(SSL *s)
 	{
     pitem *item = NULL;
     hm_fragment *frag = NULL;
-
-	ssl3_free(s);
+	DTLS1_RECORD_DATA *rdata;
 
     while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
         {
+		rdata = (DTLS1_RECORD_DATA *) item->data;
+		if (rdata->rbuf.buf)
+			{
+			OPENSSL_free(rdata->rbuf.buf);
+			}
         OPENSSL_free(item->data);
         pitem_free(item);
         }
-    pqueue_free(s->d1->unprocessed_rcds.q);
 
     while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
         {
+		rdata = (DTLS1_RECORD_DATA *) item->data;
+		if (rdata->rbuf.buf)
+			{
+			OPENSSL_free(rdata->rbuf.buf);
+			}
         OPENSSL_free(item->data);
         pitem_free(item);
         }
-    pqueue_free(s->d1->processed_rcds.q);
 
     while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
         {
@@ -157,7 +164,6 @@ void dtls1_free(SSL *s)
         OPENSSL_free(frag);
         pitem_free(item);
         }
-    pqueue_free(s->d1->buffered_messages);
 
     while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
         {
@@ -166,7 +172,6 @@ void dtls1_free(SSL *s)
         OPENSSL_free(frag);
         pitem_free(item);
         }
-	pqueue_free(s->d1->sent_messages);
 
 	while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
 		{
@@ -175,6 +180,18 @@ void dtls1_free(SSL *s)
 		OPENSSL_free(frag);
 		pitem_free(item);
 		}
+	}
+
+void dtls1_free(SSL *s)
+	{
+	ssl3_free(s);
+
+	dtls1_clear_queues(s);
+
+    pqueue_free(s->d1->unprocessed_rcds.q);
+    pqueue_free(s->d1->processed_rcds.q);
+    pqueue_free(s->d1->buffered_messages);
+	pqueue_free(s->d1->sent_messages);
 	pqueue_free(s->d1->buffered_app_data.q);
 
 	OPENSSL_free(s->d1);
@@ -182,6 +199,36 @@ void dtls1_free(SSL *s)
 
 void dtls1_clear(SSL *s)
 	{
+    pqueue unprocessed_rcds;
+    pqueue processed_rcds;
+    pqueue buffered_messages;
+	pqueue sent_messages;
+	pqueue buffered_app_data;
+	
+	if (s->d1)
+		{
+		unprocessed_rcds = s->d1->unprocessed_rcds.q;
+		processed_rcds = s->d1->processed_rcds.q;
+		buffered_messages = s->d1->buffered_messages;
+		sent_messages = s->d1->sent_messages;
+		buffered_app_data = s->d1->buffered_app_data.q;
+
+		dtls1_clear_queues(s);
+
+		memset(s->d1, 0, sizeof(*(s->d1)));
+
+		if (s->server)
+			{
+			s->d1->cookie_len = sizeof(s->d1->cookie);
+			}
+
+		s->d1->unprocessed_rcds.q = unprocessed_rcds;
+		s->d1->processed_rcds.q = processed_rcds;
+		s->d1->buffered_messages = buffered_messages;
+		s->d1->sent_messages = sent_messages;
+		s->d1->buffered_app_data.q = buffered_app_data;
+		}
+
 	ssl3_clear(s);
 	if (s->options & SSL_OP_CISCO_ANYCONNECT)
 		s->version=DTLS1_BAD_VER;
@@ -330,6 +377,8 @@ void dtls1_stop_timer(SSL *s)
 	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
 	s->d1->timeout_duration = 1;
 	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+	/* Clear retransmission buffer */
+	dtls1_clear_record_buffer(s);
 	}
 
 int dtls1_handle_timeout(SSL *s)
@@ -349,7 +398,7 @@ int dtls1_handle_timeout(SSL *s)
 		{
 		/* fail the connection, enough alerts have been sent */
 		SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
-		return 0;
+		return -1;
 		}
 
 	state->timeout.read_timeouts++;

ssl/d1_pkt.c

@@ -409,11 +409,12 @@ dtls1_process_record(SSL *s)
 	enc_err = s->method->ssl3_enc->enc(s,0);
 	if (enc_err <= 0)
 		{
-		if (enc_err == 0)
-			/* SSLerr() and ssl3_send_alert() have been called */
-			goto err;
-
-		/* otherwise enc_err == -1 */
+		/* decryption failed, silently discard message */
+		if (enc_err < 0)
+			{
+			rr->length = 0;
+			s->packet_length = 0;
+			}
 		goto err;
 		}
 
@@ -657,10 +658,12 @@ again:
 
 	/* If this record is from the next epoch (either HM or ALERT),
 	 * and a handshake is currently in progress, buffer it since it
-	 * cannot be processed at this time. */
+	 * cannot be processed at this time. However, do not buffer
+	 * anything while listening.
+	 */
 	if (is_next_epoch)
 		{
-		if (SSL_in_init(s) || s->in_handshake)
+		if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
 			{
 			dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
 			}

ssl/d1_srvr.c

@@ -150,6 +150,7 @@ int dtls1_accept(SSL *s)
 	unsigned long alg_k;
 	int ret= -1;
 	int new_state,state,skip=0;
+	int listen;
 
 	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
@@ -159,11 +160,15 @@ int dtls1_accept(SSL *s)
 		cb=s->info_callback;
 	else if (s->ctx->info_callback != NULL)
 		cb=s->ctx->info_callback;
+	
+	listen = s->d1->listen;
 
 	/* init things to blank */
 	s->in_handshake++;
 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
+	s->d1->listen = listen;
+
 	if (s->cert == NULL)
 		{
 		SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
@@ -273,11 +278,23 @@ int dtls1_accept(SSL *s)
 
 			s->init_num=0;
 
+			/* Reflect ClientHello sequence to remain stateless while listening */
+			if (listen)
+				{
+				memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
+				}
+
 			/* If we're just listening, stop here */
-			if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
+			if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
 				{
 				ret = 2;
 				s->d1->listen = 0;
+				/* Set expected sequence numbers
+				 * to continue the handshake.
+				 */
+				s->d1->handshake_read_seq = 2;
+				s->d1->handshake_write_seq = 1;
+				s->d1->next_handshake_write_seq = 1;
 				goto end;
 				}
 			
@@ -286,7 +303,6 @@ int dtls1_accept(SSL *s)
 		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
 		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
 
-			dtls1_start_timer(s);
 			ret = dtls1_send_hello_verify_request(s);
 			if ( ret <= 0) goto end;
 			s->state=SSL3_ST_SW_FLUSH;
@@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s)
 		/* number of bytes to write */
 		s->init_num=p-buf;
 		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
 		}
 
 	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
@@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s)
 				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			if (!EC_KEY_up_ref(ecdhp))
+			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
 				{
 				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			ecdh = ecdhp;
 
 			s->s3->tmp.ecdh=ecdh;
 			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||

ssl/install-ssl.com

@@ -0,0 +1,136 @@
+$! INSTALL-SSL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1  root of the directory tree
+$! P2  "64" for 64-bit pointers.
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if p1 .eqs. ""
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "It should be the directory where you want things installed."
+$   exit
+$ endif
+$!
+$ if (f$getsyi( "cpu") .lt. 128)
+$ then
+$     arch = "VAX"
+$ else
+$     arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$     if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$ archd = arch
+$ lib32 = "32"
+$ shr = "_SHR32"
+$!
+$ if (p2 .nes. "")
+$ then
+$   if (p2 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$     lib32 = ""
+$     shr = "_SHR"
+$   else
+$     if (p2 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
+$ root_dev = f$parse(root,,,"device","syntax_only")
+$ root_dir = f$parse(root,,,"directory","syntax_only") - -
+   "[000000." - "][" - "[" - "]"
+$ root = root_dev + "[" + root_dir
+$!
+$ define /nolog wrk_sslroot 'root'.] /trans=conc
+$ define /nolog wrk_sslinclude wrk_sslroot:[include]
+$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe]
+$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
+$!
+$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse("wrk_sslinclude:") .eqs. "" then -
+   create /directory /log wrk_sslinclude:
+$ if f$parse("wrk_sslxexe:") .eqs. "" then -
+   create /directory /log wrk_sslxexe:
+$ if f$parse("wrk_sslxlib:") .eqs. "" then -
+   create /directory /log wrk_sslxlib:
+$!
+$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h
+$ e_exe := ssl_task
+$ libs := ssl_libssl
+$!
+$ xexe_dir := [-.'archd'.exe.ssl]
+$!
+$ copy /protection = w:re 'exheader' wrk_sslinclude: /log
+$!
+$ i = 0
+$ loop_exe:
+$   e = f$edit( f$element( i, ",", e_exe), "trim")
+$   i = i + 1
+$   if e .eqs. "," then goto loop_exe_end
+$   set noon
+$   file = xexe_dir+ e+ ".exe"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxexe: /log
+$   endif
+$   set on
+$ goto loop_exe
+$ loop_exe_end:
+$!
+$ i = 0
+$ loop_lib: 
+$   e = f$edit(f$element(i, ",", libs),"trim")
+$   i = i + 1
+$   if e .eqs. "," then goto loop_lib_end
+$   set noon
+$! Object library.
+$   file = xexe_dir+ e+ lib32+ ".olb"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxlib: /log
+$   endif
+$! Shareable image.
+$   file = xexe_dir+ e+ shr+ ".exe"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxlib: /log
+$   endif
+$   set on
+$ goto loop_lib
+$ loop_lib_end:
+$!
+$ tidy:
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslinclude
+$ call deass wrk_sslxexe
+$ call deass wrk_sslxlib
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!

ssl/install.com

@@ -1,90 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1	root of the directory tree
-$!
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT -
-		  "It should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	IF (F$GETSYI("CPU").LT.128)
-$	THEN
-$	    ARCH := VAX
-$	ELSE
-$	    ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$	    IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLXLIB WRK_SSLROOT:['ARCH'_LIB]
-$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$	DEFINE/NOLOG WRK_SSLXEXE WRK_SSLROOT:['ARCH'_EXE]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLXLIB:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLXLIB:
-$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLINCLUDE:
-$	IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLXEXE:
-$
-$	EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
-$	E_EXE := ssl_task
-$	LIBS := LIBSSL
-$
-$	XEXE_DIR := [-.'ARCH'.EXE.SSL]
-$
-$	COPY 'EXHEADER' WRK_SSLINCLUDE:/LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER'
-$
-$	I = 0
-$ LOOP_EXE: 
-$	E = F$EDIT(F$ELEMENT(I, ",", E_EXE),"TRIM")
-$	I = I + 1
-$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
-$	SET NOON
-$	IF F$SEARCH(XEXE_DIR+E+".EXE") .NES. ""
-$	THEN
-$	  COPY 'XEXE_DIR''E'.EXE WRK_SSLXEXE:'E'.EXE/log
-$	  SET FILE/PROT=W:RE WRK_SSLXEXE:'E'.EXE
-$	ENDIF
-$	SET ON
-$	GOTO LOOP_EXE
-$ LOOP_EXE_END:
-$
-$	I = 0
-$ LOOP_LIB: 
-$	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
-$	I = I + 1
-$	IF E .EQS. "," THEN GOTO LOOP_LIB_END
-$	SET NOON
-$! Object library.
-$	IF F$SEARCH(XEXE_DIR+E+".OLB") .NES. ""
-$	THEN
-$	  COPY 'XEXE_DIR''E'.OLB WRK_SSLXLIB:'E'.OLB/log
-$	  SET FILE/PROT=W:RE WRK_SSLXLIB:'E'.OLB
-$	ENDIF
-$! Shareable image.
-$	IF F$SEARCH(XEXE_DIR+E+".EXE") .NES. ""
-$	THEN
-$	  COPY 'XEXE_DIR''E'.EXE WRK_SSLXLIB:'E'.EXE/log
-$	  SET FILE/PROT=W:RE WRK_SSLXLIB:'E'.EXE
-$	ENDIF
-$	SET ON
-$	GOTO LOOP_LIB
-$ LOOP_LIB_END:
-$
-$	EXIT

ssl/s2_srvr.c

@@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s)
 		p+=3;
 		n2s(p,i); s->s2->tmp.clear=i;
 		n2s(p,i); s->s2->tmp.enc=i;
-		n2s(p,i); s->session->key_arg_length=i;
-		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+		n2s(p,i);
+		if(i > SSL_MAX_KEY_ARG_LENGTH)
 			{
 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
 			return -1;
 			}
+		s->session->key_arg_length=i;
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
 		}
 

ssl/s3_clnt.c

@@ -2243,6 +2243,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 			if (!DH_generate_key(dh_clnt))
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+				DH_free(dh_clnt);
 				goto err;
 				}
 
@@ -2254,6 +2255,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 			if (n <= 0)
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+				DH_free(dh_clnt);
 				goto err;
 				}
 

ssl/s3_lib.c

@@ -2198,11 +2198,17 @@ void ssl3_clear(SSL *s)
 		}
 #ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
+		{
 		DH_free(s->s3->tmp.dh);
+		s->s3->tmp.dh = NULL;
+		}
 #endif
 #ifndef OPENSSL_NO_ECDH
 	if (s->s3->tmp.ecdh != NULL)
+		{
 		EC_KEY_free(s->s3->tmp.ecdh);
+		s->s3->tmp.ecdh = NULL;
+		}
 #endif
 
 	rp = s->s3->rbuf.buf;

ssl/s3_pkt.c

@@ -246,7 +246,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 		if (i <= 0)
 			{
 			rb->left = left;
-			if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+			if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+			    SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
 				if (len+left == 0)
 					ssl3_release_read_buffer(s);
 			return(i);
@@ -846,7 +847,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
 			{
 			wb->left=0;
 			wb->offset+=i;
-			if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+			if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+			    SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
 				ssl3_release_write_buffer(s);
 			s->rwstate=SSL_NOTHING;
 			return(s->s3->wpend_ret);

ssl/s3_srvr.c

@@ -768,15 +768,20 @@ int ssl3_check_client_hello(SSL *s)
 	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
 		{
 		/* Throw away what we have done so far in the current handshake,
-		 * which will now be aborted. (A full SSL_clear would be too much.)
-		 * I hope that tmp.dh is the only thing that may need to be cleared
-		 * when a handshake is not completed ... */
+		 * which will now be aborted. (A full SSL_clear would be too much.) */
 #ifndef OPENSSL_NO_DH
 		if (s->s3->tmp.dh != NULL)
 			{
 			DH_free(s->s3->tmp.dh);
 			s->s3->tmp.dh = NULL;
 			}
+#endif
+#ifndef OPENSSL_NO_ECDH
+		if (s->s3->tmp.ecdh != NULL)
+			{
+			EC_KEY_free(s->s3->tmp.ecdh);
+			s->s3->tmp.ecdh = NULL;
+			}
 #endif
 		return 2;
 		}
@@ -1491,7 +1496,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
 			if (s->s3->tmp.dh != NULL)
 				{
-				DH_free(dh);
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
@@ -1552,7 +1556,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
 			if (s->s3->tmp.ecdh != NULL)
 				{
-				EC_KEY_free(s->s3->tmp.ecdh); 
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
@@ -1563,12 +1566,11 @@ int ssl3_send_server_key_exchange(SSL *s)
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			if (!EC_KEY_up_ref(ecdhp))
+			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
 				{
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			ecdh = ecdhp;
 
 			s->s3->tmp.ecdh=ecdh;
 			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -1731,6 +1733,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 			    (unsigned char *)encodedPoint, 
 			    encodedlen);
 			OPENSSL_free(encodedPoint);
+			encodedPoint = NULL;
 			p += encodedlen;
 			}
 #endif
@@ -2440,6 +2443,12 @@ int ssl3_get_client_key_exchange(SSL *s)
 			/* Get encoded point length */
 			i = *p; 
 			p += 1;
+			if (n != 1 + i)
+				{
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				    ERR_R_EC_LIB);
+				goto err;
+				}
 			if (EC_POINT_oct2point(group, 
 			    clnt_ecpoint, p, i, bn_ctx) == 0)
 				{

ssl/ssl-lib.com

@@ -42,11 +42,33 @@ $!	SOCKETSHR	for SOCKETSHR+NETLIB
 $!
 $!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
 $!
+$!  P6, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
+$!
+$!      ""       Compile with default (/NOPOINTER_SIZE)
+$!      32       Compile with /POINTER_SIZE=32 (SHORT)
+$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
+$!
+$!  P7, if defined, specifies a directory where ZLIB files (zlib.h,
+$!  libz.olb) may be found.  Optionally, a non-default object library
+$!  name may be included ("dev:[dir]libz_64.olb", for example).
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
 $!
 $! Define A TCP/IP Library That We Will Need To Link To.
 $! (That Is, If We Need To Link To One.)
 $!
 $ TCPIP_LIB = ""
+$ ZLIB_LIB = ""
 $!
 $! Check What Architecture We Are Using.
 $!
@@ -70,25 +92,41 @@ $! End The Architecture Check.
 $!
 $ ENDIF
 $!
-$! Define The OBJ Directory.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL]
-$!
-$! Define The EXE Directory.
-$!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL]
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ OPT_FILE = ""
+$ POINTER_SIZE = ""
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
 $ GOSUB CHECK_OPTIONS
 $!
+$! Define The OBJ and EXE Directories.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.SSL]
+$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.SSL]
+$!
+$! Specify the destination directory in any /MAP option.
+$!
+$ if (LINKMAP .eqs. "MAP")
+$ then
+$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
+$ endif
+$!
+$! Add the location prefix to the linker options file name.
+$!
+$ if (OPT_FILE .nes. "")
+$ then
+$   OPT_FILE = EXE_DIR+ OPT_FILE
+$ endif
+$!
 $! Initialise logical names and such
 $!
 $ GOSUB INITIALISE
 $!
 $! Tell The User What Kind of Machine We Run On.
 $!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
 $!
 $! Check To See If The Architecture Specific OBJ Directory Exists.
 $!
@@ -118,11 +156,15 @@ $ ENDIF
 $!
 $! Define The Library Name.
 $!
-$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB
+$ SSL_LIB := 'EXE_DIR'SSL_LIBSSL'LIB32'.OLB
 $!
 $! Define The CRYPTO-LIB We Are To Use.
 $!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
+$!
+$! Set up exceptional compilations.
+$!
+$ CC5_SHOWN = 0
 $!
 $! Check To See What We Are To Do.
 $!
@@ -156,7 +198,7 @@ $! Compile The Library.
 $!
 $ LIBRARY:
 $!
-$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL.OLB" Library...
+$! Check To See If We Already Have A "[.xxx.EXE.SSL]SSL_LIBSSL''LIB32'.OLB" Library...
 $!
 $ IF (F$SEARCH(SSL_LIB).EQS."")
 $ THEN
@@ -182,6 +224,8 @@ $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
 	    "ssl_asn1,ssl_txt,ssl_algs,"+ -
 	    "bio_ssl,ssl_err,kssl,t1_reneg"
 $!
+$ COMPILEWITH_CC5 = ""
+$!
 $! Tell The User That We Are Compiling The Library.
 $!
 $ WRITE SYS$OUTPUT "Building The ",SSL_LIB," Library."
@@ -295,42 +339,47 @@ $! End The SSL_TASK.C File Check.
 $!
 $ ENDIF
 $!
+$ COMPILEWITH_CC5 = "" !!! ",ssl_task,"
+$!
+$! Tell The User We Are Creating The SSL_TASK.
+$!
 $! Tell The User We Are Creating The SSL_TASK.
 $!
 $ WRITE SYS$OUTPUT "Creating SSL_TASK OSU HTTP SSL Engine."	
 $!
+$!  Tell The User What File We Are Compiling.
+$!
+$ FILE_NAME = "ssl_task"
+$ WRITE SYS$OUTPUT "	",FILE_NAME,".c"
+$!
 $! Compile The File.
 $!
 $ ON ERROR THEN GOTO SSL_TASK_END
-$ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C
+$!
+$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ ","
+$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
+$ THEN
+$   if (.not. CC5_SHOWN)
+$   then
+$     CC5_SHOWN = 1
+$     write sys$output "        \Using special rule (5)"
+$     x = "    "+ CC5
+$     write /symbol sys$output x
+$   endif
+$   CC5 /OBJECT='OBJ_DIR''FILE_NAME'.OBJ SYS$DISK:[]'FILE_NAME'.C
+$ ELSE
+$   CC /OBJECT='OBJ_DIR''FILE_NAME'.OBJ SYS$DISK:[]'FILE_NAME'.C
+$ ENDIF
 $!
 $! Link The Program.
-$! Check To See If We Are To Link With A Specific TCP/IP Library.
 $!
-$ IF (TCPIP_LIB.NES."")
-$ THEN
-$!
-$!  Link With TCP/IP Library.
-$!
-$   LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
-        'OBJ_DIR'SSL_TASK.OBJ, -
-	'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
-        'TCPIP_LIB','OPT_FILE'/OPTION
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Don't Link With TCP/IP Library.
-$!
-$   LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
-        'OBJ_DIR'SSL_TASK.OBJ,-
-	'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
-        'OPT_FILE'/OPTION
-$!
-$! End The TCP/IP Library Check.
-$!
-$ ENDIF
+$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXE='EXE_DIR'SSL_TASK.EXE -
+   'OBJ_DIR'SSL_TASK.OBJ, -
+   'SSL_LIB'/LIBRARY, -
+   'CRYPTO_LIB'/LIBRARY -
+   'TCPIP_LIB' -
+   'ZLIB_LIB' -
+   ,'OPT_FILE' /OPTIONS
 $!
 $! Time To Return.
 $!
@@ -356,7 +405,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable VAX C Runtime Library.
 !
 SYS$SHARE:VAXCRTL.EXE/SHARE
@@ -385,7 +434,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable C Runtime Library.
 !
 GNU_CC:[000000]GCCLIB/LIBRARY
@@ -420,7 +469,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable DEC C Runtime Library.
 !
 SYS$SHARE:DECC$SHR.EXE/SHARE
@@ -435,7 +484,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For non-VAX To Link Agianst 
+! Default System Options File For non-VAX To Link Against 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -548,8 +597,8 @@ $     WRITE SYS$OUTPUT "    SSL_TASK :  To Compile Just The [.xxx.EXE.SSL]SSL_TA
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
 $     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
@@ -570,14 +619,15 @@ $!
 $ IF (P2.EQS."NODEBUG")
 $ THEN
 $!
-$!   P2 Is NODEBUG, So Compile Without Debugger Information.
+$!  P2 Is NODEBUG, So Compile Without Debugger Information.
 $!
-$    DEBUGGER  = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$   DEBUGGER  = "NODEBUG"
+$   LINKMAP = "NOMAP"
+$   TRACEBACK = "NOTRACEBACK" 
+$   GCC_OPTIMIZE = "OPTIMIZE"
+$   CC_OPTIMIZE = "OPTIMIZE"
+$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
 $!
 $! Else...
 $!
@@ -591,6 +641,7 @@ $!
 $!    Compile With Debugger Information.
 $!
 $     DEBUGGER  = "DEBUG"
+$     LINKMAP = "MAP"
 $     TRACEBACK = "TRACEBACK"
 $     GCC_OPTIMIZE = "NOOPTIMIZE"
 $     CC_OPTIMIZE = "NOOPTIMIZE"
@@ -598,7 +649,7 @@ $     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
 $     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
 $   ELSE
 $!
-$!    Tell The User Entered An Invalid Option..
+$!    Tell The User Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
@@ -653,6 +704,59 @@ $! End The P5 Check.
 $!
 $ ENDIF
 $!
+$! Check P6 (POINTER_SIZE).
+$!
+$ IF (P6 .NES. "") .AND. (ARCH .NES. "VAX")
+$ THEN
+$!
+$   IF (P6 .EQS. "32")
+$   THEN
+$     POINTER_SIZE = " /POINTER_SIZE=32"
+$   ELSE
+$     POINTER_SIZE = F$EDIT( P6, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
+$     THEN
+$       ARCHD = ARCH+ "_64"
+$       LIB32 = ""
+$       POINTER_SIZE = " /POINTER_SIZE=64"
+$     ELSE
+$!
+$!      Tell The User Entered An Invalid Option.
+$!
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", P6, -
+         " Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT -
+         "    """"       :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32       :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
+$       WRITE SYS$OUTPUT ""
+$! 
+$!      Time To EXIT.
+$!
+$       EXIT
+$!
+$     ENDIF
+$!
+$   ENDIF
+$!
+$! End The P6 (POINTER_SIZE) Check.
+$!
+$ ENDIF
+$!
+$! Set basic C compiler /INCLUDE directories.
+$!
+$ CC_INCLUDES = "SYS$DISK:[-.CRYPTO],SYS$DISK:[-]"
+$!
 $! Check To See If P3 Is Blank.
 $!
 $ IF (P3.EQS."")
@@ -753,11 +857,64 @@ $ CCDEFS = "TCPIP_TYPE_''P4'"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$! Check To See If We Have A ZLIB Option.
+$!
+$ ZLIB = P7
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$   file1 = f$parse( "A.;", ZLIB)- "A.;"
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     EXIT
+$   endif
+$!
+$   CCDEFS = """ZLIB=1"", "+ CCDEFS
+$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
+$   ZLIB_LIB = ", ''file2' /library"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
 $ THEN
@@ -780,13 +937,13 @@ $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
+       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
+       " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -815,7 +972,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+	   "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -824,7 +981,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -847,11 +1004,11 @@ $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
 $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+	   "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -870,16 +1027,16 @@ $     THEN
 $       CC4DISABLEWARNINGS = "DOLLARID"
 $     ELSE
 $       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $     ENDIF
-$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
 $   ELSE
 $     CCDISABLEWARNINGS = ""
 $     CC4DISABLEWARNINGS = ""
 $   ENDIF
-$   CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
-$   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
-$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   CC2 = CC + " /DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
+$   CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $   IF COMPILER .EQS. "DECC"
 $   THEN
 $     CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
@@ -925,7 +1082,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -951,13 +1108,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+	  TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -971,7 +1128,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -992,7 +1149,7 @@ $   ENDIF
 $!
 $!  Print info
 $!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
 $!
 $!  Else The User Entered An Invalid Argument.
 $!