This commit was manufactured by cvs2svn to create tag 'SSLeay_0_9_1b'.

.gitignore

@@ -1,132 +0,0 @@
-# Object files
-*.o
-*.obj
-
-# editor artefacts
-*.swp
-.#*
-\#*#
-*~
-/.dir-locals.el
-
-# Top level excludes
-/Makefile.orig
-/Makefile
-/MINFO
-/TABLE
-/*.a
-/*.pc
-/rehash.time
-/inc.*
-/makefile.*
-/out.*
-/tmp.*
-
-**/Makefile
-
-/test/*.ss
-/test/*.srl
-/test/.rnd
-/test/test*.pem
-/test/newkey.pem
-/test/*.log
-
-# Certificate symbolic links
-*.0
-
-# Links under apps
-/apps/CA.pl
-/apps/md4.c
-
-
-# Auto generated headers
-/crypto/buildinf.h
-/crypto/opensslconf.h
-
-# Auto generated assembly language source files
-*.s
-!/crypto/*/asm/*.s
-/crypto/arm*.S
-/crypto/*/*.S
-*.asm
-!/crypto/*/asm/*.asm
-
-# Executables
-/apps/openssl
-/test/sha256t
-/test/sha512t
-/test/gost2814789t
-/test/*test
-/test/fips_aesavs
-/test/fips_desmovs
-/test/fips_dhvs
-/test/fips_drbgvs
-/test/fips_dssvs
-/test/fips_ecdhvs
-/test/fips_ecdsavs
-/test/fips_rngvs
-/test/fips_test_suite
-*.so*
-*.dylib*
-*.dll*
-*.exe
-# Exceptions
-!/test/bctest
-!/crypto/des/times/486-50.sol
-
-# Misc auto generated files
-include/openssl/opensslconf.h
-/tools/c_rehash
-lib
-Makefile.save
-*.bak
-tags
-TAGS
-cscope.out
-*.d
-crypto.map
-ssl.map
-
-# Windows
-/tmp32
-/tmp32.dbg
-/tmp32dll
-/tmp32dll.dbg
-/out32
-/out32.dbg
-/out32dll
-/out32dll.dbg
-/inc32
-/MINFO
-ms/bcb.mak
-ms/libeay32.def
-ms/nt.mak
-ms/ntdll.mak
-ms/ssleay32.def
-ms/version32.rc
-
-# Files created on other branches that are not held in git, and are not
-# needed on this branch
-include/openssl/asn1_mac.h
-include/openssl/des_old.h
-include/openssl/fips.h
-include/openssl/fips_rand.h
-include/openssl/krb5_asn.h
-include/openssl/kssl.h
-include/openssl/pq_compat.h
-include/openssl/ssl23.h
-include/openssl/tmdiff.h
-include/openssl/ui_compat.h
-test/fips_aesavs.c
-test/fips_desmovs.c
-test/fips_dsatest.c
-test/fips_dssvs.c
-test/fips_hmactest.c
-test/fips_randtest.c
-test/fips_rngvs.c
-test/fips_rsagtest.c
-test/fips_rsastest.c
-test/fips_rsavtest.c
-test/fips_shatest.c
-test/fips_test_suite.c
-test/shatest.c

.travis-create-release.sh

@@ -1,10 +0,0 @@
-#! /bin/sh
-
-# $1 is expected to be $TRAVIS_OS_NAME
-
-if [ "$1" == osx ]; then
-    make -f Makefile.in \
-	 DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist
-else
-    make -f Makefile.in DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist
-fi

.travis.yml

@@ -1,96 +0,0 @@
-language: c
-
-addons:
-    apt:
-        packages:
-            - clang-3.6
-            - gcc-5
-            - binutils-mingw-w64
-            - gcc-mingw-w64
-            - wine
-        sources:
-            - llvm-toolchain-precise-3.6
-            - ubuntu-toolchain-r-test
-
-os:
-    - linux
-    - osx
-
-compiler:
-    - clang
-    - clang-3.6
-    - gcc
-    - gcc-5
-    - i686-w64-mingw32-gcc
-    - x86_64-w64-mingw32-gcc
-
-env:
-    - CONFIG_OPTS=""
-    - CONFIG_OPTS="shared"
-    - CONFIG_OPTS="no-asm"
-    - CONFIG_OPTS="--debug --strict-warnings"
-
-matrix:
-    include:
-        - os: linux
-          compiler: clang-3.6
-          env: CONFIG_OPTS="-fsanitize=address"
-        - os: linux
-          compiler: clang-3.6
-          env: CONFIG_OPTS="no-asm --debug --strict-warnings -fno-sanitize-recover -fsanitize=address -fsanitize=undefined"
-        - os: linux
-          compiler: gcc-5
-          env: CONFIG_OPTS="-fsanitize=address"
-        - os: linux
-          compiler: gcc-5
-          env: CONFIG_OPTS="no-asm --debug --strict-warnings -fno-sanitize-recover -fsanitize=address -fsanitize=undefined"
-    exclude:
-        - os: osx
-          compiler: clang-3.6
-        - os: osx
-          compiler: gcc-5
-        - os: osx
-          compiler: i686-w64-mingw32-gcc
-        - os: osx
-          compiler: x86_64-w64-mingw32-gcc
-        - compiler: i686-w64-mingw32-gcc
-          env: CONFIG_OPTS="shared"
-        - compiler: x86_64-w64-mingw32-gcc
-          env: CONFIG_OPTS="shared"
-        - compiler: i686-w64-mingw32-gcc
-          env: CONFIG_OPTS="no-asm"
-        - compiler: x86_64-w64-mingw32-gcc
-          env: CONFIG_OPTS="no-asm"
-    allow_failures:
-        - compiler: i686-w64-mingw32-gcc
-          env: CONFIG_OPTS="--debug --strict-warnings"
-        - compiler: x86_64-w64-mingw32-gcc
-          env: CONFIG_OPTS="--debug --strict-warnings"
-
-before_script:
-    - sh .travis-create-release.sh $TRAVIS_OS_NAME
-    - tar -xvzf _srcdist.tar.gz
-    - cd _srcdist
-    - if [ "$CC" == i686-w64-mingw32-gcc ]; then
-          export CROSS_COMPILE=${CC%%gcc}; unset CC;
-          ./Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
-      elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
-          export CROSS_COMPILE=${CC%%gcc}; unset CC;
-          ./Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
-      else
-          ./config $CONFIG_OPTS;
-      fi
-    - cd ..
-
-script:
-    - cd _srcdist
-    - make
-    - if [ -n "$CROSS_COMPILE" ]; then
-          export EXE_SHELL="wine" WINEPREFIX=`pwd`;
-      fi
-    - make test
-    - cd ..
-
-notifications:
-    email:
-        - openssl-commits@openssl.org

ACKNOWLEDGEMENTS

@@ -1,2 +0,0 @@
-Please https://www.openssl.org/community/thanks.html for the current
-acknowledgements.

CONTRIBUTING

@@ -1,38 +0,0 @@
-HOW TO CONTRIBUTE TO OpenSSL
-----------------------------
-
-Development is coordinated on the openssl-dev mailing list (see
-http://www.openssl.org for information on subscribing). If you
-would like to submit a patch, send it to rt@openssl.org with
-the string "[PATCH]" in the subject. Please be sure to include a
-textual explanation of what your patch does.
-
-You can also make GitHub pull requests. If you do this, please also send
-mail to rt@openssl.org with a brief description and a link to the PR so
-that we can more easily keep track of it.
-
-If you are unsure as to whether a feature will be useful for the general
-OpenSSL community please discuss it on the openssl-dev mailing list first.
-Someone may be already working on the same thing or there may be a good
-reason as to why that feature isn't implemented.
-
-Patches should be as up to date as possible, preferably relative to the
-current Git or the last snapshot. They should follow our coding style
-(see https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag.  OpenSSL compiles on many varied
-platforms: try to ensure you only use portable features.
-
-Our preferred format for patch files is "git format-patch" output. For example
-to provide a patch file containing the last commit in your local git repository
-use the following command:
-
-# git format-patch --stdout HEAD^ >mydiffs.patch
-
-Another method of creating an acceptable patch file without using git is as
-follows:
-
-# cd openssl-work
-# [your changes]
-# ./Configure dist; make clean
-# cd ..
-# diff -ur openssl-orig openssl-work > mydiffs.patch

COPYRIGHT

@@ -0,0 +1,65 @@
+Copyright (C) 1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
+The implementation was written so as to conform with Netscapes SSL.
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution, be it the RC4, RSA,
+lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+included with this distribution is covered by the same copyright terms
+except that the holder is Tim Hudson (tjh@cryptsoft.com).
+
+Please note that MD2, MD5 and IDEA are publically available standards
+that contain sample implementations, I have re-coded them in my own
+way but there is nothing special about those implementations.  The DES
+library is another mater :-).
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+If this package is used in a product, Eric Young should be given attribution
+as the author of the parts of the library used.
+This can be in the form of a textual message at program startup or
+in documentation (online or textual) provided with the package.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   "This product includes cryptographic software written by
+    Eric Young (eay@cryptsoft.com)"
+   The word 'cryptographic' can be left out if the rouines from the library
+   being used are not cryptographic related :-).
+4. If you include any Windows specific code (or a derivative thereof) from 
+   the apps directory (application code) you must include an acknowledgement:
+   "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The licence and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distribution licence
+[including the GNU Public Licence.]
+
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
+

Configurations/90-team.conf

@@ -1,123 +0,0 @@
-## -*- mode: perl; -*-
-## Build configuration targets for openssl-team members
-##
-## If you edit this file, run this command before committing
-##	make -f Makefile.in TABLE
-## This file is interpolated by the Configure script.
-
-%targets = (
-    "purify" => {
-        cc               => "purify gcc",
-        cflags           => "-g -DPURIFY -Wall",
-        thread_cflag     => "(unknown)",
-        lflags           => "-lsocket -lnsl",
-    },
-    "debug" => {
-        cc               => "gcc",
-        cflags           => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
-        thread_cflag     => "(unknown)",
-        lflags           => "-lefence",
-    },
-    "debug-erbridge" => {
-        inherit_from     => [ "x86_64_asm" ],
-        cc               => "gcc",
-        cflags           => "$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
-        perlasm_scheme   => "elf",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_ldflag    => "-m64",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-        multilib         => "64",
-    },
-    "debug-linux-pentium" => {
-        inherit_from     => [ "x86_elf_asm" ],
-        cc               => "gcc",
-        cflags           => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
-        dso_scheme       => "dlfcn",
-    },
-    "debug-linux-ppro" => {
-        inherit_from     => [ "x86_elf_asm" ],
-        cc               => "gcc",
-        cflags           => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
-        dso_scheme       => "dlfcn",
-    },
-    "debug-linux-elf-noefence" => {
-        inherit_from     => [ "x86_elf_asm" ],
-        cc               => "gcc",
-        cflags           => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -march=i486 -Wall",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "debug-linux-ia32-aes" => {
-        cc               => "gcc",
-        cflags           => "-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
-        cpuid_obj        => "x86cpuid.o",
-        bn_obj           => "bn-586.o co-586.o x86-mont.o",
-        des_obj          => "des-586.o crypt586.o",
-        aes_obj          => "aes_x86core.o aes_cbc.o aesni-x86.o",
-        bf_obj           => "bf-586.o",
-        md5_obj          => "md5-586.o",
-        sha1_obj         => "sha1-586.o sha256-586.o sha512-586.o",
-        cast_obj         => "cast-586.o",
-        rc4_obj          => "rc4-586.o",
-        rmd160_obj       => "rmd-586.o",
-        rc5_obj          => "rc5-586.o",
-        wp_obj           => "wp_block.o wp-mmx.o",
-        modes_obj        => "ghash-x86.o",
-        engines_obj      => "e_padlock-x86.o",
-        perlasm_scheme   => "elf",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "dist" => {
-        cc               => "cc",
-        cflags           => "-O",
-        thread_cflag     => "(unknown)",
-    },
-    "debug-test-64-clang" => {
-        inherit_from     => [ "x86_64_asm" ],
-        cc               => "clang",
-        cflags           => "$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
-        thread_cflag     => "${BSDthreads}",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
-        perlasm_scheme   => "elf",
-        dso_scheme       => "dlfcn",
-        shared_target    => "bsd-gcc-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "darwin64-debug-test-64-clang" => {
-        inherit_from     => [ "x86_64_asm" ],
-        cc               => "clang",
-        cflags           => "-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
-        thread_cflag     => "${BSDthreads}",
-        sys_id           => "MACOSX",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
-        perlasm_scheme   => "macosx",
-        dso_scheme       => "dlfcn",
-        shared_target    => "darwin-shared",
-        shared_cflag     => "-fPIC -fno-common",
-        shared_ldflag    => "-arch x86_64 -dynamiclib",
-        shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-    },
-);

Configurations/99-personal-ben.conf

@@ -1,95 +0,0 @@
-## -*- mode: perl; -*-
-## Personal configuration targets
-##
-## If you edit this file, run this command before committing
-##	make -f Makefile.in TABLE
-## This file is interpolated by the Configure script.
-
-%targets = (
-    "debug-ben" => {
-        cc               => "gcc",
-        cflags           => "$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -O2 -pipe",
-        thread_cflag     => "(unknown)",
-    },
-    "debug-ben-openbsd" => {
-        cc               => "gcc",
-        cflags           => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe",
-        thread_cflag     => "(unknown)",
-    },
-    "debug-ben-openbsd-debug" => {
-        cc               => "gcc",
-        cflags           => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe",
-        thread_cflag     => "(unknown)",
-    },
-    "debug-ben-debug" => {
-        cc               => "gcc",
-        cflags           => "$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe",
-        thread_cflag     => "(unknown)",
-    },
-    "debug-ben-debug-64" => {
-        inherit_from     => [ "x86_64_asm" ],
-        cc               => "gcc",
-        cflags           => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
-        thread_cflag     => "${BSDthreads}",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
-        perlasm_scheme   => "elf",
-        dso_scheme       => "dlfcn",
-        shared_target    => "bsd-gcc-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "debug-ben-debug-64-clang" => {
-        inherit_from     => [ "x86_64_asm" ],
-        cc               => "clang",
-        cflags           => "$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
-        thread_cflag     => "${BSDthreads}",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
-        perlasm_scheme   => "elf",
-        dso_scheme       => "dlfcn",
-        shared_target    => "bsd-gcc-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "debug-ben-debug-64-noopt" => {
-        inherit_from     => [ "x86_64_asm" ],
-        cc               => "gcc",
-        cflags           => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe",
-        thread_cflag     => "${BSDthreads}",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
-        perlasm_scheme   => "elf",
-        dso_scheme       => "dlfcn",
-        shared_target    => "bsd-gcc-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "debug-ben-macos" => {
-        cc               => "cc",
-        cflags           => "$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe",
-        thread_cflag     => "(unknown)",
-    },
-    "debug-ben-no-opt" => {
-        cc               => "gcc",
-        cflags           => " -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -Werror -DL_ENDIAN -Wall -g3",
-        thread_cflag     => "(unknown)",
-    },
-    "debug-ben-strict" => {
-        cc               => "gcc",
-        cflags           => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe",
-        thread_cflag     => "(unknown)",
-    },
-    "debug-ben-darwin64" => {
-        inherit_from     => [ "x86_64_asm" ],
-        cc               => "cc",
-        cflags           => "$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall",
-        thread_cflag     => "-D_REENTRANT",
-        sys_id           => "MACOSX",
-        lflags           => "-Wl,-search_paths_first%",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
-        perlasm_scheme   => "macosx",
-        dso_scheme       => "dlfcn",
-        shared_target    => "darwin-shared",
-        shared_cflag     => "-fPIC -fno-common",
-        shared_ldflag    => "-arch x86_64 -dynamiclib",
-        shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-    },
-);

Configurations/99-personal-bodo.conf

@@ -1,24 +0,0 @@
-## -*- mode: perl; -*-
-## Personal configuration targets
-##
-## If you edit this file, run this command before committing
-##	make -f Makefile.in TABLE
-## This file is interpolated by the Configure script.
-
-%targets = (
-    "debug-bodo" => {
-        inherit_from     => [ "x86_64_asm" ],
-        cc               => "gcc",
-        cflags           => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
-        perlasm_scheme   => "elf",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_ldflag    => "-m64",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-        multilib         => "64",
-    },
-);

Configurations/99-personal-geoff.conf

@@ -1,33 +0,0 @@
-## -*- mode: perl; -*-
-## Personal configuration targets
-##
-## If you edit this file, run this command before committing
-##	make -f Makefile.in TABLE
-## This file is interpolated by the Configure script.
-
-%targets = (
-    "debug-geoff32" => {
-        inherit_from     => [ "no_asm_filler" ],
-        cc               => "gcc",
-        cflags           => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "BN_LLONG",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "debug-geoff64" => {
-        inherit_from     => [ "no_asm_filler" ],
-        cc               => "gcc",
-        cflags           => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-);

Configurations/99-personal-levitte.conf

@@ -1,60 +0,0 @@
-## -*- mode: perl; -*-
-## Personal configuration targets
-##
-## If you edit this file, run this command before committing
-##	make -f Makefile.in TABLE
-## This file is interpolated by the Configure script.
-
-%targets = (
-    "levitte-linux-elf" => {
-        inherit_from     => [ "x86_elf_asm" ],
-        cc               => "gcc",
-        cflags           => "-DL_ENDIAN -Wall",
-        debug_cflags     => "-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -ggdb -g3",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "debug-levitte-linux-noasm" => {
-        inherit_from     => [ "no_asm_filler" ],
-        cc               => "gcc",
-        cflags           => "-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "debug-levitte-linux-elf-extreme" => {
-        inherit_from     => [ "x86_elf_asm" ],
-        cc               => "gcc",
-        cflags           => "-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT",
-        perlasm_scheme   => "elf",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "debug-levitte-linux-noasm-extreme" => {
-        inherit_from     => [ "no_asm_filler" ],
-        cc               => "gcc",
-        cflags           => "-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT",
-        perlasm_scheme   => "void",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-);

Configurations/99-personal-rse.conf

@@ -1,16 +0,0 @@
-## -*- mode: perl; -*-
-## Personal configuration targets
-##
-## If you edit this file, run this command before committing
-##	make -f Makefile.in TABLE
-## This file is interpolated by the Configure script.
-
-%targets = (
-    "debug-rse" => {
-        inherit_from     => [ "x86_elf_asm" ],
-        cc               => "cc",
-        cflags           => "-DL_ENDIAN -pipe -O -g -ggdb3 -Wall",
-        thread_cflag     => "(unknown)",
-        bn_ops           => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
-    },
-);

Configurations/99-personal-steve.conf

@@ -1,50 +0,0 @@
-## -*- mode: perl; -*-
-## Personal configuration targets
-##
-## If you edit this file, run this command before committing
-##	make -f Makefile.in TABLE
-## This file is interpolated by the Configure script.
-
-%targets = (
-    "debug-steve64" => {
-        inherit_from     => [ "x86_64_asm" ],
-        cc               => "gcc",
-        cflags           => "$gcc_devteam_warn -pthread -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -g",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
-        perlasm_scheme   => "elf",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_ldflag    => "-m64",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "debug-steve32" => {
-        inherit_from     => [ "x86_elf_asm" ],
-        cc               => "gcc",
-        cflags           => "$gcc_devteam_warn -pthread -m32 -DL_ENDIAN -DCONF_DEBUG -g",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-rdynamic -ldl",
-        bn_ops           => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_ldflag    => "-m32",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-    "debug-steve-opt" => {
-        inherit_from     => [ "x86_64_asm" ],
-        cc               => "gcc",
-        cflags           => "$gcc_devteam_warn -pthread -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -g",
-        thread_cflag     => "-D_REENTRANT",
-        lflags           => "-ldl",
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL",
-        perlasm_scheme   => "elf",
-        dso_scheme       => "dlfcn",
-        shared_target    => "linux-shared",
-        shared_cflag     => "-fPIC",
-        shared_ldflag    => "-m64",
-        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-    },
-);

FAQ

@@ -1,2 +0,0 @@
-The FAQ is now maintained on the web:
-        https://www.openssl.org/docs/faq.html

GitConfigure

@@ -1,10 +0,0 @@
-#!/bin/sh
-
-BRANCH=`git rev-parse --abbrev-ref HEAD`
-
-./Configure $@
-make files
-util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH
-MAKE=make
-which bsdmake > /dev/null && MAKE=bsdmake
-$MAKE -f makefile.$BRANCH init

GitMake

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-BRANCH=`git rev-parse --abbrev-ref HEAD`
-
-MAKE=make
-which bsdmake > /dev/null && MAKE=bsdmake
-$MAKE -f makefile.$BRANCH $@

HISTORY

@@ -0,0 +1,316 @@
+16-Mar-98
+	- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
+	- Lots and lots of changes
+
+29-Jan-98
+	- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
+	  Goetz Babin-Ebell <babinebell@trustcenter.de>.
+	- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
+	  TLS1_VERSION.
+
+7-Jan-98
+	- Finally reworked the cipher string to ciphers again, so it
+	  works correctly
+	- All the app_data stuff is now ex_data with funcion calls to access.
+	  The index is supplied by a function and 'methods' can be setup
+	  for the types that are called on XXX_new/XXX_free.  This lets
+	  applications get notified on creation and destruction.  Some of
+	  the RSA methods could be implemented this way and I may do so.
+	- Oh yes, SSL under perl5 is working at the basic level.
+
+15-Dec-97
+	- Warning - the gethostbyname cache is not fully thread safe,
+	  but it should work well enough.
+	- Major internal reworking of the app_data stuff.  More functions
+	  but if you were accessing ->app_data directly, things will
+	  stop working.
+	- The perlv5 stuff is working.  Currently on message digests,
+	  ciphers and the bignum library.
+
+9-Dec-97
+	- Modified re-negotiation so that server initated re-neg
+	  will cause a SSL_read() to return -1 should retry.
+	  The danger otherwise was that the server and the
+	  client could end up both trying to read when using non-blocking
+	  sockets.
+
+4-Dec-97
+	- Lots of small changes
+	- Fix for binaray mode in Windows for the FILE BIO, thanks to
+	  Bob Denny <rdenny@dc3.com>
+
+17-Nov-97
+	- Quite a few internal cleanups, (removal of errno, and using macros
+	  defined in e_os.h).
+	- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
+	  the automactic naming out output files was being stuffed up.
+
+29-Oct-97
+	- The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
+	  for x86.
+
+21-Oct-97
+	- Fixed a bug in the BIO_gethostbyname() cache.
+
+15-Oct-97
+	- cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
+	  has also been improved.  At this point in time, on the pentium,
+	  md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
+	  des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
+	  is %62 faster.
+
+12-Oct-97
+	- MEM_BUF_grow() has been fixed so that it always sets the buf->length
+	  to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
+	  way to set the length value correctly.
+
+10-Oct-97
+	- I now hash for certificate lookup on the raw DER encoded RDN (md5).
+	  This breaks things again :-(.  This is efficent since I cache
+	  the DER encoding of the RDN.
+	- The text DN now puts in the numeric OID instead of UNKNOWN.
+	- req can now process arbitary OIDs in the config file.
+	- I've been implementing md5 in x86 asm, much faster :-).
+	- Started sha1 in x86 asm, needs more work.
+	- Quite a few speedups in the BN stuff.  RSA public operation
+	  has been made faster by caching the BN_MONT_CTX structure.
+	  The calulating of the Ai where A*Ai === 1 mod m was rather
+	  expensive.  Basically a 40-50% speedup on public operations.
+	  The RSA speedup is now 15% on pentiums and %20 on pentium
+	  pro.
+
+30-Sep-97
+	- After doing some profiling, I added x86 adm for bn_add_words(),
+	  which just adds 2 arrays of longs together.  A %10 speedup
+	  for 512 and 1024 bit RSA on the pentium pro.
+
+29-Sep-97
+	- Converted the x86 bignum assembler to us the perl scripts
+	  for generation.
+
+23-Sep-97
+	- If SSL_set_session() is passed a NULL session, it now clears the
+	  current session-id.
+
+22-Sep-97
+	- Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
+	  certificates.
+	- Bug in crypto/evp/encode.c where by decoding of 65 base64
+	  encoded lines, one line at a time (via a memory BIO) would report
+	  EOF after the first line was decoded.
+	- Fix in X509_find_by_issuer_and_serial() from
+	  Dr Stephen Henson <shenson@bigfoot.com>
+
+19-Sep-97
+	- NO_FP_API and NO_STDIO added.
+	- Put in sh config command.  It auto runs Configure with the correct
+	  parameters.
+
+18-Sep-97
+	- Fix x509.c so if a DSA cert has different parameters to its parent,
+	  they are left in place.  Not tested yet.
+
+16-Sep-97
+	- ssl_create_cipher_list() had some bugs, fixes from
+	  Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
+	- Fixed a bug in the Base64 BIO, where it would return 1 instead
+	  of -1 when end of input was encountered but should retry.
+	  Basically a Base64/Memory BIO interaction problem.
+	- Added a HMAC set of functions in preporarion for TLS work.
+
+15-Sep-97
+	- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
+	- Prime generation spead up %25 (512 bit prime, pentium pro linux)
+	  by using montgomery multiplication in the prime number test.
+
+11-Sep-97
+	- Ugly bug in ssl3_write_bytes().  Basically if application land
+	  does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
+	  did not check the size and tried to copy the entire buffer.
+	  This would tend to cause memory overwrites since SSLv3 has
+	  a maximum packet size of 16k.  If your program uses
+	  buffers <= 16k, you would probably never see this problem.
+	- Fixed a new errors that were cause by malloc() not returning
+	  0 initialised memory..
+	- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
+	  SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
+	  since this flags stops SSLeay being able to handle client
+	  cert requests correctly.
+
+08-Sep-97
+	- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
+	  on, the SSL server routines will not use a SSL_SESSION that is
+	  held in it's cache.  This in intended to be used with the session-id
+	  callbacks so that while the session-ids are still stored in the
+	  cache, the decision to use them and how to look them up can be
+	  done by the callbacks.  The are the 'new', 'get' and 'remove'
+	  callbacks.  This can be used to determine the session-id
+	  to use depending on information like which port/host the connection
+	  is coming from.  Since the are also SSL_SESSION_set_app_data() and
+	  SSL_SESSION_get_app_data() functions, the application can hold
+	  information against the session-id as well.
+
+03-Sep-97
+	- Added lookup of CRLs to the by_dir method,
+	  X509_load_crl_file() also added.  Basically it means you can
+	  lookup CRLs via the same system used to lookup certificates.
+	- Changed things so that the X509_NAME structure can contain
+	  ASN.1 BIT_STRINGS which is required for the unique
+	  identifier OID.
+	- Fixed some problems with the auto flushing of the session-id
+	  cache.  It was not occuring on the server side.
+
+02-Sep-97
+	- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
+	  which is the maximum number of entries allowed in the
+	  session-id cache.  This is enforced with a simple FIFO list.
+	  The default size is 20*1024 entries which is rather large :-).
+	  The Timeout code is still always operating.
+
+01-Sep-97
+	- Added an argument to all the 'generate private key/prime`
+	  callbacks.  It is the last parameter so this should not
+	  break existing code but it is needed for C++.
+	- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
+	  BIO.  This lets the BIO read and write base64 encoded data
+	  without inserting or looking for '\n' characters.  The '-A'
+	  flag turns this on when using apps/enc.c.
+	- RSA_NO_PADDING added to help BSAFE functionality.  This is a
+	  very dangerous thing to use, since RSA private key
+	  operations without random padding bytes (as PKCS#1 adds) can
+	  be attacked such that the private key can be revealed.
+	- ASN.1 bug and rc2-40-cbc and rc4-40 added by
+	  Dr Stephen Henson <shenson@bigfoot.com>
+
+31-Aug-97 (stuff added while I was away)	
+	- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
+	- RSA_flags() added allowing bypass of pub/priv match check
+	  in ssl/ssl_rsa.c - Tim Hudson.
+	- A few minor bugs.
+
+SSLeay 0.8.1 released.
+
+19-Jul-97
+	- Server side initated dynamic renegotiation is broken.  I will fix
+	  it when I get back from holidays.
+
+15-Jul-97
+	- Quite a few small changes.
+	- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
+
+09-Jul-97
+	- Added 2 new values to the SSL info callback.
+	  SSL_CB_START which is passed when the SSL protocol is started
+	  and SSL_CB_DONE when it has finished sucsessfully.
+
+08-Jul-97
+	- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
+	  that related to DSA public/private keys.
+	- Added all the relevent PEM and normal IO functions to support
+	  reading and writing RSAPublic keys.
+	- Changed makefiles to use ${AR} instead of 'ar r'
+
+07-Jul-97
+	- Error in ERR_remove_state() that would leave a dangling reference
+	  to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
+	- s_client now prints the X509_NAMEs passed from the server
+	  when requesting a client cert.
+	- Added a ssl->type, which is one of SSL_ST_CONNECT or
+	  SSL_ST_ACCEPT.  I had to add it so I could tell if I was
+	  a connect or an accept after the handshake had finished.
+	- SSL_get_client_CA_list(SSL *s) now returns the CA names
+	  passed by the server if called by a client side SSL.
+
+05-Jul-97
+	- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
+	  0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
+
+04-Jul-97
+	- Fixed some things in X509_NAME_add_entry(), thanks to
+	  Matthew Donald <matthew@world.net>.
+	- I had a look at the cipher section and though that it was a
+	  bit confused, so I've changed it.
+	- I was not setting up the RC4-64-MD5 cipher correctly.  It is
+	  a MS special that appears in exported MS Money.
+	- Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
+	  spec.  I was missing the two byte length header for the
+	  ClientDiffieHellmanPublic value.  This is a packet sent from
+	  the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+	  option will enable SSLeay server side SSLv3 accept either
+	  the correct or my 080 packet format.
+	- Fixed a few typos in crypto/pem.org.
+
+02-Jul-97
+	- Alias mapping for EVP_get_(digest|cipher)byname is now
+	  performed before a lookup for actual cipher.  This means
+	  that an alias can be used to 're-direct' a cipher or a
+	  digest.
+	- ASN1_read_bio() had a bug that only showed up when using a
+	  memory BIO.  When EOF is reached in the memory BIO, it is
+	  reported as a -1 with BIO_should_retry() set to true.
+
+01-Jul-97
+	- Fixed an error in X509_verify_cert() caused by my
+	  miss-understanding how 'do { contine } while(0);' works.
+	  Thanks to Emil Sit <sit@mit.edu> for educating me :-)
+
+30-Jun-97
+	- Base64 decoding error.  If the last data line did not end with
+	  a '=', sometimes extra data would be returned.
+	- Another 'cut and paste' bug in x509.c related to setting up the
+	  STDout BIO.
+
+27-Jun-97
+	- apps/ciphers.c was not printing due to an editing error.
+	- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
+	  a library build error in util/mk1mf.pl
+
+26-Jun-97
+	- Still did not have the auto 'experimental' code removal
+	  script correct.
+	- A few header tweaks for Watcom 11.0 under Win32 from
+	  Rolf Lindemann <Lindemann@maz-hh.de>
+	- 0 length OCTET_STRING bug in asn1_parse
+	- A minor fix with an non-existent function in the MS .def files.
+	- A few changes to the PKCS7 stuff.
+
+25-Jun-97
+	SSLeay 0.8.0 finally it gets released.
+
+24-Jun-97
+	Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
+	use a temporary RSA key.  This is experimental and needs some more work.
+	Fixed a few Win16 build problems.
+
+23-Jun-97
+	SSLv3 bug. I was not doing the 'lookup' of the CERT structure
+	correctly. I was taking the SSL->ctx->default_cert when I should
+	have been using SSL->cert. The bug was in ssl/s3_srvr.c
+
+20-Jun-97
+	X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
+	rest of the library. Even though I had the code required to do
+	it correctly, apps/req.c was doing the wrong thing.  I have fixed
+	and tested everything.
+
+	Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
+
+19-Jun-97
+	Fixed a bug in the SSLv2 server side first packet handling. When
+	using the non-blocking test BIO, the ssl->s2->first_packet flag
+	was being reset when a would-block failure occurred when reading
+	the first 5 bytes of the first packet. This caused the checking
+	logic to run at the wrong time and cause an error.
+
+	Fixed a problem with specifying cipher. If RC4-MD5 were used,
+	only the SSLv3 version would be picked up.  Now this will pick
+	up both SSLv2 and SSLv3 versions. This required changing the
+	SSL_CIPHER->mask values so that they only mask the ciphers,
+	digests, authentication, export type and key-exchange algorithms.
+
+	I found that when a SSLv23 session is established, a reused
+	session, of type SSLv3 was attempting to write the SSLv2 
+	ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
+	method has been modified so it will only write out cipher which
+	that method knows about.  
+

HISTORY.066

@@ -0,0 +1,443 @@
+SSLeay 0.6.5
+
+After quite some time (3 months), the new release.  I have been very busy
+for the last few months and so this is mostly bug fixes and improvments.
+
+The main additions are
+
+- assember for x86 DES.  For all those gcc based systems, this is a big
+  improvement.  From 117,000 DES operation a second on a pentium 100,
+  I now get 191,000.  I have also reworked the C version so it
+  now gives 148,000 DESs per second.  
+- As mentioned above, the inner DES macros now have some more variant that
+  sometimes help, sometimes hinder performance.  There are now 3 options
+  DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
+  and DES_RISC (a more register intensive version of the inner macro).
+  The crypto/des/des_opts.c program, when compiled and run, will give
+  an indication of the correct options to use.
+- The BIO stuff has been improved.  Read doc/bio.doc.  There are now
+  modules for encryption and base64 encoding and a BIO_printf() function.
+- The CA program will accept simple one line X509v3 extensions in the
+  ssleay.cnf file.  Have a look at the example.  Currently this just
+  puts the text into the certificate as an OCTET_STRING so currently
+  the more advanced X509v3 data types are not handled but this is enough
+  for the netscape extensions.
+- There is the start of a nicer higher level interface to the X509
+  strucutre.
+- Quite a lot of bug fixes.
+- CRYPTO_malloc_init()  (or CRYPTO_set_mem_functions()) can be used
+  to define the malloc(), free() and realloc() routines to use
+  (look in crypto/crypto.h).  This is mostly needed for Windows NT/95 when
+  using DLLs and mixing CRT libraries.
+
+In general, read the 'VERSION' file for changes and be aware that some of
+the new stuff may not have been tested quite enough yet, so don't just plonk
+in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
+
+SSLeay 0.6.4 30/08/96 eay
+
+I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
+Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
+
+The main changes in this release
+
+- Thread safe.  have a read of doc/threads.doc and play in the mt directory.
+  For anyone using 0.6.3 with threads, I found 2 major errors so consider
+  moving to 0.6.4.  I have a test program that builds under NT and
+  solaris.
+- The get session-id callback has changed.  Have a read of doc/callback.doc.
+- The X509_cert_verify callback (the SSL_verify callback) now
+  has another argument.  Have a read of doc/callback.doc
+- 'ca -preserve', sign without re-ordering the DN.  Not tested much.
+- VMS support.
+- Compile time memory leak detection can now be built into SSLeay.
+  Read doc/memory.doc
+- CONF routines now understand '\', '\n', '\r' etc.  What this means is that
+  the  SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
+- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
+- RC2 key setup is now compatable with Netscape.
+- Modifed server side of SSL implementation, big performance difference when
+	  using session-id reuse.
+
+0.6.3
+
+Bug fixes and the addition of some nice stuff to the 'ca' program.
+Have a read of doc/ns-ca.doc for how hit has been modified so
+it can be driven from a CGI script.  The CGI script is not provided,
+but that is just being left as an excersize for the reader :-).
+
+0.6.2
+
+This is most bug fixes and functionality improvements.
+
+Additions are
+- More thread debugging patches, the thread stuff is still being
+  tested, but for those keep to play with stuff, have a look in
+  crypto/cryptlib.c.  The application needs to define 1 (or optionaly
+  a second) callback that is used to implement locking.  Compiling
+  with LOCK_DEBUG spits out lots of locking crud :-).
+  This is what I'm currently working on.
+- SSL_CTX_set_default_passwd_cb() can be used to define the callback
+  function used in the SSL*_file() functions used to load keys.  I was
+  always of the opinion that people should call
+  PEM_read_RSAPrivateKey() and pass the callback they want to use, but
+  it appears they just want to use the SSL_*_file() function() :-(.
+- 'enc' now has a -kfile so a key can be read from a file.  This is
+  mostly used so that the passwd does not appear when using 'ps',
+  which appears imposible to stop under solaris.
+- X509v3 certificates now work correctly.  I even have more examples
+  in my tests :-).  There is now a X509_EXTENSION type that is used in
+  X509v3 certificates and CRLv2.
+- Fixed that signature type error :-(
+- Fixed quite a few potential memory leaks and problems when reusing
+  X509, CRL and REQ structures.
+- EVP_set_pw_prompt() now sets the library wide default password
+  prompt.
+- The 'pkcs7' command will now, given the -print_certs flag, output in
+  pem format, all certificates and CRL contained within.  This is more
+  of a pre-emtive thing for the new verisign distribution method.  I
+  should also note, that this also gives and example in code, of how
+  to do this :-), or for that matter, what is involved in going the
+  other way (list of certs and crl -> pkcs7).
+- Added RSA's DESX to the DES library.  It is also available via the
+  EVP_desx_cbc() method and via 'enc desx'. 
+
+SSLeay 0.6.1
+
+The main functional changes since 0.6.0 are as follows
+- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
+  that from now on, I'll keep the .def numbers the same so they will be.
+- RSA private key operations are about 2 times faster that 0.6.0
+- The SSL_CTX now has more fields so default values can be put against
+  it.  When an SSL structure is created, these default values are used
+  but can be overwritten.  There are defaults for cipher, certificate,
+  private key, verify mode and callback.  This means SSL session
+  creation can now be
+  ssl=SSL_new()
+  SSL_set_fd(ssl,sock);
+  SSL_accept(ssl)
+  ....
+  All the other uglyness with having to keep a global copy of the
+  private key and certificate/verify mode in the server is now gone.
+- ssl/ssltest.c - one process talking SSL to its self for testing.
+- Storage of Session-id's can be controled via a session_cache_mode
+  flag.  There is also now an automatic default flushing of 
+  old session-id's.
+- The X509_cert_verify() function now has another parameter, this
+  should not effect most people but it now means that the reason for
+  the failure to verify is now available via SSL_get_verify_result(ssl).
+  You don't have to use a global variable.
+- SSL_get_app_data() and SSL_set_app_data() can be used to keep some
+  application data against the SSL structure.  It is upto the application
+  to free the data.  I don't use it, but it is available.
+- SSL_CTX_set_cert_verify_callback() can be used to specify a
+  verify callback function that completly replaces my certificate
+  verification code.  Xcert should be able to use this :-).
+  The callback is of the form int app_verify_callback(arg,ssl,cert).
+  This needs to be documented more.
+- I have started playing with shared library builds, have a look in
+  the shlib directory.  It is very simple.  If you need a numbered
+  list of functions, have a look at misc/crypto.num and misc/ssl.num.
+- There is some stuff to do locking to make the library thread safe.
+  I have only started this stuff and have not finished.  If anyone is
+  keen to do so, please send me the patches when finished.
+
+So I have finally made most of the additions to the SSL interface that
+I thought were needed.
+
+There will probably be a pause before I make any non-bug/documentation
+related changes to SSLeay since I'm feeling like a bit of a break.
+
+eric - 12 Jul 1996
+I saw recently a comment by some-one that we now seem to be entering
+the age of perpetual Beta software.
+Pioneered by packages like linux but refined to an art form by
+netscape.
+
+I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
+
+There are quite a large number of sections that are 'works in
+progress' in this package.  I will also list the major changes and
+what files you should read.
+
+BIO - this is the new IO structure being used everywhere in SSLeay.  I
+started out developing this because of microsoft, I wanted a mechanism
+to callback to the application for all IO, so Windows 3.1 DLL
+perversion could be hidden from me and the 15 different ways to write
+to a file under NT would also not be dictated by me at library build
+time.  What the 'package' is is an API for a data structure containing
+functions.  IO interfaces can be written to conform to the
+specification.  This in not intended to hide the underlying data type
+from the application, but to hide it from SSLeay :-).
+I have only really finished testing the FILE * and socket/fd modules.
+There are also 'filter' BIO's.  Currently I have only implemented
+message digests, and it is in use in the dgst application.  This
+functionality will allow base64/encrypto/buffering modules to be
+'push' into a BIO without it affecting the semantics.  I'm also
+working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
+from an event loop which uses the interface.
+It is also possible to 'attach' callbacks to a BIO so they get called
+before and after each operation, alowing extensive debug output
+to be generated (try running dgst with -d).
+
+Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
+functions that used to take FILE *, now take BIO *.
+The wrappers are easy to write
+
+function_fp(fp,x)
+FILE *fp;
+	{
+	BIO *b;
+	int ret;
+
+	if ((b=BIO_new(BIO_s_file())) == NULL) error.....
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=function_bio(b,x);
+	BIO_free(b);
+	return(ret);
+	}
+Remember, there are no functions that take FILE * in SSLeay when
+compiled for Windows 3.1 DLL's.
+
+--
+I have added a general EVP_PKEY type that can hold a public/private
+key.  This is now what is used by the EVP_ functions and is passed
+around internally.  I still have not done the PKCS#8 stuff, but
+X509_PKEY is defined and waiting :-)
+
+--
+For a full function name listings, have a look at ms/crypt32.def and
+ms/ssl32.def.  These are auto-generated but are complete.
+Things like ASN1_INTEGER_get() have been added and are in here if you
+look.  I have renamed a few things, again, have a look through the
+function list and you will probably find what you are after.  I intend
+to at least put a one line descrition for each one.....
+
+--
+Microsoft - thats what this release is about, read the MICROSOFT file.
+
+--
+Multi-threading support.  I have started hunting through the code and
+flaging where things need to be done.  In a state of work but high on
+the list.
+
+--
+For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
+be be you random data device, otherwise 'RFILE' in e_os.h
+will be used, in your home directory.  It will be updated
+periodically.  The environment variable RANDFILE will override this
+choice and read/write to that file instead.  DEVRANDOM is used in
+conjunction to the RFILE/RANDFILE.  If you wish to 'seed' the random
+number generator, pick on one of these files.
+
+--
+
+The list of things to read and do
+
+dgst -d
+s_client -state (this uses a callback placed in the SSL state loop and
+		will be used else-where to help debug/monitor what
+		is happening.)
+
+doc/why.doc
+doc/bio.doc <- hmmm, needs lots of work.
+doc/bss_file.doc <- one that is working :-)
+doc/session.doc <- it has changed
+doc/speed.doc
+ also play with ssleay version -a.  I have now added a SSLeay()
+ function that returns a version number, eg 0600 for this release
+ which is primarily to be used to check DLL version against the
+ application.
+util/*  Quite a few will not interest people, but some may, like
+ mk1mf.pl, mkdef.pl,
+util/do_ms.sh
+
+try
+cc -Iinclude -Icrypto -c crypto/crypto.c
+cc -Iinclude -Issl -c ssl/ssl.c
+You have just built the SSLeay libraries as 2 object files :-)
+
+Have a general rummage around in the bin stall directory and look at
+what is in there, like CA.sh and c_rehash
+
+There are lots more things but it is 12:30am on a Friday night and I'm
+heading home :-).
+
+eric 22-Jun-1996
+This version has quite a few major bug fixes and improvements.  It DOES NOT
+do SSLv3 yet.
+
+The main things changed
+- A Few days ago I added the s_mult application to ssleay which is
+  a demo of an SSL server running in an event loop type thing.
+  It supports non-blocking IO, I have finally gotten it right, SSL_accept()
+  can operate in non-blocking IO mode, look at the code to see how :-).
+  Have a read of doc/s_mult as well.  This program leaks memory and
+  file descriptors everywhere but I have not cleaned it up yet.
+  This is a demo of how to do non-blocking IO.
+- The SSL session management has been 'worked over' and there is now
+  quite an expansive set of functions to manipulate them.  Have a read of
+  doc/session.doc for some-things I quickly whipped up about how it now works.
+  This assume you know the SSLv2 protocol :-)
+- I can now read/write the netscape certificate format, use the
+  -inform/-outform  'net' options to the x509 command.  I have not put support
+  for this type in the other demo programs, but it would be easy to add.
+- asn1parse and 'enc' have been modified so that when reading base64
+  encoded files (pem format), they do not require '-----BEGIN' header lines.
+  The 'enc' program had a buffering bug fixed, it can be used as a general
+  base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
+  respecivly.  Leaving out the '-a' flag in this case makes the 'enc' command
+  into a form of 'cat'.
+- The 'x509' and 'req' programs have been fixed and modified a little so
+  that they generate self-signed certificates correctly.  The test
+  script actually generates a 'CA' certificate and then 'signs' a
+  'user' certificate.  Have a look at this shell script (test/sstest)
+  to see how things work, it tests most possible combinations of what can
+  be done.
+- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
+  of SSL_set_cipher_list() is now the correct API (stops confusion :-).
+  If this function is used in the client, only the specified ciphers can
+  be used, with preference given to the order the ciphers were listed.
+  For the server, if this is used, only the specified ciphers will be used
+  to accept connections.  If this 'option' is not used, a default set of
+  ciphers will be used.  The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
+  list for all ciphers started against the SSL_CTX.  So the order is
+  SSL cipher_list, if not present, SSL_CTX cipher list, if not
+  present, then the library default.
+  What this means is that normally ciphers like
+  NULL-MD5 will never be used.  The only way this cipher can be used
+  for both ends to specify to use it.
+  To enable or disable ciphers in the library at build time, modify the
+  first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
+  This file also contains the 'pref_cipher' list which is the default
+  cipher preference order.
+- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
+  options work.  They should, and they enable loading and writing the
+  netscape rsa private key format.  I will be re-working this section of
+  SSLeay for the next version.  What is currently in place is a quick and
+  dirty hack.
+- I've re-written parts of the bignum library.  This gives speedups
+  for all platforms.  I now provide assembler for use under Windows NT.
+  I have not tested the Windows 3.1 assembler but it is quite simple code.
+  This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
+  and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
+  Basically the times available under linux/solaris x86 can be achieve under
+  Windows NT.  I still don't know how these times compare to RSA's BSAFE
+  library but I have been emailing with people and with their help, I should
+  be able to get my library's quite a bit faster still (more algorithm changes).
+  The object file crypto/bn/asm/x86-32.obj should be used when linking
+  under NT.
+- 'make makefile.one' in the top directory will generate a single makefile
+  called 'makefile.one'  This makefile contains no perl references and
+  will build the SSLeay library into the 'tmp' and 'out' directories.
+  util/mk1mf.pl >makefile.one is how this makefile is
+  generated.  The mk1mf.pl command take several option to generate the
+  makefile for use with cc, gcc, Visual C++ and Borland C++.  This is
+  still under development.  I have only build .lib's for NT and MSDOS
+  I will be working on this more.  I still need to play with the
+  correct compiler setups for these compilers and add some more stuff but
+  basically if you just want to compile the library
+  on a 'non-unix' platform, this is a very very good file to start with :-).
+  Have a look in the 'microsoft' directory for my current makefiles.
+  I have not yet modified things to link with sockets under Windows NT.
+  You guys should be able to do this since this is actually outside of the
+  SSLeay scope :-).  I will be doing it for myself soon.
+  util/mk1mf.pl takes quite a few options including no-rc, rsaref  and no-sock
+  to build without RC2/RC4, to require RSAref for linking, and to
+  build with no socket code.
+
+- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
+  that was posted to sci.crypt has been added to the library and SSL.
+  I take the view that if RC2 is going to be included in a standard,
+  I'll include the cipher to make my package complete.
+  There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
+  at compile time.  I have not tested this recently but it should all work
+  and if you are in the USA and don't want RSA threatening to sue you,
+  you could probably remove the RC4/RC2 code inside these sections.
+  I may in the future include a perl script that does this code
+  removal automatically for those in the USA :-).
+- I have removed all references to sed in the makefiles.  So basically,
+  the development environment requires perl and sh.  The build environment
+  does not (use the makefile.one makefile).
+  The Configure script still requires perl, this will probably stay that way
+  since I have perl for Windows NT :-).
+
+eric (03-May-1996)
+
+PS Have a look in the VERSION file for more details on the changes and
+   bug fixes.
+I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
+things up.  This version will be quite stable, mostly because I'm on
+holidays until 10-March-1996.  For any problems in the interum, send email
+to Tim Hudson <tjh@mincom.oz.au>.
+
+SSLeay 0.5.0
+
+12-12-95
+This is going out before it should really be released.
+
+I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
+this for 11 weeks or get things out.  It is still going to change a
+lot in the next week so if you do grab this version, please test and
+give me feed back ASAP, inculuding questions on how to do things with
+the library.  This will prompt me to write documentation so I don't
+have to answer the same question again :-).
+
+This 'pre' release version is for people who are interested in the
+library.  The applications will have to be changed to use
+the new version of the SSL interface.  I intend to finish more
+documentation before I leave but until then, look at the programs in
+the apps directory.  As far as code goes, it is much much nicer than
+the old version.
+
+The current library works, has no memory leaks (as far as I can tell)
+and is far more bug free that 0.4.5d.  There are no global variable of
+consequence (I believe) and I will produce some documentation that
+tell where to look for those people that do want to do multi-threaded
+stuff.
+
+There should be more documentation.  Have a look in the
+doc directory.  I'll be adding more before I leave, it is a start
+by mostly documents the crypto library.  Tim Hudson will update
+the web page ASAP.  The spelling and grammar are crap but
+it is better than nothing :-)
+
+Reasons to start playing with version 0.5.0
+- All the programs in the apps directory build into one ssleay binary.
+- There is a new version of the 'req' program that generates certificate
+  requests, there is even documentation for this one :-)
+- There is a demo certification authorithy program.  Currently it will
+  look at the simple database and update it.  It will generate CRL from
+  the data base.  You need to edit the database by hand to revoke a
+  certificate, it is my aim to use perl5/Tk but I don't have time to do
+  this right now.  It will generate the certificates but the management
+  scripts still need to be written.  This is not a hard task.
+- Things have been cleaned up alot.
+- Have a look at the enc and dgst programs in the apps directory.
+- It supports v3 of x509 certiticates.
+
+
+Major things missing.
+- I have been working on (and thinging about) the distributed x509
+  hierachy problem.  I have not had time to put my solution in place.
+  It will have to wait until I come back.
+- I have not put in CRL checking in the certificate verification but
+  it would not be hard to do.  I was waiting until I could generate my
+  own CRL (which has only been in the last week) and I don't have time
+  to put it in correctly.
+- Montgomery multiplication need to be implemented.  I know the
+  algorithm, just ran out of time.
+- PKCS#7.  I can load and write the DER version.  I need to re-work
+  things to support BER (if that means nothing, read the ASN1 spec :-).
+- Testing of the higher level digital envelope routines.  I have not
+  played with the *_seal() and *_open() type functions.  They are
+  written but need testing.  The *_sign() and *_verify() functions are
+  rock solid. 
+- PEM.  Doing this and PKCS#7 have been dependant on the distributed
+  x509 heirachy problem.  I started implementing my ideas, got
+  distracted writing a CA program and then ran out of time.  I provide
+  the functionality of RSAref at least.
+- Re work the asm. code for the x86.  I've changed by low level bignum
+  interface again, so I really need to tweak the x86 stuff.  gcc is
+  good enough for the other boxes.
+

HISTORY.090

@@ -0,0 +1,7 @@
+-	A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes
+	sent in the client random, thanks to 
+	Edward Bishop <ebishop@spyglass.com>
+-	Changed some BIGNUM api stuff.
+
+-	I Deleted the HISTORY.090 I was working on and when I found out, it was
+	permanently gone :-(

INSTALL

@@ -1,398 +1,133 @@
-
- INSTALLATION ON THE UNIX PLATFORM
- ---------------------------------
-
- [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
-  and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
-  INSTALL.MacOS and INSTALL.NW.
-  
-  This document describes installation on operating systems in the Unix
-  family.]
-
- To install OpenSSL, you will need:
-
-  * make
-  * Perl 5 with core modules (see 'Note on Perl' further down)
-  * an ANSI C compiler
-  * a development environment in form of development libraries and C
-    header files
-  * a supported Unix operating system
-
- Quick Start
- -----------
-
- If you want to just get on with it, do:
-
-  $ ./config
-  $ make
-  $ make test
-  $ make install
-
- [If any of these steps fails, see section Installation in Detail below.]
-
- This will build and install OpenSSL in the default location, which is (for
- historical reasons) /usr/local/ssl. If you want to install it anywhere else,
- run config like this:
-
-  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
-
-
- Configuration Options
- ---------------------
-
- There are several options to ./config (or ./Configure) to customize
- the build:
-
-  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
-	        Configuration files used by OpenSSL will be in DIR/ssl
-                or the directory specified by --openssldir.
-
-  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
-                the library files and binaries are also installed there.
-
-  no-threads    Don't try to build with support for multi-threaded
-                applications.
-
-  threads       Build with support for multi-threaded applications.
-                This will usually require additional system-dependent options!
-                See "Note on multi-threading" below.
-
-  no-zlib       Don't try to build with support for zlib compression and
-                decompression.
-
-  zlib          Build with support for zlib compression/decompression.
-
-  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically
-                when needed.  This is only supported on systems where loading
-                of shared libraries is supported.  This is the default choice.
-
-  no-shared     Don't try to create shared libraries.
-
-  shared        In addition to the usual static libraries, create shared
-                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.
-
-  no-asm        Do not use assembler code.
-
-  386           Use the 80386 instruction set only (the default x86 code is
-                more efficient, but requires at least a 486). Note: Use
-                compiler flags for any other CPU specific configuration,
-                e.g. "-m32" to build x86 code on an x64 system.
-
-  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extension is
-		detected at run-time, but the decision whether or not the
-		machine code will be executed is taken solely on CPU
-		capability vector. This means that if you happen to run OS
-		kernel which does not support SSE2 extension on Intel P4
-		processor, then your application might be exposed to
-		"illegal instruction" exception. There might be a way
-		to enable support in kernel, e.g. FreeBSD kernel can be
-		compiled with CPU_ENABLE_SSE, and there is a way to
-		disengage SSE2 code pathes upon application start-up,
-		but if you aim for wider "audience" running such kernel,
-		consider no-sse2. Both 386 and no-asm options above imply
-		no-sse2.
-
-  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
-                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
-                The crypto/<cipher> directory can be removed after running
-                "make depend".
-
-  -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
-                be passed through to the compiler to allow you to
-                define preprocessor symbols, specify additional libraries,
-                library directories or other compiler options.
-
-
- Installation in Detail
- ----------------------
-
- 1a. Configure OpenSSL for your operation system automatically:
-
-       $ ./config [options]
-
-     This guesses at your operating system (and compiler, if necessary) and
-     configures OpenSSL based on this guess. Run ./config -t to see
-     if it guessed correctly. If you want to use a different compiler, you
-     are cross-compiling for another platform, or the ./config guess was
-     wrong for other reasons, go to step 1b. Otherwise go to step 2.
-
-     On some systems, you can include debugging information as follows:
-
-       $ ./config -d [options]
-
- 1b. Configure OpenSSL for your operating system manually
-
-     OpenSSL knows about a range of different operating system, hardware and
-     compiler combinations. To see the ones it knows about, run
-
-       $ ./Configure
-
-     Pick a suitable name from the list that matches your system. For most
-     operating systems there is a choice between using "cc" or "gcc".  When
-     you have identified your system (and if necessary compiler) use this name
-     as the argument to ./Configure. For example, a "linux-elf" user would
-     run:
-
-       $ ./Configure linux-elf [options]
-
-     If your system is not available, you will have to edit the Configure
-     program and add the correct configuration for your system. The
-     generic configurations "cc" or "gcc" should usually work on 32 bit
-     systems.
-
-     Configure creates the file Makefile.ssl from Makefile.in and
-     defines various macros in crypto/opensslconf.h (generated from
-     crypto/opensslconf.h.in).
-
-  2. Build OpenSSL by running:
-
-       $ make
-
-     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
-     OpenSSL binary ("openssl"). The libraries will be built in the top-level
-     directory, and the binary will be in the "apps" directory.
-
-     If "make" fails, look at the output.  There may be reasons for
-     the failure that aren't problems in OpenSSL itself (like missing
-     standard headers).  If it is a problem with OpenSSL itself, please
-     report the problem to <openssl-bugs@openssl.org> (note that your
-     message will be recorded in the request tracker publicly readable
-     at https://www.openssl.org/community/index.html#bugs and will be
-     forwarded to a public mailing list). Include the output of "make
-     report" in your message.  Please check out the request tracker. Maybe
-     the bug was already reported or has already been fixed.
-
-     [If you encounter assembler error messages, try the "no-asm"
-     configuration option as an immediate fix.]
-
-     Compiling parts of OpenSSL with gcc and others with the system
-     compiler will result in unresolved symbols on some systems.
-
-  3. After a successful build, the libraries should be tested. Run:
-
-       $ make test
-
-     If some tests fail, look at the output.  There may be reasons for
-     the failure that isn't a problem in OpenSSL itself (like a
-     malfunction with Perl).  You may want increased verbosity, that
-     can be accomplished like this:
-
-       $ HARNESS_VERBOSE=yes make test
-
-     Also, you will find logs for all commands the tests have executed
-     in logs, test/test_*.log, one for each individual test.
-
-     If you want to run just one or a few specific tests, you can use
-     the make variable TESTS to specify them, like this:
-
-       $ make TESTS='test_rsa test_dsa' test
-
-     And of course, you can combine:
-       
-       $ HARNESS_VERBOSE=yes make TESTS='test_rsa test_dsa' test
-
-     You can find the list of available tests like this:
-
-       $ make list-tests
-
-     If you find a problem with OpenSSL itself, try removing any
-     compiler optimization flags from the CFLAG line in Makefile and
-     run "make clean; make".
-
-     Please send a bug report to <openssl-bugs@openssl.org>, and when
-     you do, please run the following and include the output in your
-     report:
-
-       $ make report
-
-  4. If everything tests ok, install OpenSSL with
-
-       $ make install
-
-     This will create the installation directory (if it does not exist) and
-     then the following subdirectories:
-
-       certs           Initially empty, this is the default location
-                       for certificate files.
-       man/man1        Manual pages for the 'openssl' command line tool
-       man/man3        Manual pages for the libraries (very incomplete)
-       misc            Various scripts.
-       private         Initially empty, this is the default location
-                       for private key files.
-
-     If you didn't choose a different installation prefix, the
-     following additional subdirectories will be created:
-
-       bin             Contains the openssl binary and a few other 
-                       utility programs. 
-       include/openssl Contains the header files needed if you want to
-                       compile programs with libcrypto or libssl.
-       lib             Contains the OpenSSL library files themselves.
-
-     Use "make install_sw" to install the software without documentation,
-     and "install_docs_html" to install HTML renditions of the manual
-     pages.
-
-     Package builders who want to configure the library for standard
-     locations, but have the package installed somewhere else so that
-     it can easily be packaged, can use
-
-       $ make INSTALL_PREFIX=/tmp/package-root install
-
-     (or specify "--install_prefix=/tmp/package-root" as a configure
-     option).  The specified prefix will be prepended to all
-     installation target filenames.
-
-
-  NOTE: The header files used to reside directly in the include
-  directory, but have now been moved to include/openssl so that
-  OpenSSL can co-exist with other libraries which use some of the
-  same filenames.  This means that applications that use OpenSSL
-  should now use C preprocessor directives of the form
-
-       #include <openssl/ssl.h>
-
-  instead of "#include <ssl.h>", which was used with library versions
-  up to OpenSSL 0.9.2b.
-
-  If you install a new version of OpenSSL over an old library version,
-  you should delete the old header files in the include directory.
-
-  Compatibility issues:
-
-  *  COMPILING existing applications
-
-     To compile an application that uses old filenames -- e.g.
-     "#include <ssl.h>" --, it will usually be enough to find
-     the CFLAGS definition in the application's Makefile and
-     add a C option such as
-
-          -I/usr/local/ssl/include/openssl
-
-     to it.
-
-     But don't delete the existing -I option that points to
-     the ..../include directory!  Otherwise, OpenSSL header files
-     could not #include each other.
-
-  *  WRITING applications
-
-     To write an application that is able to handle both the new
-     and the old directory layout, so that it can still be compiled
-     with library versions up to OpenSSL 0.9.2b without bothering
-     the user, you can proceed as follows:
-
-     -  Always use the new filename of OpenSSL header files,
-        e.g. #include <openssl/ssl.h>.
-
-     -  Create a directory "incl" that contains only a symbolic
-        link named "openssl", which points to the "include" directory
-        of OpenSSL.
-        For example, your application's Makefile might contain the
-        following rule, if OPENSSLDIR is a pathname (absolute or
-        relative) of the directory where OpenSSL resides:
-
-        incl/openssl:
-        	-mkdir incl
-        	cd $(OPENSSLDIR) # Check whether the directory really exists
-        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
-
-        You will have to add "incl/openssl" to the dependencies
-        of those C files that include some OpenSSL header file.
-
-     -  Add "-Iincl" to your CFLAGS.
-
-     With these additions, the OpenSSL header files will be available
-     under both name variants if an old library version is used:
-     Your application can reach them under names like <openssl/foo.h>,
-     while the header files still are able to #include each other
-     with names of the form <foo.h>.
-
-
- Note on Perl
- ------------
-
- For our scripts, we rely quite a bit on Perl, and increasingly on
- some core Perl modules.  These Perl modules are part of the Perl
- source, so if you build Perl on your own, you should be set.
-
- However, if you install Perl as binary packages, the outcome might
- differ, and you may have to check that you do get the core modules
- installed properly.  We do not claim to know them all, but experience
- has told us the following:
-
- - on Linux distributions based on Debian, the package 'perl' will
-   install the core Perl modules as well, so you will be fine.
- - on Linux distributions based on RPMs, you will need to install
-   'perl-core' rather than just 'perl'.
-
- It is highly recommended that you have at least Perl version 5.12
- installed.
-
- Note on multi-threading
- -----------------------
-
- For some systems, the OpenSSL Configure script knows what compiler options
- are needed to generate a library that is suitable for multi-threaded
- applications.  On these systems, support for multi-threading is enabled
- by default; use the "no-threads" option to disable (this should never be
- necessary).
-
- On other systems, to enable support for multi-threading, you will have
- to specify at least two options: "threads", and a system-dependent option.
- (The latter is "-D_REENTRANT" on various systems.)  The default in this
- case, obviously, is not to include support for multi-threading (but
- you can still use "no-threads" to suppress an annoying warning message
- from the Configure script.)
-
-
- Note on shared libraries
- ------------------------
-
- Shared libraries have certain caveats.  Binary backward compatibility
- can't be guaranteed before OpenSSL version 1.0.  The only reason to
- use them would be to conserve memory on systems where several programs
- are using OpenSSL.
-
- For some systems, the OpenSSL Configure script knows what is needed to
- build shared libraries for libcrypto and libssl.  On these systems,
- the shared libraries are currently not created by default, but giving
- the option "shared" will get them created.  This method supports Makefile
- targets for shared library creation, like linux-shared.  Those targets
- can currently be used on their own just as well, but this is expected
- to change in future versions of OpenSSL.
-
- Note on random number generation
- --------------------------------
-
- Availability of cryptographically secure random numbers is required for
- secret key generation. OpenSSL provides several options to seed the
- internal PRNG. If not properly seeded, the internal PRNG will refuse
- to deliver random bytes and a "PRNG not seeded error" will occur.
- On systems without /dev/urandom (or similar) device, it may be necessary
- to install additional support software to obtain random seed.
- Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
- and the FAQ for more information.
-
- Note on support for multiple builds
- -----------------------------------
-
- OpenSSL is usually built in its source tree.  Unfortunately, this doesn't
- support building for multiple platforms from the same source tree very well.
- It is however possible to build in a separate tree through the use of lots
- of symbolic links, which should be prepared like this:
-
-	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
-	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
-	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
-		mkdir -p `dirname $F`
-		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
-		echo $F '->' $OPENSSL_SOURCE/$F
-	done
-	make -f Makefile.in clean
-
- OPENSSL_SOURCE is an environment variable that contains the absolute (this
- is important!) path to the OpenSSL source tree.
-
- Also, operations like 'make update' should still be made in the source tree.
+# Installation of SSLeay.
+# It depends on perl for a few bits but those steps can be skipped and
+# the top level makefile edited by hand
+
+# When bringing the SSLeay distribution back from the evil intel world
+# of Windows NT, do the following to make it nice again under unix :-)
+# You don't normally need to run this.
+sh util/fixNT.sh	# This only works for NT now - eay - 21-Jun-1996
+
+# If you have perl, and it is not in /usr/local/bin, you can run
+perl util/perlpath.pl /new/path
+# and this will fix the paths in all the scripts.  DO NOT put
+# /new/path/perl, just /new/path. The build
+# environment always run scripts as 'perl perlscript.pl' but some of the
+# 'applications' are easier to usr with the path fixed.
+
+# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
+# to set the install locations if you don't like
+# the default location of /usr/local/ssl
+# Do this by running
+perl util/ssldir.pl /new/ssl/home
+# if you have perl, or by hand if not.
+
+# If things have been stuffed up with the sym links, run
+make -f Makefile.ssl links
+# This will re-populate lib/include with symlinks and for each
+# directory, link Makefile to Makefile.ssl
+
+# Setup the machine dependent stuff for the top level makefile
+# and some select .h files
+# If you don't have perl, this will bomb, in which case just edit the
+# top level Makefile.ssl
+./Configure 'system type'
+
+# The 'Configure' command contains default configuration parameters
+# for lots of machines.  Configure edits 5 lines in the top level Makefile
+# It modifies the following values in the following files
+Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
+crypto/des/des.h	DES_LONG
+crypto/des/des_locl.h	DES_PTR
+crypto/md2/md2.h	MD2_INT
+crypto/rc4/rc4.h	RC4_INT
+crypto/rc4/rc4_enc.c	RC4_INDEX
+crypto/rc2/rc2.h	RC2_INT
+crypto/bf/bf_locl.h	BF_INT
+crypto/idea/idea.h	IDEA_INT
+crypto/bn/bn.h		BN_LLONG (and defines one of SIXTY_FOUR_BIT,
+				  SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
+				  SIXTEEN_BIT or EIGHT_BIT)
+Please remember that all these files are actually copies of the file with
+a .org extention.  So if you change crypto/des/des.h, the next time
+you run Configure, it will be runover by a 'configured' version of
+crypto/des/des.org.  So to make the changer the default, change the .org
+files.  The reason these files have to be edited is because most of
+these modifications change the size of fundamental data types.
+While in theory this stuff is optional, it often makes a big
+difference in performance and when using assember, it is importaint
+for the 'Bignum bits' match those required by the assember code.
+A warning for people using gcc with sparc cpu's.  Gcc needs the -mv8
+flag to use the hardware multiply instruction which was not present in
+earlier versions of the sparc CPU.  I define it by default.  If you
+have an old sparc, and it crashes, try rebuilding with this flag
+removed.  I am leaving this flag on by default because it makes
+things run 4 times faster :-)
+
+# clean out all the old stuff
+make clean
+
+# Do a make depend only if you have the makedepend command installed
+# This is not needed but it does make things nice when developing.
+make depend
+
+# make should build everything
+make
+
+# fix up the demo certificate hash directory if it has been stuffed up.
+make rehash
+
+# test everything
+make test
+
+# install the lot
+make install
+
+# It is worth noting that all the applications are built into the one
+# program, ssleay, which is then has links from the other programs
+# names to it.
+# The applicatons can be built by themselves, just don't define the
+# 'MONOLITH' flag.  So to build the 'enc' program stand alone,
+gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
+
+# Other useful make options are
+make makefile.one
+# which generate a 'makefile.one' file which will build the complete
+# SSLeay distribution with temp. files in './tmp' and 'installable' files
+# in './out'
+
+# Have a look at running
+perl util/mk1mf.pl help
+# this can be used to generate a single makefile and is about the only
+# way to generate makefiles for windows.
+
+# There is actually a final way of building SSLeay.
+gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
+gcc -O2 -c -Issl -Iinclude ssl/ssl.c
+# and you now have the 2 libraries as single object files :-).
+# If you want to use the assember code for your particular platform
+# (DEC alpha/x86 are the main ones, the other assember is just the
+# output from gcc) you will need to link the assember with the above generated
+# object file and also do the above compile as
+gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
+
+This last option is probably the best way to go when porting to another
+platform or building shared libraries.  It is not good for development so
+I don't normally use it.
+
+To build shared libararies under unix, have a look in shlib, basically 
+you are on your own, but it is quite easy and all you have to do
+is compile 2 (or 3) files.
+
+For mult-threading, have a read of doc/threads.doc.  Again it is quite
+easy and normally only requires some extra callbacks to be defined
+by the application.
+The examples for solaris and windows NT/95 are in the mt directory.
+
+have fun
+
+eric 25-Jun-1997
+
+IRIX 5.x will build as a 32 bit system with mips1 assember.
+IRIX 6.x will build as a 64 bit system with mips3 assember.  It conforms
+to n32 standards. In theory you can compile the 64 bit assember under
+IRIX 5.x but you will have to have the correct system software installed.

INSTALL.DJGPP

@@ -1,47 +0,0 @@
-
- 
- INSTALLATION ON THE DOS PLATFORM WITH DJGPP
- -------------------------------------------
-
- OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
- environment for 16-bit DOS, but only with long filename support.
- If you wish to compile on native DOS with 8+3 filenames, you will
- have to tweak the installation yourself, including renaming files
- with illegal or duplicate names.
-
- You should have a full DJGPP environment installed, including the
- latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
- requires that PERL and BC also be installed.
-
- All of these can be obtained from the usual DJGPP mirror sites or
- directly at "http://www.delorie.com/pub/djgpp". For help on which
- files to download, see the DJGPP "ZIP PICKER" page at
- "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
- the WATT-32 networking package installed before you try to compile
- OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
- The Makefile assumes that the WATT-32 code is in the directory
- specified by the environment variable WATT_ROOT. If you have watt-32
- in directory "watt32" under your main DJGPP directory, specify
- WATT_ROOT="/dev/env/DJDIR/watt32".
-
- To compile OpenSSL, start your BASH shell, then configure for DJGPP by
- running "./Configure" with appropriate arguments:
-
-	./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
- 
- And finally fire up "make". You may run out of DPMI selectors when
- running in a DOS box under Windows. If so, just close the BASH
- shell, go back to Windows, and restart BASH. Then run "make" again.
-
- RUN-TIME CAVEAT LECTOR
- --------------
-
- Quoting FAQ:
-
-  "Cryptographic software needs a source of unpredictable data to work
-   correctly.  Many open source operating systems provide a "randomness
-   device" (/dev/urandom or /dev/random) that serves this purpose."
-
- As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
- party "randomness" DOS driver. One such driver, NOISE.SYS, can be
- obtained from "http://www.rahul.net/dkaufman/index.html".

INSTALL.NW

@@ -1,454 +0,0 @@
-
-INSTALLATION ON THE NETWARE PLATFORM
-------------------------------------
-
-Notes about building OpenSSL for NetWare.
-
-
-BUILD PLATFORM:
----------------
-The build scripts (batch files, perl scripts, etc) have been developed and
-tested on W2K.  The scripts should run fine on other Windows platforms
-(NT, Win9x, WinXP) but they have not been tested.  They may require some
-modifications.
-
-
-Supported NetWare Platforms - NetWare 5.x, NetWare 6.x:
--------------------------------------------------------
-OpenSSL can either use the WinSock interfaces introduced in NetWare 5,
-or the BSD socket interface.  Previous versions of NetWare, 4.x and 3.x,
-are only supported if OpenSSL is build for CLIB and BSD sockets;
-WinSock builds only support NetWare 5 and up.
-
-On NetWare there are two c-runtime libraries.  There is the legacy CLIB 
-interfaces and the newer LIBC interfaces.  Being ANSI-C libraries, the 
-functionality in CLIB and LIBC is similar but the LIBC interfaces are built 
-using Novell Kernal Services (NKS) which is designed to leverage 
-multi-processor environments.
-
-The NetWare port of OpenSSL can be configured to build using CLIB or LIBC.
-The CLIB build was developed and tested using NetWare 5.0 sp6.0a.  The LIBC 
-build was developed and tested using the NetWare 6.0 FCS.  
-
-The necessary LIBC functionality ships with NetWare 6.  However, earlier 
-NetWare 5.x versions will require updates in order to run the OpenSSL LIBC
-build (NetWare 5.1 SP8 is known to work).
-
-As of June 2005, the LIBC build can be configured to use BSD sockets instead
-of WinSock sockets. Call Configure (usually through netware\build.bat) using
-a target of "netware-libc-bsdsock" instead of "netware-libc".
-
-As of June 2007, support for CLIB and BSD sockets is also now available
-using a target of "netware-clib-bsdsock" instead of "netware-clib";
-also gcc builds are now supported on both Linux and Win32 (post 0.9.8e).
-
-REQUIRED TOOLS:
----------------
-Based upon the configuration and build options used, some or all of the
-following tools may be required:
-
-* Perl for Win32 - required (http://www.activestate.com/ActivePerl)
-   Used to run the various perl scripts on the build platform.
-
-* Perl 5.8.0 for NetWare v3.20 (or later) - required 
-   (http://developer.novell.com) Used to run the test script on NetWare 
-   after building.
-
-* Compiler / Linker - required:
-   Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare (commercial):
-      Provides command line tools used for building.
-      Tools:
-      mwccnlm.exe  - C/C++ Compiler for NetWare
-      mwldnlm.exe  - Linker for NetWare
-      mwasmnlm.exe - x86 assembler for NetWare (if using assembly option)
-
-   gcc / nlmconv Cross-Compiler, available from Novell Forge (free):
-         http://forge.novell.com/modules/xfmod/project/?aunixnw
-
-* Assemblers - optional:
-   If you intend to build using the assembly options you will need an
-   assembler.  Work has been completed to support two assemblers, Metrowerks
-   and NASM.  However, during development, a bug was found in the Metrowerks
-   assembler which generates incorrect code.  Until this problem is fixed,
-   the Metrowerks assembler cannot be used.
-
-   mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools.
-         (version 2.2 Built Aug 23, 1999 - not useable due to code
-          generation bug)
-
-   nasmw.exe - Netwide Assembler NASM
-         version 0.98 was used in development and testing
-
-* Make Tool - required:
-   In order to build you will need a make tool.  Two make tools are
-   supported, GNU make (gmake.exe) or Microsoft nmake.exe.
-
-   make.exe - GNU make for Windows (version 3.75 used for development)
-         http://gnuwin32.sourceforge.net/packages/make.htm
-
-   nmake.exe - Microsoft make (Version 6.00.8168.0 used for development)
-         http://support.microsoft.com/kb/132084/EN-US/
-
-* Novell Developer Kit (NDK) - required: (http://developer.novell.com)
-
-   CLIB - BUILDS:
-
-      WinSock2 Developer Components for NetWare:
-         For initial development, the October 27, 2000 version was used.
-         However, future versions should also work.
-
-         NOTE:  The WinSock2 components include headers & import files for
-         NetWare, but you will also need the winsock2.h and supporting
-         headers (pshpack4.h, poppack.h, qos.h) delivered in the
-         Microsoft SDK.  Note: The winsock2.h support headers may change
-         with various versions of winsock2.h.  Check the dependencies
-         section on the NDK WinSock2 download page for the latest
-         information on dependencies. These components are unsupported by
-         Novell. They are provided as a courtesy, but it is strongly
-         suggested that all development be done using LIBC, not CLIB.
-
-         As of June 2005, the WinSock2 components are available at:
-         http://forgeftp.novell.com//ws2comp/
-
-
-      NLM and NetWare libraries for C (including CLIB and XPlat):
-         If you are going to build a CLIB version of OpenSSL, you will
-         need the CLIB headers and imports.  The March, 2001 NDK release or 
-         later is recommended.
-
-         Earlier versions should work but haven't been tested.  In recent
-         versions the import files have been consolidated and function
-         names moved.  This means you may run into link problems
-         (undefined symbols) when using earlier versions.   The functions
-         are available in earlier versions, but you will have to modifiy
-         the make files to include additional import files (see
-         openssl\util\pl\netware.pl).
-
-
-   LIBC - BUILDS:
-   
-      Libraries for C (LIBC) - LIBC headers and import files
-         If you are going to build a LIBC version of OpenSSL, you will
-         need the LIBC headers and imports.  The March 14, 2002 NDK release or
-         later is required.  
-         
-         NOTE: The LIBC SDK includes the necessary WinSock2 support.
-         It is not necessary to download the WinSock2 NDK when building for
-         LIBC. The LIBC SDK also includes the appropriate BSD socket support
-         if configuring to use BSD sockets.
-
-
-BUILDING:
----------
-Before building, you will need to set a few environment variables.  You can
-set them manually or you can modify the "netware\set_env.bat" file.
-
-The set_env.bat file is a template you can use to set up the path
-and environment variables you will need to build.  Modify the
-various lines to point to YOUR tools and run set_env.bat.
-
-   netware\set_env.bat <target> [compiler]
-
-      target        - "netware-clib" - CLIB NetWare build
-                    - "netware-libc" - LIBC NetWare build
-
-      compiler      - "gnuc"         - GNU GCC Compiler
-                    - "codewarrior"  - MetroWerks CodeWarrior (default)
-
-If you don't use set_env.bat, you will need to set up the following
-environment variables:
-
-   PATH - Set PATH to point to the tools you will use.
-
-   INCLUDE - The location of the NDK include files.
-         
-            CLIB ex: set INCLUDE=c:\ndk\nwsdk\include\nlm
-            LIBC ex: set INCLUDE=c:\ndk\libc\include
-
-   PRELUDE - The absolute path of the prelude object to link with.  For
-            a CLIB build it is recommended you use the "clibpre.o" files shipped
-            with the Metrowerks PDK for NetWare.  For a LIBC build you should 
-            use the "libcpre.o" file delivered with the LIBC NDK components.
-
-            CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o
-            LIBC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
-
-   IMPORTS - The locaton of the NDK import files.
-
-            CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports
-            LIBC ex: set IMPORTS=c:\ndk\libc\imports
-
-
-In order to build, you need to run the Perl scripts to configure the build
-process and generate a make file.  There is a batch file,
-"netware\build.bat", to automate the process.
-
-Build.bat runs the build configuration scripts and generates a make file.
-If an assembly option is specified, it also runs the scripts to generate 
-the assembly code.  Always run build.bat from the "openssl" directory.
-
-   netware\build [target] [debug opts] [assembly opts] [configure opts]
-
-      target        - "netware-clib" - CLIB NetWare build (WinSock Sockets)
-                    - "netware-clib-bsdsock" - CLIB NetWare build (BSD Sockets)
-                    - "netware-libc" - LIBC NetWare build (WinSock Sockets)
-                    - "netware-libc-bsdsock" - LIBC NetWare build (BSD Sockets)
- 
-      debug opts    - "debug"  - build debug
-
-      assembly opts - "nw-mwasm" - use Metrowerks assembler
-                      "nw-nasm"  - use NASM assembler
-                      "no-asm"   - don't use assembly
-
-      configure opts- all unrecognized arguments are passed to the
-                      perl 'configure' script. See that script for
-                      internal documentation regarding options that
-                      are available.
-
-   examples:
-
-      CLIB build, debug, without assembly:
-         netware\build.bat netware-clib debug no-asm
-
-      LIBC build, non-debug, using NASM assembly, add mdc2 support:
-         netware\build.bat netware-libc nw-nasm enable-mdc2
-
-      LIBC build, BSD sockets, non-debug, without assembly:
-         netware\build.bat netware-libc-bsdsock no-asm
-
-Running build.bat generates a make file to be processed by your make 
-tool (gmake or nmake):
-
-   CLIB ex: gmake -f netware\nlm_clib_dbg.mak 
-   LIBC ex: gmake -f netware\nlm_libc.mak 
-   LIBC ex: gmake -f netware\nlm_libc_bsdsock.mak 
-
-
-You can also run the build scripts manually if you do not want to use the
-build.bat file.  Run the following scripts in the "\openssl"
-subdirectory (in the order listed below):
-
-   perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock]
-      configures no assembly build for specified netware environment
-      (CLIB or LIBC).
-
-   perl util\mkfiles.pl >MINFO
-      generates a listing of source files (used by mk1mf)
-
-   perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak
-      generates the makefile for NetWare
-
-   gmake -f netware\nlm.mak
-      build with the make tool (nmake.exe also works)
-
-NOTE:  If you are building using the assembly option, you must also run the
-various Perl scripts to generate the assembly files.  See build.bat
-for an example of running the various assembly scripts.  You must use the
-"no-asm" option to build without assembly.  The configure and mk1mf scripts
-also have various other options.  See the scripts for more information.
-
-
-The output from the build is placed in the following directories:
-
-   CLIB Debug build:
-      out_nw_clib.dbg     - static libs & test nlm(s)
-      tmp_nw_clib.dbg     - temporary build files
-      outinc_nw_clib      - necessary include files
-
-   CLIB Non-debug build:
-      out_nw_clib         - static libs & test nlm(s)
-      tmp_nw_clib         - temporary build files
-      outinc_nw_clib      - necesary include files
-
-   LIBC Debug build:
-      out_nw_libc.dbg     - static libs & test nlm(s)
-      tmp_nw_libc.dbg     - temporary build files
-      outinc_nw_libc      - necessary include files
-
-   LIBC Non-debug build:
-      out_nw_libc         - static libs & test nlm(s)
-      tmp_nw_libc         - temporary build files
-      outinc_nw_libc      - necesary include files
-
-
-TESTING:
---------
-The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib,
-rsaglue.lib ) and several test programs.  You should copy the test programs
-to your NetWare server and run the tests.
-
-The batch file "netware\cpy_tests.bat" will copy all the necessary files
-to your server for testing.  In order to run the batch file, you need a
-drive mapped to your target server.  It will create an "OpenSSL" directory
-on the drive and copy the test files to it.  CAUTION: If a directory with the
-name of "OpenSSL" already exists, it will be deleted.
-
-To run cpy_tests.bat:
-
-   netware\cpy_tests [output directory] [NetWare drive]
-
-      output directory - "out_nw_clib.dbg", "out_nw_libc", etc.
-      NetWare drive    - drive letter of mapped drive
-
-      CLIB ex: netware\cpy_tests out_nw_clib m:
-      LIBC ex: netware\cpy_tests out_nw_libc m:
-
-
-The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server
-should be used to execute the tests.  Before running the script, make sure
-your SEARCH PATH includes the "OpenSSL" directory.  For example, if you
-copied the files to the "sys:" volume you use the command:
-
-   SEARCH ADD SYS:\OPENSSL
-
-
-To run do_tests.pl type (at the console prompt):
-
-   perl \openssl\do_tests.pl [options]
-
-      options:
-         -p    - pause after executing each test
-
-The do_tests.pl script generates a log file "\openssl\test_out\tests.log"
-which should be reviewed for errors.  Any errors will be denoted by the word
-"ERROR" in the log.
-
-DEVELOPING WITH THE OPENSSL SDK:
---------------------------------
-Now that everything is built and tested, you are ready to use the OpenSSL
-libraries in your development.
-
-There is no real installation procedure, just copy the static libs and
-headers to your build location.  The libs (crypto.lib & ssl.lib) are
-located in the appropriate "out_nw_XXXX" directory 
-(out_nw_clib, out_nw_libc, etc).  
-
-The headers are located in the appropriate "outinc_nw_XXX" directory 
-(outinc_nw_clib, outinc_nw_libc).  
-
-One suggestion is to create the following directory 
-structure for the OpenSSL SDK:
-
-   \openssl
-      |- bin
-      |   |- openssl.nlm
-      |   |- (other tests you want)
-      |
-      |- lib
-      |   | - crypto.lib
-      |   | - ssl.lib
-      |
-      |- include
-      |   | - openssl
-      |   |    | - (all the headers in "outinc_nw\openssl")
-
-
-The program "openssl.nlm" can be very useful.  It has dozens of
-options and you may want to keep it handy for debugging, testing, etc.
-
-When building your apps using OpenSSL, define "NETWARE".  It is needed by
-some of the OpenSSL headers.  One way to do this is with a compile option,
-for example "-DNETWARE".
-
-
-
-NOTES:
-------
-
-Resource leaks in Tests
-------------------------
-Some OpenSSL tests do not clean up resources and NetWare reports
-the resource leaks when the tests unload.  If this really bugs you,
-you can stop the messages by setting the developer option off at the console
-prompt (set developer option = off).  Or better yet, fix the tests to
-clean up the resources!
-
-
-Multi-threaded Development
----------------------------
-The NetWare version of OpenSSL is thread-safe, however multi-threaded
-applications must provide the necessary locking function callbacks.  This
-is described in doc\threads.doc.  The file "openssl-x.x.x\crypto\threads\mttest.c"
-is a multi-threaded test program and demonstrates the locking functions.
-
-
-What is openssl2.nlm?
----------------------
-The openssl program has numerous options and can be used for many different
-things.  Many of the options operate in an interactive mode requiring the
-user to enter data.  Because of this, a default screen is created for the
-program.  However, when running the test script it is not desirable to
-have a separate screen.  Therefore, the build also creates openssl2.nlm.
-Openssl2.nlm is functionally identical but uses the console screen.
-Openssl2 can be used when a non-interactive mode is desired.
-
-NOTE:  There are may other possibilities (command line options, etc)
-which could have been used to address the screen issue.  The openssl2.nlm
-option was chosen because it impacted only the build not the code.
-
-
-Why only static libraries?
---------------------------
-Globals, globals, and more globals.  The OpenSSL code uses many global
-variables that are allocated and initialized when used for the first time.
-
-On NetWare, most applications (at least historically) run in the kernel.
-When running in the kernel, there is one instance of global variables.
-For regular application type NLM(s) this isn't a problem because they are
-the only ones using the globals.  However, for a library NLM (an NLM which
-exposes functions and has no threads of execution), the globals cause
-problems.  Applications could inadvertently step on each other if they
-change some globals.  Even worse, the first application that triggers a
-global to be allocated and initialized has the allocated memory charged to
-itself.  Now when that application unloads, NetWare will clean up all the
-applicaton's memory.  The global pointer variables inside OpenSSL now
-point to freed memory.  An abend waiting to happen!
-
-To work correctly in the kernel, library NLM(s) that use globals need to
-provide a set of globals (instance data) for each application.  Another
-option is to require the library only be loaded in a protected address
-space along with the application using it.
-
-Modifying the OpenSSL code to provide a set of globals (instance data) for
-each application isn't technically difficult, but due to the large number
-globals it would require substantial code changes and it wasn't done.  Hence,
-the build currently only builds static libraries which are then linked
-into each application.
-
-NOTE:  If you are building a library NLM that uses the OpenSSL static
-libraries, you will still have to deal with the global variable issue.
-This is because when you link in the OpenSSL code you bring in all the
-globals.  One possible solution for the global pointer variables is to
-register memory functions with OpenSSL which allocate memory and charge it
-to your library NLM (see the function CRYPTO_set_mem_functions).  However,
-be aware that now all memory allocated by OpenSSL is charged to your NLM.
-
-
-CodeWarrior Tools and W2K
----------------------------
-There have been problems reported with the CodeWarrior Linker
-(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000.  The
-problems cause the link step to fail.  The only work around is to obtain an
-updated linker from Metrowerks.  It is expected Metrowerks will release
-PDK 3.0 (in beta testing at this time - May, 2001) in the near future which
-will fix these problems.
-
-
-Makefile "vclean"
-------------------
-The generated makefile has a "vclean" target which cleans up the build
-directories.  If you have been building successfully and suddenly
-experience problems, use "vclean" (gmake -f netware\nlm_xxxx.mak vclean) and retry.
-
-
-"Undefined Symbol" Linker errors
---------------------------------
-There have been linker errors reported when doing a CLIB build.  The problems
-occur because some versions of the CLIB SDK import files inadvertently 
-left out some symbols.  One symbol in particular is "_lrotl".  The missing
-functions are actually delivered in the binaries, but they were left out of
-the import files.  The issues should be fixed in the September 2001 release 
-of the NDK.  If you experience the problems you can temporarily
-work around it by manually adding the missing symbols to your version of 
-"clib.imp".
-

INSTALL.OS2

@@ -1,31 +0,0 @@
- 
- Installation on OS/2
- --------------------
-
- You need to have the following tools installed:
-
-  * EMX GCC
-  * PERL
-  * GNU make
-
-
- To build the makefile, run
-
- > os2\os2-emx
-
- This will configure OpenSSL and create OS2-EMX.mak which you then use to 
- build the OpenSSL libraries & programs by running
-
- > make -f os2-emx.mak
-
- If that finishes successfully you will find the libraries and programs in the
- "out" directory.
-
- Alternatively, you can make a dynamic build that puts the library code into
- crypto.dll and ssl.dll by running
-
- > make -f os2-emx-dll.mak
-
- This will build the above mentioned dlls and a matching pair of import
- libraries in the "out_dll" directory along with the set of test programs
- and the openssl application.

INSTALL.VMS

@@ -1,302 +0,0 @@
-			VMS Installation instructions
-			written by Richard Levitte
-			<richard@levitte.org>
-
-
-Intro:
-======
-
-This file is divided in the following parts:
-
-  Requirements			- Mandatory reading.
-  Checking the distribution	- Mandatory reading.
-  Compilation			- Mandatory reading.
-  Logical names			- Mandatory reading.
-  Test				- Mandatory reading.
-  Installation			- Mandatory reading.
-  Backward portability		- Read if it's an issue.
-  Possible bugs or quirks	- A few warnings on things that
-				  may go wrong or may surprise you.
-  TODO				- Things that are to come.
-
-
-Requirements:
-=============
-
-To build and install OpenSSL, you will need:
-
- * Perl 5 with core modules.  If you don't want to build it yourself,
-   we suggest you look here: http://sourceforge.net/projects/vmsperlkit/files/
- * DEC C or some other ANSI C compiler.  VAX C is *not* supported.
-   [Note: OpenSSL has only been tested with DEC C.  Compiling with 
-    a different ANSI C compiler may require some work]
-
-Checking the distribution:
-==========================
-
-There have been reports of places where the distribution didn't quite get
-through, for example if you've copied the tree from a NFS-mounted Unix
-mount point.
-
-The easiest way to check if everything got through as it should is to check
-for one of the following files:
-
-	[.CRYPTO]OPENSSLCONF.H_IN
-	[.CRYPTO]OPENSSLCONF_H.IN
-
-They should never exist both at once, but one of them should (preferably
-the first variant).  If you can't find any of those two, something went
-wrong.
-
-The best way to get a correct distribution is to download the gzipped tar
-file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
-use VMSTAR to unpack the resulting tar file.
-
-GUNZIP is available in many places on the net.  One of the distribution
-points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
-
-VMSTAR is also available in many places on the net.  The recommended place
-to find information about it is http://www.free.lp.se/vmstar/ .
-
-
-Compilation:
-============
-
-I've used the very good command procedures written by Robert Byer
-<byer@mail.all-net.net>, and just slightly modified them, making
-them slightly more general and easier to maintain.
-
-You can actually compile in almost any directory separately.  Look
-for a command procedure name xxx-LIB.COM (in the library directories)
-or MAKExxx.COM (in the program directories) and read the comments at
-the top to understand how to use them.  However, if you want to
-compile all you can get, the simplest is to use MAKEVMS.COM in the top
-directory.  The syntax is the following:
-
-  @MAKEVMS <option> <bits> <debug-p> [<compiler>]
-
-<option> must be one of the following:
-
-      ALL       Just build "everything".
-      CONFIG    Just build the "[.CRYPTO]OPENSSLCONF.H" file.
-      BUILDINF  Just build the "[.INCLUDE]BUILDINF.H" file.
-      SOFTLINKS Just copies some files, to simulate Unix soft links.
-      BUILDALL  Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
-      RSAREF    Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
-      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
-      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
-      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
-      APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
-
-<bits> must be one of the following:
-
-      ""        compile using default pointer size
-      32        compile using 32 bit pointer size
-      64        compile using 64 bit pointer size
-
-<debug-p> must be one of the following:
-
-      DEBUG     compile with debugging info (will not optimize)
-      NODEBUG   compile without debugging info (will optimize)
-
-<compiler> must be one of the following:
-
-      DECC      For DEC C.
-      GNUC      For GNU C.
-
-
-You will find the crypto library in [.xxx.EXE.CRYPTO] (where xxx is VAX,
-ALPHA or IA64), called SSL_LIBCRYPTO32.OLB or SSL_LIBCRYPTO.OLB depending
-on how it was built.  You will find the SSL library in [.xxx.EXE.SSL],
-named SSL_LIBSSL32.OLB or SSL_LIBSSL.OLB, and you will find a bunch of
-useful programs in [.xxx.EXE.APPS].  However, these shouldn't be used
-right off unless it's just to test them.  For production use, make sure
-you install first, see Installation below.
-
-Note 1: Some programs in this package require a TCP/IP library.
-
-Note 2: if you want to compile the crypto library only, please make sure
-        you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
-        a @MAKEVMS SOFTLINKS.  A lot of things will break if you don't.
-
-
-Logical names:
-==============
-
-There are a few things that can't currently be given through the command
-line.  Instead, logical names are used.
-
-Currently, the logical names supported are:
-
-      OPENSSL_NO_ASM    with value YES, the assembler parts of OpenSSL will
-                        not be used.  Instead, plain C implementations are
-                        used.  This is good to try if something doesn't work.
-      OPENSSL_NO_'alg'  with value YES, the corresponding crypto algorithm,
-                        protocol or other routine will not be implemented if
-                        disabling it is supported.  Supported algorithms to
-                        do this with are: AES, BF, CAMELLIA, CAST, CMS, COMP,
-                        DES, DGRAM, DH, DSA, EC, EC2M, ECDH, ECDSA, ENGINE,
-                        ERR, GOST, HEARTBEATS, HMAC, IDEA, MD2, MD4,
-                        MD5, OCB, OCSP, PSK, RC2, RC4, RC5, RMD160, RSA, SCTP,
-                        SEED, SOCK, SRP, SRTP, WHIRLPOOL.  So, for
-                        example, having the logical name OPENSSL_NO_RSA with
-                        the value YES means that the LIBCRYPTO.OLB library
-                        will not contain an RSA implementation.
-      OPENSSL_EXPERIMENTAL_'alg'
-                        with value YES, the corresponding experimental
-                        algorithm is enabled.  Note that is also requires
-                        the application using this to define the C macro
-                        OPENSSL_EXPERIMENTAL_'alg'.  Supported algorithms
-                        to do this with are: JPAKE, STORE.
-
-Test:
-=====
-
-Testing is very simple, just do the following:
-
-  @[.TEST]TESTS
-
-If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
-it's an ugly hack!) and rebuild. Please send a bug report to
-<openssl-bugs@openssl.org>, including the output of "openssl version -a"
-and of the failed test.
-
-
-Installation:
-=============
-
-Installation is easy, just do the following:
-
-  @INSTALL <root> <bits>
-
-<root> is the directory in which everything will be installed,
-subdirectories, libraries, header files, programs and startup command
-procedures.
-
-<bits> works the same way as for MAKEVMS.COM
-
-N.B.: INSTALL.COM builds a new directory structure, different from
-the directory tree where you have now build OpenSSL.
-
-In the [.VMS] subdirectory of the installation, you will find the
-following command procedures:
-
-  OPENSSL_STARTUP.COM
-
-        defines all needed logical names.  Takes one argument that
-        tells it in what logical name table to insert the logical
-        names.  If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
-        call should look like this: 
-
-          @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
-
-  OPENSSL_UTILS.COM
-
-        sets up the symbols to the applications.  Should be called
-        from for example SYS$MANAGER:SYLOGIN.COM 
-
-  OPENSSL_UNDO.COM
-
-	deassigns the logical names created with OPENSSL_STARTUP.COM.
-
-The logical names that are set up are the following:
-
-  SSLROOT       a dotted concealed logical name pointing at the
-                root directory.
-
-  SSLCERTS      Initially an empty directory, this is the default
-		location for certificate files.
-  SSLPRIVATE	Initially an empty directory, this is the default
-		location for private key files.
-
-  SSLEXE        Contains the openssl binary and a few other utility
-		programs.
-  SSLINCLUDE    Contains the header files needed if you want to
-		compile programs with libcrypto or libssl.
-  SSLLIB        Contains the OpenSSL library files themselves:
-  		- SSL_LIBCRYPTO32.OLB and SSL_LIBSSL32.OLB or
-		- SSL_LIBCRYPTO.OLB and SSL_LIBSSL.OLB
-
-  OPENSSL	Same as SSLINCLUDE.  This is because the standard
-		way to include OpenSSL header files from version
-		0.9.3 and on is:
-
-			#include <openssl/header.h>
-
-		For more info on this issue, see the INSTALL. file
-		(the NOTE in section 4 of "Installation in Detail").
-		You don't need to "deleting old header files"!!!
-
-
-Backward portability:
-=====================
-
-One great problem when you build a library is making sure it will work
-on as many versions of VMS as possible.  Especially, code compiled on
-OpenVMS version 7.x and above tend to be unusable in version 6.x or
-lower, because some C library routines have changed names internally
-(the C programmer won't usually see it, because the old name is
-maintained through C macros).  One obvious solution is to make sure
-you have a development machine with an old enough version of OpenVMS.
-However, if you are stuck with a bunch of Alphas running OpenVMS version
-7.1, you seem to be out of luck.  Fortunately, the DEC C header files
-are cluttered with conditionals that make some declarations and definitions
-dependent on the OpenVMS version or the C library version, *and* you
-can use those macros to simulate older OpenVMS or C library versions,
-by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
-correct values.  In the compilation scripts, I've provided the possibility
-for the user to influence the creation of such macros, through a bunch of
-symbols, all having names starting with USER_.  Here's the list of them:
-
-  USER_CCFLAGS		 - Used to give additional qualifiers to the
-			   compiler.  It can't be used to define macros
-			   since the scripts will do such things as well.
-			   To do such things, use USER_CCDEFS.
-  USER_CCDEFS		 - Used to define macros on the command line.  The
-			   value of this symbol will be inserted inside a
-			   /DEFINE=(...).
-  USER_CCDISABLEWARNINGS - Used to disable some warnings.  The value is
-			   inserted inside a /DISABLE=WARNING=(...).
-
-So, to maintain backward compatibility with older VMS versions, do the
-following before you start compiling:
-
-  $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
-  $ USER_CCDISABLEWARNINGS := PREOPTW
-
-The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
-that those macros have been changed.
-
-Note: Currently, this is only useful for library compilation.  The
-      programs will still be linked with the current version of the
-      C library shareable image, and will thus complain if they are
-      faced with an older version of the same C library shareable image.
-      This will probably be fixed in a future revision of OpenSSL.
-
-
-Possible bugs or quirks:
-========================
-
-I'm not perfectly sure all the programs will use the SSLCERTS:
-directory by default, it may very well be that you have to give them
-extra arguments.  Please experiment.
-
-
-TODO:
-=====
-
-There are a few things that need to be worked out in the VMS version of
-OpenSSL, still:
-
-- Description files. ("Makefile's" :-))
-- Script code to link an already compiled build tree.
-- A VMSINSTALlable version (way in the future, unless someone else hacks).
-- shareable images (DLL for you Windows folks).
-
-There may be other things that I have missed and that may be desirable.
-Please send mail to <openssl-users@openssl.org> or to me directly if you
-have any ideas.
-
---
-Richard Levitte <richard@levitte.org>
-2000-02-27, 2011-03-18

INSTALL.W32

@@ -1,325 +0,0 @@
- 
- INSTALLATION ON THE WIN32 PLATFORM
- ----------------------------------
-
- [Instructions for building for Windows CE can be found in INSTALL.WCE]
- [Instructions for building for Win64 can be found in INSTALL.W64]
-
- Here are a few comments about building OpenSSL for Win32 environments,
- such as Windows NT and Windows 9x. It should be noted though that
- Windows 9x are not ordinarily tested. Its mention merely means that we
- attempt to maintain certain programming discipline and pay attention
- to backward compatibility issues, in other words it's kind of expected
- to work on Windows 9x, but no regression tests are actually performed.
-
- On additional note newer OpenSSL versions are compiled and linked with
- Winsock 2. This means that minimum OS requirement was elevated to NT 4
- and Windows 98 [there is Winsock 2 update for Windows 95 though].
-
- - you need Perl for Win32.  Unless you will build on Cygwin, you will need
-   ActiveState Perl, available from http://www.activestate.com/ActivePerl.
-
- - one of the following C compilers:
-
-  * Visual C++
-  * Borland C
-  * GNU C (Cygwin or MinGW)
-
-- Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/
-  is required if you intend to utilize assembler modules. Note that NASM
-  is now the only supported assembler.
-
- If you are compiling from a tarball or a Git snapshot then the Win32 files
- may well be not up to date. This may mean that some "tweaking" is required to
- get it all to work. See the trouble shooting section later on for if (when?)
- it goes wrong.
-
- Visual C++
- ----------
-
- If you want to compile in the assembly language routines with Visual
- C++, then you will need already mentioned Netwide Assembler binary,
- nasmw.exe or nasm.exe, to be available on your %PATH%.
-
- Firstly you should run Configure with platform VC-WIN32:
-
- > perl Configure VC-WIN32 --prefix=c:\some\openssl\dir
-
- Where the prefix argument specifies where OpenSSL will be installed to.
-
- Next you need to build the Makefiles and optionally the assembly
- language files:
-
- - If you are using NASM then run:
-
-   > ms\do_nasm
-
- - If you don't want to use the assembly language files at all then run:
-
-   > perl Configure VC-WIN32 no-asm --prefix=c:/some/openssl/dir
-   > ms\do_ms
-
- If you get errors about things not having numbers assigned then check the
- troubleshooting section: you probably won't be able to compile it as it
- stands.
-
- Then from the VC++ environment at a prompt do:
-
- > nmake -f ms\ntdll.mak
-
- If all is well it should compile and you will have some DLLs and
- executables in out32dll. If you want to try the tests then do:
- 
- > nmake -f ms\ntdll.mak test
-
-
- To install OpenSSL to the specified location do:
-
- > nmake -f ms\ntdll.mak install
-
- Tweaks:
-
- There are various changes you can make to the Win32 compile
- environment. By default the library is not compiled with debugging
- symbols. If you use the platform debug-VC-WIN32 instead of VC-WIN32
- then debugging symbols will be compiled in.
-
- By default in 1.0.0 OpenSSL will compile builtin ENGINES into the
- separate shared librariesy. If you specify the "enable-static-engine"
- option on the command line to Configure the shared library build
- (ms\ntdll.mak) will compile the engines into libeay32.dll instead.
-
- The default Win32 environment is to leave out any Windows NT specific
- features.
-
- If you want to enable the NT specific features of OpenSSL (currently
- only the logging BIO) follow the instructions above but call the batch
- file do_nt.bat instead of do_ms.bat.
-
- You can also build a static version of the library using the Makefile
- ms\nt.mak
-
-
- Borland C++ builder 5
- ---------------------
-
- * Configure for building with Borland Builder:
-   > perl Configure BC-32
-
- * Create the appropriate makefile
-   > ms\do_nasm
-
- * Build
-   > make -f ms\bcb.mak
-
- Borland C++ builder 3 and 4
- ---------------------------
-
- * Setup PATH. First must be GNU make then bcb4/bin 
-
- * Run ms\bcb4.bat
-
- * Run make:
-   > make -f bcb.mak
-
- GNU C (Cygwin)
- --------------
-
- Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of
- Win32 subsystem and provides a bash shell and GNU tools environment.
- Consequently, a make of OpenSSL with Cygwin is virtually identical to
- Unix procedure. It is also possible to create Win32 binaries that only
- use the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
- MinGW. MinGW can be used in the Cygwin development environment or in a
- standalone setup as described in the following section.
-
- To build OpenSSL using Cygwin:
-
- * Install Cygwin (see http://cygwin.com/)
-
- * Install Perl and ensure it is in the path. Both Cygwin perl
-   (5.6.1-2 or newer) and ActivePerl work.
-
- * Run the Cygwin bash shell
-
- * $ tar zxvf openssl-x.x.x.tar.gz
-   $ cd openssl-x.x.x
-
-   To build the Cygwin version of OpenSSL:
-
-   $ ./config
-   [...]
-   $ make
-   [...]
-   $ make test
-   $ make install
-
-   This will create a default install in /usr/local/ssl.
-
-   To build the MinGW version (native Windows) in Cygwin:
-
-   $ ./Configure mingw
-   [...]
-   $ make
-   [...]
-   $ make test
-   $ make install
-
- Cygwin Notes:
-
- "make test" and normal file operations may fail in directories
- mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
- stripping of carriage returns. To avoid this ensure that a binary
- mount is used, e.g. mount -b c:\somewhere /home.
-
- "bc" is not provided in older Cygwin distribution.  This causes a
- non-fatal error in "make test" but is otherwise harmless.  If
- desired and needed, GNU bc can be built with Cygwin without change.
-
- GNU C (MinGW/MSYS)
- -------------
-
- * Compiler and shell environment installation:
-
-   MinGW and MSYS are available from http://www.mingw.org/, both are
-   required. Run the installers and do whatever magic they say it takes
-   to start MSYS bash shell with GNU tools on its PATH.
-
-   N.B. Since source tar-ball can contain symbolic links, it's essential
-   that you use accompanying MSYS tar to unpack the source. It will
-   either handle them in one way or another or fail to extract them,
-   which does the trick too. Latter means that you may safely ignore all
-   "cannot create symlink" messages, as they will be "re-created" at
-   configure stage by copying corresponding files. Alternative programs
-   were observed to create empty files instead, which results in build
-   failure.
-
- * Compile OpenSSL:
-
-   $ ./config
-   [...]
-   $ make
-   [...]
-   $ make test
-
-   This will create the library and binaries in root source directory
-   and openssl.exe application in apps directory.
-
-   It is also possible to cross-compile it on Linux by configuring
-   with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
-   'make test' is naturally not applicable then.
-
-   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
-   link with libeay32.a and libssl32.a instead.
-
-   See troubleshooting if you get error messages about functions not
-   having a number assigned.
-
- Installation
- ------------
-
- If you used the Cygwin procedure above, you have already installed and
- can skip this section.  For all other procedures, there's currently no real
- installation procedure for Win32.  There are, however, some suggestions:
-
-    - do nothing.  The include files are found in the inc32/ subdirectory,
-      all binaries are found in out32dll/ or out32/ depending if you built
-      dynamic or static libraries.
-
-    - do as is written in INSTALL.Win32 that comes with modssl:
-
-	$ md c:\openssl 
-	$ md c:\openssl\bin
-	$ md c:\openssl\lib
-	$ md c:\openssl\include
-	$ md c:\openssl\include\openssl
-	$ copy /b inc32\openssl\*       c:\openssl\include\openssl
-	$ copy /b out32dll\ssleay32.lib c:\openssl\lib
-	$ copy /b out32dll\libeay32.lib c:\openssl\lib
-	$ copy /b out32dll\ssleay32.dll c:\openssl\bin
-	$ copy /b out32dll\libeay32.dll c:\openssl\bin
-	$ copy /b out32dll\openssl.exe  c:\openssl\bin
-
-      Of course, you can choose another device than c:.  C: is used here
-      because that's usually the first (and often only) harddisk device.
-      Note: in the modssl INSTALL.Win32, p: is used rather than c:.
-
-
- Troubleshooting
- ---------------
-
- Since the Win32 build is only occasionally tested it may not always compile
- cleanly.  If you get an error about functions not having numbers assigned
- when you run ms\do_ms then this means the Win32 ordinal files are not up to
- date. You can do:
-
- > perl util\mkdef.pl crypto ssl update
-
- then ms\do_XXX should not give a warning any more. However the numbers that
- get assigned by this technique may not match those that eventually get
- assigned in the Git tree: so anything linked against this version of the
- library may need to be recompiled.
-
- If you get errors about unresolved symbols there are several possible
- causes.
-
- If this happens when the DLL is being linked and you have disabled some
- ciphers then it is possible the DEF file generator hasn't removed all
- the disabled symbols: the easiest solution is to edit the DEF files manually
- to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
-
- Another cause is if you missed or ignored the errors about missing numbers
- mentioned above.
-
- If you get warnings in the code then the compilation will halt.
-
- The default Makefile for Win32 halts whenever any warnings occur. Since VC++
- has its own ideas about warnings which don't always match up to other
- environments this can happen. The best fix is to edit the file with the
- warning in and fix it. Alternatively you can turn off the halt on warnings by
- editing the CFLAG line in the Makefile and deleting the /WX option.
-
- You might get compilation errors. Again you will have to fix these or report
- them.
-
- One final comment about compiling applications linked to the OpenSSL library.
- If you don't use the multithreaded DLL runtime library (/MD option) your
- program will almost certainly crash because malloc gets confused -- the
- OpenSSL DLLs are statically linked to one version, the application must
- not use a different one.  You might be able to work around such problems
- by adding CRYPTO_malloc_init() to your program before any calls to the
- OpenSSL libraries: This tells the OpenSSL libraries to use the same
- malloc(), free() and realloc() as the application.  However there are many
- standard library functions used by OpenSSL that call malloc() internally
- (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
- rely on CRYPTO_malloc_init() solving your problem, and you should
- consistently use the multithreaded library.
-
- Linking your application
- ------------------------
-
- If you link with static OpenSSL libraries [those built with ms/nt.mak],
- then you're expected to additionally link your application with
- WS2_32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
- non-interactive service applications might feel concerned about linking
- with the latter two, as they are justly associated with interactive
- desktop, which is not available to service processes. The toolkit is
- designed to detect in which context it's currently executed, GUI,
- console app or service, and act accordingly, namely whether or not to
- actually make GUI calls. Additionally those who wish to
- /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and actually keep them
- off service process should consider implementing and exporting from
- .exe image in question own _OPENSSL_isservice not relying on USER32.DLL.
- E.g., on Windows Vista and later you could:
-
-	__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
-	{   DWORD sess;
-	    if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
-	        return sess==0;
-	    return FALSE;
-	}
-
- If you link with OpenSSL .DLLs, then you're expected to include into
- your application code small "shim" snippet, which provides glue between
- OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink
- reference page for further details.

INSTALL.W64

@@ -1,66 +0,0 @@
-
- INSTALLATION ON THE WIN64 PLATFORM
- ----------------------------------
-
- Caveat lector
- -------------
-
- As of moment of this writing Win64 support is classified "initial"
- for the following reasons.
-
- - No assembler modules are engaged upon initial 0.9.8 release.
- - API might change within 0.9.8 life-span, *but* in a manner which
-   doesn't break backward binary compatibility. Or in other words,
-   application programs compiled with initial 0.9.8 headers will
-   be expected to work with future minor release .DLL without need
-   to re-compile, even if future minor release features modified API.
- - Above mentioned API modifications have everything to do with
-   elimination of a number of limitations, which are normally
-   considered inherent to 32-bit platforms. Which in turn is why they
-   are treated as limitations on 64-bit platform such as Win64:-)
-   The current list comprises [but not necessarily limited to]:
-
-   - null-terminated strings may not be longer than 2G-1 bytes,
-     longer strings are treated as zero-length;
-   - dynamically and *internally* allocated chunks can't be larger
-     than 2G-1 bytes;
-   - inability to encrypt/decrypt chunks of data larger than 4GB
-     [it's possibly to *hash* chunks of arbitrary size through];
-
-   Neither of these is actually big deal and hardly encountered
-   in real-life applications.
-
- Compiling procedure
- -------------------
-
- You will need Perl. You can run under Cygwin or you can download
- ActiveState Perl from http://www.activestate.com/ActivePerl.
-
- You will need Microsoft Platform SDK, available for download at
- http://www.microsoft.com/msdownload/platformsdk/sdkupdate/. As per
- April 2005 Platform SDK is equipped with Win64 compilers, as well
- as assemblers, but it might change in the future.
-
- To build for Win64/x64:
-
- > perl Configure VC-WIN64A
- > ms\do_win64a
- > nmake -f ms\ntdll.mak
- > cd out32dll
- > ..\ms\test
-
- To build for Win64/IA64:
-
- > perl Configure VC-WIN64I
- > ms\do_win64i
- > nmake -f ms\ntdll.mak
- > cd out32dll
- > ..\ms\test
-
- Naturally test-suite itself has to be executed on the target platform.
-
- Installation
- ------------
-
- TBD, for now see INSTALL.W32.
-

INSTALL.WCE

@@ -1,95 +0,0 @@
- 
- INSTALLATION FOR THE WINDOWS CE PLATFORM
- ----------------------------------------
-
- Building OpenSSL for Windows CE requires the following external tools:
-
-  * Microsoft eMbedded Visual C++ 3.0 or later
-  * Appropriate SDK might be required
-  * Perl for Win32 [commonly recommended ActiveState Perl is available
-    from http://www.activestate.com/Products/ActivePerl/]
-
-  * wcecompat compatibility library available at
-    http://www.essemer.com.au/windowsce/
-  * Optionally ceutils for running automated tests (same location)
-
-  _or_
-
-  * PocketConsole driver and PortSDK available at
-    http://www.symbolictools.de/public/pocketconsole/
-  * CMD command interpreter (same location)
-
- As Windows CE support in OpenSSL relies on 3rd party compatibility
- library, it's appropriate to check corresponding URL for updates. For
- example if you choose wcecompat, note that as for the moment of this
- writing version 1.2 is available and actually required for WCE 4.2
- and newer platforms. All wcecompat issues should be directed to
- www.essemer.com.au.
-
- Why compatibility library at all? The C Runtime Library implementation
- for Windows CE that is included with Microsoft eMbedded Visual C++ is
- incomplete and in some places incorrect.  Compatibility library plugs
- the holes and tries to bring the Windows CE CRT to [more] usable level.
- Most gaping hole in CRT is support for stdin/stdout/stderr IO, which
- proposed compatibility libraries solve in two different ways: wcecompat
- redirects IO to active sync link, while PortSDK - to NT-like console
- driver on the handheld itself.
-
- Building
- --------
-
- Setup the eMbedded Visual C++ environment.  There are batch files for doing
- this installed with eVC++.  For an ARM processor, for example, execute:
-
- > "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT"
-
- Next pick compatibility library according to your preferences.
-
- 1. To choose wcecompat set up WCECOMPAT environment variable pointing
-    at the location of wcecompat tree "root":
-
-    > set WCECOMPAT=C:\wcecompat
-    > set PORTSDK_LIBPATH=
-
- 2. To choose PortSDK set up PORTSDK_LIBPATH to point at hardware-
-    specific location where your portlib.lib is installed:
-
-    > set PORTSDK_LIBPATH=C:\PortSDK\lib\ARM
-    > set WCECOMPAT=
-
- Note that you may not set both variables.
-
- Next you should run Configure:
-
- > perl Configure VC-CE
-
- Next you need to build the Makefiles:
-
- > ms\do_ms
-
- If you get errors about things not having numbers assigned then check the
- troubleshooting section in INSTALL.W32: you probably won't be able to compile
- it as it stands.
-
- Then from the VC++ environment at a prompt do:
-
-   > nmake -f ms\cedll.mak
-
- [note that static builds are not supported under CE]
-
- If all is well it should compile and you will have some DLLs and executables
- in out32dll*. 
-
- <<< everyting below needs revision in respect to wcecompat vs. PortSDK >>>
-
- If you want
- to try the tests then make sure the ceutils are in the path and do:
- 
- > cd out32
- > ..\ms\testce
-
- This will copy each of the test programs to the Windows CE device and execute
- them, displaying the output of the tests on this computer.  The output should
- look similar to the output produced by running the tests for a regular Windows
- build.
-

LICENSE

@@ -1,127 +0,0 @@
-
-  LICENSE ISSUES
-  ==============
-
-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
-  the OpenSSL License and the original SSLeay license apply to the toolkit.
-  See below for the actual license texts. Actually both licenses are BSD-style
-  Open Source licenses. In case of any license issues related to OpenSSL
-  please contact openssl-core@openssl.org.
-
-  OpenSSL License
-  ---------------
-
-/* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
- Original SSLeay License
- -----------------------
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-

MICROSOFT

@@ -0,0 +1,146 @@
+The Microsoft World.
+
+The good news, to build SSLeay for the Microsft World
+
+Windows 3.1 DLL's
+perl Configure VC-WIN16
+nmake -f ms\w31dll.mak
+
+Windows NT/95 DLL's
+perl Configure VC-WIN32
+nmake -f ms\ntdll.mak
+
+Now the bad news
+All builds were done using Microsofts Visual C++ 1.52c and [45].x.
+If you are a borland person, you are probably going to have to help me
+finish the stuff in util/pl/BC*pl
+
+All builds were made under Windows NT - this means long filenames, so
+you may have problems under Windows 3.1 but probably not under 95.
+
+Because file pointers don't work in DLL's under Windows 3.1 (well at
+least stdin/stdout don't and I don't like having to differentiate
+between these and other file pointers), I now use the BIO file-pointer
+module, which needs to be linked into your application.  You can either
+use the memory buffer BIO for IO, or compile bss_file.c into your
+application, it is in the apps directory and is just a copy of
+crypto/buffer/bss_file.c with #define APPS_WIN16 added.
+I have not yet automated the makefile to automatically copy it into 'out'
+for a win 3.1 build....
+
+All callbacks passed into SSLeay for Windows 3.1 need to be of type
+_far _loadds.
+
+I don't support building with the pascal calling convention.
+
+The DLL and static builds are large memory model.
+
+To build static libraries for NT/95 or win 3.1
+
+perl util/mk1mf.pl VC-WIN32 > mf-stat.nt
+perl util/mk1mf.pl VC-WIN16 > mf-stat.w31
+for DLL's
+perl util/mk1mf.pl dll VC-WIN32	> mf-dll.nt
+perl util/mk1mf.pl dll VC-WIN16 > mf-dll.w31
+
+Again you will notice that if you dont have perl, you cannot do this.
+
+Now the next importaint issue.  Running Configure!
+I have small assember code files for critical big number library operation
+in crypto/bn/asm.  There is, asm code, object files and uuencode
+object files.  They are
+x86nt32.asm	- 32bit flat memory model assember - suitable Win32
+x86w16.asm	- 16bit assember - used in the msdos build.
+x86w32.asm	- 32bit assember, win 3.1 segments, used for win16 build.
+
+If you feel compelled to build the 16bit maths routines in the windows 3.1
+build,
+perl Configure VC-W31-16
+perl util/mk1mf.pl dll VC-W31-16 > mf-dll.w31
+
+If you hate assember and don't want anything to do with it,
+perl util/mk1mf.pl no-asm VC-WIN16 > mf-dll.w31
+will work for any of the makefile generations.
+
+There are more options to mk1mf.pl but these all leave the temporary
+files in 'tmp' and the output files in 'out' by default.
+
+The NT build is done for console mode.
+
+The Windows 3.1 version of SSLeay uses quickwin, the interface is ugly
+but it is better than nothing.  If you want ugly, try doing anything
+that involves getting a password.  I decided to be ugly instead of
+echoing characters.  For Windows 3.1 I would just sugest using the
+msdos version of the ssleay application for command line work.
+The QuickWin build is primarily for testing.
+
+For both NT and Windows 3.1, I have not written the code so that
+s_client, s_server can take input from the keyboard.  You can happily
+start applications up in separate windows, watch them handshake, and then sit
+there for-ever.  I have not had the time to get this working, and I've
+been able to test things from a unix box to the NT box :-).
+Try running ssleay s_server on the windows box
+(with either -cert ../apps/server.pem -www)
+and run ssleay s_time from another window.
+This often stuffs up on Windows 3.1, but I'm not worried since this is
+probably a problem with my demo applications, not the libraries.
+
+After a build of one of the version of microsoft SSLeay,
+'cd ms' and then run 'test'.  This should check everything out and
+even does a trial run of generating certificates.
+'test.bat' requires that perl be install, you be in the ms directory
+(not the test directory, thats for unix so stay out :-) and that the
+build output directory be ../out 
+
+On a last note, you will probably get division by zero errors and
+stuff after a build.  This is due to your own inability to follow
+instructions :-).
+
+The reasons for the problem is probably one of the following.
+
+1)	You did not run Configure.  This is critical for windows 3.1 when
+	using assember.  The values in crypto/bn/bn.h must match the
+	ones requred for the assember code.  (remember that if you
+	edit crypto/bn/bn.h by hand, it will be clobered the next time
+	you run Configure by the contents of crypto/bn/bn.org).
+	SSLeay version -o will list the compile options.
+	For VC-WIN32 you need bn(64,32) or bn(32,32)
+	For VC-W31-32/VC-WIN16 you need bn(32,32)
+	For VC-W31-16 you need bn(32,16) or bn(16,16)
+	For VC-MSDOS you need bn(32,16) or bn(16,16).
+
+	The first number will be 2 times bigger than the second if
+	BN_LLONG is defined in bn.h and the size of the second number
+	depends on the 'bits' defined at the start of bn.h.  Have a
+	look, it's all reasonably clear.
+	If you want to start messing with 8 bit builds and things like
+	that, build without the assember by re-generating a makefile
+	via 'perl util/mk1mf.pl no-asm'.
+2)	You tried to build under MS-DOS or Windows 3.1 using the /G3
+	option.  Don't.  It is buggy (thats why you just got that
+	error) and unless you want to work out which optimising flag
+	to turn off, I'm not going to help you :-).  I also noticed
+	that code often ran slower when compiled with /G3.
+3)	Under NT/95, malloc goes stupid.  You are probably linking with
+	the wrong library, there are problems if you mix the threaded
+	and non-threaded libraries (due to the DLL being staticly
+	linked with one and the applicaion using another.
+
+Well hopefully thats most of the MS issues handled, see you in ssl-users :-).
+
+eric 30-Aug-1996
+
+SSLeay 0.6.5
+For Windows 95/NT, add CRYPTO_malloc_init() to your program before any
+calls to the SSLeay libraries.  This function will insert callbacks so that
+the SSLeay libraries will use the same malloc(), free() and realloc() as
+your application so 'problem 3)' mentioned above will go away.
+
+There is now DES assember for Windows NT/95.  The file is
+crypto/des/asm/win32.asm and replaces crypto/des/des_enc.c in the build.
+
+There is also Blowfish assember for Windows NT/95.  The file is
+crypto/bf/asm/win32.asm and replaces crypto/bf/bf_enc.c in the build.
+
+eric 25-Jun-1997
+

Makefile.in

@@ -1,753 +0,0 @@
-##
-## Makefile for OpenSSL
-##
-
-VERSION=
-MAJOR=
-MINOR=
-SHLIB_VERSION_NUMBER=
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=
-SHLIB_MINOR=
-SHLIB_EXT=
-PLATFORM=dist
-OPTIONS=
-CONFIGURE_ARGS=
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives.  This can be used to indicate
-# where sub-Makefiles are expected to be.  Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR to change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#           system defines as well, i.e. _REENTRANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#           one.  32 bytes will be read from this when the random
-#           number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-#           NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#       call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= cc
-CFLAG= -O
-DEPFLAG= 
-PEX_LIBS= 
-EX_LIBS= 
-EXE_EXT= 
-ARFLAGS=
-AR=ar $(ARFLAGS) r
-RANLIB= ranlib
-NM= nm
-PERL= perl
-#RM= echo --
-RM= rm -f
-TAR= tar
-TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend
-LIBDIR=lib
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ= 
-BN_ASM= bn_asm.o
-EC_ASM=
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ENC= aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ= 
-SHA1_ASM_OBJ= 
-RMD160_ASM_OBJ= 
-WP_ASM_OBJ=
-CMLL_ENC=
-MODES_ASM_OBJ=
-ENGINES_ASM_OBJ=
-CHACHA_ENC= chacha_enc.o
-POLY1305_ASM_OBJ=
-PERLASM_SCHEME=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build may be different so hard
-# code the path.
-
-FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/
-
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto. If not compiling in FIPS mode
-# at all this is empty making it a useful test for a FIPS compile.
-
-FIPSCANLIB=
-
-# Shared library base address. Currently only used on Windows.
-#
-
-BASEADDR=
-
-DIRS=   crypto ssl engines apps test tools
-ENGDIRS= ccgost
-SHLIBDIRS= crypto ssl
-INSTALL_SUBS= engines apps tools
-
-# dirs in crypto to build
-SDIRS=  \
-	objects \
-	md2 md4 md5 sha mdc2 hmac ripemd whrlpool poly1305 \
-	des aes rc2 rc4 rc5 idea bf cast camellia seed chacha modes \
-	bn ec rsa dsa dh dso engine \
-	buffer bio stack lhash rand err \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui \
-	cms pqueue ts jpake srp store cmac ct async
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-# tests to perform.  "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-HTMLSUFFIX=html
-HTMLDIR=$(OPENSSLDIR)/html
-SHELL=/bin/sh
-
-TOP=    .
-LIBS=   libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL=        Makefile
-BASENAME=       openssl
-NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        ../$(NAME).tar
-HEADER=         e_os.h
-
-# Directories created on install if they don't exist.
-INSTALLDIRS=	\
-		$(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-
-all: Makefile build_all
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
-		$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}	\
-		$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}		\
-		$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL}	\
-		$${HEADER+HEADER}				\
-		$${GENERAL+GENERAL} $${CFLAGS+CFLAGS}		\
-		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\
-		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS}	\
-		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\
-		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-
-# LC_ALL=C ensures that error [and other] messages are delivered in
-# same language for uniform treatment.
-BUILDENV=	LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
-		CC='$(CC)' CFLAG='$(CFLAG)' 			\
-		AS='$(CC)' ASFLAG='$(CFLAG) -c'			\
-		AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'	\
-		CROSS_COMPILE='$(CROSS_COMPILE)'	\
-		PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'		\
-		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'	\
-		INSTALL_PREFIX='$(INSTALL_PREFIX)'		\
-		INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)'	\
-		LIBDIR='$(LIBDIR)'				\
-		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
-		DEPFLAG='$(DEPFLAG)'                    	\
-		MAKEDEPPROG='$(MAKEDEPPROG)'			\
-		SHARED_LDFLAGS='$(SHARED_LDFLAGS)'		\
-		ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'	\
-		EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'	\
-		SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)'	\
-		PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'	\
-		CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)'	\
-		EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)'		\
-		AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'	\
-		BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'	\
-		RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'	\
-		SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)'			\
-		MD5_ASM_OBJ='$(MD5_ASM_OBJ)'			\
-		RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'		\
-		WP_ASM_OBJ='$(WP_ASM_OBJ)'			\
-		MODES_ASM_OBJ='$(MODES_ASM_OBJ)'		\
-		ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'		\
-		CHACHA_ENC='$(CHACHA_ENC)'			\
-		POLY1305_ASM_OBJ='$(POLY1305_ASM_OBJ)'		\
-		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
-		FIPSLIBDIR='${FIPSLIBDIR}'			\
-		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
-		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory.  The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS).  It requires that the target
-# is given through the shell variable `target'.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS).  It requires
-# exactly the same shell variables as BUILD_CMD.
-BUILD_CMD=  if [ -d "$$dir" ]; then \
-	    (	cd $$dir && echo "making $$target in $$dir..." && \
-		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
-	    ) || exit 1; \
-	    fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
-	if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
-		$(BUILD_CMD); \
-	fi
-
-reflect:
-	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-sub_all: build_all
-
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
-
-build_crypto:
-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
-	@dir=engines; target=all; AS='$(CC) -c'; export AS; $(BUILD_ONE_CMD)
-
-build_apps: build_libs
-	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
-	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
-	@dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
-	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-libcrypto$(SHLIB_EXT): libcrypto.a
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
-			FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
-			export CC FIPSLD_CC; \
-		fi; \
-		$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared; \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-		exit 1; \
-	fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-		exit 1; \
-	fi
-
-clean-shared:
-	@set -e; for i in $(SHLIBDIRS); do \
-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-			for j in $${tmp:-x}; do \
-				( set -x; rm -f lib$$i$$j ); \
-			done; \
-		fi; \
-		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-		if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
-		fi; \
-	done
-
-link-shared:
-	@ set -e; for i in $(SHLIBDIRS); do \
-		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-			symlink.$(SHLIB_TARGET); \
-		libs="$$libs -l$$i"; \
-	done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
-	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
-		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-			LIBDEPS="$$libs $(EX_LIBS)" \
-			link_a.$(SHLIB_TARGET); \
-		libs="-l$$i $$libs"; \
-	done
-
-libcrypto.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL-libcrypto'; \
-	    echo 'Description: OpenSSL cryptography library'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
-
-libssl.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL-libssl'; \
-	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires.private: libcrypto'; \
-	    echo 'Libs: -L$${libdir} -lssl'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir}' ) > libssl.pc
-
-openssl.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL'; \
-	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: libssl libcrypto' ) > openssl.pc
-
-Makefile: Makefile.in Configure config
-	@echo "Makefile is older than Makefile.in, Configure or config."
-	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
-	@false
-
-libclean:
-	rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
-
-clean:	libclean
-	rm -f */*/*.o */*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
-	rm -rf *.bak certs/.0
-	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
-	rm -f $(LIBS) tags TAGS
-	rm -f openssl.pc libssl.pc libcrypto.pc
-	rm -f speed.* .pure
-	rm -f $(TARFILE)
-
-makefile.one: files
-	$(PERL) util/mk1mf.pl >makefile.one; \
-	sh util/do_ms.sh
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
-	@set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-gentests:
-	@(cd test && echo "generating dummy tests (if needed)..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
-	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-rehash: rehash.time
-rehash.time: certs build_apps
-	@if [ -z "$(CROSS_COMPILE)" ]; then \
-		(OPENSSL="`pwd`/util/opensslwrap.sh"; \
-		[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
-		OPENSSL_DEBUG_MEMORY=on; OPENSSL_CONF=/dev/null ; \
-		export OPENSSL OPENSSL_DEBUG_MEMORY OPENSSL_CONF; \
-		$$OPENSSL rehash certs/demo \
-		|| $(PERL) tools/c_rehash certs/demo) && \
-		touch rehash.time; \
-	else :; fi
-
-test:   tests
-
-test_ordinals:
-	TOP=$(TOP) PERL=$(PERL) $(PERL) test/run_tests.pl test_ordinals
-
-tests: rehash
-	@(cd test && echo "testing..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-	@if [ -z "$(CROSS_COMPILE)" ]; then \
-		OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a; \
-	fi
-
-list-tests:
-	@(cd test && \
-	        $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. list-tests)
-
-report:
-	@$(PERL) util/selftest.pl
-
-update: errors util/libeay.num util/ssleay.num TABLE test_ordinals
-	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
-depend:
-	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
-lint:
-	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags TAGS: FORCE
-	rm -f TAGS tags
-	-ctags -R .
-	-etags `find . -name '*.[ch]' -o -name '*.pm'`
-
-FORCE:
-
-errors:
-	$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
-	$(PERL) util/mkerr.pl -recurse -write
-	(cd engines; $(MAKE) PERL=$(PERL) errors)
-	(cd crypto/ct; $(MAKE) PERL=$(PERL) errors)
-
-util/libeay.num::
-	$(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
-	$(PERL) util/mkdef.pl ssl update
-
-TABLE: Configure Configurations/*.conf
-	(echo 'Output of `Configure TABLE'"':"; \
-	$(PERL) Configure TABLE) > TABLE
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
-	                       --owner 0 --group 0 \
-			       --transform 's|^|$(NAME)/|' \
-			       -cvf -
-
-$(TARFILE).list:
-	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
-	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \! -name '*test' \! -name '.#*' \! -name '*~' \!	-type l \
-	    | sort > $(TARFILE).list
-
-tar: $(TARFILE).list
-	find . -type d -print | xargs chmod 755
-	find . -type f -print | xargs chmod a+r
-	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
-	rm -f $(TARFILE).list
-	ls -l $(TARFILE).gz
-
-tar-snap: $(TARFILE).list
-	$(TAR_COMMAND) > $(TARFILE)
-	rm -f $(TARFILE).list
-	ls -l $(TARFILE)
-
-dist:   
-	$(PERL) Configure dist
-	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
-
-install: all install_docs install_sw
-
-uninstall: uninstall_sw uninstall_docs
-
-install_sw:
-	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALLDIRS)
-	@set -e; for i in include/openssl/*.h; do \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$$i ); \
-	done;
-	@set -e; target=install; for dir in $(INSTALL_SUBS); do $(BUILD_CMD); done
-	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
-	do \
-		if [ -f "$$i" ]; then \
-		(       echo installing $$i; \
-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
-		fi; \
-	done;
-	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
-		tmp="$(SHARED_LIBS)"; \
-		for i in $${tmp:-x}; \
-		do \
-			if [ -f "$$i" -o -f "$$i.a" ]; then \
-			(       echo installing $$i; \
-				if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
-					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
-					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				else \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				fi ); \
-				if expr $(PLATFORM) : 'mingw' > /dev/null; then \
-				(	case $$i in \
-						*crypto*) i=libeay32.dll;; \
-						*ssl*)    i=ssleay32.dll;; \
-					esac; \
-					echo installing $$i; \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
-				fi; \
-			fi; \
-		done; \
-		(	here="`pwd`"; \
-			cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
-			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
-		if [ "$(INSTALLTOP)" != "/usr" ]; then \
-			echo 'OpenSSL shared libraries have been installed in:'; \
-			echo '  $(INSTALLTOP)'; \
-		fi; \
-	fi
-	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
-	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
-	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-
-uninstall_sw:
-	cd include/openssl && files=* && cd $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl && $(RM) $$files
-	@for i in $(LIBS) ;\
-	do \
-		test -f "$$i" && \
-		echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i && \
-		$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-	done;
-	@if [ -n "$(SHARED_LIBS)" ]; then \
-		tmp="$(SHARED_LIBS)"; \
-		for i in $${tmp:-x}; \
-		do \
-			if [ -f "$$i" -o -f "$$i.a" ]; then \
-				if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
-					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
-					echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-					$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				else \
-					echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-					$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				fi; \
-				if expr $(PLATFORM) : 'mingw' > /dev/null; then \
-					case $$i in \
-						*crypto*) i=libeay32.dll;; \
-						*ssl*)    i=ssleay32.dll;; \
-					esac; \
-					echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-					$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-				fi; \
-			fi; \
-		done; \
-	fi
-	$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
-	$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
-	$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-	@target=uninstall; $(RECURSIVE_BUILD_CMD)
-
-install_html_docs:
-	here="`pwd`"; \
-	filecase=; \
-	case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
-		filecase=-i; \
-	esac; \
-	for subdir in apps crypto ssl; do \
-		$(PERL) $(TOP)/util/mkdir-p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
-		for i in doc/$$subdir/*.pod; do \
-			fn=`basename $$i .pod`; \
-			echo "installing html/$$fn.$(HTMLSUFFIX)"; \
-			cat $$i \
-			| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
-			| pod2html --podroot=doc --htmlroot=.. --podpath=$$subdir:apps:crypto:ssl \
-			| sed -r 's/<!DOCTYPE.*//g' \
-			> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
-			$(PERL) util/extract-names.pl < $$i | \
-				grep -v $$filecase "^$$fn\$$" | \
-				(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
-				 while read n; do \
-					PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
-				 done); \
-		done; \
-	done
-
-uninstall_html_docs:
-	here="`pwd`"; \
-	filecase=; \
-	case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
-		filecase=-i; \
-	esac; \
-	for subdir in apps crypto ssl; do \
-		for i in doc/$$subdir/*.pod; do \
-			fn=`basename $$i .pod`; \
-			$(RM) $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
-			$(PERL) util/extract-names.pl < $$i | \
-				grep -v $$filecase "^$$fn\$$" | \
-				while read n; do \
-					$(RM) $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/"$$n".$(HTMLSUFFIX); \
-				done; \
-		done; \
-	done
-
-install_docs:
-	@$(PERL) $(TOP)/util/mkdir-p.pl \
-		$(INSTALL_PREFIX)$(MANDIR)/man1 \
-		$(INSTALL_PREFIX)$(MANDIR)/man3 \
-		$(INSTALL_PREFIX)$(MANDIR)/man5 \
-		$(INSTALL_PREFIX)$(MANDIR)/man7
-	here="`pwd`"; \
-	filecase=; \
-	case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
-		filecase=-i; \
-	esac; \
-	set -e; for i in doc/apps/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`) \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
-			 while read n; do \
-				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-			 done); \
-	done; \
-	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`) \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
-			 while read n; do \
-				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-			 done); \
-	done
-
-uninstall_docs:
-	@here="`pwd`"; \
-	filecase=; \
-	case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*) \
-		filecase=-i; \
-	esac; \
-	for i in doc/apps/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
-		echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			while read n; do \
-				echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-				$(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-			done; \
-	done; \
-	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
-		echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			while read n; do \
-				echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-				$(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-			done; \
-	done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.

Makefile.shared

@@ -1,629 +0,0 @@
-#
-# Helper makefile to link shared libraries in a portable way.
-# This is much simpler than libtool, and hopefully not too error-prone.
-#
-# The following variables need to be set on the command line to build
-# properly
-
-# CC contains the current compiler.  This one MUST be defined
-CC=cc
-CFLAGS=$(CFLAG)
-# LDFLAGS contains flags to be used when temporary object files (when building
-# shared libraries) are created, or when an application is linked.
-# SHARED_LDFLAGS contains flags to be used when the shared library is created.
-LDFLAGS=
-SHARED_LDFLAGS=
-
-NM=nm
-
-# LIBNAME contains just the name of the library, without prefix ("lib"
-# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
-# .dll, ...).  This one MUST have a value when using this makefile to
-# build shared libraries.
-# For example, to build libfoo.so, you need to do the following:
-#LIBNAME=foo
-LIBNAME=
-
-# APPNAME contains just the name of the application, without suffix (""
-# on Unix, ".exe" on Windows, ...).  This one MUST have a value when using
-# this makefile to build applications.
-# For example, to build foo, you need to do the following:
-#APPNAME=foo
-APPNAME=
-
-# OBJECTS contains all the object files to link together into the application.
-# This must contain at least one object file.
-#OBJECTS=foo.o
-OBJECTS=
-
-# LIBEXTRAS contains extra modules to link together with the library.
-# For example, if a second library, say libbar.a needs to be linked into
-# libfoo.so, you need to do the following:
-#LIBEXTRAS=libbar.a
-# Note that this MUST be used when using the link_o targets, to hold the
-# names of all object files that go into the target library.
-LIBEXTRAS=
-
-# LIBVERSION contains the current version of the library.
-# For example, to build libfoo.so.1.2, you need to do the following:
-#LIBVERSION=1.2
-LIBVERSION=
-
-# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
-# the library.  They MUST be in decreasing order.
-# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
-# and libfoo.so.1, you need to do the following:
-#LIBCOMPATVERSIONS=1.2 1
-# Note that on systems that use sonames, the last number will appear as
-# part of it.
-# It's also possible, for systems that support it (Tru64, for example),
-# to add extra compatibility info with more precision, by adding a second
-# list of versions, separated from the first with a semicolon, like this:
-#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
-LIBCOMPATVERSIONS=
-
-# LIBDEPS contains all the flags necessary to cover all necessary
-# dependencies to other libraries.
-LIBDEPS=
-
-#------------------------------------------------------------------------------
-# The rest is private to this makefile.
-
-SET_X=:
-#SET_X=set -x
-
-top:
-	echo "Trying to use this makefile interactively?  Don't."
-
-CALC_VERSIONS=	\
-	SHLIB_COMPAT=; SHLIB_SOVER=; \
-	if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
-		prev=""; \
-		for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
-			SHLIB_SOVER_NODOT=$$v; \
-			SHLIB_SOVER=.$$v; \
-			if [ -n "$$prev" ]; then \
-				SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
-			fi; \
-			prev=$$v; \
-		done; \
-	fi
-
-LINK_APP=	\
-  ( $(SET_X);   \
-    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
-    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
-    LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
-
-LINK_SO=	\
-  ( $(SET_X);   \
-    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
-    SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
-    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-    LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${SHAREDCMD} $${SHAREDFLAGS} \
-	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
-  ) && $(SYMLINK_SO)
-
-SYMLINK_SO=	\
-	if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
-		prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
-		if [ -n "$$SHLIB_COMPAT" ]; then \
-			for x in $$SHLIB_COMPAT; do \
-				( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
-				  ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
-				prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
-			done; \
-		fi; \
-		if [ -n "$$SHLIB_SOVER" ]; then \
-			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
-			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
-		fi; \
-	fi
-
-LINK_SO_A=	SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
-LINK_SO_O=	SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
-
-LINK_SO_A_VIA_O=	\
-  SHOBJECTS=lib$(LIBNAME).o; \
-  ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
-  ( $(SET_X); \
-    ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
-  $(LINK_SO) && rm -f lib$(LIBNAME).o
-
-LINK_SO_A_UNPACKED=	\
-  UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
-  (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
-  ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
-  SHOBJECTS=$$UNPACKDIR/*.o; \
-  $(LINK_SO) && rm -rf $$UNPACKDIR
-
-DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
-
-DO_GNU_SO=$(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	ALLSYMSFLAGS='-Wl,--whole-archive'; \
-	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-
-#This is rather special.  It's a special target with which one can link
-#applications without bothering with any features that have anything to
-#do with shared libraries, for example when linking against static
-#libraries.  It's mostly here to avoid a lot of conditionals everywhere
-#else...
-link_app.:
-	$(LINK_APP)
-
-link_o.gnu:
-	@ $(DO_GNU_SO); $(LINK_SO_O)
-link_a.gnu:
-	@ $(DO_GNU_SO); $(LINK_SO_A)
-link_app.gnu:
-	@ $(DO_GNU_APP); $(LINK_APP)
-
-link_a.linux-shared:
-	@if [ $(LIBNAME) != "crypto" -a $(LIBNAME) != "ssl" ]; then echo libname is $(LIBNAME); sleep 2; $(DO_GNU_SO); else \
-	$(PERL) util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
-	$(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	ALLSYMSFLAGS='-Wl,--whole-archive,--version-script=$(LIBNAME).map'; \
-	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-	fi; $(LINK_SO_A)
-
-link_o.bsd:
-	@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
-	$(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS=" "; \
-	ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
-	NOALLSYMSFLAGS=; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
-	fi; $(LINK_SO_O)
-link_a.bsd:
-	@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
-	$(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS=" "; \
-	ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
-	NOALLSYMSFLAGS=; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
-	fi; $(LINK_SO_A)
-link_app.bsd:
-	@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
-	LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
-	fi; $(LINK_APP)
-
-# For Darwin AKA Mac OS/X (dyld)
-# Originally link_o.darwin produced .so, because it was hard-coded
-# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib
-# extension in order to allow for run-time linking with vendor-
-# supplied shared libraries such as libz, so that link_o.darwin had
-# to be harmonized with it. This caused minor controversy, because
-# it was believed that dlopen can't be used to dynamically load
-# .dylib-s, only so called bundle modules (ones linked with -bundle
-# flag). The belief seems to be originating from pre-10.4 release,
-# where dlfcn functionality was emulated by dlcompat add-on. In
-# 10.4 dlopen was rewritten as native part of dyld and is documented
-# to be capable of loading both dynamic libraries and bundles. In
-# order to provide compatibility with pre-10.4 dlopen, modules are
-# linked with -bundle flag, which makes .dylib extension misleading.
-# It works, because dlopen is [and always was] extension-agnostic.
-# Alternative to this heuristic approach is to develop specific
-# MacOS X dso module relying on whichever "native" dyld interface.
-link_o.darwin:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.dylib; \
-	ALLSYMSFLAGS='-all_load'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
-	if [ -n "$(LIBVERSION)" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
-	fi; \
-	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
-	fi; \
-	$(LINK_SO_O)
-link_a.darwin:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.dylib; \
-	ALLSYMSFLAGS='-all_load'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
-	if [ -n "$(LIBVERSION)" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
-	fi; \
-	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
-	fi; \
-	SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \
-	$(LINK_SO_A)
-link_app.darwin:	# is there run-path on darwin?
-	$(LINK_APP)
-
-link_o.cygwin:
-	@ $(CALC_VERSIONS); \
-	INHIBIT_SYMLINKS=yes; \
-	SHLIB=cyg$(LIBNAME); \
-	base=-Wl,--enable-auto-image-base; \
-	deffile=; \
-	if expr $(PLATFORM) : 'mingw' > /dev/null; then \
-		SHLIB=$(LIBNAME)eay32; base=; \
-		if test -f $(LIBNAME)eay32.def; then \
-			deffile=$(LIBNAME)eay32.def; \
-		fi; \
-	fi; \
-	SHLIB_SUFFIX=.dll; \
-	LIBVERSION="$(LIBVERSION)"; \
-	SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
-	ALLSYMSFLAGS='-Wl,--whole-archive'; \
-	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base $$deffile -Wl,-s,-Bsymbolic"; \
-	$(LINK_SO_O)
-#for mingw target if def-file is in use dll-name should match library-name
-link_a.cygwin:
-	@ $(CALC_VERSIONS); \
-	INHIBIT_SYMLINKS=yes; \
-	SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
-	dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; extras=; \
-	base=-Wl,--enable-auto-image-base; \
-	if expr $(PLATFORM) : 'mingw' > /dev/null; then \
-		case $(LIBNAME) in \
-			crypto) SHLIB=libeay;; \
-			ssl) SHLIB=ssleay;; \
-		esac; \
-		SHLIB_SOVER=32; \
-		extras="$(LIBNAME).def"; \
-		$(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \
-		base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
-	fi; \
-	dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
-	$(PERL) util/mkrc.pl $$dll_name | \
-		$(CROSS_COMPILE)windres -o rc.o; \
-	extras="$$extras rc.o"; \
-	ALLSYMSFLAGS='-Wl,--whole-archive'; \
-	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-s,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $$extras"; \
-	[ -f apps/$$dll_name ] && rm apps/$$dll_name; \
-	[ -f test/$$dll_name ] && rm test/$$dll_name; \
-	$(LINK_SO_A) || exit 1; \
-	rm $$extras; \
-	cp -p $$dll_name apps/; \
-	cp -p $$dll_name test/
-link_app.cygwin:
-	@if expr "$(CFLAGS)" : '.*OPENSSL_USE_APPLINK' > /dev/null; then \
-		LIBDEPS="$(TOP)/crypto/applink.o $${LIBDEPS:-$(LIBDEPS)}"; \
-		export LIBDEPS; \
-	fi; \
-	$(LINK_APP)
-
-link_o.alpha-osf1:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_SO); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
-		fi; \
-	fi; \
-	$(LINK_SO_O)
-link_a.alpha-osf1:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_SO); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
-		fi; \
-	fi; \
-	$(LINK_SO_A)
-link_app.alpha-osf1:
-	@if $(DETECT_GNU_LD); then \
-		$(DO_GNU_APP); \
-	else \
-		LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
-	fi; \
-	$(LINK_APP)
-
-link_o.solaris:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		MINUSZ='-z '; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		ALLSYMSFLAGS="$${MINUSZ}allextract"; \
-		NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
-	fi; \
-	$(LINK_SO_O)
-link_a.solaris:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		MINUSZ='-z '; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=;\
-		ALLSYMSFLAGS="$${MINUSZ}allextract"; \
-		NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
-	fi; \
-	$(LINK_SO_A)
-link_app.solaris:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_APP); \
-	else \
-		LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
-	fi; \
-	$(LINK_APP)
-
-# OpenServer 5 native compilers used
-link_o.svr3:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		ALLSYMSFLAGS=''; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-	fi; \
-	$(LINK_SO_O)
-link_a.svr3:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		ALLSYMSFLAGS=''; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-	fi; \
-	$(LINK_SO_A_UNPACKED)
-link_app.svr3:
-	@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
-	$(LINK_APP)
-
-# UnixWare 7 and OpenUNIX 8 native compilers used
-link_o.svr5:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHARE_FLAG='-G'; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		ALLSYMSFLAGS=''; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-	fi; \
-	$(LINK_SO_O)
-link_a.svr5:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHARE_FLAG='-G'; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		ALLSYMSFLAGS=''; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-	fi; \
-	$(LINK_SO_A_UNPACKED)
-link_app.svr5:
-	@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
-	$(LINK_APP)
-
-link_o.irix:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		MINUSWL=""; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
-		ALLSYMSFLAGS="$${MINUSWL}-all"; \
-		NOALLSYMSFLAGS="$${MINUSWL}-none"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
-	fi; \
-	$(LINK_SO_O)
-link_a.irix:
-	@ if $(DETECT_GNU_LD); then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		MINUSWL=""; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
-		ALLSYMSFLAGS="$${MINUSWL}-all"; \
-		NOALLSYMSFLAGS="$${MINUSWL}-none"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
-	fi; \
-	$(LINK_SO_A)
-link_app.irix:
-	@LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
-	$(LINK_APP)
-
-# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
-# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
-# rules imply that we can only link one level down in catalog structure,
-# but that's what takes place for the moment of this writing. +cdp option
-# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
-# editor context only [it's simply ignored in other cases, which are all
-# ELFs by the way].
-#
-link_o.hpux:
-	@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
-	$(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	ALLSYMSFLAGS='-Wl,-Fl'; \
-	NOALLSYMSFLAGS=''; \
-	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
-	fi; \
-	rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
-	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_a.hpux:
-	@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
-	$(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	ALLSYMSFLAGS='-Wl,-Fl'; \
-	NOALLSYMSFLAGS=''; \
-	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
-	fi; \
-	rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
-	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_app.hpux:
-	@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
-	LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
-	fi; \
-	$(LINK_APP)
-
-link_o.aix:
-	@ $(CALC_VERSIONS); \
-	OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
-	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	ALLSYMSFLAGS=''; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
-	$(LINK_SO_O);
-link_a.aix:
-	@ $(CALC_VERSIONS); \
-	OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
-	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	ALLSYMSFLAGS='-bnogc'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
-	$(LINK_SO_A_VIA_O)
-link_app.aix:
-	LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
-	$(LINK_APP)
-
-
-# Targets to build symbolic links when needed
-symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
-symlink.aix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	$(SYMLINK_SO)
-symlink.darwin:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.dylib; \
-	$(SYMLINK_SO)
-symlink.hpux:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
-	$(SYMLINK_SO)
-# The following lines means those specific architectures do no symlinks
-symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
-
-# Compatibility targets
-link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
-link_a.bsd-gcc-shared link_a.gnu-shared: link_a.gnu
-link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
-symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
-link_o.bsd-shared: link_o.bsd
-link_a.bsd-shared: link_a.bsd
-link_app.bsd-shared: link_app.bsd
-link_o.darwin-shared: link_o.darwin
-link_a.darwin-shared: link_a.darwin
-link_app.darwin-shared: link_app.darwin
-symlink.darwin-shared: symlink.darwin
-link_o.cygwin-shared: link_o.cygwin
-link_a.cygwin-shared: link_a.cygwin
-link_app.cygwin-shared: link_app.cygwin
-symlink.cygwin-shared: symlink.cygwin
-link_o.alpha-osf1-shared: link_o.alpha-osf1
-link_a.alpha-osf1-shared: link_a.alpha-osf1
-link_app.alpha-osf1-shared: link_app.alpha-osf1
-symlink.alpha-osf1-shared: symlink.alpha-osf1
-link_o.tru64-shared: link_o.tru64
-link_a.tru64-shared: link_a.tru64
-link_app.tru64-shared: link_app.tru64
-symlink.tru64-shared: symlink.tru64
-link_o.tru64-shared-rpath: link_o.tru64-rpath
-link_a.tru64-shared-rpath: link_a.tru64-rpath
-link_app.tru64-shared-rpath: link_app.tru64-rpath
-symlink.tru64-shared-rpath: symlink.tru64-rpath
-link_o.solaris-shared: link_o.solaris
-link_a.solaris-shared: link_a.solaris
-link_app.solaris-shared: link_app.solaris
-symlink.solaris-shared: symlink.solaris
-link_o.svr3-shared: link_o.svr3
-link_a.svr3-shared: link_a.svr3
-link_app.svr3-shared: link_app.svr3
-symlink.svr3-shared: symlink.svr3
-link_o.svr5-shared: link_o.svr5
-link_a.svr5-shared: link_a.svr5
-link_app.svr5-shared: link_app.svr5
-symlink.svr5-shared: symlink.svr5
-link_o.irix-shared: link_o.irix
-link_a.irix-shared: link_a.irix
-link_app.irix-shared: link_app.irix
-symlink.irix-shared: symlink.irix
-link_o.hpux-shared: link_o.hpux
-link_a.hpux-shared: link_a.hpux
-link_app.hpux-shared: link_app.hpux
-symlink.hpux-shared: symlink.hpux
-link_o.aix-shared: link_o.aix
-link_a.aix-shared: link_a.aix
-link_app.aix-shared: link_app.aix
-symlink.aix-shared: symlink.aix

Makefile.ssl

@@ -0,0 +1,338 @@
+#
+# Makefile for all the SSL related library routines and utilities
+VERSION = 0.9.1b
+PLATFORM=debug
+#
+# make install will install:
+#   libraries into $INSTALLTOP/lib
+#   headers   into $INSTALLTOP/include
+#   utilities into $INSTALLTOP/bin
+#
+# By default INSTALLTOP is set to /usr/local/ssl
+# If you want things install elsewere, consider running
+# perl util/ssldir.pl /new/path
+#
+# Interesting Mailing Lists:
+#     ssl-bugs@mincom.oz.au
+#     ssl-users@mincom.oz.au
+#
+# To join the Mailing Lists:
+#     ssl-bugs-request@mincom.oz.au
+#     ssl-users-request@mincom.oz.au
+#
+# If you must get hold of people directly (we much prefer the above
+# lists to be used if the question is of general interest!):
+#       Eric Young <eay@cryptsoft.com>
+#       Tim Hudson <tjh@cryptsoft.com>
+#       or both    <ssleay@cryptsoft.com>
+#
+# The primary distribution of SSLeay is from
+# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
+#
+# NOCONST - Define for C compilers that don't like the const key word.
+# NOPROTO - Define in if your compiler does not support prototypes.
+# RSAref  - Define if we are to link with RSAref.
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
+# SSL_ALLOW_ADH - define if you want the server to be able to use the
+#           SSLv3 anon-DH ciphers.
+# SSL_ALLOW_ENULL - define if you want the server to be able to use the
+#           NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= gcc
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+CFLAG= -DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
+PEX_LIBS= -L. -L.. -L../.. -L../../..
+EX_LIBS= -lefence
+AR=ar r
+
+# Set BN_ASM to bn_asm.o if you want to use the C version
+BN_ASM= bn_asm.o
+#BN_ASM= bn_asm.o
+#BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+#BN_ASM= asm/bn86-sol.o # solaris
+#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
+#BN_ASM= asm/bn86bsdi.o # bsdi
+#BN_ASM= asm/alpha.o    # DEC Alpha
+#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
+#BN_ASM= asm/r3000.o    # SGI MIPS cpu
+#BN_ASM= asm/sparc.o    # Sun solaris/SunOS
+#BN_ASM= asm/bn-win32.o # Windows 95/NT
+#BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
+#BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
+
+# Set DES_ENC to des_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+DES_ENC= des_enc.o fcrypt_b.o
+#DES_ENC= des_enc.o fcrypt_b.o          # C
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
+
+# Set BF_ENC to bf_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+BF_ENC= bf_enc.o
+#BF_ENC= bf_enc.o
+#BF_ENC= asm/bx86-elf.o # elf
+#BF_ENC= asm/bx86-sol.o # solaris
+#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o # bsdi
+
+# Set CAST_ENC to c_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+CAST_ENC= c_enc.o
+#CAST_ENC= c_enc.o
+#CAST_ENC= asm/cx86-elf.o # elf
+#CAST_ENC= asm/cx86-sol.o # solaris
+#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
+#CAST_ENC= asm/cx86bsdi.o # bsdi
+
+# Set RC4_ENC to rc4_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC4_ENC= rc4_enc.o
+#RC4_ENC= rc4_enc.o
+#RC4_ENC= asm/rx86-elf.o # elf
+#RC4_ENC= asm/rx86-sol.o # solaris
+#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
+#RC4_ENC= asm/rx86bsdi.o # bsdi
+
+# Set RC5_ENC to rc5_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC5_ENC= rc5_enc.o
+#RC5_ENC= rc5_enc.o
+#RC5_ENC= asm/r586-elf.o # elf
+#RC5_ENC= asm/r586-sol.o # solaris
+#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
+#RC5_ENC= asm/r586bsdi.o # bsdi
+
+# Also need MD5_ASM defined
+MD5_ASM_OBJ= 
+#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+
+# Also need SHA1_ASM defined
+SHA1_ASM_OBJ= 
+#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+
+# Also need RMD160_ASM defined
+RMD160_ASM_OBJ= 
+#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
+
+DIRS=   crypto ssl rsaref apps test tools
+# dirs in crypto to build
+SDIRS=  \
+	md2 md5 sha mdc2 hmac ripemd \
+	des rc2 rc4 rc5 idea bf cast \
+	bn rsa dsa dh \
+	buffer bio stack lhash rand err objects \
+	evp pem asn1 x509 conf txt_db pkcs7 comp
+
+# If you change the INSTALLTOP, make sure to also change the values
+# in crypto/location.h
+INSTALLTOP=/usr/local/ssl
+
+MAKEFILE= Makefile.ssl
+MAKE=     make -f Makefile.ssl
+
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+
+TOP=    .
+ONEDIRS=out tmp
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep
+MISC=   COPYRIGHT Configure HISTORY.090	HISTORY.066 INSTALL Makefile.ssl \
+	Makefile \
+	README TODO HISTORY README.066 README.080 README.090 \
+	VERSION PROBLEMS MINFO makefile.one e_os.h \
+	MICROSOFT makevms.com config PATENTS
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a 
+
+GENERAL=        Makefile
+BASENAME=       SSLeay
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        $(NAME).tar
+WTARFILE=       $(NAME)-win.tar
+EXHEADER=       e_os.h
+HEADER=         e_os.h
+
+all:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making $$i..."; \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ); \
+	done;
+
+sub_all:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making $$i..."; \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ); \
+	done;
+
+libclean:
+	/bin/rm *.a */lib */*/lib
+
+clean:
+	/bin/rm -f shlib/*.o *.o core a.out fluff *.map
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "cleaning $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' clean ); \
+	/bin/rm -f $(LIBS); \
+	done;
+	/bin/rm -f *.a *.o speed.* *.map *.so .pure core
+	/bin/rm -f $(TARFILE)
+	@for i in $(ONEDIRS) ;\
+	do \
+	/bin/rm -fr $$i/*; \
+	done
+
+makefile.one: files
+	perl util/mk1mf.pl >makefile.one; \
+	sh util/do_ms.sh
+
+files:  MINFO
+	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making 'files' in $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' files ); \
+	done;
+
+links:
+	/bin/rm -f Makefile;
+	./util/point.sh Makefile.ssl Makefile;
+	$(TOP)/util/mklink.sh include $(EXHEADER) ;
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making links in $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' links ); \
+	done;
+	# @(cd apps; sh ./mklinks)
+	@( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
+
+dclean:
+	/bin/rm -f *.bak
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "undoing makedepend in $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' dclean ); \
+	done;
+
+rehash:
+	@(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
+
+test:   tests
+
+tests:
+	(cd test; echo "testing $$i..."; \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
+	@apps/ssleay version -a
+
+depend:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making dependancies $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' depend ); \
+	done;
+
+lint:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making lint $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' lint ); \
+	done;
+
+tags:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making tags $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' tags ); \
+	done;
+
+errors:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making errors in $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' errors ); \
+	done;
+
+tar:
+	@(cd ..;\
+	mv $(BASENAME) $(NAME); \
+	export STUFF; \
+	for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
+	do \
+		STUFF="$$STUFF $(NAME)/$$i"; \
+	done; \
+	tar cf $(NAME)/$(TARFILE) $$STUFF; \
+	mv $(NAME) $(BASENAME) ) 
+	gzip -f $(TARFILE)
+
+dist:   
+	perl Configure dist
+	perl util/up_ver.pl ${VERSION}
+	@$(MAKE) dist_pem_h
+	@$(MAKE) SDIRS='${SDIRS}' clean
+	@$(MAKE) SDIRS='${SDIRS}' dclean
+	@(cd apps; sh ./rmlinks)
+	@$(MAKE) makefile.one
+	@$(MAKE) tar
+
+dist_pem_h:
+	(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+
+install: all
+	@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "installing $$i..."; \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+	done
+	@for i in $(LIBS) ;\
+	do \
+	(       echo installing $$i; \
+		cp $$i $(INSTALLTOP)/lib; \
+		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
+		chmod 644 $(INSTALLTOP)/lib/$$i ); \
+	done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.

NEWS

@@ -1,769 +0,0 @@
-
-  NEWS
-  ====
-
-  This file gives a brief overview of the major changes between each OpenSSL
-  release. For more details please read the CHANGES file.
-
-  Major changes between OpenSSL 1.0.2e and OpenSSL 1.1.0 [in pre-release]
-
-      o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
-      o Support for extended master secret
-      o CCM ciphersuites
-      o Reworked test suite, now based on perl, Test::Harness and Test::More
-      o Varous libcrypto structures made opaque including: BIGNUM, EVP_MD,
-        EVP_MD_CTX, HMAC_CTX, EVP_CIPHER and EVP_CIPHER_CTX.
-      o libssl internal structures made opaque
-      o SSLv2 support removed
-      o Kerberos ciphersuite support removed
-      o RC4 removed from DEFAULT ciphersuites in libssl
-      o 40 and 56 bit cipher support removed from libssl
-      o All public header files moved to include/openssl, no more symlinking
-      o SSL/TLS state machine, version negotiation and record layer rewritten
-      o EC revision: now operations use new EC_KEY_METHOD.
-      o Support for OCB mode added to libcrypto
-      o Support for asynchronous crypto operations added to libcrypto and libssl
-      o Deprecated interfaces can now be disabled at build time either
-        relative to the latest relate via the "no-deprecated" Configure
-        argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
-      o Application software can be compiled with -DOPENSSL_API_COMPAT=version
-        to ensure that features deprecated before that version are not exposed.
-      o Support for RFC6698/RFC7671 DANE TLSA peer authentication
-
-  Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
-
-      o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
-      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
-      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
-      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
-      o In DSA_generate_parameters_ex, if the provided seed is too short,
-        return an error
-
-  Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
-
-      o Alternate chains certificate forgery (CVE-2015-1793)
-      o Race condition handling PSK identify hint (CVE-2015-3196)
-
-  Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
-
-      o Fix HMAC ABI incompatibility
-
-  Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
-
-      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
-      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
-      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
-      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
-      o Race condition handling NewSessionTicket (CVE-2015-1791)
-
-  Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
-
-      o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
-      o Multiblock corrupted pointer fix (CVE-2015-0290)
-      o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
-      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
-      o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
-      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
-      o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
-      o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
-      o Empty CKE with client auth and DHE fix (CVE-2015-1787)
-      o Handshake with unseeded PRNG fix (CVE-2015-0285)
-      o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
-      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
-      o Removed the export ciphers from the DEFAULT ciphers
-
-  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
-
-      o Suite B support for TLS 1.2 and DTLS 1.2
-      o Support for DTLS 1.2
-      o TLS automatic EC curve selection.
-      o API to set TLS supported signature algorithms and curves
-      o SSL_CONF configuration API.
-      o TLS Brainpool support.
-      o ALPN support.
-      o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
-
-  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
-
-      o Build fixes for the Windows and OpenVMS platforms
-
-  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
-
-      o Fix for CVE-2014-3571
-      o Fix for CVE-2015-0206
-      o Fix for CVE-2014-3569
-      o Fix for CVE-2014-3572
-      o Fix for CVE-2015-0204
-      o Fix for CVE-2015-0205
-      o Fix for CVE-2014-8275
-      o Fix for CVE-2014-3570
-
-  Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
-
-      o Fix for CVE-2014-3513
-      o Fix for CVE-2014-3567
-      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
-      o Fix for CVE-2014-3568
-
-  Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
-
-      o Fix for CVE-2014-3512
-      o Fix for CVE-2014-3511
-      o Fix for CVE-2014-3510
-      o Fix for CVE-2014-3507
-      o Fix for CVE-2014-3506
-      o Fix for CVE-2014-3505
-      o Fix for CVE-2014-3509
-      o Fix for CVE-2014-5139
-      o Fix for CVE-2014-3508
-
-  Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
-
-      o Fix for CVE-2014-0224
-      o Fix for CVE-2014-0221
-      o Fix for CVE-2014-0198
-      o Fix for CVE-2014-0195
-      o Fix for CVE-2014-3470
-      o Fix for CVE-2010-5298
-
-  Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
-
-      o Fix for CVE-2014-0160
-      o Add TLS padding extension workaround for broken servers.
-      o Fix for CVE-2014-0076
-
-  Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
-
-      o Don't include gmt_unix_time in TLS server and client random values
-      o Fix for TLS record tampering bug CVE-2013-4353
-      o Fix for TLS version checking bug CVE-2013-6449
-      o Fix for DTLS retransmission bug CVE-2013-6450
-
-  Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
-
-      o Corrected fix for CVE-2013-0169
-
-  Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
-
-      o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
-      o Include the fips configuration module.
-      o Fix OCSP bad key DoS attack CVE-2013-0166
-      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
-      o Fix for TLS AESNI record handling flaw CVE-2012-2686
-
-  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
-
-      o Fix TLS/DTLS record length checking bug CVE-2012-2333
-      o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
-
-  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
-
-      o Fix compilation error on non-x86 platforms.
-      o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
-      o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
-
-  Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
-
-      o Fix for ASN1 overflow bug CVE-2012-2110
-      o Workarounds for some servers that hang on long client hellos.
-      o Fix SEGV in AES code.
-
-  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
-
-      o TLS/DTLS heartbeat support.
-      o SCTP support.
-      o RFC 5705 TLS key material exporter.
-      o RFC 5764 DTLS-SRTP negotiation.
-      o Next Protocol Negotiation.
-      o PSS signatures in certificates, requests and CRLs.
-      o Support for password based recipient info for CMS.
-      o Support TLS v1.2 and TLS v1.1.
-      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
-      o SRP support.
-
-  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
-
-      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
-      o Corrected fix for CVE-2011-4619
-      o Various DTLS fixes.
-
-  Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
-
-      o Fix for DTLS DoS issue CVE-2012-0050
-
-  Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
-
-      o Fix for DTLS plaintext recovery attack CVE-2011-4108
-      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
-      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
-      o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
-      o Check for malformed RFC3779 data CVE-2011-4577
-
-  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
-
-      o Fix for CRL vulnerability issue CVE-2011-3207
-      o Fix for ECDH crashes CVE-2011-3210
-      o Protection against EC timing attacks.
-      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
-      o Various DTLS fixes.
-
-  Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
-
-      o Fix for security issue CVE-2011-0014
-
-  Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
-
-      o Fix for security issue CVE-2010-4180
-      o Fix for CVE-2010-4252
-      o Fix mishandling of absent EC point format extension.
-      o Fix various platform compilation issues.
-      o Corrected fix for security issue CVE-2010-3864.
-
-  Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
-
-      o Fix for security issue CVE-2010-3864.
-      o Fix for CVE-2010-2939
-      o Fix WIN32 build system for GOST ENGINE.
-
-  Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
-
-      o Fix for security issue CVE-2010-1633.
-      o GOST MAC and CFB fixes.
-
-  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
-
-      o RFC3280 path validation: sufficient to process PKITS tests.
-      o Integrated support for PVK files and keyblobs.
-      o Change default private key format to PKCS#8.
-      o CMS support: able to process all examples in RFC4134
-      o Streaming ASN1 encode support for PKCS#7 and CMS.
-      o Multiple signer and signer add support for PKCS#7 and CMS.
-      o ASN1 printing support.
-      o Whirlpool hash algorithm added.
-      o RFC3161 time stamp support.
-      o New generalised public key API supporting ENGINE based algorithms.
-      o New generalised public key API utilities.
-      o New ENGINE supporting GOST algorithms.
-      o SSL/TLS GOST ciphersuite support.
-      o PKCS#7 and CMS GOST support.
-      o RFC4279 PSK ciphersuite support.
-      o Supported points format extension for ECC ciphersuites.
-      o ecdsa-with-SHA224/256/384/512 signature types.
-      o dsa-with-SHA224 and dsa-with-SHA256 signature types.
-      o Opaque PRF Input TLS extension support.
-      o Updated time routines to avoid OS limitations.
-
-  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
-
-      o CFB cipher definition fixes.
-      o Fix security issues CVE-2010-0740 and CVE-2010-0433.
-
-  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
-
-      o Cipher definition fixes.
-      o Workaround for slow RAND_poll() on some WIN32 versions.
-      o Remove MD2 from algorithm tables.
-      o SPKAC handling fixes.
-      o Support for RFC5746 TLS renegotiation extension.
-      o Compression memory leak fixed.
-      o Compression session resumption fixed.
-      o Ticket and SNI coexistence fixes.
-      o Many fixes to DTLS handling. 
-
-  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
-
-      o Temporary work around for CVE-2009-3555: disable renegotiation.
-
-  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
-
-      o Fix various build issues.
-      o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
-
-  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
-
-      o Fix security issue (CVE-2008-5077)
-      o Merge FIPS 140-2 branch code.
-
-  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
-
-      o CryptoAPI ENGINE support.
-      o Various precautionary measures.
-      o Fix for bugs affecting certificate request creation.
-      o Support for local machine keyset attribute in PKCS#12 files.
-
-  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
-
-      o Backport of CMS functionality to 0.9.8.
-      o Fixes for bugs introduced with 0.9.8f.
-
-  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
-
-      o Add gcc 4.2 support.
-      o Add support for AES and SSE2 assembly lanugauge optimization
-        for VC++ build.
-      o Support for RFC4507bis and server name extensions if explicitly 
-        selected at compile time.
-      o DTLS improvements.
-      o RFC4507bis support.
-      o TLS Extensions support.
-
-  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
-
-      o Various ciphersuite selection fixes.
-      o RFC3779 support.
-
-  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
-
-      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
-      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
-      o Changes to ciphersuite selection algorithm
-
-  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
-
-      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
-      o New cipher Camellia
-
-  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
-
-      o Cipher string fixes.
-      o Fixes for VC++ 2005.
-      o Updated ECC cipher suite support.
-      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
-      o Zlib compression usage fixes.
-      o Built in dynamic engine compilation support on Win32.
-      o Fixes auto dynamic engine loading in Win32.
-
-  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
-
-      o Fix potential SSL 2.0 rollback, CVE-2005-2969
-      o Extended Windows CE support
-
-  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
-
-      o Major work on the BIGNUM library for higher efficiency and to
-        make operations more streamlined and less contradictory.  This
-        is the result of a major audit of the BIGNUM library.
-      o Addition of BIGNUM functions for fields GF(2^m) and NIST
-        curves, to support the Elliptic Crypto functions.
-      o Major work on Elliptic Crypto; ECDH and ECDSA added, including
-        the use through EVP, X509 and ENGINE.
-      o New ASN.1 mini-compiler that's usable through the OpenSSL
-        configuration file.
-      o Added support for ASN.1 indefinite length constructed encoding.
-      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
-      o Complete rework of shared library construction and linking
-        programs with shared or static libraries, through a separate
-        Makefile.shared.
-      o Rework of the passing of parameters from one Makefile to another.
-      o Changed ENGINE framework to load dynamic engine modules
-        automatically from specifically given directories.
-      o New structure and ASN.1 functions for CertificatePair.
-      o Changed the ZLIB compression method to be stateful.
-      o Changed the key-generation and primality testing "progress"
-        mechanism to take a structure that contains the ticker
-        function and an argument.
-      o New engine module: GMP (performs private key exponentiation).
-      o New engine module: VIA PadLOck ACE extension in VIA C3
-        Nehemiah processors.
-      o Added support for IPv6 addresses in certificate extensions.
-        See RFC 1884, section 2.2.
-      o Added support for certificate policy mappings, policy
-        constraints and name constraints.
-      o Added support for multi-valued AVAs in the OpenSSL
-        configuration file.
-      o Added support for multiple certificates with the same subject
-        in the 'openssl ca' index file.
-      o Make it possible to create self-signed certificates using
-        'openssl ca -selfsign'.
-      o Make it possible to generate a serial number file with
-        'openssl ca -create_serial'.
-      o New binary search functions with extended functionality.
-      o New BUF functions.
-      o New STORE structure and library to provide an interface to all
-        sorts of data repositories.  Supports storage of public and
-        private keys, certificates, CRLs, numbers and arbitrary blobs.
-	This library is unfortunately unfinished and unused withing
-	OpenSSL.
-      o New control functions for the error stack.
-      o Changed the PKCS#7 library to support one-pass S/MIME
-        processing.
-      o Added the possibility to compile without old deprecated
-        functionality with the OPENSSL_NO_DEPRECATED macro or the
-        'no-deprecated' argument to the config and Configure scripts.
-      o Constification of all ASN.1 conversion functions, and other
-        affected functions.
-      o Improved platform support for PowerPC.
-      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
-      o New X509_VERIFY_PARAM structure to support parametrisation
-        of X.509 path validation.
-      o Major overhaul of RC4 performance on Intel P4, IA-64 and
-        AMD64.
-      o Changed the Configure script to have some algorithms disabled
-        by default.  Those can be explicitely enabled with the new
-        argument form 'enable-xxx'.
-      o Change the default digest in 'openssl' commands from MD5 to
-        SHA-1.
-      o Added support for DTLS.
-      o New BIGNUM blinding.
-      o Added support for the RSA-PSS encryption scheme
-      o Added support for the RSA X.931 padding.
-      o Added support for BSD sockets on NetWare.
-      o Added support for files larger than 2GB.
-      o Added initial support for Win64.
-      o Added alternate pkg-config files.
-
-  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
-
-      o FIPS 1.1.1 module linking.
-      o Various ciphersuite selection fixes.
-
-  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
-
-      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
-      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
-
-  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
-
-      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
-
-  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
-
-      o Visual C++ 2005 fixes.
-      o Update Windows build system for FIPS.
-
-  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
-
-      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
-
-  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
-
-      o Fix SSL 2.0 Rollback, CVE-2005-2969
-      o Allow use of fixed-length exponent on DSA signing
-      o Default fixed-window RSA, DSA, DH private-key operations
-
-  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
-
-      o More compilation issues fixed.
-      o Adaptation to more modern Kerberos API.
-      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
-      o Enhanced x86_64 assembler BIGNUM module.
-      o More constification.
-      o Added processing of proxy certificates (RFC 3820).
-
-  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
-
-      o Several compilation issues fixed.
-      o Many memory allocation failure checks added.
-      o Improved comparison of X509 Name type.
-      o Mandatory basic checks on certificates.
-      o Performance improvements.
-
-  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
-
-      o Fix race condition in CRL checking code.
-      o Fixes to PKCS#7 (S/MIME) code.
-
-  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
-
-      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
-      o Security: Fix null-pointer assignment in do_change_cipher_spec()
-      o Allow multiple active certificates with same subject in CA index
-      o Multiple X509 verification fixes
-      o Speed up HMAC and other operations
-
-  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
-
-      o Security: fix various ASN1 parsing bugs.
-      o New -ignore_err option to OCSP utility.
-      o Various interop and bug fixes in S/MIME code.
-      o SSL/TLS protocol fix for unrequested client certificates.
-
-  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
-
-      o Security: counter the Klima-Pokorny-Rosa extension of
-        Bleichbacher's attack 
-      o Security: make RSA blinding default.
-      o Configuration: Irix fixes, AIX fixes, better mingw support.
-      o Support for new platforms: linux-ia64-ecc.
-      o Build: shared library support fixes.
-      o ASN.1: treat domainComponent correctly.
-      o Documentation: fixes and additions.
-
-  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
-
-      o Security: Important security related bugfixes.
-      o Enhanced compatibility with MIT Kerberos.
-      o Can be built without the ENGINE framework.
-      o IA32 assembler enhancements.
-      o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
-      o Configuration: the no-err option now works properly.
-      o SSL/TLS: now handles manual certificate chain building.
-      o SSL/TLS: certain session ID malfunctions corrected.
-
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
-
-      o New library section OCSP.
-      o Complete rewrite of ASN1 code.
-      o CRL checking in verify code and openssl utility.
-      o Extension copying in 'ca' utility.
-      o Flexible display options in 'ca' utility.
-      o Provisional support for international characters with UTF8.
-      o Support for external crypto devices ('engine') is no longer
-        a separate distribution.
-      o New elliptic curve library section.
-      o New AES (Rijndael) library section.
-      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
-        Linux x86_64, Linux 64-bit on Sparc v9
-      o Extended support for some platforms: VxWorks
-      o Enhanced support for shared libraries.
-      o Now only builds PIC code when shared library support is requested.
-      o Support for pkg-config.
-      o Lots of new manuals.
-      o Makes symbolic links to or copies of manuals to cover all described
-        functions.
-      o Change DES API to clean up the namespace (some applications link also
-        against libdes providing similar functions having the same name).
-        Provide macros for backward compatibility (will be removed in the
-        future).
-      o Unify handling of cryptographic algorithms (software and engine)
-        to be available via EVP routines for asymmetric and symmetric ciphers.
-      o NCONF: new configuration handling routines.
-      o Change API to use more 'const' modifiers to improve error checking
-        and help optimizers.
-      o Finally remove references to RSAref.
-      o Reworked parts of the BIGNUM code.
-      o Support for new engines: Broadcom ubsec, Accelerated Encryption
-        Processing, IBM 4758.
-      o A few new engines added in the demos area.
-      o Extended and corrected OID (object identifier) table.
-      o PRNG: query at more locations for a random device, automatic query for
-        EGD style random sources at several locations.
-      o SSL/TLS: allow optional cipher choice according to server's preference.
-      o SSL/TLS: allow server to explicitly set new session ids.
-      o SSL/TLS: support Kerberos cipher suites (RFC2712).
-	Only supports MIT Kerberos for now.
-      o SSL/TLS: allow more precise control of renegotiations and sessions.
-      o SSL/TLS: add callback to retrieve SSL/TLS messages.
-      o SSL/TLS: support AES cipher suites (RFC3268).
-
-  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
-
-      o Security: fix various ASN1 parsing bugs.
-      o SSL/TLS protocol fix for unrequested client certificates.
-
-  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
-
-      o Security: counter the Klima-Pokorny-Rosa extension of
-        Bleichbacher's attack 
-      o Security: make RSA blinding default.
-      o Build: shared library support fixes.
-
-  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
-
-      o Important security related bugfixes.
-
-  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
-
-      o New configuration targets for Tandem OSS and A/UX.
-      o New OIDs for Microsoft attributes.
-      o Better handling of SSL session caching.
-      o Better comparison of distinguished names.
-      o Better handling of shared libraries in a mixed GNU/non-GNU environment.
-      o Support assembler code with Borland C.
-      o Fixes for length problems.
-      o Fixes for uninitialised variables.
-      o Fixes for memory leaks, some unusual crashes and some race conditions.
-      o Fixes for smaller building problems.
-      o Updates of manuals, FAQ and other instructive documents.
-
-  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
-
-      o Important building fixes on Unix.
-
-  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
-
-      o Various important bugfixes.
-
-  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
-
-      o Important security related bugfixes.
-      o Various SSL/TLS library bugfixes.
-
-  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
-
-      o Various SSL/TLS library bugfixes.
-      o Fix DH parameter generation for 'non-standard' generators.
-
-  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
-
-      o Various SSL/TLS library bugfixes.
-      o BIGNUM library fixes.
-      o RSA OAEP and random number generation fixes.
-      o Object identifiers corrected and added.
-      o Add assembler BN routines for IA64.
-      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
-        MIPS Linux; shared library support for Irix, HP-UX.
-      o Add crypto accelerator support for AEP, Baltimore SureWare,
-        Broadcom and Cryptographic Appliance's keyserver
-        [in 0.9.6c-engine release].
-
-  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
-
-      o Security fix: PRNG improvements.
-      o Security fix: RSA OAEP check.
-      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
-        attack.
-      o MIPS bug fix in BIGNUM.
-      o Bug fix in "openssl enc".
-      o Bug fix in X.509 printing routine.
-      o Bug fix in DSA verification routine and DSA S/MIME verification.
-      o Bug fix to make PRNG thread-safe.
-      o Bug fix in RAND_file_name().
-      o Bug fix in compatibility mode trust settings.
-      o Bug fix in blowfish EVP.
-      o Increase default size for BIO buffering filter.
-      o Compatibility fixes in some scripts.
-
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
-
-      o Security fix: change behavior of OpenSSL to avoid using
-        environment variables when running as root.
-      o Security fix: check the result of RSA-CRT to reduce the
-        possibility of deducing the private key from an incorrectly
-        calculated signature.
-      o Security fix: prevent Bleichenbacher's DSA attack.
-      o Security fix: Zero the premaster secret after deriving the
-        master secret in DH ciphersuites.
-      o Reimplement SSL_peek(), which had various problems.
-      o Compatibility fix: the function des_encrypt() renamed to
-        des_encrypt1() to avoid clashes with some Unixen libc.
-      o Bug fixes for Win32, HP/UX and Irix.
-      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
-        memory checking routines.
-      o Bug fixes for RSA operations in threaded environments.
-      o Bug fixes in misc. openssl applications.
-      o Remove a few potential memory leaks.
-      o Add tighter checks of BIGNUM routines.
-      o Shared library support has been reworked for generality.
-      o More documentation.
-      o New function BN_rand_range().
-      o Add "-rand" option to openssl s_client and s_server.
-
-  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
-
-      o Some documentation for BIO and SSL libraries.
-      o Enhanced chain verification using key identifiers.
-      o New sign and verify options to 'dgst' application.
-      o Support for DER and PEM encoded messages in 'smime' application.
-      o New 'rsautl' application, low level RSA utility.
-      o MD4 now included.
-      o Bugfix for SSL rollback padding check.
-      o Support for external crypto devices [1].
-      o Enhanced EVP interface.
-
-    [1] The support for external crypto devices is currently a separate
-        distribution.  See the file README.ENGINE.
-
-  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
-
-      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
-      o Shared library support for HPUX and Solaris-gcc
-      o Support of Linux/IA64
-      o Assembler support for Mingw32
-      o New 'rand' application
-      o New way to check for existence of algorithms from scripts
-
-  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
-
-      o S/MIME support in new 'smime' command
-      o Documentation for the OpenSSL command line application
-      o Automation of 'req' application
-      o Fixes to make s_client, s_server work under Windows
-      o Support for multiple fieldnames in SPKACs
-      o New SPKAC command line utilty and associated library functions
-      o Options to allow passwords to be obtained from various sources
-      o New public key PEM format and options to handle it
-      o Many other fixes and enhancements to command line utilities
-      o Usable certificate chain verification
-      o Certificate purpose checking
-      o Certificate trust settings
-      o Support of authority information access extension
-      o Extensions in certificate requests
-      o Simplified X509 name and attribute routines
-      o Initial (incomplete) support for international character sets
-      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
-      o Read only memory BIOs and simplified creation function
-      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
-        record; allow fragmentation and interleaving of handshake and other
-        data
-      o TLS/SSL code now "tolerates" MS SGC
-      o Work around for Netscape client certificate hang bug
-      o RSA_NULL option that removes RSA patent code but keeps other
-        RSA functionality
-      o Memory leak detection now allows applications to add extra information
-        via a per-thread stack
-      o PRNG robustness improved
-      o EGD support
-      o BIGNUM library bug fixes
-      o Faster DSA parameter generation
-      o Enhanced support for Alpha Linux
-      o Experimental MacOS support
-
-  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
-
-      o Transparent support for PKCS#8 format private keys: these are used
-        by several software packages and are more secure than the standard
-        form
-      o PKCS#5 v2.0 implementation
-      o Password callbacks have a new void * argument for application data
-      o Avoid various memory leaks
-      o New pipe-like BIO that allows using the SSL library when actual I/O
-        must be handled by the application (BIO pair)
-
-  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
-      o Lots of enhancements and cleanups to the Configuration mechanism
-      o RSA OEAP related fixes
-      o Added `openssl ca -revoke' option for revoking a certificate
-      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
-      o Source tree cleanups: removed lots of obsolete files
-      o Thawte SXNet, certificate policies and CRL distribution points
-        extension support
-      o Preliminary (experimental) S/MIME support
-      o Support for ASN.1 UTF8String and VisibleString
-      o Full integration of PKCS#12 code
-      o Sparc assembler bignum implementation, optimized hash functions
-      o Option to disable selected ciphers
-
-  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
-      o Fixed a security hole related to session resumption
-      o Fixed RSA encryption routines for the p < q case
-      o "ALL" in cipher lists now means "everything except NULL ciphers"
-      o Support for Triple-DES CBCM cipher
-      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
-      o First support for new TLSv1 ciphers
-      o Added a few new BIOs (syslog BIO, reliable BIO)
-      o Extended support for DSA certificate/keys.
-      o Extended support for Certificate Signing Requests (CSR)
-      o Initial support for X.509v3 extensions
-      o Extended support for compression inside the SSL record layer
-      o Overhauled Win32 builds
-      o Cleanups and fixes to the Big Number (BN) library
-      o Support for ASN.1 GeneralizedTime
-      o Splitted ASN.1 SETs from SEQUENCEs
-      o ASN1 and PEM support for Netscape Certificate Sequences
-      o Overhauled Perl interface
-      o Lots of source tree cleanups.
-      o Lots of memory leak fixes.
-      o Lots of bug fixes.
-
-  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
-      o Integration of the popular NO_RSA/NO_DSA patches
-      o Initial support for compression inside the SSL record layer
-      o Added BIO proxy and filtering functionality
-      o Extended Big Number (BN) library
-      o Added RIPE MD160 message digest
-      o Addeed support for RC2/64bit cipher
-      o Extended ASN.1 parser routines
-      o Adjustations of the source tree for CVS
-      o Support for various new platforms
-

Netware/build.bat

@@ -1,235 +0,0 @@
-@echo off
-
-rem ========================================================================
-rem   Batch file to automate building OpenSSL for NetWare.
-rem
-rem   usage:
-rem      build [target] [debug opts] [assembly opts] [configure opts]
-rem
-rem      target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
-rem                    - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
-rem                    - "netware-libc" - LibC NetWare build (WinSock Sockets)
-rem                    - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
-rem 
-rem      debug opts    - "debug"  - build debug
-rem
-rem      assembly opts - "nw-mwasm" - use Metrowerks assembler
-rem                    - "nw-nasm"  - use NASM assembler
-rem                    - "no-asm"   - don't use assembly
-rem
-rem      configure opts- all unrecognized arguments are passed to the
-rem                       perl configure script
-rem
-rem   If no arguments are specified the default is to build non-debug with
-rem   no assembly.  NOTE: there is no default BLD_TARGET.
-rem
-
-
-
-rem   No assembly is the default - Uncomment section below to change
-rem   the assembler default
-set ASM_MODE=
-set ASSEMBLER=
-set NO_ASM=no-asm
-
-rem   Uncomment to default to the Metrowerks assembler
-rem set ASM_MODE=nw-mwasm
-rem set ASSEMBLER=Metrowerks
-rem set NO_ASM=
-
-rem   Uncomment to default to the NASM assembler
-rem set ASM_MODE=nw-nasm
-rem set ASSEMBLER=NASM
-rem set NO_ASM=
-
-rem   No default Bld target
-set BLD_TARGET=no_target
-rem set BLD_TARGET=netware-clib
-rem set BLD_TARGET=netware-libc
-
-
-rem   Default to build non-debug
-set DEBUG=
-                                    
-rem   Uncomment to default to debug build
-rem set DEBUG=debug
-
-
-set CONFIG_OPTS=
-set ARG_PROCESSED=NO
-
-
-rem   Process command line args
-:opts
-if "a%1" == "a" goto endopt
-if "%1" == "no-asm"   set NO_ASM=no-asm
-if "%1" == "no-asm"   set ARG_PROCESSED=YES
-if "%1" == "debug"    set DEBUG=debug
-if "%1" == "debug"    set ARG_PROCESSED=YES
-if "%1" == "nw-nasm"  set ASM_MODE=nw-nasm
-if "%1" == "nw-nasm"  set ASSEMBLER=NASM
-if "%1" == "nw-nasm"  set NO_ASM=
-if "%1" == "nw-nasm"  set ARG_PROCESSED=YES
-if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm
-if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks
-if "%1" == "nw-mwasm" set NO_ASM=
-if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
-if "%1" == "netware-clib" set BLD_TARGET=netware-clib
-if "%1" == "netware-clib" set ARG_PROCESSED=YES
-if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock
-if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES
-if "%1" == "netware-libc" set BLD_TARGET=netware-libc
-if "%1" == "netware-libc" set ARG_PROCESSED=YES
-if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
-if "%1" == "netware-libc-bsdsock" set ARG_PROCESSED=YES
-
-rem   If we didn't recognize the argument, consider it an option for config
-if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1
-if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO
-
-shift
-goto opts
-:endopt
-
-rem make sure a valid BLD_TARGET was specified
-if "%BLD_TARGET%" == "no_target" goto no_target
-
-rem build the nlm make file name which includes target and debug info
-set NLM_MAKE=
-if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
-if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock
-if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
-if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
-if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
-if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak
-
-if "%NO_ASM%" == "no-asm" set ASM_MODE=
-if "%NO_ASM%" == "no-asm" set ASSEMBLER=
-if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm
-if "%NO_ASM%" == "no-asm" goto do_config
-
-
-rem ==================================================
-echo Generating x86 for %ASSEMBLER% assembler
-
-echo Bignum
-cd crypto\bn\asm
-rem perl x86.pl %ASM_MODE% > bn-nw.asm
-perl bn-586.pl %ASM_MODE% > bn-nw.asm
-perl co-586.pl %ASM_MODE% > co-nw.asm
-cd ..\..\..
-
-echo AES
-cd crypto\aes\asm
-perl aes-586.pl %ASM_MODE% > a-nw.asm
-cd ..\..\..
-
-echo DES
-cd crypto\des\asm
-perl des-586.pl %ASM_MODE% > d-nw.asm
-cd ..\..\..
-
-echo "crypt(3)"
-
-cd crypto\des\asm
-perl crypt586.pl %ASM_MODE% > y-nw.asm
-cd ..\..\..
-
-echo Blowfish
-
-cd crypto\bf\asm
-perl bf-586.pl %ASM_MODE% > b-nw.asm
-cd ..\..\..
-
-echo CAST5
-cd crypto\cast\asm
-perl cast-586.pl %ASM_MODE% > c-nw.asm
-cd ..\..\..
-
-echo RC4
-cd crypto\rc4\asm
-perl rc4-586.pl %ASM_MODE% > r4-nw.asm
-cd ..\..\..
-
-echo MD5
-cd crypto\md5\asm
-perl md5-586.pl %ASM_MODE% > m5-nw.asm
-cd ..\..\..
-
-echo SHA1
-cd crypto\sha\asm
-perl sha1-586.pl %ASM_MODE% > s1-nw.asm
-perl sha256-586.pl %ASM_MODE% > sha256-nw.asm
-perl sha512-586.pl %ASM_MODE% > sha512-nw.asm
-cd ..\..\..
-
-echo RIPEMD160
-cd crypto\ripemd\asm
-perl rmd-586.pl %ASM_MODE% > rm-nw.asm
-cd ..\..\..
-
-echo RC5\32
-cd crypto\rc5\asm
-perl rc5-586.pl %ASM_MODE% > r5-nw.asm
-cd ..\..\..
-
-echo WHIRLPOOL
-cd crypto\whrlpool\asm
-perl wp-mmx.pl %ASM_MODE% > wp-nw.asm
-cd ..\..\..
-
-echo CPUID
-cd crypto
-perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
-cd ..\
-
-rem ===============================================================
-rem
-:do_config
-
-echo .
-echo configure options: %CONFIG_OPTS% %BLD_TARGET%
-echo .
-perl configure %CONFIG_OPTS% %BLD_TARGET%
-
-perl util\mkfiles.pl >MINFO
-
-echo .
-echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
-echo .
-perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%
-
-make -f %NLM_MAKE% vclean
-echo .
-echo The makefile "%NLM_MAKE%" has been created use your maketool to
-echo build (ex: make -f %NLM_MAKE%)
-goto end
-
-rem ===============================================================
-rem
-:no_target
-echo .
-echo .  No build target specified!!!
-echo .
-echo .  usage: build [target] [debug opts] [assembly opts] [configure opts]
-echo .
-echo .     target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
-echo .                   - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
-echo .                   - "netware-libc" - LibC NetWare build (WinSock Sockets)
-echo .                   - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
-echo .
-echo .     debug opts    - "debug"  - build debug
-echo .
-echo .     assembly opts - "nw-mwasm" - use Metrowerks assembler
-echo .                     "nw-nasm"  - use NASM assembler
-echo .                     "no-asm"   - don't use assembly
-echo .
-echo .     configure opts- all unrecognized arguments are passed to the
-echo .                      perl configure script
-echo .
-echo .  If no debug or assembly opts are specified the default is to build
-echo .  non-debug without assembly
-echo .
-
-        
-:end        

Netware/cpy_tests.bat

@@ -1,113 +0,0 @@
-@echo off
-
-rem   Batch file to copy OpenSSL stuff to a NetWare server for testing
-
-rem   This batch file will create an "opensssl" directory at the root of the
-rem   specified NetWare drive and copy the required files to run the tests.
-rem   It should be run from inside the "openssl\netware" subdirectory.
-
-rem   Usage:
-rem      cpy_tests.bat <test subdirectory> <NetWare drive>
-rem          <test subdirectory> - out_nw.dbg | out_nw
-rem          <NetWare drive> - any mapped drive letter
-rem
-rem      example ( copy from debug build to m: dirve ):
-rem              cpy_tests.bat out_nw.dbg m:
-rem
-rem      CAUTION:  If a directory named OpenSSL exists on the target drive
-rem                it will be deleted first.
-
-
-if "%1" == "" goto usage
-if "%2" == "" goto usage
-
-rem   Assume running in \openssl directory unless cpy_tests.bat exists then
-rem   it must be the \openssl\netware directory
-set loc=.
-if exist cpy_tests.bat set loc=..
-
-rem   make sure the local build subdirectory specified is valid
-if not exist %loc%\%1\NUL goto invalid_dir
-
-rem   make sure target drive is valid
-if not exist %2\NUL goto invalid_drive
-
-rem   If an OpenSSL directory exists on the target drive, remove it
-if exist %2\openssl\NUL goto remove_openssl
-goto do_copy
-
-:remove_openssl
-echo .
-echo OpenSSL directory exists on %2 - it will be removed!
-pause
-rmdir %2\openssl /s /q
-
-:do_copy
-rem   make an "openssl" directory and others at the root of the NetWare drive
-mkdir %2\openssl
-mkdir %2\openssl\test_out
-mkdir %2\openssl\apps
-mkdir %2\openssl\certs
-mkdir %2\openssl\test
-
-
-rem   copy the test nlms
-copy %loc%\%1\*.nlm %2\openssl\
-
-rem   copy the test perl script
-copy %loc%\netware\do_tests.pl %2\openssl\
-
-rem   copy the certs directory stuff
-xcopy %loc%\certs\*.*         %2\openssl\certs\ /s
-
-rem   copy the test directory stuff
-copy %loc%\test\CAss.cnf      %2\openssl\test\
-copy %loc%\test\Uss.cnf       %2\openssl\test\
-copy %loc%\test\pkcs7.pem     %2\openssl\test\
-copy %loc%\test\pkcs7-1.pem   %2\openssl\test\
-copy %loc%\test\testcrl.pem   %2\openssl\test\
-copy %loc%\test\testp7.pem    %2\openssl\test\
-copy %loc%\test\testreq2.pem  %2\openssl\test\
-copy %loc%\test\testrsa.pem   %2\openssl\test\
-copy %loc%\test\testsid.pem   %2\openssl\test\
-copy %loc%\test\testx509.pem  %2\openssl\test\
-copy %loc%\test\v3-cert1.pem  %2\openssl\test\
-copy %loc%\test\v3-cert2.pem  %2\openssl\test\
-copy %loc%\crypto\evp\evptests.txt %2\openssl\test\
-
-rem   copy the apps directory stuff
-copy %loc%\apps\client.pem    %2\openssl\apps\
-copy %loc%\apps\server.pem    %2\openssl\apps\
-copy %loc%\apps\openssl.cnf   %2\openssl\apps\
-
-echo .
-echo Tests copied
-echo Run the test script at the console by typing:
-echo     "Perl \openssl\do_tests.pl"
-echo .
-echo Make sure the Search path includes the OpenSSL subdirectory
-
-goto end
-
-:invalid_dir
-echo.
-echo Invalid build directory specified: %1
-echo.
-goto usage
-
-:invalid_drive
-echo.
-echo Invalid drive: %2
-echo.
-goto usage
-
-:usage
-echo.
-echo usage: cpy_tests.bat [test subdirectory] [NetWare drive]
-echo     [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc. 
-echo     [NetWare drive]     - any mapped drive letter
-echo.
-echo example: cpy_test out_nw_clib.dbg M:
-echo  (copy from clib debug build area to M: drive)
-
-:end

Netware/do_tests.pl

@@ -1,592 +0,0 @@
-# perl script to run OpenSSL tests
-
-
-my $base_path      = "\\openssl";
-
-my $output_path    = "$base_path\\test_out";
-my $cert_path      = "$base_path\\certs";
-my $test_path      = "$base_path\\test";
-my $app_path       = "$base_path\\apps";
-
-my $tmp_cert       = "$output_path\\cert.tmp";
-my $OpenSSL_config = "$app_path\\openssl.cnf";
-my $log_file       = "$output_path\\tests.log";
-
-my $pause = 0;
-
-
-#  process the command line args to see if they wanted us to pause
-#  between executing each command
-foreach $i (@ARGV)
-{
-   if ($i =~ /^-p$/)
-   { $pause=1; }
-}
-
-
-
-main();
-
-
-############################################################################
-sub main()
-{
-   # delete all the output files in the output directory
-   unlink <$output_path\\*.*>;
-
-   # open the main log file
-   open(OUT, ">$log_file") || die "unable to open $log_file\n";
-
-   print( OUT "========================================================\n");
-   my $outFile = "$output_path\\version.out";
-   system("openssl2 version (CLIB_OPT)/>$outFile");
-   log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
-
-   algorithm_tests();
-   encryption_tests();
-   evp_tests();
-   pem_tests();
-   verify_tests();
-   ca_tests();
-   ssl_tests();
-
-   close(OUT);
-
-   print("\nCompleted running tests.\n\n");
-   print("Check log file for errors: $log_file\n");
-}
-
-############################################################################
-sub algorithm_tests
-{
-   my $i;
-   my $outFile;
-   my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
-                 sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
-                 rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
-                 ecdsatest, ectest, exptest, casttest, hmactest );
-
-   print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
-
-   foreach $i (@tests)
-   {
-      if (-e "$base_path\\$i.nlm")
-      {
-         $outFile = "$output_path\\$i.out";
-         system("$i (CLIB_OPT)/>$outFile");
-         log_desc("Test: $i\.nlm:");
-         log_output("", $outFile );
-      }
-      else
-      {
-         log_desc("Test: $i\.nlm: file not found");
-      }
-   }
-}
-
-############################################################################
-sub encryption_tests
-{
-   my $i;
-   my $outFile;
-   my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb",
-                     "des-ofb", "des-ede-ofb", "des-ede3-ofb",
-                     "des-ecb", "des-ede", "des-ede3", "des-cbc",
-                     "des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb",
-                     "idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb",
-                     "rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb",
-                     "bf-ofb", "bf-cbc" );
-
-   my $input = "$base_path\\do_tests.pl";
-   my $cipher = "$output_path\\cipher.out";
-   my $clear = "$output_path\\clear.out";
-
-   print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n");
-
-   foreach $i (@enc_tests)
-   {
-      log_desc("Testing: $i");
-
-      # do encryption
-      $outFile = "$output_path\\enc.out";
-      system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
-      log_output("Encrypting: $input --> $cipher", $outFile);
-
-      # do decryption
-      $outFile = "$output_path\\dec.out";
-      system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
-      log_output("Decrypting: $cipher --> $clear", $outFile);
-
-      # compare files
-      $x = compare_files( $input, $clear, 1);
-      if ( $x == 0 )
-      {
-         print( "\rSUCCESS - files match: $input, $clear\n");
-         print( OUT "SUCCESS - files match: $input, $clear\n");
-      }
-      else
-      {
-         print( "\rERROR: files don't match\n");
-         print( OUT "ERROR: files don't match\n");
-      }
-
-      do_wait();
-
-      # Now do the same encryption but use Base64
-
-      # do encryption B64
-      $outFile = "$output_path\\B64enc.out";
-      system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
-      log_output("Encrypting(B64): $cipher --> $clear", $outFile);
-
-      # do decryption B64
-      $outFile = "$output_path\\B64dec.out";
-      system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
-      log_output("Decrypting(B64): $cipher --> $clear", $outFile);
-
-      # compare files
-      $x = compare_files( $input, $clear, 1);
-      if ( $x == 0 )
-      {
-         print( "\rSUCCESS - files match: $input, $clear\n");
-         print( OUT "SUCCESS - files match: $input, $clear\n");
-      }
-      else
-      {
-         print( "\rERROR: files don't match\n");
-         print( OUT "ERROR: files don't match\n");
-      }
-
-      do_wait();
-
-   } # end foreach
-
-   # delete the temporary files
-   unlink($cipher);
-   unlink($clear);
-}
-
-
-############################################################################
-sub pem_tests
-{
-   my $i;
-   my $tmp_out;
-   my $outFile = "$output_path\\pem.out";
-
-   my %pem_tests = (
-         "crl"      => "testcrl.pem",
-          "pkcs7"   => "testp7.pem",
-          "req"     => "testreq2.pem",
-          "rsa"     => "testrsa.pem",
-          "x509"    => "testx509.pem",
-          "x509"    => "v3-cert1.pem",
-          "sess_id" => "testsid.pem"  );
-
-
-   print( "\nRUNNING PEM TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "PEM TESTS:\n\n");
-
-   foreach $i (keys(%pem_tests))
-   {
-      log_desc( "Testing: $i");
-
-      my $input = "$test_path\\$pem_tests{$i}";
-
-      $tmp_out = "$output_path\\$pem_tests{$i}";
-
-      if ($i ne "req" )
-      {
-         system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
-         log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
-      }
-      else
-      {
-         system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
-         log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
-      }
-
-      $x = compare_files( $input, $tmp_out);
-      if ( $x == 0 )
-      {
-         print( "\rSUCCESS - files match: $input, $tmp_out\n");
-         print( OUT "SUCCESS - files match: $input, $tmp_out\n");
-      }
-      else
-      {
-         print( "\rERROR: files don't match\n");
-         print( OUT "ERROR: files don't match\n");
-      }
-      do_wait();
-
-   } # end foreach
-}
-
-
-############################################################################
-sub verify_tests
-{
-   my $i;
-   my $outFile = "$output_path\\verify.out";
-
-   $cert_path =~ s/\\/\//g;
-   my @cert_files = <$cert_path/*.pem>;
-
-   print( "\nRUNNING VERIFY TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "VERIFY TESTS:\n\n");
-
-   make_tmp_cert_file();
-
-   foreach $i (@cert_files)
-   {
-      system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
-      log_desc("Verifying cert: $i");
-      log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
-   }
-}
-
-
-############################################################################
-sub ssl_tests
-{
-   my $outFile = "$output_path\\ssl_tst.out";
-   my($CAcert) = "$output_path\\certCA.ss";
-   my($Ukey)   = "$output_path\\keyU.ss";
-   my($Ucert)  = "$output_path\\certU.ss";
-   my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert";
-
-   print( "\nRUNNING SSL TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "SSL TESTS:\n\n");
-
-   system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3:");
-   log_output("ssltest -ssl3", $outFile);
-
-   system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with server authentication:");
-   log_output("$ssltest -ssl3 -server_auth", $outFile);
-
-   system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with client authentication:");
-   log_output("$ssltest -ssl3 -client_auth", $outFile);
-
-   system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with both client and server authentication:");
-   log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
-
-   system("ssltest (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3:");
-   log_output("ssltest", $outFile);
-
-   system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with server authentication:");
-   log_output("$ssltest -server_auth", $outFile);
-
-   system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with client authentication:");
-   log_output("$ssltest -client_auth ", $outFile);
-
-   system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with both client and server authentication:");
-   log_output("$ssltest -server_auth -client_auth", $outFile);
-
-   system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
-   log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
-
-   system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 via BIO pair:");
-   log_output("ssltest -bio_pair -ssl3", $outFile);
-
-   system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
-
-   system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with client authentication  via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
-
-   system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
-
-   system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 via BIO pair:");
-   log_output("ssltest -bio_pair", $outFile);
-
-   system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -server_auth", $outFile);
-
-   system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -client_auth", $outFile);
-
-   system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
-}
-
-
-############################################################################
-sub ca_tests
-{
-   my $outFile = "$output_path\\ca_tst.out";
-
-   my($CAkey)     = "$output_path\\keyCA.ss";
-   my($CAcert)    = "$output_path\\certCA.ss";
-   my($CAserial)  = "$output_path\\certCA.srl";
-   my($CAreq)     = "$output_path\\reqCA.ss";
-   my($CAreq2)    = "$output_path\\req2CA.ss";
-
-   my($CAconf)    = "$test_path\\CAss.cnf";
-
-   my($Uconf)     = "$test_path\\Uss.cnf";
-
-   my($Ukey)      = "$output_path\\keyU.ss";
-   my($Ureq)      = "$output_path\\reqU.ss";
-   my($Ucert)     = "$output_path\\certU.ss";
-
-   print( "\nRUNNING CA TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "CA TESTS:\n");
-
-   system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
-   log_desc("Make a certificate request using req:");
-   log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
-
-   system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
-   log_desc("Convert the certificate request into a self signed certificate using x509:");
-   log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
-
-   system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
-   log_desc("Convert a certificate into a certificate request using 'x509':");
-   log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
-
-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
-   log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
-
-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
-   log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
-
-   system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
-   log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
-
-   system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
-   log_desc("Make another certificate request using req:");
-   log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
-
-   system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
-   log_desc("Sign certificate request with the just created CA via x509:");
-   log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
-
-   system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
-   log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
-
-   system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
-   log_desc("Certificate details");
-   log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
-
-   print(OUT "--\n");
-   print(OUT "The generated CA certificate is $CAcert\n");
-   print(OUT "The generated CA private key is $CAkey\n");
-   print(OUT "The current CA signing serial number is in $CAserial\n");
-
-   print(OUT "The generated user certificate is $Ucert\n");
-   print(OUT "The generated user private key is $Ukey\n");
-   print(OUT "--\n");
-}
-
-############################################################################
-sub evp_tests
-{
-   my $i = 'evp_test';
-
-   print( "\nRUNNING EVP TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "EVP TESTS:\n\n");
-
-   if (-e "$base_path\\$i.nlm")
-   {
-       my $outFile = "$output_path\\$i.out";
-       system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
-       log_desc("Test: $i\.nlm:");
-       log_output("", $outFile );
-   }
-   else
-   {
-       log_desc("Test: $i\.nlm: file not found");
-   }
-}
-
-############################################################################
-sub log_output( $ $ )
-{
-   my( $desc, $file ) = @_;
-   my($error) = 0;
-   my($key);
-   my($msg);
-
-   if ($desc)
-   {
-      print("\r$desc\n");
-      print(OUT "$desc\n");
-   }
-
-      # loop waiting for test program to complete
-   while ( stat($file) == 0)
-      { print(". "); sleep(1); }
-
-
-      # copy test output to log file
-   open(IN, "<$file");
-   while (<IN>)
-   {
-      print(OUT $_);
-      if ( $_ =~ /ERROR/ )
-      {
-         $error = 1;
-      }
-   }
-      # close and delete the temporary test output file
-   close(IN);
-   unlink($file);
-
-   if ( $error == 0 )
-   {
-      $msg = "Test Succeeded";
-   }
-   else
-   {
-      $msg = "Test Failed";
-   }
-
-   print(OUT "$msg\n");
-
-   if ($pause)
-   {
-      print("$msg - press ENTER to continue...");
-      $key = getc;
-      print("\n");
-   }
-
-      # Several of the testing scripts run a loop loading the
-      # same NLM with different options.
-      # On slow NetWare machines there appears to be some delay in the
-      # OS actually unloading the test nlms and the OS complains about.
-      # the NLM already being loaded.  This additional pause is to
-      # to help provide a little more time for unloading before trying to
-      # load again.
-   sleep(1);
-}
-
-
-############################################################################
-sub log_desc( $ )
-{
-   my( $desc ) = @_;
-
-   print("\n");
-   print("$desc\n");
-
-   print(OUT "\n");
-   print(OUT "$desc\n");
-   print(OUT "======================================\n");
-}
-
-############################################################################
-sub compare_files( $ $ $ )
-{
-   my( $file1, $file2, $binary ) = @_;
-   my( $n1, $n2, $b1, $b2 );
-   my($ret) = 1;
-
-   open(IN0, $file1) || die "\nunable to open $file1\n";
-   open(IN1, $file2) || die "\nunable to open $file2\n";
-
-  if ($binary)
-  {
-      binmode IN0;
-      binmode IN1;
-  }
-
-   for (;;)
-   {
-      $n1 = read(IN0, $b1, 512);
-      $n2 = read(IN1, $b2, 512);
-
-      if ($n1 != $n2) {last;}
-      if ($b1 != $b2) {last;}
-
-      if ($n1 == 0)
-      {
-         $ret = 0;
-         last;
-      }
-   }
-   close(IN0);
-   close(IN1);
-   return($ret);
-}
-
-############################################################################
-sub do_wait()
-{
-   my($key);
-
-   if ($pause)
-   {
-      print("Press ENTER to continue...");
-      $key = getc;
-      print("\n");
-   }
-}
-
-
-############################################################################
-sub make_tmp_cert_file()
-{
-   my @cert_files = <$cert_path/*.pem>;
-
-      # delete the file if it already exists
-   unlink($tmp_cert);
-
-   open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
-
-   print("building temporary cert file\n");
-
-   # create a temporary cert file that contains all the certs
-   foreach $i (@cert_files)
-   {
-      open( IN_CERT, $i ) || die "\nunable to open $i\n";
-
-      for(;;)
-      {
-         $n = sysread(IN_CERT, $data, 1024);
-
-         if ($n == 0)
-         {
-            close(IN_CERT);
-            last;
-         };
-
-         syswrite(TMP_CERT, $data, $n);
-      }
-   }
-
-   close( TMP_CERT );
-}

Netware/globals.txt

@@ -1,254 +0,0 @@
-An initial review of the OpenSSL code was done to determine how many 
-global variables where present.  The idea was to determine the amount of 
-work required to pull the globals into an instance data structure in 
-order to build a Library NLM for NetWare.  This file contains the results 
-of the review.  Each file is listed along with the globals in the file.  
-The initial review was done very quickly so this list is probably
-not a comprehensive list.
-
-
-cryptlib.c
-===========================================
-
-static STACK *app_locks=NULL;
-
-static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
-
-static void (MS_FAR *locking_callback)(int mode,int type,
-   const char *file,int line)=NULL;
-static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-   int type,const char *file,int line)=NULL;
-static unsigned long (MS_FAR *id_callback)(void)=NULL;
-static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
-   (const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_lock_callback)(int mode,
-   struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
-   const char *file,int line)=NULL;
-
-
-mem.c
-===========================================
-static int allow_customize = 1;      /* we provide flexible functions for */
-static int allow_customize_debug = 1;/* exchanging memory-related functions at
-
-/* may be changed as long as `allow_customize' is set */
-static void *(*malloc_locked_func)(size_t)  = malloc;
-static void (*free_locked_func)(void *)     = free;
-static void *(*malloc_func)(size_t)         = malloc;
-static void *(*realloc_func)(void *, size_t)= realloc;
-static void (*free_func)(void *)            = free;
-
-/* use default functions from mem_dbg.c */
-static void (*malloc_debug_func)(void *,int,const char *,int,int)
-   = CRYPTO_dbg_malloc;
-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
-   = CRYPTO_dbg_realloc;
-static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
-static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
-static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
-
-
-mem_dbg.c
-===========================================
-static int mh_mode=CRYPTO_MEM_CHECK_OFF;
-static unsigned long order = 0; /* number of memory requests */
-static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */
-
-static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */
-static long options =             /* extra information to be recorded */
-static unsigned long disabling_thread = 0;
-
-
-err.c
-===========================================
-static LHASH *error_hash=NULL;
-static LHASH *thread_hash=NULL;
-
-several files have routines with static "init" to track if error strings
-   have been loaded ( may not want separate error strings for each process )
-   The "init" variable can't be left "global" because the error has is a ptr
-   that is malloc'ed.  The malloc'ed error has is dependant on the "init"
-   vars.
-
-   files:
-      pem_err.c
-      cpt_err.c
-      pk12err.c
-      asn1_err.c
-      bio_err.c
-      bn_err.c
-      buf_err.c
-      comp_err.c
-      conf_err.c
-      cpt_err.c
-      dh_err.c
-      dsa_err.c
-      dso_err.c
-      evp_err.c
-      obj_err.c
-      pkcs7err.c
-      rand_err.c
-      rsa_err.c
-      rsar_err.c
-      ssl_err.c
-      x509_err.c
-      v3err.c
-		err.c
-
-These file have similar "init" globals but they are for other stuff not
-error strings:
-
-		bn_lib.c
-		ecc_enc.c
-		s23_clnt.c
-		s23_meth.c
-		s23_srvr.c
-		s2_clnt.c
-		s2_lib.c
-		s2_meth.c
-		s2_srvr.c
-		s3_clnt.c
-		s3_lib.c
-		s3_srvr.c
-		t1_clnt.c
-		t1_meth.c
-		t1_srvr.c
-
-rand_lib.c
-===========================================
-static RAND_METHOD *rand_meth= &rand_ssleay_meth;
-
-md_rand.c
-===========================================
-static int state_num=0,state_index=0;
-static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
-static unsigned char md[MD_DIGEST_LENGTH];
-static long md_count[2]={0,0};
-static double entropy=0;
-static int initialized=0;
-
-/* This should be set to 1 only when ssleay_rand_add() is called inside
-   an already locked state, so it doesn't try to lock and thereby cause
-   a hang.  And it should always be reset back to 0 before unlocking. */
-static int add_do_not_lock=0;
-
-obj_dat.c
-============================================
-static int new_nid=NUM_NID;
-static LHASH *added=NULL;
-
-b_sock.c
-===========================================
-static unsigned long BIO_ghbn_hits=0L;
-static unsigned long BIO_ghbn_miss=0L;
-static struct ghbn_cache_st
-   {
-   char name[129];
-   struct hostent *ent;
-   unsigned long order;
-   } ghbn_cache[GHBN_NUM];
-
-static int wsa_init_done=0;
-
-
-bio_lib.c
-===========================================
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL;
-static int bio_meth_num=0;
-
-
-bn_lib.c
-========================================
-static int bn_limit_bits=0;
-static int bn_limit_num=8;        /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low=0;
-static int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high=0;
-static int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont=0;
-static int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
-
-conf_lib.c
-========================================
-static CONF_METHOD *default_CONF_method=NULL;
-
-dh_lib.c
-========================================
-static DH_METHOD *default_DH_method;
-static int dh_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
-
-dsa_lib.c
-========================================
-static DSA_METHOD *default_DSA_method;
-static int dsa_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
-
-dso_lib.c
-========================================
-static DSO_METHOD *default_DSO_meth = NULL;
-
-rsa_lib.c
-========================================
-static RSA_METHOD *default_RSA_meth=NULL;
-static int rsa_meth_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
-
-x509_trs.c
-=======================================
-static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
-static STACK_OF(X509_TRUST) *trtable = NULL;
-
-x509_req.c
-=======================================
-static int *ext_nids = ext_nid_list;
-
-o_names.c
-======================================
-static LHASH *names_lh=NULL;
-static STACK_OF(NAME_FUNCS) *name_funcs_stack;
-static int free_type;
-static int names_type_num=OBJ_NAME_TYPE_NUM;
-
-
-th-lock.c - NEED to add support for locking for NetWare
-==============================================
-static long *lock_count;
-(other platform specific globals)
-
-x_x509.c
-==============================================
-static int x509_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
-
-
-evp_pbe.c
-============================================
-static STACK *pbe_algs;
-
-evp_key.c
-============================================
-static char prompt_string[80];
-
-ssl_ciph.c
-============================================
-static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
-
-ssl_lib.c
-=============================================
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
-static int ssl_meth_num=0;
-static int ssl_ctx_meth_num=0;
-
-ssl_sess.c
-=============================================
-static int ssl_session_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
-
-x509_vfy.c
-============================================
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
-static int x509_store_ctx_num=0;
-

Netware/readme.txt

@@ -1,19 +0,0 @@
-
-Contents of the openssl\netware directory
-==========================================
-
-Regular files:
-
-readme.txt     - this file
-do_tests.pl    - perl script used to run the OpenSSL tests on NetWare
-cpy_tests.bat  - batch to to copy test stuff to NetWare server
-build.bat      - batch file to help with builds
-set_env.bat    - batch file to help setup build environments
-globals.txt    - results of initial code review to identify OpenSSL global variables
-
-
-The following files are generated by the various scripts.  They are
-recreated each time and it is okay to delete them.
-
-*.def - command files used by Metrowerks linker
-*.mak - make files generated by mk1mf.pl

Netware/set_env.bat

@@ -1,112 +0,0 @@
-@echo off
-
-rem ========================================================================
-rem   Batch file to assist in setting up the necessary enviroment for
-rem   building OpenSSL for NetWare.
-rem
-rem   usage:
-rem      set_env [target]
-rem
-rem      target      - "netware-clib" - Clib build
-rem                  - "netware-libc" - LibC build
-rem
-rem
-
-if "a%1" == "a" goto usage
-               
-set LIBC_BUILD=
-set CLIB_BUILD=
-set GNUC=
-
-if "%1" == "netware-clib" set CLIB_BUILD=Y
-if "%1" == "netware-clib" set LIBC_BUILD=
-
-if "%1" == "netware-libc" set LIBC_BUILD=Y
-if "%1" == "netware-libc" set CLIB_BUILD=
-
-if "%2" == "gnuc" set GNUC=Y
-if "%2" == "codewarrior" set GNUC=
-
-rem   Location of tools (compiler, linker, etc)
-if "%NDKBASE%" == "" set NDKBASE=c:\Novell
-
-rem   If Perl for Win32 is not already in your path, add it here
-set PERL_PATH=
-
-rem   Define path to the Metrowerks command line tools
-rem   or GNU Crosscompiler gcc / nlmconv
-rem   ( compiler, assembler, linker)
-if "%GNUC%" == "Y" set COMPILER_PATH=c:\usr\i586-netware\bin;c:\usr\bin
-if "%GNUC%" == "" set COMPILER_PATH=c:\prg\cwcmdl40
-
-rem   If using gnu make define path to utility
-rem set GNU_MAKE_PATH=%NDKBASE%\gnu
-set GNU_MAKE_PATH=c:\prg\tools
-
-rem   If using ms nmake define path to nmake
-rem set MS_NMAKE_PATH=%NDKBASE%\msvc\600\bin
-
-rem   If using NASM assembler define path
-rem set NASM_PATH=%NDKBASE%\nasm
-set NASM_PATH=c:\prg\tools
-
-rem   Update path to include tool paths
-set path=%path%;%COMPILER_PATH%
-if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
-if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
-if not "%NASM_PATH%"     == "" set path=%path%;%NASM_PATH%
-if not "%PERL_PATH%"     == "" set path=%path%;%PERL_PATH%
-
-rem   Set INCLUDES to location of Novell NDK includes
-if "%LIBC_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\libc\include;%NDKBASE%\ndk\libc\include\winsock
-if "%CLIB_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\nwsdk\include\nlm;%NDKBASE%\ws295sdk\include
-
-rem   Set Imports to location of Novell NDK import files
-if "%LIBC_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\libc\imports
-if "%CLIB_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\nwsdk\imports
-
-rem   Set PRELUDE to the absolute path of the prelude object to link with in
-rem   the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is 
-rem   recommended, for LibC NKS builds libcpre.o must be used
-if "%GNUC%" == "Y" goto gnuc
-if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o
-rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
-if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.o
-echo using MetroWerks CodeWarrior 
-goto info
-
-:gnuc
-if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.gcc.o
-rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.gcc.o
-if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.gcc.o
-echo using GNU GCC Compiler 
-
-:info
-echo.
-
-if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
-if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..." 
-
-if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
-if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..." 
-
-goto end
-
-:usage
-rem ===============================================================
-echo.
-echo No target build specified!
-echo.
-echo usage: set_env [target] [compiler]
-echo.
-echo target      - "netware-clib" - Clib build
-echo             - "netware-libc" - LibC build
-echo.
-echo compiler    - "gnuc"         - GNU GCC Compiler
-echo             - "codewarrior"  - MetroWerks CodeWarrior (default)
-echo.
-
-:end
-echo.
-
-

PATENTS

@@ -0,0 +1,13 @@
+RSA Data Security holds software patents on the RSA and RC5 algorithms.
+If there ciphers are used used inside the USA (and Japan?), you must contact
+RSA Data Security for licencing conditions.  Their web page is
+http://www.rsa.com
+
+RC4 is a trademark of RSA Data Security, so use of this label should perhaps
+only me used with RSA Data Security's permission. 
+
+The IDEA algorithm is patented by Ascom in Austria, France, Germany,
+Italy, Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.
+They should be contacted if that algorithm is to be used, their web page is
+http://www.ascom.ch
+

PROBLEMS

@@ -1,213 +1,50 @@
-* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
+If you have any problems with SSLeay then please take the following 
+steps:
+
+    Remove the ASM version of the BN routines (edit Configure)
+    Remove the compiler optimisation flags
+    Add in the compiler debug flags (-g)
+
+Note: if using gcc then remove -fomit-frame-pointer before you try
+      to debug things.
+
+If you wish to report a bug then please include the following information
+in any bug report:
+
+    SSLeay Details
+	- Version, most of these details can be got from the
+	  'ssleay version -a' command.
+    Operating System Details
+	- OS Name
+	- OS Version
+	- Hardware platform
+    Compiler Details
+	- Name
+	- Version
+    Application Details 
+	- Name 
+	- Version 
+    Problem Description
+	- include steps that will reproduce the problem (if known)
+    Stack Traceback (if the application dumps core)
+
+For example:
+
+    SSLeay-0.5.1a
+    SunOS 5.3, SPARC, SunC 3.0
+    SSLtelnet-0.7
+
+    Core dumps when using telnet with SSL support in bn_mul() with 
+    the following stack trackback 
+	...
 
 
-    NOTE: The problem described here only applies when OpenSSL isn't built
-    with shared library support (i.e. without the "shared" configuration
-    option).  If you build with shared library support, you will have no
-    problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
+Report the bug to either
+    ssleay@mincom.oz.au (Eric and Tim)
+or
+    ssl-bugs@mincom.oz.au (mailing list of active developers)
 
 
-This is really a misfeature in ld, which seems to look for .dylib libraries
-along the whole library path before it bothers looking for .a libraries.  This
-means that -L switches won't matter unless OpenSSL is built with shared
-library support.
+Tim Hudson
+tjh@mincom.oz.au
 
-The workaround may be to change the following lines in apps/Makefile and
-test/Makefile:
-
-  LIBCRYPTO=-L.. -lcrypto
-  LIBSSL=-L.. -lssl
-
-to:
-
-  LIBCRYPTO=../libcrypto.a
-  LIBSSL=../libssl.a
-
-It's possible that something similar is needed for shared library support
-as well.  That hasn't been well tested yet.
-
-
-Another solution that many seem to recommend is to move the libraries
-/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
-directory, build and install OpenSSL and anything that depends on your
-build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
-original places.  Note that the version numbers on those two libraries
-may differ on your machine.
-
-
-As long as Apple doesn't fix the problem with ld, this problem building
-OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
-passing -Wl,-search_paths_first, but it's unknown if the flag was
-supported from the initial MacOS X release.
-
-
-* Parallell make leads to errors
-
-While running tests, running a parallell make is a bad idea.  Many test
-scripts use the same name for output and input files, which means different
-will interfere with each other and lead to test failure.
-
-The solution is simple for now: don't run parallel make when testing.
-
-
-* Bugs in gcc triggered
-
-- According to a problem report, there are bugs in gcc 3.0 that are
-  triggered by some of the code in OpenSSL, more specifically in
-  PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
-
-	header+=11;
-	if (*header != '4') return(0); header++;
-	if (*header != ',') return(0); header++;
-
-  What happens is that gcc might optimize a little too agressively, and
-  you end up with an extra incrementation when *header != '4'.
-
-  We recommend that you upgrade gcc to as high a 3.x version as you can.
-
-- According to multiple problem reports, some of our message digest
-  implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
-  and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
-  latter - SHA one.
-
-  The recomendation is to upgrade your compiler. This naturally applies to
-  other similar cases.
-
-- There is a subtle Solaris x86-specific gcc run-time environment bug, which
-  "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
-  manifests itself as Segmentation Fault upon early application start-up.
-  The problem can be worked around by patching the environment according to
-  http://www.openssl.org/~appro/values.c.
-
-* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
-
-As subject suggests SHA-1 might perform poorly (4 times slower)
-if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
-this seems to be the fact that compiler emits multiplication to
-perform shift operations:-( To work the problem around configure
-with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
-
-* Problems with hp-parisc2-cc target when used with "no-asm" flag
-
-When using the hp-parisc2-cc target, wrong bignum code is generated.
-This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
-aggressive optimization.
-The problem manifests itself by the BN_kronecker test hanging in an
-endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
-which itself hangs. The reason could be tracked down to the bn_mul_comba8()
-function in bn_asm.c. At some occasions the higher 32bit value of r[7]
-is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
-as no debugger support possible at +O3 and additional fprintf()'s
-introduced fixed the bug, therefore it is most likely a bug in the
-optimizer.
-The bug was found in the BN_kronecker test but may also lead to
-failures in other parts of the code.
-(See Ticket #426.)
-
-Workaround: modify the target to +O2 when building with no-asm.
-
-* Problems building shared libraries on SCO OpenServer Release 5.0.6
-  with gcc 2.95.3
-
-The symptoms appear when running the test suite, more specifically
-test/ectest, with the following result:
-
-OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
-ectest.c:186: ABORT
-
-The cause of the problem seems to be that isxdigit(), called from
-BN_hex2bn(), returns 0 on a perfectly legitimate hex digit.  Further
-investigation shows that any of the isxxx() macros return 0 on any
-input.  A direct look in the information array that the isxxx() use,
-called __ctype, shows that it contains all zeroes...
-
-Taking a look at the newly created libcrypto.so with nm, one can see
-that the variable __ctype is defined in libcrypto's .bss (which
-explains why it is filled with zeroes):
-
-$ nm -Pg libcrypto.so | grep __ctype
-__ctype B 0011659c
-__ctype2 U         
-
-Curiously, __ctype2 is undefined, in spite of being declared in
-/usr/include/ctype.h in exactly the same way as __ctype.
-
-Any information helping to solve this issue would be deeply
-appreciated.
-
-NOTE: building non-shared doesn't come with this problem.
-
-* ULTRIX build fails with shell errors, such as "bad substitution"
-  and "test: argument expected"
-
-The problem is caused by ULTRIX /bin/sh supporting only original
-Bourne shell syntax/semantics, and the trouble is that the vast
-majority is so accustomed to more modern syntax, that very few
-people [if any] would recognize the ancient syntax even as valid.
-This inevitably results in non-trivial scripts breaking on ULTRIX,
-and OpenSSL isn't an exclusion. Fortunately there is workaround,
-hire /bin/ksh to do the job /bin/sh fails to do.
-
-1. Trick make(1) to use /bin/ksh by setting up following environ-
-   ment variables *prior* you execute ./Configure and make:
-
-	PROG_ENV=POSIX
-	MAKESHELL=/bin/ksh
-	export PROG_ENV MAKESHELL
-
-   or if your shell is csh-compatible:
-
-	setenv PROG_ENV POSIX
-	setenv MAKESHELL /bin/ksh
-
-2. Trick /bin/sh to use alternative expression evaluator. Create
-   following 'test' script for example in /tmp:
-
-	#!/bin/ksh
-	${0##*/} "$@"
-
-   Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
-   your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
-   natively just replace system /bin/test and /bin/[ with the
-   above script.
-
-* hpux64-ia64-cc fails blowfish test.
-
-Compiler bug, presumably at particular patch level. It should be noted
-that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
-target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
-
-* no-engines generates errors.
-
-Unfortunately, the 'no-engines' configuration option currently doesn't
-work properly.  Use 'no-hw' and you'll will at least get no hardware
-support.  We'll see how we fix that on OpenSSL versions past 0.9.8.
-
-* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
-  if elder GNU binutils were deployed to link shared libcrypto.so.
-
-As subject suggests the failure is caused by a bug in elder binutils,
-either as or ld, and was observed on FreeBSD and Linux. There are two
-options. First is naturally to upgrade binutils, the second one - to
-reconfigure with additional no-sse2 [or 386] option passed to ./config.
-
-* If configured with ./config no-dso, toolkit still gets linked with -ldl,
-  which most notably poses a problem when linking with dietlibc.
-
-We don't have framework to associate -ldl with no-dso, therefore the only
-way is to edit Makefile right after ./config no-dso and remove -ldl from
-EX_LIBS line.
-
-* hpux-parisc2-cc no-asm build fails with SEGV in ECDSA/DH.
-
-Compiler bug, presumably at particular patch level. Remaining
-hpux*-parisc*-cc configurations can be affected too. Drop optimization
-level to +O2 when compiling bn_nist.o.
-
-* solaris64-sparcv9-cc link failure
-
-Solaris 8 ar can fail to maintain symbol table in .a, which results in
-link failures. Apply 109147-09 or later or modify Makefile generated
-by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with
-
-	RANLIB= /usr/ccs/bin/ar rs

README

@@ -1,119 +1,173 @@
+		SSLeay 0.9.1a 06-Jul-1998
+		Copyright (c) 1997, Eric Young
+		All rights reserved.
 
- OpenSSL 1.1.0-pre2 (alpha) 14 Jan 2016
+This directory contains Eric Young's (eay@cryptsoft.com) implementation
+of SSL and supporting libraries.
 
- Copyright (c) 1998-2016 The OpenSSL Project
- Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
- All rights reserved.
+The current version of this library is available from
+    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
 
- DESCRIPTION
- -----------
+There are patches to a number of internet applications which can be found in
+    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
 
- The OpenSSL Project is a collaborative effort to develop a robust,
- commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
- well as a full-strength general purpose cryptograpic library. The project is
- managed by a worldwide community of volunteers that use the Internet to
- communicate, plan, and develop the OpenSSL toolkit and its related
- documentation.
+A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com> 
+can be found at 
+    http://www.psy.uq.oz.au/~ftp/Crypto
 
- OpenSSL is descended from the SSLeay library developed by Eric A. Young
- and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license), which means that you are free to
- get and use it for commercial and non-commercial purposes as long as you
- fulfill the conditions of both licenses.
+Additional documentation is being slowly written by Eric Young, and is being
+added to http://www.cryptsoft.com/ssleay/doc.  It will normally also be
+available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
 
- OVERVIEW
- --------
+This Library and programs are FREE for commercial and non-commercial
+usage.  The only restriction is that I must be attributed with the
+development of this code.  See the COPYRIGHT file for more details.
+Donations would still be accepted :-).
 
- The OpenSSL toolkit includes:
+THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
 
- libssl.a:
-     Provides the client and server-side implementations for SSLv3 and TLS.
+The package includes
 
- libcrypto.a:
-     Provides general cryptographic and X.509 support needed by SSL/TLS but
-     not logically part of it.
+libssl.a:
+	My implementation of SSLv2, SSLv3 and the required code to support
+	both SSLv2 and SSLv3 in the one server.
 
- openssl:
-     A command line tool that can be used for:
-        Creation of key parameters
-        Creation of X.509 certificates, CSRs and CRLs
-        Calculation of message digests
-        Encryption and decryption
-        SSL/TLS client and server tests
-        Handling of S/MIME signed or encrypted mail
-        And more...
+libcrypto.a:
+	General encryption and X509 stuff needed by SSL but not
+	actually logically part of it.  It includes routines for the following:
 
- INSTALLATION
- ------------
+  Ciphers
+	libdes - My libdes DES encryption package which has been floating
+		around the net for a few years.  It includes 15
+		'modes/variations' of DES (1, 2 and 3 key versions of ecb,
+		cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
+		including desx in cbc mode,
+		a fast crypt(3), and routines to read passwords from the
+		keyboard.
+	RC4 encryption,
+	RC2 encryption 		- 4 different modes, ecb, cbc, cfb and ofb.
+	Blowfish encryption	- 4 different modes, ecb, cbc, cfb and ofb.
+	IDEA encryption		- 4 different modes, ecb, cbc, cfb and ofb.
 
- See the appropriate file:
-        INSTALL         Linux, Unix, etc.
-        INSTALL.DJGPP   DOS platform with DJGPP
-        INSTALL.NW      Netware
-        INSTALL.OS2     OS/2
-        INSTALL.VMS     VMS
-        INSTALL.W32     Windows (32bit)
-        INSTALL.W64     Windows (64bit)
-        INSTALL.WCE     Windows CE
+  Digests
+	MD5 and MD2 message digest algorithms, fast implementations,
+	SHA (SHA-0) and SHA-1 message digest algorithms,
+	MDC2 message digest.  A DES based hash that is polular on smart cards.
 
- SUPPORT
- -------
+  Public Key
+	RSA encryption/decryption/generation.  There is no limit
+		on the number of bits.
+	DSA encryption/decryption/generation.   There is no limit on the
+		number of bits.
+	Diffie-Hellman key-exchange/key generation.  There is no limit
+		on the number of bits.
 
- See the OpenSSL website www.openssl.org for details on how to obtain
- commercial technical support.
+  X509v3 certificates
+	X509 encoding/decoding into/from binary ASN1 and a PEM
+		based ascii-binary encoding which supports encryption with
+		a private key.
+	Program to generate RSA and DSA certificate requests and to
+		generate RSA and DSA certificates.
 
- If you have any problems with OpenSSL then please take the following steps
- first:
+  Systems
+  	The normal digital envelope routines and base64 encoding.
+	Higher level access to ciphers and digests by name.  New ciphers can be
+		loaded at run time.
+	The BIO io system which is a simple non-blocking IO abstraction.
+		Current methods supported are file descriptors, sockets,
+		socket accept, socket connect, memory buffer, buffering,
+		SSL client/server, file pointer, encryption, digest,
+		non-blocking testing and null.
+  Data structures
+  	A dynamically growing hashing system
+	A simple stack.
+	A Configuration loader that uses a format similar to MS .ini files.
 
-    - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
-      to see if the problem has already been addressed
-    - Remove ASM versions of libraries
-    - Remove compiler optimisation flags
+Programs in this package include
+	enc	- a general encryption program that can encrypt/decrypt using
+		one of 17 different cipher/mode combinations.  The
+		input/output can also be converted to/from base64
+		ascii encoding.
+	dgst	- a generate message digesting program that will generate
+		message digests for any of md2, md5, sha (sha-0 or sha-1)
+		or mdc2.
+	asn1parse - parse and display the structure of an asn1 encoded
+		binary file.
+	rsa	- Manipulate RSA private keys.
+	dsa	- Manipulate DSA private keys.
+	dh	- Manipulate Diffie-Hellman parameter files.
+	dsaparam- Manipulate and generate DSA parameter files.
+	crl	- Manipulate certificate revocation lists.
+	crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
+	x509	- Manipulate x509 certificates, self-sign certificates.
+	req	- Manipulate PKCS#10 certificate requests and also
+		  generate certificate requests.
+	genrsa  - Generates an arbitrary sized RSA private key.
+	gendh	- Generates a set of Diffie-Hellman parameters, the prime
+		  will be a strong prime.
+	ca	- Create certificates from PKCS#10 certificate requests.
+		  This program also maintains a database of certificates
+		  issued.
+	verify	- Check x509 certificate signatures.
+	speed	- Benchmark SSLeay's ciphers.
+	s_server- A test SSL server.
+	s_client- A test SSL client.
+	s_time	- Benchmark SSL performance of SSL server programs.
+	errstr	- Convert from SSLeay hex error codes to a readable form.
+	
+Documents avaliable are
+	A Postscript and html reference manual
+	(written by Tim Hudson tjh@cryptsoft.com).
 
- If you wish to report a bug then please include the following information in
- any bug report:
+	A list of text protocol references I used.
+	An initial version of the library manual.
 
-    - On Unix systems:
-        Self-test report generated by 'make report'
-    - On other systems:
-        OpenSSL version: output of 'openssl version -a'
-        OS Name, Version, Hardware platform
-        Compiler Details (name, version)
-    - Application Details (name, version)
-    - Problem Description (steps that will reproduce the problem, if known)
-    - Stack Traceback (if the application dumps core)
+To install this package, read the INSTALL file.
+For the Microsoft word, read MICROSOFT
+This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
+SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
+LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
 
- Email the report to:
+Multithreading has been tested under Windows NT and Solaris 2.5.1
 
-    rt@openssl.org
+Due to time constraints, the current release has only be rigorously tested
+on Solaris 2.[45], Linux and Windows NT.
 
- In order to avoid spam, this is a moderated mailing list, and it might
- take a day for the ticket to show up.  (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail
- to this address is recorded in the public RT (request tracker) database
- (see https://www.openssl.org/community/index.html#bugs for details) and
- also forwarded the public openssl-dev mailing list.  Confidential mail
- may be sent to openssl-security@openssl.org (PGP key available from the
- key servers).
+For people in the USA, it is possible to compile SSLeay to use RSA
+Inc.'s public key library, RSAref.  From my understanding, it is
+claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
+Read doc/rsaref.doc on how to build with RSAref.
 
- Please do NOT use this for general assistance or support queries.
- Just because something doesn't work the way you expect does not mean it
- is necessarily a bug in OpenSSL.
+Read the documentation in the doc directory.  It is quite rough,
+but it lists the functions, you will probably have to look at
+the code to work out how to used them.  I will be working on
+documentation.  Look at the example programs.
 
- You can also make GitHub pull requests. If you do this, please also send
- mail to rt@openssl.org with a link to the PR so that we can more easily
- keep track of it.
+There should be a SSL reference manual which is being put together by
+Tim Hudson (tjh@cryptsoft.com) in the same location as this
+distribution.  This contains a lot more information that is very
+useful.  For a description of X509 Certificates, their use, and
+certification, read rfc1421, rfc1422, rfc1423 and rfc1424.  ssl/README
+also goes over the mechanism.
 
- HOW TO CONTRIBUTE TO OpenSSL
- ----------------------------
+We have setup some mailing lists for use by people that are interested
+in helping develop this code and/or ask questions.
+    ssl-bugs@mincom.oz.au
+    ssl-users@mincom.oz.au
+    ssl-bugs-request@mincom.oz.au
+    ssl-users-request@mincom.oz.au
 
- See CONTRIBUTING
+I have recently read about a new form of software, that which is in
+a permanent state of beta release.  Linux and Netscape are 2 good 
+examples of this, and I would also add SSLeay to this category.
+The Current stable release is 0.6.6.  It has a few minor problems.
+0.8.0 is not call compatable so make sure you have the correct version
+of SSLeay to link with.  
 
- LEGALITIES
- ----------
+eric (Jun 1997)
+
+Eric Young (eay@cryptsoft.com)
+86 Taunton St.
+Annerley 4103.
+Australia.
 
- A number of nations, in particular the U.S., restrict the use or export
- of cryptography. If you are potentially subject to such restrictions
- you should seek competent professional legal advice before attempting to
- develop or distribute cryptographic code.

README.066

@@ -0,0 +1,27 @@
+
+SSLeay 0.6.6 13-Jan-1997
+
+The main additions are
+
+- assember for x86 DES improvments.
+  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
+  loop and the IP/FP modifications are from
+  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
+  contribution.
+- The 'DES macros' introduced in 0.6.5 now have 3 types.
+  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
+  is best and there is a summery of mine in crypto/des/options.txt
+- A few bug fixes.
+- Added blowfish.  It is not used by SSL but all the other stuff that
+  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
+  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
+  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
+  the 'Configure' script.
+- There is now a 'get client certificate' callback which can be
+  'non-blocking'.  If more details are required, let me know.  It will
+  documented more in SSLv3 when I finish it.
+- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
+  now tests the ca program.
+- Lots of little things modified and tweaked.
+
+eric

README.080

@@ -0,0 +1,147 @@
+This version of SSLeay has quite a lot of things different from the
+previous version.
+
+Basically check all callback parameters, I will be producing documentation
+about how to use things in th future.  Currently I'm just getting 080 out
+the door.  Please not that there are several ways to do everything, and
+most of the applications in the apps directory are hybrids, some using old
+methods and some using new methods.
+
+Have a look in demos/bio for some very simple programs and
+apps/s_client.c and apps/s_server.c for some more advanced versions.
+Notes are definitly needed but they are a week or so away.
+
+Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
+---
+Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
+get those people that want to move to using the new code base off to
+a quick start.
+
+Note that Eric has tidied up a lot of the areas of the API that were
+less than desirable and renamed quite a few things (as he had to break
+the API in lots of places anyrate). There are a whole pile of additional
+functions for making dealing with (and creating) certificates a lot
+cleaner.
+
+01-Jul-97
+Tim Hudson
+tjh@cryptsoft.com
+
+---8<---
+
+To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
+use something like the following (assuming you #include "crypto.h" which
+is something that you really should be doing).
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+#define SSLEAY8
+#endif
+
+buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
+            too if you are working with BIO internal stuff (as distinct
+	    from simply using the interface in an opaque manner)
+
+#include "bio.h"	- required along with "buffer.h" if you write
+			  your own BIO routines as the buffer and bio
+			  stuff that was intermixed has been separated
+			  out 
+			
+envelope.h -> evp.h  (which should have been done ages ago)
+
+Initialisation ... don't forget these or you end up with code that
+is missing the bits required to do useful things (like ciphers):
+
+SSLeay_add_ssl_algorithms()
+(probably also want SSL_load_error_strings() too but you should have
+ already had that call in place)
+
+SSL_CTX_new()	- requires an extra method parameter
+		      SSL_CTX_new(SSLv23_method()) 
+		      SSL_CTX_new(SSLv2_method()) 
+		      SSL_CTX_new(SSLv3_method()) 
+
+		  OR to only have the server or the client code
+		      SSL_CTX_new(SSLv23_server_method()) 
+		      SSL_CTX_new(SSLv2_server_method()) 
+		      SSL_CTX_new(SSLv3_server_method()) 
+		  or  
+		      SSL_CTX_new(SSLv23_client_method()) 
+		      SSL_CTX_new(SSLv2_client_method()) 
+		      SSL_CTX_new(SSLv3_client_method()) 
+
+SSL_set_default_verify_paths() ... renamed to the more appropriate
+SSL_CTX_set_default_verify_paths()
+
+If you want to use client certificates then you have to add in a bit
+of extra stuff in that a SSLv3 server sends a list of those CAs that
+it will accept certificates from ... so you have to provide a list to
+SSLeay otherwise certain browsers will not send client certs.
+
+SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+
+X509_NAME_oneline(X)	-> X509_NAME_oneline(X,NULL,0)	
+			   or provide a buffer and size to copy the
+			   result into
+
+X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
+		  notes on X509_NAME structure changes too)
+
+
+VERIFICATION CODE
+=================
+
+The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
+more accurately reflect things.
+
+The verification callback args are now packaged differently so that
+extra fields for verification can be added easily in future without
+having to break things by adding extra parameters each release :-)
+
+X509_cert_verify_error_string -> X509_verify_cert_error_string
+
+
+BIO INTERNALS
+=============
+
+Eric has fixed things so that extra flags can be introduced in
+the BIO layer in future without having to play with all the BIO
+modules by adding in some macros.
+
+The ugly stuff using 
+	b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
+becomes
+	BIO_clear_retry_flags(b)
+
+	b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
+becomes
+	BIO_set_retry_read(b)
+
+Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
+
+
+
+OTHER THINGS
+============
+
+X509_NAME has been altered so that it isn't just a STACK ... the STACK
+is now in the "entries" field ... and there are a pile of nice functions
+for getting at the details in a much cleaner manner.
+
+SSL_CTX has been altered ... "cert" is no longer a direct member of this
+structure ... things are now down under "cert_store" (see x509_vfy.h) and
+things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
+If your code "knows" about this level of detail then it will need some 
+surgery.
+
+If you depending on the incorrect spelling of a number of the error codes
+then you will have to change your code as these have been fixed.
+
+ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
+has been all along so this makes things clearer.
+ify_cert_error_string(ctx->error));
+
+SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
+			and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
+
+

README.090

@@ -0,0 +1,8 @@
+10-Apr-1998
+I said the next version would go out at easter, and so it shall.
+I expect a 0.9.1 will follow with portability fixes in the next few weeks.
+
+This is a quick, meet the deadline.  Look to ssl-users for comments on what
+is new etc.
+
+eric (about to go bushwalking for the 4 day easter break :-)

README.ECC

@@ -1,61 +0,0 @@
-NOTE: The OpenSSL Software Foundation has executed a sublicense agreement
-entitled "Elliptic Curve Cryptography Patent License Agreement" with the
-National Security Agency/ Central Security Service Commercial Solutions
-Center (NCSC) dated 2010-11-04. That agreement permits implementation and
-distribution of software containing features covered by any or all of the
-following patents:
-
-1.) U.S. Pat. No. 5,761,305 entitled "Key Agreement and Transport Protocol 
-    with Implicit Signatures" issued on June 2, 1998;
-2.) Can. Pat. Appl. Ser. No. 2176972 entitled "Key Agreement and Transport 
-    Protocol with Implicit Signature and Reduced Bandwidth" filed on May 
-    16, 1996;
-3.) U.S. Pat. No. 5,889,865 entitled "Key Agreement and Transport Protocol 
-    with Implicit Signatures" issued on March 30, 1999;
-4.) U.S. Pat. No. 5,896,455 entitled "Key Agreement and Transport Protocol 
-    with Implicit Signatures" issued on April 20, 1999;
-5.) U.S. Pat. No. 5,933,504 entitled "Strengthened Public Key Protocol" 
-    issued on August 3, 1999;
-6.) Can. Pat. Appl. Ser. No. 2176866 entitled "Strengthened Public Key 
-    Protocol" filed on May 17, 1996;
-7.) E.P. Pat. Appl. Ser. No. 96201322.3 entitled "Strengthened Public Key 
-    Protocol" filed on May 17, 1996;
-8.) U.S. Pat. No. 5,999,626 entitled "Digital Signatures on a Smartcard" 
-    issued on December 7, 1999;
-9.) Can. Pat. Appl. Ser. No. 2202566 entitled "Digital Signatures on a 
-    Smartcard" filed on April 14, 1997;
-10.) E.P. Pat. Appl. No. 97106114.8 entitled "Digital Signatures on a 
-     Smartcard" filed on April 15, 1997;
-11.) U.S Pat. No. 6,122,736 entitled "Key Agreement and Transport Protocol 
-     with Implicit Signatures" issued on September 19, 2000;
-12.) Can. Pat. Appl. Ser. No. 2174261 entitled "Key Agreement and Transport 
-     Protocol with Implicit Signatures" filed on April 16, 1996;
-13.) E.P. Pat. Appl. Ser. No. 96105920.1 entitled "Key Agreement and 
-     Transport Protocol with Implicit Signatures" filed on April 16, 1996;
-14.) U.S. Pat. No. 6,141,420 entitled "Elliptic Curve Encryption Systems" 
-     issued on October 31, 2000;
-15.) Can. Pat. Appl. Ser. No. 2155038 entitled "Elliptic Curve Encryption 
-     Systems" filed on July 31, 1995;
-16.) E.P. Pat. Appl. Ser. No. 95926348.4 entitled "Elliptic Curve Encryption 
-     Systems" filed on July 31, 1995;
-17.) U.S. Pat. No. 6,336,188 entitled "Authenticated Key Agreement" issued 
-     on January 1, 2002;
-18.) U.S. Pat. No. 6,487,661 entitled "Key Agreement and Transport Protocol" 
-     issued on November 26, 2002;
-19.) Can. Pat. Appl. Ser. No. 2174260 entitled "Key Agreement and Transport 
-     Protocol" filed on April 16, 1996;
-20.) E.P. Pat. Appl. Ser. No. 96105921.9 entitled "Key Agreement and 
-     Transport Protocol" filed on April 21, 1996;
-21.) U.S. Pat. No. 6,563,928 entitled "Strengthened Public Key Protocol" 
-     issued on May 13, 2003;
-22.) U.S. Pat. No. 6,618,483 entitled "Elliptic Curve Encryption Systems" 
-     issued September 9, 2003;
-23.) U.S. Pat. Appl. Ser. No. 09/434,247 entitled "Digital Signatures on a 
-     Smartcard" filed on November 5, 1999;
-24.) U.S. Pat. Appl. Ser. No. 09/558,256 entitled "Key Agreement and 
-     Transport Protocol with Implicit Signatures" filed on April 25, 2000;
-25.) U.S. Pat. Appl. Ser. No. 09/942,492 entitled "Digital Signatures on a 
-     Smartcard" filed on August 29, 2001 and published on July 18, 2002; and,
-26.) U.S. Pat. Appl. Ser. No. 10/185,735 entitled "Strengthened Public Key 
-     Protocol" filed on July 1, 2000.
-

README.ENGINE

@@ -1,289 +0,0 @@
-  ENGINE
-  ======
-
-  With OpenSSL 0.9.6, a new component was added to support alternative
-  cryptography implementations, most commonly for interfacing with external
-  crypto devices (eg. accelerator cards). This component is called ENGINE,
-  and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
-  caused a little confusion as 0.9.6** releases were rolled in two
-  versions, a "standard" and an "engine" version. In development for 0.9.7,
-  the ENGINE code has been merged into the main branch and will be present
-  in the standard releases from 0.9.7 forwards.
-
-  There are currently built-in ENGINE implementations for the following
-  crypto devices:
-
-      o CryptoSwift
-      o Compaq Atalla
-      o nCipher CHIL
-      o Nuron
-      o Broadcom uBSec
-
-  In addition, dynamic binding to external ENGINE implementations is now
-  provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
-  section below for details.
-
-  At this stage, a number of things are still needed and are being worked on:
-
-      1 Integration of EVP support.
-      2 Configuration support.
-      3 Documentation!
-
-1 With respect to EVP, this relates to support for ciphers and digests in
-  the ENGINE model so that alternative implementations of existing
-  algorithms/modes (or previously unimplemented ones) can be provided by
-  ENGINE implementations.
-
-2 Configuration support currently exists in the ENGINE API itself, in the
-  form of "control commands". These allow an application to expose to the
-  user/admin the set of commands and parameter types a given ENGINE
-  implementation supports, and for an application to directly feed string
-  based input to those ENGINEs, in the form of name-value pairs. This is an
-  extensible way for ENGINEs to define their own "configuration" mechanisms
-  that are specific to a given ENGINE (eg. for a particular hardware
-  device) but that should be consistent across *all* OpenSSL-based
-  applications when they use that ENGINE. Work is in progress (or at least
-  in planning) for supporting these control commands from the CONF (or
-  NCONF) code so that applications using OpenSSL's existing configuration
-  file format can have ENGINE settings specified in much the same way.
-  Presently however, applications must use the ENGINE API itself to provide
-  such functionality. To see first hand the types of commands available
-  with the various compiled-in ENGINEs (see further down for dynamic
-  ENGINEs), use the "engine" openssl utility with full verbosity, ie;
-       openssl engine -vvvv
-
-3 Documentation? Volunteers welcome! The source code is reasonably well
-  self-documenting, but some summaries and usage instructions are needed -
-  moreover, they are needed in the same POD format the existing OpenSSL
-  documentation is provided in. Any complete or incomplete contributions
-  would help make this happen.
-
-  STABILITY & BUG-REPORTS
-  =======================
-
-  What already exists is fairly stable as far as it has been tested, but
-  the test base has been a bit small most of the time. For the most part,
-  the vendors of the devices these ENGINEs support have contributed to the
-  development and/or testing of the implementations, and *usually* (with no
-  guarantees) have experience in using the ENGINE support to drive their
-  devices from common OpenSSL-based applications. Bugs and/or inexplicable
-  behaviour in using a specific ENGINE implementation should be sent to the
-  author of that implementation (if it is mentioned in the corresponding C
-  file), and in the case of implementations for commercial hardware
-  devices, also through whatever vendor support channels are available.  If
-  none of this is possible, or the problem seems to be something about the
-  ENGINE API itself (ie. not necessarily specific to a particular ENGINE
-  implementation) then you should mail complete details to the relevant
-  OpenSSL mailing list. For a definition of "complete details", refer to
-  the OpenSSL "README" file. As for which list to send it to;
-
-     openssl-users: if you are *using* the ENGINE abstraction, either in an
-          pre-compiled application or in your own application code.
-
-     openssl-dev: if you are discussing problems with OpenSSL source code.
-
-  USAGE
-  =====
-
-  The default "openssl" ENGINE is always chosen when performing crypto
-  operations unless you specify otherwise. You must actively tell the
-  openssl utility commands to use anything else through a new command line
-  switch called "-engine". Also, if you want to use the ENGINE support in
-  your own code to do something similar, you must likewise explicitly
-  select the ENGINE implementation you want.
-
-  Depending on the type of hardware, system, and configuration, "settings"
-  may need to be applied to an ENGINE for it to function as expected/hoped.
-  The recommended way of doing this is for the application to support
-  ENGINE "control commands" so that each ENGINE implementation can provide
-  whatever configuration primitives it might require and the application
-  can allow the user/admin (and thus the hardware vendor's support desk
-  also) to provide any such input directly to the ENGINE implementation.
-  This way, applications do not need to know anything specific to any
-  device, they only need to provide the means to carry such user/admin
-  input through to the ENGINE in question. Ie. this connects *you* (and
-  your helpdesk) to the specific ENGINE implementation (and device), and
-  allows application authors to not get buried in hassle supporting
-  arbitrary devices they know (and care) nothing about.
-
-  A new "openssl" utility, "openssl engine", has been added in that allows
-  for testing and examination of ENGINE implementations. Basic usage
-  instructions are available by specifying the "-?" command line switch.
-
-  DYNAMIC ENGINES
-  ===============
-
-  The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
-  implementations that aren't pre-compiled and linked into OpenSSL-based
-  applications. This could be because existing compiled-in implementations
-  have known problems and you wish to use a newer version with an existing
-  application. It could equally be because the application (or OpenSSL
-  library) you are using simply doesn't have support for the ENGINE you
-  wish to use, and the ENGINE provider (eg. hardware vendor) is providing
-  you with a self-contained implementation in the form of a shared-library.
-  The other use-case for "dynamic" is with applications that wish to
-  maintain the smallest foot-print possible and so do not link in various
-  ENGINE implementations from OpenSSL, but instead leaves you to provide
-  them, if you want them, in the form of "dynamic"-loadable
-  shared-libraries. It should be possible for hardware vendors to provide
-  their own shared-libraries to support arbitrary hardware to work with
-  applications based on OpenSSL 0.9.7 or later. If you're using an
-  application based on 0.9.7 (or later) and the support you desire is only
-  announced for versions later than the one you need, ask the vendor to
-  backport their ENGINE to the version you need.
-
-  How does "dynamic" work?
-  ------------------------
-    The dynamic ENGINE has a special flag in its implementation such that
-    every time application code asks for the 'dynamic' ENGINE, it in fact
-    gets its own copy of it. As such, multi-threaded code (or code that
-    multiplexes multiple uses of 'dynamic' in a single application in any
-    way at all) does not get confused by 'dynamic' being used to do many
-    independent things. Other ENGINEs typically don't do this so there is
-    only ever 1 ENGINE structure of its type (and reference counts are used
-    to keep order). The dynamic ENGINE itself provides absolutely no
-    cryptographic functionality, and any attempt to "initialise" the ENGINE
-    automatically fails. All it does provide are a few "control commands"
-    that can be used to control how it will load an external ENGINE
-    implementation from a shared-library. To see these control commands,
-    use the command-line;
-
-       openssl engine -vvvv dynamic
-
-    The "SO_PATH" control command should be used to identify the
-    shared-library that contains the ENGINE implementation, and "NO_VCHECK"
-    might possibly be useful if there is a minor version conflict and you
-    (or a vendor helpdesk) is convinced you can safely ignore it.
-    "ID" is probably only needed if a shared-library implements
-    multiple ENGINEs, but if you know the engine id you expect to be using,
-    it doesn't hurt to specify it (and this provides a sanity check if
-    nothing else). "LIST_ADD" is only required if you actually wish the
-    loaded ENGINE to be discoverable by application code later on using the
-    ENGINE's "id". For most applications, this isn't necessary - but some
-    application authors may have nifty reasons for using it. The "LOAD"
-    command is the only one that takes no parameters and is the command
-    that uses the settings from any previous commands to actually *load*
-    the shared-library ENGINE implementation. If this command succeeds, the
-    (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
-    that has been loaded from the shared-library. As such, any control
-    commands supported by the loaded ENGINE could then be executed as per
-    normal. Eg. if ENGINE "foo" is implemented in the shared-library
-    "libfoo.so" and it supports some special control command "CMD_FOO", the
-    following code would load and use it (NB: obviously this code has no
-    error checking);
-
-       ENGINE *e = ENGINE_by_id("dynamic");
-       ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
-       ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
-       ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
-       ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
-
-    For testing, the "openssl engine" utility can be useful for this sort
-    of thing. For example the above code excerpt would achieve much the
-    same result as;
-
-       openssl engine dynamic \
-                 -pre SO_PATH:/lib/libfoo.so \
-                 -pre ID:foo \
-                 -pre LOAD \
-                 -pre "CMD_FOO:some input data"
-
-    Or to simply see the list of commands supported by the "foo" ENGINE;
-
-       openssl engine -vvvv dynamic \
-                 -pre SO_PATH:/lib/libfoo.so \
-                 -pre ID:foo \
-                 -pre LOAD
-
-    Applications that support the ENGINE API and more specifically, the
-    "control commands" mechanism, will provide some way for you to pass
-    such commands through to ENGINEs. As such, you would select "dynamic"
-    as the ENGINE to use, and the parameters/commands you pass would
-    control the *actual* ENGINE used. Each command is actually a name-value
-    pair and the value can sometimes be omitted (eg. the "LOAD" command).
-    Whilst the syntax demonstrated in "openssl engine" uses a colon to
-    separate the command name from the value, applications may provide
-    their own syntax for making that separation (eg. a win32 registry
-    key-value pair may be used by some applications). The reason for the
-    "-pre" syntax in the "openssl engine" utility is that some commands
-    might be issued to an ENGINE *after* it has been initialised for use.
-    Eg. if an ENGINE implementation requires a smart-card to be inserted
-    during initialisation (or a PIN to be typed, or whatever), there may be
-    a control command you can issue afterwards to "forget" the smart-card
-    so that additional initialisation is no longer possible. In
-    applications such as web-servers, where potentially volatile code may
-    run on the same host system, this may provide some arguable security
-    value. In such a case, the command would be passed to the ENGINE after
-    it has been initialised for use, and so the "-post" switch would be
-    used instead. Applications may provide a different syntax for
-    supporting this distinction, and some may simply not provide it at all
-    ("-pre" is almost always what you're after, in reality).
-
-  How do I build a "dynamic" ENGINE?
-  ----------------------------------
-    This question is trickier - currently OpenSSL bundles various ENGINE
-    implementations that are statically built in, and any application that
-    calls the "ENGINE_load_builtin_engines()" function will automatically
-    have all such ENGINEs available (and occupying memory). Applications
-    that don't call that function have no ENGINEs available like that and
-    would have to use "dynamic" to load any such ENGINE - but on the other
-    hand such applications would only have the memory footprint of any
-    ENGINEs explicitly loaded using user/admin provided control commands.
-    The main advantage of not statically linking ENGINEs and only using
-    "dynamic" for hardware support is that any installation using no
-    "external" ENGINE suffers no unnecessary memory footprint from unused
-    ENGINEs. Likewise, installations that do require an ENGINE incur the
-    overheads from only *that* ENGINE once it has been loaded.
-
-    Sounds good? Maybe, but currently building an ENGINE implementation as
-    a shared-library that can be loaded by "dynamic" isn't automated in
-    OpenSSL's build process. It can be done manually quite easily however.
-    Such a shared-library can either be built with any OpenSSL code it
-    needs statically linked in, or it can link dynamically against OpenSSL
-    if OpenSSL itself is built as a shared library. The instructions are
-    the same in each case, but in the former (statically linked any
-    dependencies on OpenSSL) you must ensure OpenSSL is built with
-    position-independent code ("PIC"). The default OpenSSL compilation may
-    already specify the relevant flags to do this, but you should consult
-    with your compiler documentation if you are in any doubt.
-
-    This example will show building the "atalla" ENGINE in the
-    crypto/engine/ directory as a shared-library for use via the "dynamic"
-    ENGINE.
-    1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
-       source tree.
-    2) Recompile at least one source file so you can see all the compiler
-       flags (and syntax) being used to build normally. Eg;
-           touch hw_atalla.c ; make
-       will rebuild "hw_atalla.o" using all such flags.
-    3) Manually enter the same compilation line to compile the
-       "hw_atalla.c" file but with the following two changes;
-         (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
-	 (b) change the output file from "hw_atalla.o" to something new,
-             eg. "tmp_atalla.o"
-    4) Link "tmp_atalla.o" into a shared-library using the top-level
-       OpenSSL libraries to resolve any dependencies. The syntax for doing
-       this depends heavily on your system/compiler and is a nightmare
-       known well to anyone who has worked with shared-library portability
-       before. 'gcc' on Linux, for example, would use the following syntax;
-          gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
-    5) Test your shared library using "openssl engine" as explained in the
-       previous section. Eg. from the top-level directory, you might try;
-          apps/openssl engine -vvvv dynamic \
-              -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
-       If the shared-library loads successfully, you will see both "-pre"
-       commands marked as "SUCCESS" and the list of control commands
-       displayed (because of "-vvvv") will be the control commands for the
-       *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
-       the "-t" switch to the utility if you want it to try and initialise
-       the atalla ENGINE for use to test any possible hardware/driver
-       issues.
-
-  PROBLEMS
-  ========
-
-  It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
-  A quick test done right before the release showed that trying "openssl speed
-  -engine cswift" generated errors. If the DSO gets enabled, an attempt is made
-  to write at memory address 0x00000002.
-

README.FIPS

@@ -1 +0,0 @@
-This release does not support a FIPS 140-2 validated module.

TODO

@@ -0,0 +1,28 @@
+- The loading of the netscape RC4 encrypted key is a crock of pig pellets.
+  It will be reworked along with a nice general mechanism for encrypting
+  ASN.1 stuff. [ Jun 96 ] I've cleaned up private keys internally but
+  still have not done PKCS#8 support.
+
+- Winsock support in s_client/s_server for windows nt/3.1 is a crock.
+  I will probably not get this fixed for a while, it is just there so
+  I could test things.
+
+- Be able to generate DSS certificates.
+
+- Add CRL to the X509 verification stuff, this will probably be added with
+  SSLv3.
+
++ X509 callback.  I need to callback the application to retrieve certificates
+  and CRL.
+
+*<- designates the things I'm activly working on.
++<- designates that which I have next in the queue.
+
+====
+
+X509v3 extensions
+verify certificate chains
+X509 cert lookup methods
+RSA/DSA/DH methods mostly for smart cards
+dsa cert generation
+

VERSION

@@ -0,0 +1,24 @@
+SSLeay 0.8.1
+	- Mostly bug fixes.  There is an Ephemeral DH cipher problem which
+	  is fixed.
+
+SSLeay 0.8.0
+	- New release, for those that are wondering what happend to
+	  0.7.x, call it our internal development version :-)
+	- There have been lots of changes, mostly the addition of SSLv3.
+	- There have been many additions from people and amongst
+	  others, C2Net has assisted greatly.
+
+SSLeay 0.6.6
+	SSLeay 0.8.0 is not upward compatable with SSLeay 0.6.6, so
+	if your application requires 0.6.6, use it.  There have been
+	lots of bug fixes to 0.8.x that have not been applied to 0.6.6
+	so use 0.8.0+ in preference.
+
+PORTING 0.6.6 to 0.8.0
+	I'll be documenting this over the next few weeks but as
+	pressures have been increasing for making SSLv3 support
+	available I'm shipping it without this documentation as I
+	basically have not had time to write it (too busy earning a
+	living :-)
+

VMS/TODO

@@ -1,18 +0,0 @@
-TODO:
-=====
-
-There are a few things that need to be worked out in the VMS version of
-OpenSSL, still:
-
-- Description files. ("Makefile's" :-))
-- Script code to link an already compiled build tree.
-- A VMSINSTALlable version (way in the future, unless someone else hacks).
-- shareable images (DLL for you Windows folks).
-
-There may be other things that I have missed and that may be desirable.
-Please send mail to <openssl-users@openssl.org> or to me directly if you
-have any ideas.
-
---
-Richard Levitte <richard@levitte.org>
-1999-05-24

VMS/VMSify-conf.pl

@@ -1,34 +0,0 @@
-#! /usr/bin/perl
-
-use strict;
-use warnings;
-
-my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
-my @file_vars = ( "database", "certificate", "serial", "crlnumber",
-		  "crl", "private_key", "RANDFILE" );
-while(<STDIN>) {
-    chomp;
-    foreach my $d (@directory_vars) {
-	if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1sys\\\$disk:\[.$2$3";
-	} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1sys\\\$disk:\[.$2$3";
-	}
-	s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
-	while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
-	    $_ = "$1.$3]$4";
-	}
-    }
-    foreach my $f (@file_vars) {
-	s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
-	while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1.$3$4";
-	}
-	if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
-	    $_ = "$1]$3.$4";
-	} elsif  (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1]$3$4";
-	}
-   }
-    print $_,"\n";
-}

VMS/WISHLIST.TXT

@@ -1,4 +0,0 @@
-* Have the building procedure contain a LINK-only possibility.
-  Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
-
-  One way to enable that is also to go over to DESCRIP.MMS files.

VMS/install-vms.com

@@ -1,67 +0,0 @@
-$! install-vms.com -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 23-MAY-1998 19:22
-$!
-$! P1	root of the directory tree
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ on error then goto tidy
-$ on control_c then goto tidy
-$!
-$ if p1 .eqs. ""
-$ then
-$   write sys$output "First argument missing."
-$   write sys$output -
-     "Should be the directory where you want things installed."
-$   exit
-$ endif
-$
-$ if (f$getsyi( "cpu") .lt. 128)
-$ then
-$   arch = "VAX"
-$ else
-$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
-$   if (arch .eqs. "") then arch = "UNK"
-$ endif
-$
-$ root = f$parse( P1, "[]A.;0", , , "SYNTAX_ONLY, NO_CONCEAL")- "A.;0"
-$ root_dev = f$parse( root, , , "device", "syntax_only")
-$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
-   "[000000." - "][" - "[" - "]"
-$ root = root_dev + "[" + root_dir
-$
-$ define /nolog wrk_sslroot 'root'.] /translation_attributes = concealed
-$ define /nolog wrk_sslinclude wrk_sslroot:[include]
-$
-$ if f$parse( "wrk_sslroot:[000000]") .eqs. "" then -
-   create /directory /log wrk_sslroot:[000000]
-$ if f$parse( "wrk_sslinclude:") .eqs. "" then -
-   create /directory /log wrk_sslinclude:
-$ if f$parse( "wrk_sslroot:[vms]") .eqs. "" then -
-   create /directory /log wrk_sslroot:[vms]
-$!
-$ copy /log /protection = world:re openssl_startup.com wrk_sslroot:[vms]
-$ copy /log /protection = world:re openssl_undo.com wrk_sslroot:[vms]
-$ copy /log /protection = world:re openssl_utils.com wrk_sslroot:[vms]
-$!
-$ tidy:
-$!
-$ call deass wrk_sslroot
-$ call deass wrk_sslinclude
-$!
-$ exit
-$!
-$ deass: subroutine
-$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
-$ then
-$   deassign /process 'p1'
-$ endif
-$ endsubroutine
-$!

VMS/multinet_shr.opt

@@ -1 +0,0 @@
-multinet:multinet_socket_library.exe/share

VMS/openssl_startup.com

@@ -1,108 +0,0 @@
-$!
-$! Startup file for OpenSSL 1.x.
-$!
-$! 2011-03-05 SMS.
-$!
-$! This procedure must reside in the OpenSSL installation directory.
-$! It will fail if it is copied to a different location.
-$!
-$! P1  qualifier(s) for DEFINE.  For example, "/SYSTEM" to get the
-$!     logical names defined in the system logical name table.
-$!
-$! P2  "64", to use executables which were built with 64-bit pointers.
-$!
-$! Good (default) and bad status values.
-$!
-$ status =    %x00010001 ! RMS$_NORMAL, normal successful completion.
-$ rms_e_fnf = %x00018292 ! RMS$_FNF, file not found.
-$!
-$! Prepare for problems.
-$!
-$ orig_dev_dir = f$environment( "DEFAULT")
-$ on control_y then goto clean_up
-$ on error then goto clean_up
-$!
-$! Determine hardware architecture.
-$!
-$ if (f$getsyi( "cpu") .lt. 128)
-$ then
-$   arch_name = "VAX"
-$ else
-$   arch_name = f$edit( f$getsyi( "arch_name"), "upcase")
-$   if (arch_name .eqs. "") then arch_name = "UNK"
-$ endif
-$!
-$ if (p2 .eqs. "64")
-$ then
-$   arch_name_exe = arch_name+ "_64"
-$ else
-$   arch_name_exe = arch_name
-$ endif
-$!
-$! Derive the OpenSSL installation device:[directory] from the location
-$! of this command procedure.
-$!
-$ proc = f$environment( "procedure")
-$ proc_dev_dir = f$parse( "A.;", proc, , , "no_conceal") - "A.;"
-$ proc_dev = f$parse( proc_dev_dir, , , "device", "syntax_only")
-$ proc_dir = f$parse( proc_dev_dir, , , "directory", "syntax_only") - -
-   ".][000000"- "[000000."- "]["- "["- "]"
-$ proc_dev_dir = proc_dev+ "["+ proc_dir+ "]"
-$ set default 'proc_dev_dir'
-$ set default [-]
-$ ossl_dev_dir = f$environment( "default")
-$!
-$! Check existence of expected directories (to see if this procedure has
-$! been moved away from its proper place).
-$!
-$ if ((f$search( "certs.dir;1") .eqs. "") .or. -
-   (f$search( "include.dir;1") .eqs. "") .or. -
-   (f$search( "private.dir;1") .eqs. "") .or. -
-   (f$search( "vms.dir;1") .eqs. ""))
-$ then
-$    write sys$output -
-      "   Can't find expected common OpenSSL directories in:"
-$    write sys$output "   ''ossl_dev_dir'"
-$    status = rms_e_fnf
-$    goto clean_up
-$ endif
-$!
-$ if ((f$search( "''arch_name_exe'_exe.dir;1") .eqs. "") .or. -
-   (f$search( "''arch_name'_lib.dir;1") .eqs. ""))
-$ then
-$    write sys$output -
-      "   Can't find expected architecture-specific OpenSSL directories in:"
-$    write sys$output "   ''ossl_dev_dir'"
-$    status = rms_e_fnf
-$    goto clean_up
-$ endif
-$!
-$! All seems well (enough).  Define the OpenSSL logical names.
-$!
-$ ossl_root = ossl_dev_dir- "]"+ ".]"
-$ define /translation_attributes = concealed /nolog'p1 SSLROOT 'ossl_root'
-$ define /nolog 'p1' SSLCERTS     sslroot:[certs]
-$ define /nolog 'p1' SSLINCLUDE   sslroot:[include]
-$ define /nolog 'p1' SSLPRIVATE   sslroot:[private]
-$ define /nolog 'p1' SSLEXE       sslroot:['arch_name_exe'_exe]
-$ define /nolog 'p1' SSLLIB       sslroot:['arch_name'_lib]
-$!
-$! Defining OPENSSL lets a C program use "#include <openssl/{foo}.h>":
-$ define /nolog 'p1' OPENSSL      SSLINCLUDE:
-$!
-$! Run a site-specific procedure, if it exists.
-$!
-$ if f$search( "sslroot:[vms]openssl_systartup.com") .nes."" then -
-   @ sslroot:[vms]openssl_systartup.com
-$!
-$! Restore the original default dev:[dir] (if known).
-$!
-$ clean_up:
-$!
-$ if (f$type( orig_dev_dir) .nes. "")
-$ then
-$    set default 'orig_dev_dir'
-$ endif
-$!
-$ EXIT 'status'
-$!

VMS/openssl_undo.com

@@ -1,20 +0,0 @@
-$!
-$! Deassign OpenSSL logical names.
-$!
-$ call deass "OPENSSL" "''p1'"
-$ call deass "SSLCERTS" "''p1'"
-$ call deass "SSLEXE" "''p1'"
-$ call deass "SSLINCLUDE" "''p1'"
-$ call deass "SSLLIB" "''p1'"
-$ call deass "SSLPRIVATE" "''p1'"
-$ call deass "SSLROOT" "''p1'"
-$!
-$ exit
-$!
-$deass: subroutine
-$ if (f$trnlnm( p1) .nes. "")
-$ then
-$    deassign 'p2' 'p1'
-$ endif
-$ endsubroutine
-$!

VMS/openssl_utils.com

@@ -1,46 +0,0 @@
-$!
-$!  APPS.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!
-$! Slightly modified by Richard Levitte <richard@levitte.org>
-$!
-$!
-$! Always define OPENSSL.  Others are optional (non-null P1).
-$!
-$ OPENSSL  :== $SSLEXE:OPENSSL
-$
-$ IF (P1 .NES. "")
-$ THEN
-$     VERIFY   :== $SSLEXE:OPENSSL VERIFY
-$     ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
-$! REQ could conflict with REQUEST.
-$     OREQ     :== $SSLEXE:OPENSSL REQ
-$     DGST     :== $SSLEXE:OPENSSL DGST
-$     DH       :== $SSLEXE:OPENSSL DH
-$     ENC      :== $SSLEXE:OPENSSL ENC
-$     GENDH    :== $SSLEXE:OPENSSL GENDH
-$     ERRSTR   :== $SSLEXE:OPENSSL ERRSTR
-$     CA       :== $SSLEXE:OPENSSL CA
-$     CRL      :== $SSLEXE:OPENSSL CRL
-$     RSA      :== $SSLEXE:OPENSSL RSA
-$     DSA      :== $SSLEXE:OPENSSL DSA
-$     DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
-$     X509     :== $SSLEXE:OPENSSL X509
-$     GENRSA   :== $SSLEXE:OPENSSL GENRSA
-$     GENDSA   :== $SSLEXE:OPENSSL GENDSA
-$     S_SERVER :== $SSLEXE:OPENSSL S_SERVER
-$     S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
-$     SPEED    :== $SSLEXE:OPENSSL SPEED
-$     S_TIME   :== $SSLEXE:OPENSSL S_TIME
-$     VERSION  :== $SSLEXE:OPENSSL VERSION
-$     PKCS7    :== $SSLEXE:OPENSSL PKCS7
-$     CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
-$     SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
-$     CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
-$     NSEQ     :== $SSLEXE:OPENSSL NSEQ
-$     PKCS12   :== $SSLEXE:OPENSSL PKCS12
-$ ENDIF

VMS/socketshr_shr.opt

@@ -1 +0,0 @@
-socketshr/share

VMS/tcpip_shr_decc.opt

@@ -1 +0,0 @@
-sys$share:tcpip$ipc_shr.exe/share

VMS/test-includes.com

@@ -1,28 +0,0 @@
-$! Quick script to check how well including individual header files works
-$! on VMS, even when the VMS macro isn't defined.
-$
-$	sav_def = f$env("DEFAULT")
-$	here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
-$	set default 'here'
-$	set default [-.include.openssl]
-$	define openssl 'f$env("DEFAULT")'
-$	set default [--]
-$
-$ loop:
-$	f = f$search("openssl:*.h")
-$	if f .eqs. "" then goto loop_end
-$	write sys$output "Checking ",f
-$	open/write foo foo.c
-$	write foo "#undef VMS"
-$	write foo "#include <stdio.h>"
-$	write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
-$	write foo "main()"
-$	write foo "{printf(""foo\n"");}"
-$	close foo
-$	cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
-$	delete foo.c;
-$	goto loop
-$ loop_end:
-$	set default 'save_def'
-$	exit
-

VMS/ucx_shr_decc.opt

@@ -1 +0,0 @@
-sys$share:ucx$ipc_shr.exe/share

VMS/ucx_shr_decc_log.opt

@@ -1 +0,0 @@
-ucx$ipc_shr/share

VMS/ucx_shr_vaxc.opt

@@ -1 +0,0 @@
-sys$library:ucx$ipc.olb/library

apps/CA.com

@@ -1,221 +0,0 @@
-$! CA - wrapper around ca to make it easier to use ... basically ca requires
-$!      some setup stuff to be done before you can use it and this makes
-$!      things easier between now and when Eric is convinced to fix it :-)
-$!
-$! CA -newca ... will setup the right stuff
-$! CA -newreq ... will generate a certificate request 
-$! CA -sign ... will sign the generated request and output 
-$!
-$! At the end of that grab newreq.pem and newcert.pem (one has the key 
-$! and the other the certificate) and cat them together and that is what
-$! you want/need ... I'll make even this a little cleaner later.
-$!
-$! default openssl.cnf file has setup as per the following
-$! demoCA ... where everything is stored
-$
-$ IF F$TYPE(OPENSSL_CONFIG) .EQS. "" THEN OPENSSL_CONFIG := SSLLIB:OPENSSL.CNF
-$
-$ DAYS   = "-days 365"
-$ REQ    = openssl + " req " + OPENSSL_CONFIG
-$ CA     = openssl + " ca " + OPENSSL_CONFIG
-$ VERIFY = openssl + " verify"
-$ X509   = openssl + " x509"
-$ PKCS12 = openssl + " pkcs12"
-$ echo   = "write sys$Output"
-$ RET = 1
-$!
-$! 2010-12-20 SMS.
-$! Use a concealed logical name to reduce command line lengths, to
-$! avoid DCL errors on VAX:
-$!     %DCL-W-TKNOVF, command element is too long - shorten
-$! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate
-$! quickly.)
-$!
-$ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]"
-$ define /translation_attributes = concealed CATOP 'CATOP'
-$!
-$ on error then goto clean_up
-$ on control_y then goto clean_up
-$!
-$ CAKEY  = "CATOP:[private]cakey.pem"
-$ CACERT = "CATOP:[000000]cacert.pem"
-$
-$ __INPUT := SYS$COMMAND
-$!
-$ i = 1
-$opt_loop:
-$ if i .gt. 8 then goto opt_loop_end
-$
-$ prog_opt = F$EDIT(P'i',"lowercase")
-$
-$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
-$ THEN
-$   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
-$   goto clean_up
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-input")
-$ THEN
-$   ! Get input from somewhere other than SYS$COMMAND
-$   i = i + 1
-$   __INPUT = P'i'
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newcert")
-$ THEN
-$   ! Create a certificate.
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
-$   RET=$STATUS
-$   echo "Certificate (and private key) is in newreq.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newreq")
-$ THEN
-$   ! Create a certificate request
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
-$   RET=$STATUS
-$   echo "Request (and private key) is in newreq.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newca")
-$ THEN
-$   ! If explicitly asked for or it doesn't exist then setup the directory
-$   ! structure that Eric likes to manage things.
-$   IF F$SEARCH( "CATOP:[000000]serial.") .EQS. ""
-$   THEN
-$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000]
-$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs]
-$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl]
-$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts]
-$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private]
-$
-$     OPEN /WRITE ser_file CATOP:[000000]serial. 
-$     WRITE ser_file "01"
-$     CLOSE ser_file
-$     APPEND /NEW_VERSION NL: CATOP:[000000]index.txt
-$
-$     ! The following is to make sure access() doesn't get confused.  It
-$     ! really needs one file in the directory to give correct answers...
-$     COPY NLA0: CATOP:[certs].;
-$     COPY NLA0: CATOP:[crl].;
-$     COPY NLA0: CATOP:[newcerts].;
-$     COPY NLA0: CATOP:[private].;
-$   ENDIF
-$!
-$   IF F$SEARCH( CAKEY) .EQS. ""
-$   THEN
-$     READ '__INPUT' FILE -
-       /PROMPT="CA certificate filename (or enter to create): "
-$     IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
-$     THEN
-$       COPY 'FILE' 'CAKEY'
-$       RET=$STATUS
-$     ELSE
-$       echo "Making CA certificate ..."
-$       DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$       REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS'
-$       RET=$STATUS
-$     ENDIF
-$   ENDIF
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-pkcs12")
-$ THEN
-$   i = i + 1
-$   cname = P'i'
-$   IF cname .EQS. "" THEN cname = "My certificate"
-$   PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' -
-     -out newcert.p12 -export -name "''cname'"
-$   RET=$STATUS
-$   goto clean_up
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-xsign")
-$ THEN
-$!
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   CA -policy policy_anything -infiles newreq.pem
-$   RET=$STATUS
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
-$ THEN
-$!   
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
-$   RET=$STATUS
-$   type newcert.pem
-$   echo "Signed certificate is in newcert.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-signcert")
-$  THEN
-$!   
-$   echo "Cert passphrase will be requested twice - bug?"
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
-y
-y
-$   type newcert.pem
-$   echo "Signed certificate is in newcert.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-verify")
-$ THEN
-$!   
-$   i = i + 1
-$   IF (p'i' .EQS. "")
-$   THEN
-$     DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$     VERIFY "-CAfile" 'CACERT' newcert.pem
-$   ELSE
-$     j = i
-$    verify_opt_loop:
-$     IF j .GT. 8 THEN GOTO verify_opt_loop_end
-$     IF p'j' .NES. ""
-$     THEN 
-$       DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$       __tmp = p'j'
-$       VERIFY "-CAfile" 'CACERT' '__tmp'
-$       tmp=$STATUS
-$       IF tmp .NE. 0 THEN RET=tmp
-$     ENDIF
-$     j = j + 1
-$     GOTO verify_opt_loop
-$    verify_opt_loop_end:
-$   ENDIF
-$   
-$   GOTO opt_loop_end
-$ ENDIF
-$!
-$ IF (prog_opt .NES. "")
-$ THEN
-$!   
-$   echo "Unknown argument ''prog_opt'"
-$   RET = 3
-$   goto clean_up
-$ ENDIF
-$
-$opt_loop_continue:
-$ i = i + 1
-$ GOTO opt_loop
-$
-$opt_loop_end:
-$!
-$clean_up:
-$!
-$ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then -
-   deassign /process CATOP
-$!
-$ EXIT 'RET'

apps/CA.pl.in

@@ -1,189 +0,0 @@
-#!/usr/bin/perl
-#
-# Wrapper around the ca to make it easier to use
-# Edit CA.pl.in not CA.pl!
-
-
-use strict;
-use warnings;
-
-my $openssl = "openssl";
-if(defined $ENV{'OPENSSL'}) {
-    $openssl = $ENV{'OPENSSL'};
-} else {
-    $ENV{'OPENSSL'} = $openssl;
-}
-
-my $verbose = 1;
-
-my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"};
-my $DAYS = "-days 365";
-my $CADAYS = "-days 1095";	# 3 years
-my $REQ = "$openssl req $OPENSSL_CONFIG";
-my $CA = "$openssl ca $OPENSSL_CONFIG";
-my $VERIFY = "$openssl verify";
-my $X509 = "$openssl x509";
-my $PKCS12 = "$openssl pkcs12";
-
-# default openssl.cnf file has setup as per the following
-my $CATOP = "./demoCA";
-my $CAKEY = "cakey.pem";
-my $CAREQ = "careq.pem";
-my $CACERT = "cacert.pem";
-my $CACRL = "crl.pem";
-my $DIRMODE = 0777;
-
-my $NEWKEY = "newkey.pem";
-my $NEWREQ = "newreq.pem";
-my $NEWCERT = "newcert.pem";
-my $NEWP12 = "newcert.p12";
-my $RET = 0;
-my $WHAT = shift @ARGV;
-my $FILE;
-
-# See if reason for a CRL entry is valid; exit if not.
-sub crl_reason_ok
-{
-    my $r = shift;
-
-    if ($r eq 'unspecified' || $r eq 'keyCompromise'
-        || $r eq 'CACompromise' || $r eq 'affiliationChanged'
-        || $r eq 'superseded' || $r eq 'cessationOfOperation'
-        || $r eq 'certificateHold' || $r eq 'removeFromCRL') {
-        return 1;
-    }
-    print STDERR "Invalid CRL reason; must be one of:\n";
-    print STDERR "    unspecified, keyCompromise, CACompromise,\n";
-    print STDERR "    affiliationChanged, superseded, cessationOfOperation\n";
-    print STDERR "    certificateHold, removeFromCRL";
-    exit 1;
-}
-
-# Copy a PEM-format file; return like exit status (zero means ok)
-sub copy_pemfile
-{
-    my ($infile, $outfile, $bound) = @_;
-    my $found = 0;
-
-    open IN, $infile || die "Cannot open $infile, $!";
-    open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
-    while (<IN>) {
-        $found = 1 if /^-----BEGIN.*$bound/;
-        print OUT $_ if $found;
-        $found = 2, last if /^-----END.*$bound/;
-    }
-    close IN;
-    close OUT;
-    return $found == 2 ? 0 : 1;
-}
-
-# Wrapper around system; useful for debugging.  Returns just the exit status
-sub run
-{
-    my $cmd = shift;
-    print "====\n$cmd\n" if $verbose;
-    my $status = system($cmd);
-    print "==> $status\n====\n" if $verbose;
-    return $status >> 8;
-}
-
-
-if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
-    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-    print STDERR "       CA -pkcs12 [certname]\n";
-    print STDERR "       CA -crl|-revoke cert-filename [reason]\n";
-    exit 0;
-}
-if ($WHAT eq '-newcert' ) {
-    # create a certificate
-    $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS");
-    print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
-} elsif ($WHAT eq '-newreq' ) {
-    # create a certificate request
-    $RET = run("$REQ -new -keyout $NEWKEY -out $NEWREQ $DAYS");
-    print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
-} elsif ($WHAT eq '-newreq-nodes' ) {
-    # create a certificate request
-    $RET = run("$REQ -new -nodes -keyout $NEWKEY -out $NEWREQ $DAYS");
-    print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
-} elsif ($WHAT eq '-newca' ) {
-    # create the directory hierarchy
-    mkdir ${CATOP}, $DIRMODE;
-    mkdir "${CATOP}/certs", $DIRMODE;
-    mkdir "${CATOP}/crl", $DIRMODE ;
-    mkdir "${CATOP}/newcerts", $DIRMODE;
-    mkdir "${CATOP}/private", $DIRMODE;
-    open OUT, ">${CATOP}/index.txt";
-    close OUT;
-    open OUT, ">${CATOP}/crlnumber";
-    print OUT "01\n";
-    close OUT;
-    # ask user for existing CA certificate
-    print "CA certificate filename (or enter to create)\n";
-    $FILE = <STDIN>;
-    chop $FILE if $FILE;
-    if ($FILE) {
-        copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
-        copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
-    } else {
-        print "Making CA certificate ...\n";
-        $RET = run("$REQ -new -keyout"
-                . " ${CATOP}/private/$CAKEY"
-                . " -out ${CATOP}/$CAREQ");
-        $RET = run("$CA -create_serial"
-                . " -out ${CATOP}/$CACERT $CADAYS -batch"
-                . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
-                . " -extensions v3_ca"
-                . " -infiles ${CATOP}/$CAREQ") if $RET == 0;
-        print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
-    }
-} elsif ($WHAT eq '-pkcs12' ) {
-    my $cname = $ARGV[1];
-    $cname = "My Certificate" unless defined $cname;
-    $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
-            . " -certfile ${CATOP}/$CACERT"
-            . " -out $NEWP12"
-            . " -export -name \"$cname\"");
-    print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
-} elsif ($WHAT eq '-xsign' ) {
-    $RET = run("$CA -policy policy_anything -infiles $NEWREQ");
-} elsif ($WHAT eq '-sign' ) {
-    $RET = run("$CA -policy policy_anything -out $NEWCERT -infiles $NEWREQ");
-    print "Signed certificate is in $NEWCERT\n" if $RET == 0;
-} elsif ($WHAT eq '-signCA' ) {
-    $RET = run("$CA -policy policy_anything -out $NEWCERT"
-            . " -extensions v3_ca -infiles $NEWREQ");
-    print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
-} elsif ($WHAT eq '-signcert' ) {
-    $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
-            . " -out tmp.pem");
-    $RET = run("$CA -policy policy_anything -out $NEWCERT"
-            . " -infiles tmp.pem") if $RET == 0;
-    print "Signed certificate is in $NEWCERT\n" if $RET == 0;
-} elsif ($WHAT eq '-verify' ) {
-    my @files = @ARGV ? @ARGV : ( $NEWCERT );
-    my $file;
-    foreach $file (@files) {
-        my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file");
-        $RET = $status if $status != 0;
-    }
-} elsif ($WHAT eq '-crl' ) {
-    $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL");
-    print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
-} elsif ($WHAT eq '-revoke' ) {
-    my $cname = $ARGV[1];
-    if (!defined $cname) {
-        print "Certificate filename is required; reason optional.\n";
-        exit 1;
-    }
-    my $reason = $ARGV[2];
-    $reason = " -crl_reason $reason"
-        if defined $reason && crl_reason_ok($reason);
-    $RET = run("$CA -revoke \"$cname\"" . $reason);
-} else {
-    print STDERR "Unknown arg \"$WHAT\"\n";
-    print STDERR "Use -help for help.\n";
-    exit 1;
-}
-
-exit $RET;

apps/CA.sh

@@ -0,0 +1,132 @@
+#!/bin/sh
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+#      some setup stuff to be done before you can use it and this makes
+#      things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request 
+# CA -sign ... will sign the generated request and output 
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh    Added more things ... including CA -signcert which
+#                  converts a certificate to a request and then signs it.
+# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+#		   environment variable so this can be driven from
+#		   a script.
+# 25-Jul-96 eay    Cleaned up filenames some more.
+# 11-Jun-96 eay    Fixed a few filename missmatches.
+# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh    Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# default ssleay.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+DAYS="-days 365"
+REQ="ssleay req $SSLEAY_CONFIG"
+CA="ssleay ca $SSLEAY_CONFIG"
+VERIFY="ssleay verify"
+X509="ssleay x509"
+
+CATOP=./demoCA
+CAKEY=./cakey.pem
+CACERT=./cacert.pem
+
+for i
+do
+case $i in
+-\?|-h|-help)
+    echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2
+    exit 0
+    ;;
+-newcert) 
+    # create a certificate
+    $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+    RET=$?
+    echo "Certificate (and private key) is in newreq.pem"
+    ;;
+-newreq) 
+    # create a certificate request
+    $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+    RET=$?
+    echo "Request (and private key) is in newreq.pem"
+    ;;
+-newca)     
+    # if explictly asked for or it doesn't exist then setup the directory
+    # structure that Eric likes to manage things 
+    NEW="1"
+    if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
+	# create the directory hierarchy
+	mkdir ${CATOP} 
+	mkdir ${CATOP}/certs 
+	mkdir ${CATOP}/crl 
+	mkdir ${CATOP}/newcerts
+	mkdir ${CATOP}/private
+	echo "01" > ${CATOP}/serial
+	touch ${CATOP}/index.txt
+    fi
+    if [ ! -f ${CATOP}/private/$CAKEY ]; then
+	echo "CA certificate filename (or enter to create)"
+	read FILE
+
+	# ask user for existing CA certificate
+	if [ "$FILE" ]; then
+	    cp $FILE ${CATOP}/private/$CAKEY
+	    RET=$?
+	else
+	    echo "Making CA certificate ..."
+	    $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
+			   -out ${CATOP}/$CACERT $DAYS
+	    RET=$?
+	fi
+    fi
+    ;;
+-xsign)
+    $CA -policy policy_anything -infiles newreq.pem 
+    RET=$?
+    ;;
+-sign|-signreq) 
+    $CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+    RET=$?
+    cat newcert.pem
+    echo "Signed certificate is in newcert.pem"
+    ;;
+-signcert) 
+    echo "Cert passphrase will be requested twice - bug?"
+    $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+    $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+    cat newcert.pem
+    echo "Signed certificate is in newcert.pem"
+    ;;
+-verify) 
+    shift
+    if [ -z "$1" ]; then
+	    $VERIFY -CAfile $CATOP/$CACERT newcert.pem
+	    RET=$?
+    else
+	for j
+	do
+	    $VERIFY -CAfile $CATOP/$CACERT $j
+	    if [ $? != 0 ]; then
+		    RET=$?
+	    fi
+	done
+    fi
+    exit 0
+    ;;
+*)
+    echo "Unknown arg $i";
+    exit 1
+    ;;
+esac
+done
+exit $RET
+

apps/Makefile.in

@@ -1,154 +0,0 @@
-#
-#  apps/Makefile
-#
-
-DIR=		apps
-TOP=		..
-CC=		cc
-INCLUDES=	-I$(TOP) -I../crypto -I../include
-CFLAG=		-g -static -Wswitch
-MAKEFILE=	Makefile
-PERL=		perl
-RM=		rm -f
-
-PEX_LIBS=
-EX_LIBS= 
-EXE_EXT= 
-
-SHLIB_TARGET=
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile makeapps.com install.com
-
-DLIBCRYPTO=../libcrypto.a
-DLIBSSL=../libssl.a
-LIBCRYPTO=-L.. -lcrypto
-LIBSSL=-L.. -lssl
-
-SCRIPTS=CA.pl tsget
-EXE= openssl$(EXE_EXT)
-
-COMMANDS= \
-	asn1pars.o ca.o ciphers.o cms.o crl.o crl2p7.o dgst.o dhparam.o \
-	dsa.o dsaparam.o ec.o ecparam.o enc.o engine.o errstr.o gendsa.o \
-	genpkey.o genrsa.o nseq.o ocsp.o passwd.o pkcs12.o pkcs7.o pkcs8.o \
-	pkey.o pkeyparam.o pkeyutl.o prime.o rand.o req.o rsa.o rsautl.o \
-	s_client.o s_server.o s_time.o sess_id.o smime.o speed.o spkac.o \
-	srp.o ts.o verify.o version.o x509.o rehash.o
-
-EXTRA_OBJ=apps.o opt.o s_cb.o s_socket.o
-EXTRA_SRC=apps.c opt.c s_cb.c s_socket.c
-RAND_OBJ=app_rand.o
-RAND_SRC=app_rand.c
-
-OBJ	= $(COMMANDS)
-
-SRC	= \
-	asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c \
-	dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c \
-	genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c \
-	pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \
-	s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \
-	srp.c ts.c verify.c version.c x509.c
-
-EXE_OBJ	= openssl.o $(OBJ) $(EXTRA_OBJ) $(RAND_OBJ)
-EXE_SRC = openssl.c $(SRC) $(EXTRA_SRC) $(RAND_SRC)
-
-HEADER=	apps.h progs.h s_apps.h \
-	testdsa.h testrsa.h timeouts.h
-
-ALL=    $(GENERAL) $(EXE_SRC) $(HEADER)
-
-top:
-	@(cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all:	exe
-
-exe:	$(EXE)
-
-openssl-vms.cnf: openssl.cnf
-	$(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-install:
-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-	@set -e; for i in $(EXE); \
-	do  \
-	(echo installing $$i; \
-	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
-	 done;
-	@set -e; for i in $(SCRIPTS); \
-	do  \
-	(echo installing $$i; \
-	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
-	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
-	 mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
-	 done
-	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
-	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
-	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
-
-uninstall:
-	@set -e; for i in $(EXE); \
-	do  \
-		echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-		$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-	done;
-	@set -e; for i in $(SCRIPTS); \
-	do  \
-		echo $(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
-		$(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
-	done
-	$(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
-
-tags:
-	ctags $(EXE_SRC) $(HEADER)
-
-tests:
-
-lint:
-	echo nope >fluff
-
-update: openssl-vms.cnf local_depend
-
-depend: local_depend
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-local_depend:
-	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(EXE_SRC)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
-	rm -f req
-
-$(DLIBSSL):
-	(cd ..; $(MAKE) build_libssl)
-
-$(DLIBCRYPTO):
-	(cd ..; $(MAKE) build_libcrypto)
-
-$(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL)
-	$(RM) $(EXE)
-	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-		shlib_target="$(SHLIB_TARGET)"; \
-	fi; \
-	LIBRARIES="$(LIBSSL) $(LIBCRYPTO)" ; \
-	$(MAKE) -f $(TOP)/Makefile.shared -e \
-		APPNAME=$(EXE) OBJECTS="$(EXE_OBJ)" \
-		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
-		link_app.$${shlib_target}
-
-progs.h: progs.pl Makefile
-	$(RM) progs.h
-	$(PERL) progs.pl $(COMMANDS) >progs.h
-	$(RM) openssl.o
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.

apps/Makefile.ssl

@@ -0,0 +1,144 @@
+#
+# SSLeay/apps/Makefile.ssl
+#
+
+DIR=		apps
+TOP=		..
+CC=		cc
+INCLUDES=	-I../include
+CFLAG=		-g -static
+INSTALLTOP=	/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+RM=		/bin/rm -f
+
+PEX_LIBS=
+EX_LIBS= 
+
+CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+
+DLIBCRYPTO=../libcrypto.a
+DLIBSSL=../libssl.a
+LIBCRYPTO=-L.. -lcrypto
+LIBSSL=-L.. -lssl
+
+SSLEAY= ssleay
+
+SCRIPTS=CA.sh der_chop
+
+EXE= $(SSLEAY)
+
+E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
+	rsa dsa dsaparam \
+	x509 genrsa s_server s_client speed \
+	s_time version pkcs7 crl2pkcs7 sess_id ciphers
+
+PROGS= $(SSLEAY).c
+
+A_OBJ=apps.o
+A_SRC=apps.c
+S_OBJ=	s_cb.o s_socket.o
+S_SRC=	s_cb.c s_socket.c
+
+E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
+	pkcs7.o crl2p7.o crl.o \
+	rsa.o dsa.o dsaparam.o \
+	x509.o genrsa.o s_server.o s_client.o speed.o \
+	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
+	ciphers.o
+
+#	pem_mail.o
+
+E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
+	pkcs7.c crl2p7.c crl.c \
+	rsa.c dsa.c dsaparam.c \
+	x509.c genrsa.c s_server.c s_client.c speed.c \
+	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
+	ciphers.c
+
+#	pem_mail.c
+
+SRC=$(E_SRC)
+
+EXHEADER=
+HEADER=	apps.h progs.h s_apps.h \
+	testdsa.h testrsa.h \
+	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	@(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:	exe
+
+exe:	$(EXE)
+
+req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
+	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+sreq.o: req.c 
+	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+install: mklinks
+	@for i in $(EXE) $(SCRIPTS) mklinks; \
+	do  \
+	(echo installing $$i; \
+	 cp $$i $(INSTALLTOP)/bin/$$i; \
+	 chmod 755 $(INSTALLTOP)/bin/$$i ); \
+	 done; \
+	cp ssleay.cnf $(INSTALLTOP)/lib
+	chmod 644 $(INSTALLTOP)/lib/ssleay.cnf
+	cd $(INSTALLTOP)/bin; \
+	/bin/sh ./mklinks; \
+	/bin/rm -f ./mklinks
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+errors:
+
+clean:
+	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+	/bin/rm -f req
+
+$(DLIBSSL):
+	(cd ../ssl; $(MAKE))
+
+$(DLIBCRYPTO):
+	(cd ../crypto; $(MAKE))
+
+$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL)
+	$(RM) $(SSLEAY)
+	$(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+
+progs.h:
+	perl ./g_ssleay.pl $(E_EXE) >progs.h
+	$(RM) $(SSLEAY).o
+
+mklinks:
+	perl ./g_ssleay.pl $(E_EXE) >progs.h
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.

apps/app_rand.c

@@ -1,214 +0,0 @@
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-
-static int seeded = 0;
-static int egdsocket = 0;
-
-int app_RAND_load_file(const char *file, int dont_warn)
-{
-    int consider_randfile = (file == NULL);
-    char buffer[200];
-
-#ifdef OPENSSL_SYS_WINDOWS
-    RAND_screen();
-#endif
-
-    if (file == NULL)
-        file = RAND_file_name(buffer, sizeof buffer);
-    else if (RAND_egd(file) > 0) {
-        /*
-         * we try if the given filename is an EGD socket. if it is, we don't
-         * write anything back to the file.
-         */
-        egdsocket = 1;
-        return 1;
-    }
-    if (file == NULL || !RAND_load_file(file, -1)) {
-        if (RAND_status() == 0) {
-            if (!dont_warn) {
-                BIO_printf(bio_err, "unable to load 'random state'\n");
-                BIO_printf(bio_err,
-                           "This means that the random number generator has not been seeded\n");
-                BIO_printf(bio_err, "with much random data.\n");
-                if (consider_randfile) { /* explanation does not apply when a
-                                          * file is explicitly named */
-                    BIO_printf(bio_err,
-                               "Consider setting the RANDFILE environment variable to point at a file that\n");
-                    BIO_printf(bio_err,
-                               "'random' data can be kept in (the file will be overwritten).\n");
-                }
-            }
-            return 0;
-        }
-    }
-    seeded = 1;
-    return 1;
-}
-
-long app_RAND_load_files(char *name)
-{
-    char *p, *n;
-    int last;
-    long tot = 0;
-    int egd;
-
-    for (;;) {
-        last = 0;
-        for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
-        if (*p == '\0')
-            last = 1;
-        *p = '\0';
-        n = name;
-        name = p + 1;
-        if (*n == '\0')
-            break;
-
-        egd = RAND_egd(n);
-        if (egd > 0)
-            tot += egd;
-        else
-            tot += RAND_load_file(n, -1);
-        if (last)
-            break;
-    }
-    if (tot > 512)
-        app_RAND_allow_write_file();
-    return (tot);
-}
-
-int app_RAND_write_file(const char *file)
-{
-    char buffer[200];
-
-    if (egdsocket || !seeded)
-        /*
-         * If we did not manage to read the seed file, we should not write a
-         * low-entropy seed file back -- it would suppress a crucial warning
-         * the next time we want to use it.
-         */
-        return 0;
-
-    if (file == NULL)
-        file = RAND_file_name(buffer, sizeof buffer);
-    if (file == NULL || !RAND_write_file(file)) {
-        BIO_printf(bio_err, "unable to write 'random state'\n");
-        return 0;
-    }
-    return 1;
-}
-
-void app_RAND_allow_write_file(void)
-{
-    seeded = 1;
-}

apps/apps.h

@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- *
+ * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ * 
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- *
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,545 +49,102 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
+ * 
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
 
 #ifndef HEADER_APPS_H
-# define HEADER_APPS_H
+#define HEADER_APPS_H
 
-# include "e_os.h"
-# include <assert.h>
+#include "e_os.h"
 
-# include <openssl/e_os2.h>
-# include <openssl/ossl_typ.h>
-# include <openssl/bio.h>
-# include <openssl/x509.h>
-# include <openssl/lhash.h>
-# include <openssl/conf.h>
-# include <openssl/txt_db.h>
-# ifndef OPENSSL_NO_ENGINE
-#  include <openssl/engine.h>
-# endif
-# ifndef OPENSSL_NO_OCSP
-#  include <openssl/ocsp.h>
-# endif
-# include <openssl/ossl_typ.h>
-# ifndef OPENSSL_SYS_NETWARE
-#  include <signal.h>
-# endif
+#include "buffer.h"
+#include "bio.h"
+#include "crypto.h"
+#include "progs.h"
 
-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
-#  define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
-# else
-#  define openssl_fdset(a,b) FD_SET(a, b)
-# endif
+#ifdef NO_STDIO
+BIO_METHOD *BIO_s_file();
+#endif
 
-int app_RAND_load_file(const char *file, int dont_warn);
-int app_RAND_write_file(const char *file);
-/*
- * When `file' is NULL, use defaults. `bio_e' is for error messages.
- */
-void app_RAND_allow_write_file(void);
-long app_RAND_load_files(char *file); /* `file' is a list of files to read,
-                                       * separated by LIST_SEPARATOR_CHAR
-                                       * (see e_os.h).  The string is
-                                       * destroyed! */
+#ifdef WIN32
+#define rename(from,to) WIN32_rename((from),(to))
+int WIN32_rename(char *oldname,char *newname);
+#endif
 
-extern char *default_config_file;
-extern BIO *bio_in;
-extern BIO *bio_out;
+#ifndef MONOLITH
+
+#define MAIN(a,v)	main(a,v)
+
+#ifndef NON_MAIN
+BIO *bio_err=NULL;
+#else
 extern BIO *bio_err;
-BIO *dup_bio_in(int format);
-BIO *dup_bio_out(int format);
-BIO *bio_open_owner(const char *filename, int format, int private);
-BIO *bio_open_default(const char *filename, char mode, int format);
-BIO *bio_open_default_quiet(const char *filename, char mode, int format);
-CONF *app_load_config(const char *filename);
-CONF *app_load_config_quiet(const char *filename);
-int app_load_modules(const CONF *config);
-void unbuffer(FILE *fp);
-void wait_for_async(SSL *s);
-
-/*
- * Common verification options.
- */
-# define OPT_V_ENUM \
-        OPT_V__FIRST=2000, \
-        OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
-        OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
-        OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
-        OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
-        OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
-        OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
-        OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
-        OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
-        OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
-        OPT_V__LAST
-
-# define OPT_V_OPTIONS \
-        { "policy", OPT_V_POLICY, 's' }, \
-        { "purpose", OPT_V_PURPOSE, 's' }, \
-        { "verify_name", OPT_V_VERIFY_NAME, 's' }, \
-        { "verify_depth", OPT_V_VERIFY_DEPTH, 'p' }, \
-        { "attime", OPT_V_ATTIME, 'M' }, \
-        { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's' }, \
-        { "verify_email", OPT_V_VERIFY_EMAIL, 's' }, \
-        { "verify_ip", OPT_V_VERIFY_IP, 's' }, \
-        { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-' }, \
-        { "issuer_checks", OPT_V_ISSUER_CHECKS, '-' }, \
-        { "crl_check", OPT_V_CRL_CHECK, '-', "Check that peer cert has not been revoked" }, \
-        { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "Also check all certs in the chain" }, \
-        { "policy_check", OPT_V_POLICY_CHECK, '-' }, \
-        { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-' }, \
-        { "inhibit_any", OPT_V_INHIBIT_ANY, '-' }, \
-        { "inhibit_map", OPT_V_INHIBIT_MAP, '-' }, \
-        { "x509_strict", OPT_V_X509_STRICT, '-' }, \
-        { "extended_crl", OPT_V_EXTENDED_CRL, '-' }, \
-        { "use_deltas", OPT_V_USE_DELTAS, '-' }, \
-        { "policy_print", OPT_V_POLICY_PRINT, '-' }, \
-        { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-' }, \
-        { "trusted_first", OPT_V_TRUSTED_FIRST, '-', "Use locally-trusted CA's first in building chain" }, \
-        { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-' }, \
-        { "suiteB_128", OPT_V_SUITEB_128, '-' }, \
-        { "suiteB_192", OPT_V_SUITEB_192, '-' }, \
-        { "partial_chain", OPT_V_PARTIAL_CHAIN, '-' }, \
-        { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "Only use the first cert chain found" }, \
-        { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "Do not check validity against current time" }
-
-# define OPT_V_CASES \
-        OPT_V__FIRST: case OPT_V__LAST: break; \
-        case OPT_V_POLICY: \
-        case OPT_V_PURPOSE: \
-        case OPT_V_VERIFY_NAME: \
-        case OPT_V_VERIFY_DEPTH: \
-        case OPT_V_ATTIME: \
-        case OPT_V_VERIFY_HOSTNAME: \
-        case OPT_V_VERIFY_EMAIL: \
-        case OPT_V_VERIFY_IP: \
-        case OPT_V_IGNORE_CRITICAL: \
-        case OPT_V_ISSUER_CHECKS: \
-        case OPT_V_CRL_CHECK: \
-        case OPT_V_CRL_CHECK_ALL: \
-        case OPT_V_POLICY_CHECK: \
-        case OPT_V_EXPLICIT_POLICY: \
-        case OPT_V_INHIBIT_ANY: \
-        case OPT_V_INHIBIT_MAP: \
-        case OPT_V_X509_STRICT: \
-        case OPT_V_EXTENDED_CRL: \
-        case OPT_V_USE_DELTAS: \
-        case OPT_V_POLICY_PRINT: \
-        case OPT_V_CHECK_SS_SIG: \
-        case OPT_V_TRUSTED_FIRST: \
-        case OPT_V_SUITEB_128_ONLY: \
-        case OPT_V_SUITEB_128: \
-        case OPT_V_SUITEB_192: \
-        case OPT_V_PARTIAL_CHAIN: \
-        case OPT_V_NO_ALT_CHAINS: \
-        case OPT_V_NO_CHECK_TIME
-
-/*
- * Common "extended"? options.
- */
-# define OPT_X_ENUM \
-        OPT_X__FIRST=1000, \
-        OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
-        OPT_X_CERTFORM, OPT_X_KEYFORM, \
-        OPT_X__LAST
-
-# define OPT_X_OPTIONS \
-        { "xkey", OPT_X_KEY, '<' }, \
-        { "xcert", OPT_X_CERT, '<' }, \
-        { "xchain", OPT_X_CHAIN, '<' }, \
-        { "xchain_build", OPT_X_CHAIN_BUILD, '-' }, \
-        { "xcertform", OPT_X_CERTFORM, 'F' }, \
-        { "xkeyform", OPT_X_KEYFORM, 'F' }
-
-# define OPT_X_CASES \
-        OPT_X__FIRST: case OPT_X__LAST: break; \
-        case OPT_X_KEY: \
-        case OPT_X_CERT: \
-        case OPT_X_CHAIN: \
-        case OPT_X_CHAIN_BUILD: \
-        case OPT_X_CERTFORM: \
-        case OPT_X_KEYFORM
-
-/*
- * Common SSL options.
- * Any changes here must be coordinated with ../ssl/ssl_conf.c
- */
-# define OPT_S_ENUM \
-        OPT_S__FIRST=3000, \
-        OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
-        OPT_S_BUGS, OPT_S_NOCOMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
-        OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
-        OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
-        OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
-        OPT_S_DHPARAM, OPT_S_DEBUGBROKE, \
-        OPT_S__LAST
-
-# define OPT_S_OPTIONS \
-        {"no_ssl3", OPT_S_NOSSL3, '-' }, \
-        {"no_tls1", OPT_S_NOTLS1, '-' }, \
-        {"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
-        {"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
-        {"bugs", OPT_S_BUGS, '-' }, \
-        {"no_comp", OPT_S_NOCOMP, '-', "Don't use SSL/TLS-level compression" }, \
-        {"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
-        {"no_ticket", OPT_S_NOTICKET, '-' }, \
-        {"serverpref", OPT_S_SERVERPREF, '-' }, \
-        {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-' }, \
-        {"legacy_server_connect", OPT_S_LEGACYCONN, '-' }, \
-        {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-' }, \
-        {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-' }, \
-        {"strict", OPT_S_STRICT, '-' }, \
-        {"sigalgs", OPT_S_SIGALGS, 's', \
-            "Signature algorithms to support (colon-separated list)" }, \
-        {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
-            "Signature algorithms to support for client certificate" \
-            " authentication (colon-separated list)" }, \
-        {"curves", OPT_S_CURVES, 's', \
-            "Elliptic curves to advertise (colon-separated list)" }, \
-        {"named_curve", OPT_S_NAMEDCURVE, 's', \
-            "Elliptic curve used for ECDHE (server-side only)" }, \
-        {"cipher", OPT_S_CIPHER, 's', }, \
-        {"dhparam", OPT_S_DHPARAM, '<' }, \
-        {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-' }
-
-# define OPT_S_CASES \
-        OPT_S__FIRST: case OPT_S__LAST: break; \
-        case OPT_S_NOSSL3: \
-        case OPT_S_NOTLS1: \
-        case OPT_S_NOTLS1_1: \
-        case OPT_S_NOTLS1_2: \
-        case OPT_S_BUGS: \
-        case OPT_S_NOCOMP: \
-        case OPT_S_ECDHSINGLE: \
-        case OPT_S_NOTICKET: \
-        case OPT_S_SERVERPREF: \
-        case OPT_S_LEGACYRENEG: \
-        case OPT_S_LEGACYCONN: \
-        case OPT_S_ONRESUMP: \
-        case OPT_S_NOLEGACYCONN: \
-        case OPT_S_STRICT: \
-        case OPT_S_SIGALGS: \
-        case OPT_S_CLIENTSIGALGS: \
-        case OPT_S_CURVES: \
-        case OPT_S_NAMEDCURVE: \
-        case OPT_S_CIPHER: \
-        case OPT_S_DHPARAM: \
-        case OPT_S_DEBUGBROKE
-
-/*
- * Option parsing.
- */
-extern const char OPT_HELP_STR[];
-extern const char OPT_MORE_STR[];
-typedef struct options_st {
-    const char *name;
-    int retval;
-    /*
-     * value type: - no value (also the value zero), n number, p positive
-     * number, u unsigned, s string, < input file, > output file, f der/pem
-     * format, F any format identifier.  n and u include zero; p does not.
-     */
-    int valtype;
-    const char *helpstr;
-} OPTIONS;
-
-/*
- * A string/int pairing; widely use for option value lookup, hence the
- * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
- * the "generic" name STRINT_PAIR.
- */
-typedef struct string_int_pair_st {
-    const char *name;
-    int retval;
-} OPT_PAIR, STRINT_PAIR;
-
-/* Flags to pass into opt_format; see FORMAT_xxx, below. */
-# define OPT_FMT_PEMDER          (1L <<  1)
-# define OPT_FMT_PKCS12          (1L <<  2)
-# define OPT_FMT_SMIME           (1L <<  3)
-# define OPT_FMT_ENGINE          (1L <<  4)
-# define OPT_FMT_MSBLOB          (1L <<  5)
-# define OPT_FMT_NETSCAPE        (1L <<  6)
-# define OPT_FMT_NSS             (1L <<  7)
-# define OPT_FMT_TEXT            (1L <<  8)
-# define OPT_FMT_HTTP            (1L <<  9)
-# define OPT_FMT_PVK             (1L << 10)
-# define OPT_FMT_ANY     ( \
-        OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
-        OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
-        OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
-
-char *opt_progname(const char *argv0);
-char *opt_getprog(void);
-char *opt_init(int ac, char **av, const OPTIONS * o);
-int opt_next();
-int opt_format(const char *s, unsigned long flags, int *result);
-int opt_int(const char *arg, int *result);
-int opt_ulong(const char *arg, unsigned long *result);
-int opt_long(const char *arg, long *result);
-#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
-    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
-int opt_imax(const char *arg, intmax_t *result);
-int opt_umax(const char *arg, uintmax_t *result);
 #endif
-int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
-int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
-int opt_md(const char *name, const EVP_MD **mdp);
-char *opt_arg(void);
-char *opt_flag(void);
-char *opt_unknown(void);
-char *opt_reset(void);
-char **opt_rest(void);
-int opt_num_rest(void);
-int opt_verify(int i, X509_VERIFY_PARAM *vpm);
-void opt_help(const OPTIONS * list);
-int opt_format_error(const char *s, unsigned long flags);
-int opt_next(void);
 
-typedef struct args_st {
-    int size;
-    int argc;
-    char **argv;
-} ARGS;
+#else
 
-# define PW_MIN_LENGTH 4
-typedef struct pw_cb_data {
-    const void *password;
-    const char *prompt_info;
-} PW_CB_DATA;
-
-int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
-
-int setup_ui_method(void);
-void destroy_ui_method(void);
-
-int chopup_args(ARGS *arg, char *buf);
-# ifdef HEADER_X509_H
-int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, const char *title, X509_NAME *nm,
-                unsigned long lflags);
-# endif
-void print_bignum_var(BIO *, BIGNUM *, const char*, int, unsigned char *);
-void print_array(BIO *, const char *, int, const unsigned char *);
-int set_cert_ex(unsigned long *flags, const char *arg);
-int set_name_ex(unsigned long *flags, const char *arg);
-int set_ext_copy(int *copy_type, const char *arg);
-int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
-int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(CONF *conf);
-X509 *load_cert(const char *file, int format,
-                const char *pass, ENGINE *e, const char *cert_descrip);
-X509_CRL *load_crl(const char *infile, int format);
-int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl);
-EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
-                   const char *pass, ENGINE *e, const char *key_descrip);
-EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
-                      const char *pass, ENGINE *e, const char *key_descrip);
-STACK_OF(X509) *load_certs(const char *file, int format,
-                           const char *pass, ENGINE *e,
-                           const char *cert_descrip);
-STACK_OF(X509_CRL) *load_crls(const char *file, int format,
-                              const char *pass, ENGINE *e,
-                              const char *cert_descrip);
-X509_STORE *setup_verify(char *CAfile, char *CApath,
-                         int noCAfile, int noCApath);
-int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
-                             const char *CApath, int noCAfile, int noCApath);
-# ifdef OPENSSL_NO_ENGINE
-#  define setup_engine(engine, debug) NULL
-# else
-ENGINE *setup_engine(const char *engine, int debug);
-# endif
-# ifndef OPENSSL_NO_OCSP
-OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
-                                 const char *host, const char *path,
-                                 const char *port, int use_ssl,
-                                 STACK_OF(CONF_VALUE) *headers,
-                                 int req_timeout);
-# endif
-
-/* Functions defined in ca.c and also used in ocsp.c */
-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
-                   ASN1_GENERALIZEDTIME **pinvtm, const char *str);
-
-# define DB_type         0
-# define DB_exp_date     1
-# define DB_rev_date     2
-# define DB_serial       3      /* index - unique */
-# define DB_file         4
-# define DB_name         5      /* index - unique when active and not
-                                 * disabled */
-# define DB_NUMBER       6
-
-# define DB_TYPE_REV     'R'
-# define DB_TYPE_EXP     'E'
-# define DB_TYPE_VAL     'V'
-
-typedef struct db_attr_st {
-    int unique_subject;
-} DB_ATTR;
-typedef struct ca_db_st {
-    DB_ATTR attributes;
-    TXT_DB *db;
-} CA_DB;
-
-void* app_malloc(int sz, const char *what);
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
-                ASN1_INTEGER **retai);
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
-CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
-int index_index(CA_DB *db);
-int save_index(const char *dbfile, const char *suffix, CA_DB *db);
-int rotate_index(const char *dbfile, const char *new_suffix,
-                 const char *old_suffix);
-void free_index(CA_DB *db);
-# define index_name_cmp_noconst(a, b) \
-        index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
-        (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
-int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
-int parse_yesno(const char *str, int def);
-
-X509_NAME *parse_name(const char *str, long chtype, int multirdn);
-int args_verify(char ***pargs, int *pargc,
-                int *badarg, X509_VERIFY_PARAM **pm);
-void policies_print(X509_STORE_CTX *ctx);
-int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
-int init_gen_str(EVP_PKEY_CTX **pctx,
-                 const char *algname, ENGINE *e, int do_param);
-int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
-                 STACK_OF(OPENSSL_STRING) *sigopts);
-int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
-                     STACK_OF(OPENSSL_STRING) *sigopts);
-int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
-                     STACK_OF(OPENSSL_STRING) *sigopts);
-# ifndef OPENSSL_NO_PSK
-extern char *psk_key;
-# endif
-# ifndef OPENSSL_NO_JPAKE
-void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
-void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
-# endif
-
-unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
-
-void print_cert_checks(BIO *bio, X509 *x,
-                       const char *checkhost,
-                       const char *checkemail, const char *checkip);
-
-void store_setup_crl_download(X509_STORE *st);
-
-/* See OPT_FMT_xxx, above. */
-/* On some platforms, it's important to distinguish between text and binary
- * files.  On some, there might even be specific file formats for different
- * contents.  The FORMAT_xxx macros are meant to express an intent with the
- * file being read or created.
- */
-# define B_FORMAT_TEXT   0x8000
-# define FORMAT_UNDEF    0
-# define FORMAT_TEXT    (1 | B_FORMAT_TEXT)     /* Generic text */
-# define FORMAT_BINARY   2                      /* Generic binary */
-# define FORMAT_BASE64  (3 | B_FORMAT_TEXT)     /* Base64 */
-# define FORMAT_ASN1     4                      /* ASN.1/DER */
-# define FORMAT_PEM     (5 | B_FORMAT_TEXT)
-# define FORMAT_PKCS12   6
-# define FORMAT_SMIME   (7 | B_FORMAT_TEXT)
-# define FORMAT_ENGINE   8                      /* Not really a file format */
-# define FORMAT_PEMRSA  (9 | B_FORMAT_TEXT)     /* PEM RSAPubicKey format */
-# define FORMAT_ASN1RSA  10                     /* DER RSAPubicKey format */
-# define FORMAT_MSBLOB   11                     /* MS Key blob format */
-# define FORMAT_PVK      12                     /* MS PVK file format */
-# define FORMAT_HTTP     13                     /* Download using HTTP */
-# define FORMAT_NSS      14                     /* NSS keylog format */
-
-# define EXT_COPY_NONE   0
-# define EXT_COPY_ADD    1
-# define EXT_COPY_ALL    2
-
-# define NETSCAPE_CERT_HDR       "certificate"
-
-# define APP_PASS_LEN    1024
-
-# define SERIAL_RAND_BITS        64
-
-int app_hex(char);
-int app_isdir(const char *);
-int app_access(const char *, int flag);
-int raw_read_stdin(void *, int);
-int raw_write_stdout(const void *, int);
-
-# define TM_START        0
-# define TM_STOP         1
-double app_tminterval(int stop, int usertime);
-
-/* this is an accident waiting to happen (-Wshadow is your friend) */
-extern int verify_depth;
-extern int verify_quiet;
-extern int verify_error;
-extern int verify_return_error;
-
-# include "progs.h"
+#define MAIN(a,v)	PROG(a,v)
+#include "conf.h"
+extern LHASH *config;
+extern char *default_config_file;
+extern BIO *bio_err;
+
+#endif
+
+#include <signal.h>
+
+#ifdef SIGPIPE
+#define do_pipe_sig()	signal(SIGPIPE,SIG_IGN)
+#else
+#define do_pipe_sig()
+#endif
+
+#if defined(MONOLITH) && !defined(SSLEAY)
+#  define apps_startup()	do_pipe_sig()
+#else
+#  if defined(MSDOS) || defined(WIN16) || defined(WIN32)
+#    ifdef _O_BINARY
+#      define apps_startup() \
+		_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+		SSLeay_add_all_algorithms()
+#    else
+#      define apps_startup() \
+		_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+		SSLeay_add_all_algorithms()
+#    endif
+#  else
+#    define apps_startup()	do_pipe_sig(); SSLeay_add_all_algorithms();
+#  endif
+#endif
+
+typedef struct args_st
+        {
+        char **data;
+	int count;
+        } ARGS;
+
+#ifndef NOPROTO
+int should_retry(int i);
+int args_from_file(char *file, int *argc, char **argv[]);
+int str2fmt(char *s);
+void program_name(char *in,char *out,int size);
+int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
+#else
+int should_retry();
+int args_from_file();
+int str2fmt();
+void program_name();
+int chopup_args();
+#endif
+
+#define FORMAT_UNDEF    0
+#define FORMAT_ASN1     1
+#define FORMAT_TEXT     2
+#define FORMAT_PEM      3
+#define FORMAT_NETSCAPE 4
 
 #endif

apps/asn1pars.c

@@ -1,24 +1,25 @@
+/* apps/asn1pars.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- *
+ * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ * 
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- *
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -33,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -48,330 +49,237 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
+ * 
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/*
- * A nice addition from Dr Stephen Henson <steve@openssl.org> to add the
- * -strparse option which parses nested binary structures
+/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to 
+ * add the -strparse option which parses nested binarary structures
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
+#include "err.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
 
-typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
-    OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
-    OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM
-} OPTION_CHOICE;
+/* -inform arg	- input format - default PEM (DER or PEM)
+ * -in arg	- input file - default stdin
+ * -i		- indent the details by depth
+ * -offset	- where in the file to start
+ * -length	- how many bytes to use
+ * -oid file	- extra oid decription file
+ */
 
-OPTIONS asn1parse_options[] = {
-    {"help", OPT_HELP, '-', "Display this summary"},
-    {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
-    {"in", OPT_IN, '<', "input file"},
-    {"out", OPT_OUT, '>', "output file (output format is always DER)"},
-    {"i", OPT_INDENT, 0, "entries"},
-    {"noout", OPT_NOOUT, 0, "don't produce any output"},
-    {"offset", OPT_OFFSET, 'p', "offset into file"},
-    {"length", OPT_LENGTH, 'p', "length of section in file"},
-    {"oid", OPT_OID, '<', "file of extra oid definitions"},
-    {"dump", OPT_DUMP, 0, "unknown data in hex form"},
-    {"dlimit", OPT_DLIMIT, 'p',
-     "dump the first arg bytes of unknown data in hex form"},
-    {"strparse", OPT_STRPARSE, 's',
-     "offset; a series of these can be used to 'dig'"},
-    {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
-    {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
-    {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
-    {OPT_MORE_STR, 0, 0, "(-inform  will be ignored)"},
-    {"strictpem", OPT_STRICTPEM, 0,
-     "do not attempt base64 decode outside PEM markers"},
-    {NULL}
-};
+#undef PROG
+#define PROG	asn1parse_main
 
-static int do_generate(char *genstr, char *genconf, BUF_MEM *buf);
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	int i,badops=0,offset=0,ret=1,j;
+	unsigned int length=0;
+	long num,tmplen;
+	BIO *in=NULL,*out=NULL,*b64=NULL;
+	int informat,indent=0;
+	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL;
+	unsigned char *tmpbuf;
+	BUF_MEM *buf=NULL;
+	STACK *osk=NULL;
+	ASN1_TYPE *at=NULL;
 
-int asn1parse_main(int argc, char **argv)
-{
-    ASN1_TYPE *at = NULL;
-    BIO *in = NULL, *b64 = NULL, *derout = NULL;
-    BUF_MEM *buf = NULL;
-    STACK_OF(OPENSSL_STRING) *osk = NULL;
-    char *genstr = NULL, *genconf = NULL;
-    char *infile = NULL, *str = NULL, *oidfile = NULL, *derfile = NULL;
-    char *name = NULL, *header = NULL, *prog;
-    const unsigned char *ctmpbuf;
-    int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
-    int offset = 0, ret = 1, i, j;
-    long num, tmplen;
-    unsigned char *tmpbuf;
-    unsigned int length = 0;
-    OPTION_CHOICE o;
+	informat=FORMAT_PEM;
 
-    prog = opt_init(argc, argv, asn1parse_options);
+	apps_startup();
 
-    if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
-        BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
-        goto end;
-    }
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
-    while ((o = opt_next()) != OPT_EOF) {
-        switch (o) {
-        case OPT_EOF:
-        case OPT_ERR:
- opthelp:
-            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
-            goto end;
-        case OPT_HELP:
-            opt_help(asn1parse_options);
-            ret = 0;
-            goto end;
-        case OPT_INFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
-                goto opthelp;
-            break;
-        case OPT_IN:
-            infile = opt_arg();
-            break;
-        case OPT_OUT:
-            derfile = opt_arg();
-            break;
-        case OPT_INDENT:
-            indent = 1;
-            break;
-        case OPT_NOOUT:
-            noout = 1;
-            break;
-        case OPT_OID:
-            oidfile = opt_arg();
-            break;
-        case OPT_OFFSET:
-            offset = strtol(opt_arg(), NULL, 0);
-            break;
-        case OPT_LENGTH:
-            length = atoi(opt_arg());
-            break;
-        case OPT_DUMP:
-            dump = -1;
-            break;
-        case OPT_DLIMIT:
-            dump = atoi(opt_arg());
-            break;
-        case OPT_STRPARSE:
-            sk_OPENSSL_STRING_push(osk, opt_arg());
-            break;
-        case OPT_GENSTR:
-            genstr = opt_arg();
-            break;
-        case OPT_GENCONF:
-            genconf = opt_arg();
-            break;
-        case OPT_STRICTPEM:
-            strictpem = 1;
-            informat = FORMAT_PEM;
-            break;
-        }
-    }
-    argc = opt_num_rest();
-    argv = opt_rest();
+	prog=argv[0];
+	argc--;
+	argv++;
+	if ((osk=sk_new_null()) == NULL)
+		{
+		BIO_printf(bio_err,"Malloc failure\n");
+		goto end;
+		}
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-i") == 0)
+			{
+			indent=1;
+			}
+		else if (strcmp(*argv,"-oid") == 0)
+			{
+			if (--argc < 1) goto bad;
+			oidfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-offset") == 0)
+			{
+			if (--argc < 1) goto bad;
+			offset= atoi(*(++argv));
+			}
+		else if (strcmp(*argv,"-length") == 0)
+			{
+			if (--argc < 1) goto bad;
+			length= atoi(*(++argv));
+			if (length == 0) goto bad;
+			}
+		else if (strcmp(*argv,"-strparse") == 0)
+			{
+			if (--argc < 1) goto bad;
+			sk_push(osk,*(++argv));
+			}
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
 
-    if (oidfile != NULL) {
-        in = bio_open_default(oidfile, 'r', FORMAT_TEXT);
-        if (in == NULL)
-            goto end;
-        OBJ_create_objects(in);
-        BIO_free(in);
-    }
+	if (badops)
+		{
+bad:
+		BIO_printf(bio_err,"%s [options] <infile\n",prog);
+		BIO_printf(bio_err,"where options are\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -offset arg   offset into file\n");
+		BIO_printf(bio_err," -length arg   lenth of section in file\n");
+		BIO_printf(bio_err," -i            indent entries\n");
+		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
+		BIO_printf(bio_err," -strparse offset\n");
+		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
+		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+		goto end;
+		}
 
-    if ((in = bio_open_default(infile, 'r', informat)) == NULL)
-        goto end;
+	ERR_load_crypto_strings();
 
-    if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)
-        goto end;
+	in=BIO_new(BIO_s_file());
+	out=BIO_new(BIO_s_file());
+	if ((in == NULL) || (out == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
 
-    if (strictpem) {
-        if (PEM_read_bio(in, &name, &header, (unsigned char **)&str, &num) !=
-            1) {
-            BIO_printf(bio_err, "Error reading PEM file\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    } else {
+	if (oidfile != NULL)
+		{
+		if (BIO_read_filename(in,oidfile) <= 0)
+			{
+			BIO_printf(bio_err,"problems opening %s\n",oidfile);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		OBJ_create_objects(in);
+		}
 
-        if ((buf = BUF_MEM_new()) == NULL)
-            goto end;
-        if (!BUF_MEM_grow(buf, BUFSIZ * 8))
-            goto end;           /* Pre-allocate :-) */
+	if (infile == NULL)
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
+			perror(infile);
+			goto end;
+			}
+		}
 
-        if (genstr || genconf) {
-            num = do_generate(genstr, genconf, buf);
-            if (num < 0) {
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-        }
+	if ((buf=BUF_MEM_new()) == NULL) goto end;
+	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
 
-        else {
+	if (informat == FORMAT_PEM)
+		{
+		BIO *tmp;
 
-            if (informat == FORMAT_PEM) {
-                BIO *tmp;
+		if ((b64=BIO_new(BIO_f_base64())) == NULL)
+			goto end;
+		BIO_push(b64,in);
+		tmp=in;
+		in=b64;
+		b64=tmp;
+		}
 
-                if ((b64 = BIO_new(BIO_f_base64())) == NULL)
-                    goto end;
-                BIO_push(b64, in);
-                tmp = in;
-                in = b64;
-                b64 = tmp;
-            }
+	num=0;
+	for (;;)
+		{
+		if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
+		i=BIO_read(in,&(buf->data[num]),BUFSIZ);
+		if (i <= 0) break;
+		num+=i;
+		}
+	str=buf->data;
 
-            num = 0;
-            for (;;) {
-                if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
-                    goto end;
-                i = BIO_read(in, &(buf->data[num]), BUFSIZ);
-                if (i <= 0)
-                    break;
-                num += i;
-            }
-        }
-        str = buf->data;
+	/* If any structs to parse go through in sequence */
 
-    }
+	if (sk_num(osk))
+		{
+		tmpbuf=(unsigned char *)str;
+		tmplen=num;
+		for (i=0; i<sk_num(osk); i++)
+			{
+			j=atoi(sk_value(osk,i));
+			if (j == 0)
+				{
+				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
+				continue;
+				}
+			tmpbuf+=j;
+			tmplen-=j;
+			if (d2i_ASN1_TYPE(&at,&tmpbuf,tmplen) == NULL)
+				{
+				BIO_printf(bio_err,"Error parsing structure\n");
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			/* hmm... this is a little evil but it works */
+			tmpbuf=at->value.asn1_string->data;
+			tmplen=at->value.asn1_string->length;
+			}
+		str=(char *)tmpbuf;
+		num=tmplen;
+		}
 
-    /* If any structs to parse go through in sequence */
+	if (length == 0) length=(unsigned int)num;
+	if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	ret=0;
+end:
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free(out);
+	if (b64 != NULL) BIO_free(b64);
+	if (ret != 0)
+		ERR_print_errors(bio_err);
+	if (buf != NULL) BUF_MEM_free(buf);
+	if (at != NULL) ASN1_TYPE_free(at);
+	if (osk != NULL) sk_free(osk);
+	OBJ_cleanup();
+	EXIT(ret);
+	}
 
-    if (sk_OPENSSL_STRING_num(osk)) {
-        tmpbuf = (unsigned char *)str;
-        tmplen = num;
-        for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
-            ASN1_TYPE *atmp;
-            int typ;
-            j = atoi(sk_OPENSSL_STRING_value(osk, i));
-            if (j == 0) {
-                BIO_printf(bio_err, "'%s' is an invalid number\n",
-                           sk_OPENSSL_STRING_value(osk, i));
-                continue;
-            }
-            tmpbuf += j;
-            tmplen -= j;
-            atmp = at;
-            ctmpbuf = tmpbuf;
-            at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
-            ASN1_TYPE_free(atmp);
-            if (!at) {
-                BIO_printf(bio_err, "Error parsing structure\n");
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-            typ = ASN1_TYPE_get(at);
-            if ((typ == V_ASN1_OBJECT)
-                || (typ == V_ASN1_BOOLEAN)
-                || (typ == V_ASN1_NULL)) {
-                BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-            /* hmm... this is a little evil but it works */
-            tmpbuf = at->value.asn1_string->data;
-            tmplen = at->value.asn1_string->length;
-        }
-        str = (char *)tmpbuf;
-        num = tmplen;
-    }
-
-    if (offset >= num) {
-        BIO_printf(bio_err, "Error: offset too large\n");
-        goto end;
-    }
-
-    num -= offset;
-
-    if ((length == 0) || ((long)length > num))
-        length = (unsigned int)num;
-    if (derout) {
-        if (BIO_write(derout, str + offset, length) != (int)length) {
-            BIO_printf(bio_err, "Error writing output\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
-    if (!noout &&
-        !ASN1_parse_dump(bio_out, (unsigned char *)&(str[offset]), length,
-                         indent, dump)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-    ret = 0;
- end:
-    BIO_free(derout);
-    BIO_free(in);
-    BIO_free(b64);
-    if (ret != 0)
-        ERR_print_errors(bio_err);
-    BUF_MEM_free(buf);
-    OPENSSL_free(name);
-    OPENSSL_free(header);
-    if (strictpem)
-        OPENSSL_free(str);
-    ASN1_TYPE_free(at);
-    sk_OPENSSL_STRING_free(osk);
-    OBJ_cleanup();
-    return (ret);
-}
-
-static int do_generate(char *genstr, char *genconf, BUF_MEM *buf)
-{
-    CONF *cnf = NULL;
-    int len;
-    unsigned char *p;
-    ASN1_TYPE *atyp = NULL;
-
-    if (genconf) {
-        if ((cnf = app_load_config(genconf)) == NULL)
-            goto err;
-        if (!genstr)
-            genstr = NCONF_get_string(cnf, "default", "asn1");
-        if (!genstr) {
-            BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
-            goto err;
-        }
-    }
-
-    atyp = ASN1_generate_nconf(genstr, cnf);
-    NCONF_free(cnf);
-    cnf = NULL;
-
-    if (!atyp)
-        return -1;
-
-    len = i2d_ASN1_TYPE(atyp, NULL);
-
-    if (len <= 0)
-        goto err;
-
-    if (!BUF_MEM_grow(buf, len))
-        goto err;
-
-    p = (unsigned char *)buf->data;
-
-    i2d_ASN1_TYPE(atyp, &p);
-
-    ASN1_TYPE_free(atyp);
-    return len;
-
- err:
-    NCONF_free(cnf);
-    ASN1_TYPE_free(atyp);
-    return -1;
-}

apps/ca-cert.srl

@@ -1 +1 @@
-07
+05

apps/ca-key.pem

@@ -1,16 +1,15 @@
------BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL4tQNyKy4U2zX6l
-IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
-DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
-vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAECgYA3j6sSg+5f9hnldUMzbPjTh8Sb
-XsJlPrc6UFrmMBzGiUleXSpe9Dbla+x0XvQCN4pwMvAN4nnWp/f0Su5BV/9Y93nb
-im5ijGNrfN9i6QrnqGCr+MMute+4E8HR2pCScX0mBLDDf40SmDvMzCaxtd21keyr
-9DqHgInQZNEi6NKlkQJBAPCbUTFg6iQ6VTCQ8CsEf5q2xHhuTK23fJ999lvWVxN7
-QsvWb9RP9Ng34HVtvB7Pl6P7FyHLQYiDJhhvYR0L0+kCQQDKV/09Kt6Wjf5Omp1I
-wd3A+tFnipdqnPw+qNHGjevv0hYiEIWQOYbx00zXgaX+WN/pzV9eeNN2XAxlNJ++
-dxcPAkBrzeuPKFFAcjKBVC+H1rgl5gYZv7Hzk+buv02G0H6rZ+sB0c7BXiHiTwbv
-Fn/XfkP/YR14Ms3mEH0dLaphjU8hAkEAh3Ar/rRiN04mCcEuRFQXtaNtZSv8PA2G
-Pf7MI2Y9pdHupLCAZlBLRjTUO2/5hu1AO4QPMPIZQSFN3rRBtMCL+wJAMp/m2hvI
-TmtbMp/IrKGfma09e3yFiCmoNn7cHLJ7jLvXcacV2XNzpr9YHfBxiZo0g9FqZKvv
-PZoQ5B2XJ7bhTQ==
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----

apps/ca-req.pem

@@ -1,11 +1,11 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
-GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDDBJUZXN0IENBICgx
-MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4tQNyKy4U2zX6l
-IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
-DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
-vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQCo
-2jE7J1SNV7kyRm9m8CoPw8xYsuVcVFxPheBymYp8BlO0/rSdYygRjobpYnLVRUPZ
-pV792wzT1Rp4sXfZWO10lkFY4yi0pH2cdK2RX7qedibV1Xu9vt/yYANFBKVpA4dy
-PRyTQwi3In1N8hdfddpYR8f5MIUYRe5poFMIJcf8JA==
+MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
+MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
+bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
+FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
+cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
+cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
+5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
+kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
 -----END CERTIFICATE REQUEST-----

apps/ciphers.c

@@ -1,24 +1,25 @@
+/* apps/ciphers.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- *
+ * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ * 
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- *
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -33,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -48,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
+ * 
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -58,197 +59,133 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
 #include "apps.h"
-#include <openssl/err.h>
-#include <openssl/ssl.h>
+#include "err.h"
+#include "ssl.h"
 
-typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_STDNAME,
-    OPT_SSL3,
-    OPT_TLS1,
-    OPT_TLS1_1,
-    OPT_TLS1_2,
-    OPT_PSK,
-    OPT_V, OPT_UPPER_V, OPT_S
-} OPTION_CHOICE;
+#undef PROG
+#define PROG	ciphers_main
 
-OPTIONS ciphers_options[] = {
-    {"help", OPT_HELP, '-', "Display this summary"},
-    {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
-    {"V", OPT_UPPER_V, '-', "Even more verbose"},
-    {"s", OPT_S, '-', "Only supported ciphers"},
-    {"tls1", OPT_TLS1, '-', "TLS1 mode"},
-    {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
-    {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
-#ifndef OPENSSL_NO_SSL_TRACE
-    {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
-#endif
-#ifndef OPENSSL_NO_SSL3
-    {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
-#endif
-#ifndef OPENSSL_NO_PSK
-    {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
-#endif
-    {NULL}
+static char *ciphers_usage[]={
+"usage: ciphers args\n",
+" -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
+" -ssl2       - SSL2 mode\n",
+" -ssl3       - SSL3 mode\n",
+NULL
 };
 
-#ifndef OPENSSL_NO_PSK
-static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
-                              unsigned int max_identity_len,
-                              unsigned char *psk,
-                              unsigned int max_psk_len)
-{
-    return 0;
-}
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	int ret=1,i;
+	int verbose=0;
+	char **pp,*p;
+	int badops=0;
+	SSL_CTX *ctx=NULL;
+	SSL *ssl=NULL;
+	char *ciphers=NULL;
+	SSL_METHOD *meth=NULL;
+	STACK *sk;
+	char buf[512];
+	BIO *STDout=NULL;
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+	meth=SSLv23_server_method();
+#elif !defined(NO_SSL3)
+	meth=SSLv3_server_method();
+#elif !defined(NO_SSL2)
+	meth=SSLv2_server_method();
 #endif
 
-int ciphers_main(int argc, char **argv)
-{
-    SSL_CTX *ctx = NULL;
-    SSL *ssl = NULL;
-    STACK_OF(SSL_CIPHER) *sk = NULL;
-    const SSL_METHOD *meth = TLS_server_method();
-    int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
-#ifndef OPENSSL_NO_SSL_TRACE
-    int stdname = 0;
+	apps_startup();
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if (strcmp(*argv,"-v") == 0)
+			verbose=1;
+#ifndef NO_SSL2
+		else if (strcmp(*argv,"-ssl2") == 0)
+			meth=SSLv2_client_method();
 #endif
-#ifndef OPENSSL_NO_PSK
-    int psk = 0;
+#ifndef NO_SSL3
+		else if (strcmp(*argv,"-ssl3") == 0)
+			meth=SSLv3_client_method();
 #endif
-    const char *p;
-    char *ciphers = NULL, *prog;
-    char buf[512];
-    OPTION_CHOICE o;
+		else if ((strncmp(*argv,"-h",2) == 0) ||
+			 (strcmp(*argv,"-?") == 0))
+			{
+			badops=1;
+			break;
+			}
+		else
+			{
+			ciphers= *argv;
+			}
+		argc--;
+		argv++;
+		}
 
-    prog = opt_init(argc, argv, ciphers_options);
-    while ((o = opt_next()) != OPT_EOF) {
-        switch (o) {
-        case OPT_EOF:
-        case OPT_ERR:
- opthelp:
-            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
-            goto end;
-        case OPT_HELP:
-            opt_help(ciphers_options);
-            ret = 0;
-            goto end;
-        case OPT_V:
-            verbose = 1;
-            break;
-        case OPT_UPPER_V:
-            verbose = Verbose = 1;
-            break;
-        case OPT_S:
-            use_supported = 1;
-            break;
-        case OPT_STDNAME:
-#ifndef OPENSSL_NO_SSL_TRACE
-            stdname = verbose = 1;
-#endif
-            break;
-        case OPT_SSL3:
-#ifndef OPENSSL_NO_SSL3
-            meth = SSLv3_client_method();
-#endif
-            break;
-        case OPT_TLS1:
-            meth = TLSv1_client_method();
-            break;
-        case OPT_TLS1_1:
-            meth = TLSv1_1_client_method();
-            break;
-        case OPT_TLS1_2:
-            meth = TLSv1_2_client_method();
-            break;
-        case OPT_PSK:
-#ifndef OPENSSL_NO_PSK
-            psk = 1;
-#endif
-            break;
-        }
-    }
-    argv = opt_rest();
-    argc = opt_num_rest();
+	if (badops)
+		{
+		for (pp=ciphers_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err,*pp);
+		goto end;
+		}
 
-    if (argc == 1)
-        ciphers = *argv;
-    else if (argc != 0)
-        goto opthelp;
+	SSLeay_add_ssl_algorithms();
 
-    ctx = SSL_CTX_new(meth);
-    if (ctx == NULL)
-        goto err;
-#ifndef OPENSSL_NO_PSK
-    if (psk)
-        SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
-#endif
-    if (ciphers != NULL) {
-        if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
-            BIO_printf(bio_err, "Error in cipher list\n");
-            goto err;
-        }
-    }
-    ssl = SSL_new(ctx);
-    if (ssl == NULL)
-        goto err;
+	ctx=SSL_CTX_new(meth);
+	if (ctx == NULL) goto err;
+	if (ciphers != NULL)
+		SSL_CTX_set_cipher_list(ctx,ciphers);
+	ssl=SSL_new(ctx);
+	if (ssl == NULL) goto err;
 
-    if (use_supported)
-        sk = SSL_get1_supported_ciphers(ssl);
-    else
-        sk = SSL_get_ciphers(ssl);
 
-    if (!verbose) {
-        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-            const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
-            p = SSL_CIPHER_get_name(c);
-            if (p == NULL)
-                break;
-            if (i != 0)
-                BIO_printf(bio_out, ":");
-            BIO_printf(bio_out, "%s", p);
-        }
-        BIO_printf(bio_out, "\n");
-    } else {
+	if (!verbose)
+		{
+		for (i=0; ; i++)
+			{
+			p=SSL_get_cipher_list(ssl,i);
+			if (p == NULL) break;
+			if (i != 0) BIO_printf(STDout,":");
+			BIO_printf(STDout,"%s",p);
+			}
+		BIO_printf(STDout,"\n");
+		}
+	else
+		{
+		sk=SSL_get_ciphers(ssl);
 
-        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-            const SSL_CIPHER *c;
+		for (i=0; i<sk_num(sk); i++)
+			{
+			BIO_puts(STDout,SSL_CIPHER_description(
+				(SSL_CIPHER *)sk_value(sk,i),
+				buf,512));
+			}
+		}
 
-            c = sk_SSL_CIPHER_value(sk, i);
+	ret=0;
+	if (0)
+		{
+err:
+		SSL_load_error_strings();
+		ERR_print_errors(bio_err);
+		}
+end:
+	if (ctx != NULL) SSL_CTX_free(ctx);
+	if (ssl != NULL) SSL_free(ssl);
+	if (STDout != NULL) BIO_free(STDout);
+	EXIT(ret);
+	}
 
-            if (Verbose) {
-                unsigned long id = SSL_CIPHER_get_id(c);
-                int id0 = (int)(id >> 24);
-                int id1 = (int)((id >> 16) & 0xffL);
-                int id2 = (int)((id >> 8) & 0xffL);
-                int id3 = (int)(id & 0xffL);
-
-                if ((id & 0xff000000L) == 0x03000000L)
-                    BIO_printf(bio_out, "          0x%02X,0x%02X - ", id2, id3); /* SSL3
-                                                                                  * cipher */
-                else
-                    BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
-            }
-#ifndef OPENSSL_NO_SSL_TRACE
-            if (stdname) {
-                const char *nm = SSL_CIPHER_standard_name(c);
-                if (nm == NULL)
-                    nm = "UNKNOWN";
-                BIO_printf(bio_out, "%s - ", nm);
-            }
-#endif
-            BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
-        }
-    }
-
-    ret = 0;
-    goto end;
- err:
-    ERR_print_errors(bio_err);
- end:
-    if (use_supported)
-        sk_SSL_CIPHER_free(sk);
-    SSL_CTX_free(ctx);
-    SSL_free(ssl);
-    return (ret);
-}

apps/client.pem

@@ -1,52 +1,24 @@
-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
-+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
-lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
-nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
-x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
-bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
-AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
-AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
-BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
-hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
-curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
-IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
-vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
-QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
-CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
+MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5
+MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw
+Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt
+XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5
+NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3
+UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE
+9TKwhS4GlwbtCfxSKQ==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
-wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
-agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
-mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
-MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
-HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
-p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
-KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
-1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
-L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
-LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
-Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
-/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
-1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
-1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
-NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
-zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
-mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
-5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
-u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
-HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
-tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
-SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
-kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
-1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
+MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
+q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
+/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
+HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
+ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
+nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
+ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
 -----END RSA PRIVATE KEY-----

apps/crl.c

@@ -1,24 +1,25 @@
+/* apps/crl.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- *
+ * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ * 
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- *
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -33,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -48,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
+ * 
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,337 +60,271 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
+#include "bio.h"
+#include "err.h"
+#include "x509.h"
+#include "pem.h"
 
-typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
-    OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
-    OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
-    OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD,
-    OPT_NOOUT, OPT_NAMEOPT, OPT_MD
-} OPTION_CHOICE;
+#undef PROG
+#define PROG	crl_main
 
-OPTIONS crl_options[] = {
-    {"help", OPT_HELP, '-', "Display this summary"},
-    {"inform", OPT_INFORM, 'F', "Input format; default PEM"},
-    {"in", OPT_IN, '<', "Input file - default stdin"},
-    {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
-    {"out", OPT_OUT, '>', "output file - default stdout"},
-    {"keyform", OPT_KEYFORM, 'F'},
-    {"key", OPT_KEY, '<'},
-    {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
-    {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
-    {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
-    {"noout", OPT_NOOUT, '-', "No CRL output"},
-    {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
-    {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
-    {"badsig", OPT_BADSIG, '-'},
-    {"gendelta", OPT_GENDELTA, '<'},
-    {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
-    {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
-    {"no-CAfile", OPT_NOCAFILE, '-',
-     "Do not load the default certificates file"},
-    {"no-CApath", OPT_NOCAPATH, '-',
-     "Do not load certificates from the default certificates directory"},
-    {"verify", OPT_VERIFY, '-'},
-    {"text", OPT_TEXT, '-', "Print out a text format version"},
-    {"hash", OPT_HASH, '-', "Print hash value"},
-    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
-    {"", OPT_MD, '-', "Any supported digest"},
-#ifndef OPENSSL_NO_MD5
-    {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
-#endif
-    {NULL}
+#undef POSTFIX
+#define	POSTFIX	".rvk"
+
+static char *crl_usage[]={
+"usage: crl args\n",
+"\n",
+" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -outform arg    - output format - default PEM\n",
+" -text           - print out a text format version\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -hash           - print hash value\n",
+" -issuer         - print issuer DN\n",
+" -lastupdate     - lastUpdate field\n",
+" -nextupdate     - nextUpdate field\n",
+" -noout          - no CRL output\n",
+NULL
 };
 
-int crl_main(int argc, char **argv)
-{
-    X509_CRL *x = NULL;
-    BIO *out = NULL;
-    X509_STORE *store = NULL;
-    X509_STORE_CTX ctx;
-    X509_LOOKUP *lookup = NULL;
-    X509_OBJECT xobj;
-    EVP_PKEY *pkey;
-    const EVP_MD *digest = EVP_sha1();
-    unsigned long nmflag = 0;
-    char nmflag_set = 0;
-    char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
-    char *CAfile = NULL, *CApath = NULL, *prog;
-    OPTION_CHOICE o;
-    int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
-    int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
-    int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0;
-    int i;
-#ifndef OPENSSL_NO_MD5
-    int hash_old = 0;
+#ifndef NOPROTO
+static X509_CRL *load_crl(char *file, int format);
+#else
+static X509_CRL *load_crl();
 #endif
 
-    prog = opt_init(argc, argv, crl_options);
-    while ((o = opt_next()) != OPT_EOF) {
-        switch (o) {
-        case OPT_EOF:
-        case OPT_ERR:
- opthelp:
-            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
-            goto end;
-        case OPT_HELP:
-            opt_help(crl_options);
-            ret = 0;
-            goto end;
-        case OPT_INFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
-                goto opthelp;
-            break;
-        case OPT_IN:
-            infile = opt_arg();
-            break;
-        case OPT_OUTFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
-                goto opthelp;
-            break;
-        case OPT_OUT:
-            outfile = opt_arg();
-            break;
-        case OPT_KEYFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
-                goto opthelp;
-            break;
-        case OPT_KEY:
-            keyfile = opt_arg();
-            break;
-        case OPT_GENDELTA:
-            crldiff = opt_arg();
-            break;
-        case OPT_CAPATH:
-            CApath = opt_arg();
-            do_ver = 1;
-            break;
-        case OPT_CAFILE:
-            CAfile = opt_arg();
-            do_ver = 1;
-            break;
-        case OPT_NOCAPATH:
-            noCApath =  1;
-            break;
-        case OPT_NOCAFILE:
-            noCAfile =  1;
-            break;
-        case OPT_HASH_OLD:
-#ifndef OPENSSL_NO_MD5
-            hash_old = ++num;
+static BIO *bio_out=NULL;
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	X509_CRL *x=NULL;
+	int ret=1,i,num,badops=0;
+	BIO *out=NULL;
+	int informat,outformat;
+	char *infile=NULL,*outfile=NULL;
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
+	char **pp,buf[256];
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (bio_out == NULL)
+		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+
+	argc--;
+	argv++;
+	num=0;
+	while (argc >= 1)
+		{
+#ifdef undef
+		if	(strcmp(*argv,"-p") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
+			}
 #endif
-            break;
-        case OPT_VERIFY:
-            do_ver = 1;
-            break;
-        case OPT_TEXT:
-            text = 1;
-            break;
-        case OPT_HASH:
-            hash = ++num;
-            break;
-        case OPT_ISSUER:
-            issuer = ++num;
-            break;
-        case OPT_LASTUPDATE:
-            lastupdate = ++num;
-            break;
-        case OPT_NEXTUPDATE:
-            nextupdate = ++num;
-            break;
-        case OPT_NOOUT:
-            noout = ++num;
-            break;
-        case OPT_FINGERPRINT:
-            fingerprint = ++num;
-            break;
-        case OPT_CRLNUMBER:
-            crlnumber = ++num;
-            break;
-        case OPT_BADSIG:
-            badsig = 1;
-            break;
-        case OPT_NAMEOPT:
-            nmflag_set = 1;
-            if (!set_name_ex(&nmflag, opt_arg()))
-                goto opthelp;
-            break;
-        case OPT_MD:
-            if (!opt_md(opt_unknown(), &digest))
-                goto opthelp;
-        }
-    }
-    argc = opt_num_rest();
-    argv = opt_rest();
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-text") == 0)
+			{
+			outformat=FORMAT_TEXT;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-hash") == 0)
+			hash= ++num;
+		else if (strcmp(*argv,"-issuer") == 0)
+			issuer= ++num;
+		else if (strcmp(*argv,"-lastupdate") == 0)
+			lastupdate= ++num;
+		else if (strcmp(*argv,"-nextupdate") == 0)
+			nextupdate= ++num;
+		else if (strcmp(*argv,"-noout") == 0)
+			noout= ++num;
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
 
-    if (!nmflag_set)
-        nmflag = XN_FLAG_ONELINE;
+	if (outformat == FORMAT_TEXT)
+		{
+		num=0;
+		issuer= ++num;
+		lastupdate= ++num;
+		nextupdate= ++num;
+		}
 
-    x = load_crl(infile, informat);
-    if (x == NULL)
-        goto end;
+	if (badops)
+		{
+bad:
+		for (pp=crl_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err,*pp);
+		goto end;
+		}
 
-    if (do_ver) {
-        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
-            goto end;
-        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
-        if (lookup == NULL)
-            goto end;
-        if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
-            BIO_printf(bio_err, "Error initialising X509 store\n");
-            goto end;
-        }
+	ERR_load_crypto_strings();
+	x=load_crl(infile,informat);
+	if (x == NULL) { goto end; }
 
-        i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
-                                      X509_CRL_get_issuer(x), &xobj);
-        if (i <= 0) {
-            BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
-            goto end;
-        }
-        pkey = X509_get0_pubkey(xobj.data.x509);
-        X509_OBJECT_free_contents(&xobj);
-        if (!pkey) {
-            BIO_printf(bio_err, "Error getting CRL issuer public key\n");
-            goto end;
-        }
-        i = X509_CRL_verify(x, pkey);
-        if (i < 0)
-            goto end;
-        if (i == 0)
-            BIO_printf(bio_err, "verify failure\n");
-        else
-            BIO_printf(bio_err, "verify OK\n");
-    }
+	if (num)
+		{
+		for (i=1; i<=num; i++)
+			{
+			if (issuer == i)
+				{
+				X509_NAME_oneline(x->crl->issuer,buf,256);
+				fprintf(stdout,"issuer= %s\n",buf);
+				}
 
-    if (crldiff) {
-        X509_CRL *newcrl, *delta;
-        if (!keyfile) {
-            BIO_puts(bio_err, "Missing CRL signing key\n");
-            goto end;
-        }
-        newcrl = load_crl(crldiff, informat);
-        if (!newcrl)
-            goto end;
-        pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
-        if (!pkey) {
-            X509_CRL_free(newcrl);
-            goto end;
-        }
-        delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
-        X509_CRL_free(newcrl);
-        EVP_PKEY_free(pkey);
-        if (delta) {
-            X509_CRL_free(x);
-            x = delta;
-        } else {
-            BIO_puts(bio_err, "Error creating delta CRL\n");
-            goto end;
-        }
-    }
+			if (hash == i)
+				{
+				fprintf(stdout,"%08lx\n",
+					X509_NAME_hash(x->crl->issuer));
+				}
+			if (lastupdate == i)
+				{
+				fprintf(stdout,"lastUpdate=");
+				ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
+				fprintf(stdout,"\n");
+				}
+			if (nextupdate == i)
+				{
+				fprintf(stdout,"nextUpdate=");
+				if (x->crl->nextUpdate != NULL)
+					ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+				else
+					fprintf(stdout,"NONE");
+				fprintf(stdout,"\n");
+				}
+			}
+		}
 
-    if (num) {
-        for (i = 1; i <= num; i++) {
-            if (issuer == i) {
-                print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
-                           nmflag);
-            }
-            if (crlnumber == i) {
-                ASN1_INTEGER *crlnum;
-                crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
-                BIO_printf(bio_out, "crlNumber=");
-                if (crlnum) {
-                    i2a_ASN1_INTEGER(bio_out, crlnum);
-                    ASN1_INTEGER_free(crlnum);
-                } else
-                    BIO_puts(bio_out, "<NONE>");
-                BIO_printf(bio_out, "\n");
-            }
-            if (hash == i) {
-                BIO_printf(bio_out, "%08lx\n",
-                           X509_NAME_hash(X509_CRL_get_issuer(x)));
-            }
-#ifndef OPENSSL_NO_MD5
-            if (hash_old == i) {
-                BIO_printf(bio_out, "%08lx\n",
-                           X509_NAME_hash_old(X509_CRL_get_issuer(x)));
-            }
-#endif
-            if (lastupdate == i) {
-                BIO_printf(bio_out, "lastUpdate=");
-                ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x));
-                BIO_printf(bio_out, "\n");
-            }
-            if (nextupdate == i) {
-                BIO_printf(bio_out, "nextUpdate=");
-                if (X509_CRL_get_nextUpdate(x))
-                    ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x));
-                else
-                    BIO_printf(bio_out, "NONE");
-                BIO_printf(bio_out, "\n");
-            }
-            if (fingerprint == i) {
-                int j;
-                unsigned int n;
-                unsigned char md[EVP_MAX_MD_SIZE];
+	if (noout) goto end;
 
-                if (!X509_CRL_digest(x, digest, md, &n)) {
-                    BIO_printf(bio_err, "out of memory\n");
-                    goto end;
-                }
-                BIO_printf(bio_out, "%s Fingerprint=",
-                           OBJ_nid2sn(EVP_MD_type(digest)));
-                for (j = 0; j < (int)n; j++) {
-                    BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
-                               ? '\n' : ':');
-                }
-            }
-        }
-    }
-    out = bio_open_default(outfile, 'w', outformat);
-    if (out == NULL)
-        goto end;
+	out=BIO_new(BIO_s_file());
+	if (out == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
 
-    if (text)
-        X509_CRL_print(out, x);
+	if (outfile == NULL)
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
+			perror(outfile);
+			goto end;
+			}
+		}
 
-    if (noout) {
-        ret = 0;
-        goto end;
-    }
+	if 	(outformat == FORMAT_ASN1)
+		i=(int)i2d_X509_CRL_bio(out,x);
+	else if (outformat == FORMAT_PEM)
+		i=PEM_write_bio_X509_CRL(out,x);
+	else if (outformat == FORMAT_TEXT)
+		{
+		X509_REVOKED *r;
+		STACK *sk;
 
-    if (badsig) {
-        ASN1_BIT_STRING *sig;
-        unsigned char *psig;
-        X509_CRL_get0_signature(&sig, NULL, x);
-        psig = ASN1_STRING_data(sig);
-        psig[ASN1_STRING_length(sig) - 1] ^= 0x1;
-    }
+		sk=sk_dup(x->crl->revoked);
+		while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
+			{
+			fprintf(stdout,"revoked: serialNumber=");
+			i2a_ASN1_INTEGER(out,r->serialNumber);
+			fprintf(stdout," revocationDate=");
+			ASN1_UTCTIME_print(bio_out,r->revocationDate);
+			fprintf(stdout,"\n");
+			}
+		sk_free(sk);
+		i=1;
+		}
+	else	
+		{
+		BIO_printf(bio_err,"bad output format specified for outfile\n");
+		goto end;
+		}
+	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
+	ret=0;
+end:
+	if (out != NULL) BIO_free(out);
+	if (bio_out != NULL) BIO_free(bio_out);
+	if (x != NULL) X509_CRL_free(x);
+	EXIT(ret);
+	}
 
-    if (outformat == FORMAT_ASN1)
-        i = (int)i2d_X509_CRL_bio(out, x);
-    else
-        i = PEM_write_bio_X509_CRL(out, x);
-    if (!i) {
-        BIO_printf(bio_err, "unable to write CRL\n");
-        goto end;
-    }
-    ret = 0;
+static X509_CRL *load_crl(infile, format)
+char *infile;
+int format;
+	{
+	X509_CRL *x=NULL;
+	BIO *in=NULL;
+
+	in=BIO_new(BIO_s_file());
+	if (in == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (infile == NULL)
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
+			perror(infile);
+			goto end;
+			}
+		}
+	if 	(format == FORMAT_ASN1)
+		x=d2i_X509_CRL_bio(in,NULL);
+	else if (format == FORMAT_PEM)
+		x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+	else	{
+		BIO_printf(bio_err,"bad input format specified for input crl\n");
+		goto end;
+		}
+	if (x == NULL)
+		{
+		BIO_printf(bio_err,"unable to load CRL\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	
+end:
+	if (in != NULL) BIO_free(in);
+	return(x);
+	}
 
- end:
-    if (ret != 0)
-        ERR_print_errors(bio_err);
-    BIO_free_all(out);
-    X509_CRL_free(x);
-    if (store) {
-        X509_STORE_CTX_cleanup(&ctx);
-        X509_STORE_free(store);
-    }
-    return (ret);
-}

apps/crl2p7.c

@@ -1,24 +1,25 @@
+/* apps/crl2p7.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- *
+ * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ * 
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- *
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -33,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -48,225 +49,286 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
+ * 
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/*
- * This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu> and
- * donated 'to the cause' along with lots and lots of other fixes to the
- * library.
- */
+/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
+ * and donated 'to the cause' along with lots and lots of other fixes to
+ * the library. */
 
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include "apps.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-#include <openssl/objects.h>
+#include "err.h"
+#include "evp.h"
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+#include "objects.h"
 
-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
+#ifndef NOPROTO
+static int add_certs_from_file(STACK *stack, char *certfile);
+#else
+static int add_certs_from_file();
+#endif
 
-typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
-} OPTION_CHOICE;
+#undef PROG
+#define PROG	crl2pkcs7_main
 
-OPTIONS crl2pkcs7_options[] = {
-    {"help", OPT_HELP, '-', "Display this summary"},
-    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
-    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
-    {"in", OPT_IN, '<', "Input file"},
-    {"out", OPT_OUT, '>', "Output file"},
-    {"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
-    {"certfile", OPT_CERTFILE, '<',
-     "File of chain of certs to a trusted CA; can be repeated"},
-    {NULL}
-};
+/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg	- input file - default stdin
+ * -out arg	- output file - default stdout
+ */
 
-int crl2pkcs7_main(int argc, char **argv)
-{
-    BIO *in = NULL, *out = NULL;
-    PKCS7 *p7 = NULL;
-    PKCS7_SIGNED *p7s = NULL;
-    STACK_OF(OPENSSL_STRING) *certflst = NULL;
-    STACK_OF(X509) *cert_stack = NULL;
-    STACK_OF(X509_CRL) *crl_stack = NULL;
-    X509_CRL *crl = NULL;
-    char *infile = NULL, *outfile = NULL, *prog, *certfile;
-    int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
-        0;
-    OPTION_CHOICE o;
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	int i,badops=0;
+	BIO *in=NULL,*out=NULL;
+	int informat,outformat;
+	char *infile,*outfile,*prog,*certfile;
+	PKCS7 *p7 = NULL;
+	PKCS7_SIGNED *p7s = NULL;
+	X509_CRL *crl=NULL;
+	STACK *crl_stack=NULL;
+	STACK *cert_stack=NULL;
+	int ret=1,nocrl=0;
 
-    prog = opt_init(argc, argv, crl2pkcs7_options);
-    while ((o = opt_next()) != OPT_EOF) {
-        switch (o) {
-        case OPT_EOF:
-        case OPT_ERR:
- opthelp:
-            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
-            goto end;
-        case OPT_HELP:
-            opt_help(crl2pkcs7_options);
-            ret = 0;
-            goto end;
-        case OPT_INFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
-                goto opthelp;
-            break;
-        case OPT_OUTFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
-                goto opthelp;
-            break;
-        case OPT_IN:
-            infile = opt_arg();
-            break;
-        case OPT_OUT:
-            outfile = opt_arg();
-            break;
-        case OPT_NOCRL:
-            nocrl = 1;
-            break;
-        case OPT_CERTFILE:
-            if ((certflst == NULL)
-                && (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
-                goto end;
-            if (!sk_OPENSSL_STRING_push(certflst, opt_arg())) {
-                sk_OPENSSL_STRING_free(certflst);
-                goto end;
-            }
-            break;
-        }
-    }
-    argc = opt_num_rest();
-    argv = opt_rest();
+	apps_startup();
 
-    if (!nocrl) {
-        in = bio_open_default(infile, 'r', informat);
-        if (in == NULL)
-            goto end;
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
-        if (informat == FORMAT_ASN1)
-            crl = d2i_X509_CRL_bio(in, NULL);
-        else if (informat == FORMAT_PEM)
-            crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
-        if (crl == NULL) {
-            BIO_printf(bio_err, "unable to load CRL\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
+	infile=NULL;
+	outfile=NULL;
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+	certfile=NULL;
 
-    if ((p7 = PKCS7_new()) == NULL)
-        goto end;
-    if ((p7s = PKCS7_SIGNED_new()) == NULL)
-        goto end;
-    p7->type = OBJ_nid2obj(NID_pkcs7_signed);
-    p7->d.sign = p7s;
-    p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
+	prog=argv[0];
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-nocrl") == 0)
+			{
+			nocrl=1;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-certfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			certfile= *(++argv);
+			}
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
 
-    if (!ASN1_INTEGER_set(p7s->version, 1))
-        goto end;
-    if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
-        goto end;
-    p7s->crl = crl_stack;
-    if (crl != NULL) {
-        sk_X509_CRL_push(crl_stack, crl);
-        crl = NULL;             /* now part of p7 for OPENSSL_freeing */
-    }
+	if (badops)
+		{
+bad:
+		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+		BIO_printf(bio_err,"where options are\n");
+		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -in arg        inout file\n");
+		BIO_printf(bio_err," -out arg       output file\n");
+		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
+		EXIT(1);
+		}
 
-    if ((cert_stack = sk_X509_new_null()) == NULL)
-        goto end;
-    p7s->cert = cert_stack;
+	ERR_load_crypto_strings();
 
-    if (certflst)
-        for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
-            certfile = sk_OPENSSL_STRING_value(certflst, i);
-            if (add_certs_from_file(cert_stack, certfile) < 0) {
-                BIO_printf(bio_err, "error loading certificates\n");
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-        }
+	in=BIO_new(BIO_s_file());
+	out=BIO_new(BIO_s_file());
+	if ((in == NULL) || (out == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
 
-    sk_OPENSSL_STRING_free(certflst);
+	if (!nocrl)
+		{
+		if (infile == NULL)
+			BIO_set_fp(in,stdin,BIO_NOCLOSE);
+		else
+			{
+			if (BIO_read_filename(in,infile) <= 0)
+				{
+				perror(infile);
+				goto end;
+				}
+			}
 
-    out = bio_open_default(outfile, 'w', outformat);
-    if (out == NULL)
-        goto end;
+		if 	(informat == FORMAT_ASN1)
+			crl=d2i_X509_CRL_bio(in,NULL);
+		else if (informat == FORMAT_PEM)
+			crl=PEM_read_bio_X509_CRL(in,NULL,NULL);
+		else	{
+			BIO_printf(bio_err,"bad input format specified for input crl\n");
+			goto end;
+			}
+		if (crl == NULL)
+			{
+			BIO_printf(bio_err,"unable to load CRL\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+	
+	if ((p7=PKCS7_new()) == NULL) goto end;
+	if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
+	p7->type=OBJ_nid2obj(NID_pkcs7_signed);
+	p7->d.sign=p7s;
+	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
 
-    if (outformat == FORMAT_ASN1)
-        i = i2d_PKCS7_bio(out, p7);
-    else if (outformat == FORMAT_PEM)
-        i = PEM_write_bio_PKCS7(out, p7);
-    if (!i) {
-        BIO_printf(bio_err, "unable to write pkcs7 object\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-    ret = 0;
- end:
-    BIO_free(in);
-    BIO_free_all(out);
-    PKCS7_free(p7);
-    X509_CRL_free(crl);
+	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
+	if ((crl_stack=sk_new(NULL)) == NULL) goto end;
+	p7s->crl=crl_stack;
+	if (crl != NULL)
+		{
+		sk_push(crl_stack,(char *)crl);
+		crl=NULL; /* now part of p7 for Freeing */
+		}
 
-    return (ret);
-}
+	if ((cert_stack=sk_new(NULL)) == NULL) goto end;
+	p7s->cert=cert_stack;
 
-/*-
+	if (certfile != NULL) 
+		{
+		if (add_certs_from_file(cert_stack,certfile) < 0)
+			{
+			BIO_printf(bio_err,"error loading certificates\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+
+	if (outfile == NULL)
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
+			perror(outfile);
+			goto end;
+			}
+		}
+
+	if 	(outformat == FORMAT_ASN1)
+		i=i2d_PKCS7_bio(out,p7);
+	else if (outformat == FORMAT_PEM)
+		i=PEM_write_bio_PKCS7(out,p7);
+	else	{
+		BIO_printf(bio_err,"bad output format specified for outfile\n");
+		goto end;
+		}
+	if (!i)
+		{
+		BIO_printf(bio_err,"unable to write pkcs7 object\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	ret=0;
+end:
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free(out);
+	if (p7 != NULL) PKCS7_free(p7);
+	if (crl != NULL) X509_CRL_free(crl);
+
+	EXIT(ret);
+	}
+
+/*
  *----------------------------------------------------------------------
  * int add_certs_from_file
  *
- *      Read a list of certificates to be checked from a file.
+ *	Read a list of certificates to be checked from a file.
  *
  * Results:
- *      number of certs added if successful, -1 if not.
+ *	number of certs added if successful, -1 if not.
  *----------------------------------------------------------------------
  */
-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
-{
-    BIO *in = NULL;
-    int count = 0;
-    int ret = -1;
-    STACK_OF(X509_INFO) *sk = NULL;
-    X509_INFO *xi;
+static int add_certs_from_file(stack,certfile)
+STACK *stack;
+char *certfile;
+	{
+	struct stat st;
+	BIO *in=NULL;
+	int count=0;
+	int ret= -1;
+	STACK *sk=NULL;
+	X509_INFO *xi;
 
-    in = BIO_new_file(certfile, "r");
-    if (in == NULL) {
-        BIO_printf(bio_err, "error opening the file, %s\n", certfile);
-        goto end;
-    }
+	if ((stat(certfile,&st) != 0))
+		{
+		BIO_printf(bio_err,"unable to file the file, %s\n",certfile);
+		goto end;
+		}
 
-    /* This loads from a file, a stack of x509/crl/pkey sets */
-    sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
-    if (sk == NULL) {
-        BIO_printf(bio_err, "error reading the file, %s\n", certfile);
-        goto end;
-    }
+	in=BIO_new(BIO_s_file());
+	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
+		{
+		goto end;
+		}
 
-    /* scan over it and pull out the CRL's */
-    while (sk_X509_INFO_num(sk)) {
-        xi = sk_X509_INFO_shift(sk);
-        if (xi->x509 != NULL) {
-            sk_X509_push(stack, xi->x509);
-            xi->x509 = NULL;
-            count++;
-        }
-        X509_INFO_free(xi);
-    }
+	/* This loads from a file, a stack of x509/crl/pkey sets */
+	sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
+	if (sk == NULL) goto end;
+
+	/* scan over it and pull out the CRL's */
+	while (sk_num(sk))
+		{
+		xi=(X509_INFO *)sk_shift(sk);
+		if (xi->x509 != NULL)
+			{
+			sk_push(stack,(char *)xi->x509);
+			xi->x509=NULL;
+			count++;
+			}
+		X509_INFO_free(xi);
+		}
+
+	ret=count;
+end:
+ 	/* never need to Free x */
+	if (in != NULL) BIO_free(in);
+	if (sk != NULL) sk_free(sk);
+	return(ret);
+	}
 
-    ret = count;
- end:
-    /* never need to OPENSSL_free x */
-    BIO_free(in);
-    sk_X509_INFO_free(sk);
-    return (ret);
-}

apps/demoSRP/srp_verifier.txt

@@ -1,6 +0,0 @@
-# This is a file that will be filled by the openssl srp routine.
-# You can initialize the file with additional groups, these are
-# records starting with a I followed by the g and N values and the id.
-# The exact values ... you have to dig this out from the source of srp.c
-# or srp_vfy.c
-# The last value of an I is used as the default group for new users.  

apps/demoSRP/srp_verifier.txt.attr

@@ -1 +0,0 @@
-unique_subject = yes

apps/der_chop

@@ -0,0 +1,305 @@
+#!/usr/local/bin/perl
+#
+# der_chop ... this is one total hack that Eric is really not proud of
+#              so don't look at it and don't ask for support
+#
+# The "documentation" for this (i.e. all the comments) are my fault --tjh
+#
+# This program takes the "raw" output of derparse/asn1parse and 
+# converts it into tokens and then runs regular expression matches
+# to try to figure out what to grab to get the things that are needed
+# and it is possible that this will do the wrong thing as it is a *hack*
+#
+# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
+# [I know ... promises promises :-)]
+#
+# To convert a Netscape Certificate:
+#    der_chop < ServerCert.der > cert.pem
+# To convert a Netscape Key (and encrypt it again to protect it)
+#    rsa -inform NET -in ServerKey.der -des > key.pem
+#
+# 23-Apr-96 eay    Added the extra ASN.1 string types, I still think this
+#		   is an evil hack.  If nothing else the parsing should
+#		   be relative, not absolute.
+# 19-Apr-96 tjh    hacked (with eay) into 0.5.x format
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+
+require 'getopts.pl';
+
+$debug=0;
+
+# this was the 0.4.x way of doing things ...
+$cmd="derparse";
+$x509_cmd="x509";
+$crl_cmd="crl";
+$rc4_cmd="rc4";
+$md2_cmd="md2";
+$md4_cmd="md4";
+$rsa_cmd="rsa -des -inform der ";
+
+# this was the 0.5.x way of doing things ...
+$cmd="ssleay asn1parse";
+$x509_cmd="ssleay x509";
+$crl_cmd="ssleay crl";
+$rc4_cmd="ssleay rc4";
+$md2_cmd="ssleay md2";
+$md4_cmd="ssleay md4";
+$rsa_cmd="ssleay rsa -des -inform der ";
+
+&Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
+$depth=($opt_d =~ /^\d+$/)?$opt_d:0;
+
+&init_der();
+
+if ($#ARGV != -1)
+	{
+	foreach $file (@ARGV)
+		{
+		print STDERR "doing $file\n";
+		&dofile($file);
+		}
+	}
+else
+	{
+	$file="/tmp/a$$.DER";
+	open(OUT,">$file") || die "unable to open $file:$!\n";
+	for (;;)
+		{
+		$i=sysread(STDIN,$b,1024*10);
+		last if ($i <= 0);
+		$i=syswrite(OUT,$b,$i);
+		}
+	&dofile($file);
+	unlink($file);
+	}
+	
+sub dofile
+	{
+	local($file)=@_;
+	local(@p);
+
+	$b=&load_file($file);
+	@p=&load_file_parse($file);
+
+	foreach $_ (@p)
+		{
+		($off,$d,$hl,$len)=&parse_line($_);
+		$d-=$depth;
+		next if ($d != 0);
+		next if ($len == 0);
+
+		$o=substr($b,$off,$len+$hl);
+		($str,@data)=&der_str($o);
+		print "$str\n" if ($opt_v);
+		if ($str =~ /^$crl/)
+			{
+			open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
+				die "unable to run $crl_cmd:$!\n";
+			print OUT $o;
+			close(OUT);
+			}
+		elsif ($str =~ /^$x509/)
+			{
+			open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
+				|| die "unable to run $x509_cmd:$!\n";
+			print OUT $o;
+			close(OUT);
+			}
+		elsif ($str =~ /^$rsa/)
+			{
+			($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
+			next unless ($type eq "rsaEncryption");
+			($off,$d,$hl,$len)=&parse_line($data[5]);
+			$os=substr($o,$off+$hl,$len);
+			open(OUT,"|$rsa_cmd")
+				|| die "unable to run $rsa_cmd:$!\n";
+			print OUT $os;
+			close(OUT);
+			}
+		elsif ($str =~ /^0G-1D-1G/)
+			{
+			($off,$d,$hl,$len)=&parse_line($data[1]);
+			$os=substr($o,$off+$hl,$len);
+			print STDERR "<$os>\n" if $opt_v;
+			&do_certificate($o,@data)
+				if (($os eq "certificate") &&
+				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
+			&do_private_key($o,@data)
+				if (($os eq "private-key") &&
+				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
+			}
+		}
+	}
+
+sub der_str
+	{
+	local($str)=@_;
+	local(*OUT,*IN,@a,$t,$d,$ret);
+	local($file)="/tmp/b$$.DER";
+	local(@ret);
+
+	open(OUT,">$file");
+	print OUT $str;
+	close(OUT);
+	open(IN,"$cmd -inform 'd' -in $file |") ||
+		die "unable to run $cmd:$!\n";
+	$ret="";
+	while (<IN>)
+		{
+		chop;
+		push(@ret,$_);
+
+		print STDERR "$_\n" if ($debug);
+
+		@a=split(/\s*:\s*/);
+		($d)=($a[1] =~ /d=\s*(\d+)/);
+		$a[2] =~ s/\s+$//;
+		$t=$DER_s2i{$a[2]};
+		$ret.="$d$t-";
+		}
+	close(IN);
+	unlink($file);
+	chop $ret;
+	$ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
+	$ret =~ s/(-3G-4B-4L)+/-RCERT/g;
+	return($ret,@ret);
+	}
+
+sub init_der
+	{
+	$crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
+	$x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
+	$rsa= "0G-1B-1G-2F-2E-1D";
+
+	%DER_i2s=(
+		# SSLeay 0.4.x has this list
+		"A","EOC",
+		"B","INTEGER",
+		"C","BIT STRING",
+		"D","OCTET STRING",
+		"E","NULL",
+		"F","OBJECT",
+		"G","SEQUENCE",
+		"H","SET",
+		"I","PRINTABLESTRING",
+		"J","T61STRING",
+		"K","IA5STRING",
+		"L","UTCTIME",
+		"M","NUMERICSTRING",
+		"N","VIDEOTEXSTRING",
+		"O","GENERALIZEDTIME",
+		"P","GRAPHICSTRING",
+		"Q","ISO64STRING",
+		"R","GENERALSTRING",
+		"S","UNIVERSALSTRING",
+
+		# SSLeay 0.5.x changed some things ... and I'm
+		# leaving in the old stuff but adding in these
+		# to handle the new as well --tjh
+		# - Well I've just taken them out and added the extra new
+		# ones :-) - eay
+		);
+
+	foreach (keys %DER_i2s)
+		{ $DER_s2i{$DER_i2s{$_}}=$_; }
+	}
+
+sub parse_line
+	{
+	local($_)=@_;
+
+	return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
+	}
+
+#  0:d=0 hl=4 l=377 cons: univ: SEQUENCE          
+#  4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING      
+# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE          
+# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE          
+# 23:d=3 hl=2 l=  8 prim: univ: OBJECT_IDENTIFIER :rc4
+# 33:d=3 hl=2 l=  0 prim: univ: NULL              
+# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
+sub do_private_key
+	{
+	local($data,@struct)=@_;
+	local($file)="/tmp/b$$.DER";
+	local($off,$d,$hl,$len,$_,$b,@p,$s);
+
+	($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
+	if ($type eq "rc4")
+		{
+		($off,$d,$hl,$len)=&parse_line($struct[6]);
+		open(OUT,"|$rc4_cmd >$file") ||
+			die "unable to run $rc4_cmd:$!\n";
+		print OUT substr($data,$off+$hl,$len);
+		close(OUT);
+
+		$b=&load_file($file);
+		unlink($file);
+
+		($s,@p)=&der_str($b);
+		die "unknown rsa key type\n$s\n"
+			if ($s ne '0G-1B-1G-2F-2E-1D');
+		local($off,$d,$hl,$len)=&parse_line($p[5]);
+		$b=substr($b,$off+$hl,$len);
+		($s,@p)=&der_str($b);
+		open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
+		print OUT $b;
+		close(OUT);
+		}
+	else
+		{
+		print "'$type' is unknown\n";
+		exit(1);
+		}
+	}
+
+sub do_certificate
+	{
+	local($data,@struct)=@_;
+	local($file)="/tmp/b$$.DER";
+	local($off,$d,$hl,$len,$_,$b,@p,$s);
+
+	($off,$d,$hl,$len)=&parse_line($struct[2]);
+	$b=substr($data,$off,$len+$hl);
+
+	open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
+	print OUT $b;
+	close(OUT);
+	}
+
+sub load_file
+	{
+	local($file)=@_;
+	local(*IN,$r,$b,$i);
+
+	$r="";
+	open(IN,"<$file") || die "unable to open $file:$!\n";
+	for (;;)
+		{
+		$i=sysread(IN,$b,10240);
+		last if ($i <= 0);
+		$r.=$b;
+		}
+	close(IN);
+	return($r);
+	}
+
+sub load_file_parse
+	{
+	local($file)=@_;
+	local(*IN,$r,@ret,$_,$i,$n,$b);
+
+	open(IN,"$cmd -inform d -in $file|")
+		|| die "unable to run der_parse\n";
+	while (<IN>)
+		{
+		chop;
+		push(@ret,$_);
+		}
+	return($r,@ret);
+	}
+

apps/dgst.c

@@ -1,24 +1,25 @@
+/* apps/dgst.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- *
+ * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ * 
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- *
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -33,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -48,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
+ * 
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,462 +60,170 @@
 #include <string.h>
 #include <stdlib.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/hmac.h>
+#include "bio.h"
+#include "err.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "pem.h"
 
 #undef BUFSIZE
-#define BUFSIZE 1024*8
+#define BUFSIZE	1024*8
 
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-          EVP_PKEY *key, unsigned char *sigin, int siglen,
-          const char *sig_name, const char *md_name,
-          const char *file, BIO *bmd);
+#undef PROG
+#define PROG	dgst_main
 
-typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
-    OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
-    OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
-    OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
-    OPT_DIGEST
-} OPTION_CHOICE;
-
-OPTIONS dgst_options[] = {
-    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
-    {OPT_HELP_STR, 1, '-',
-        "  file... files to digest (default is stdin)\n"},
-    {"help", OPT_HELP, '-', "Display this summary"},
-    {"c", OPT_C, '-', "Print the digest with separating colons"},
-    {"r", OPT_R, '-', "Print the digest in coreutils format"},
-    {"rand", OPT_RAND, 's'},
-    {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
-    {"passin", OPT_PASSIN, 's'},
-    {"sign", OPT_SIGN, '<', "Sign digest using private key in file"},
-    {"verify", OPT_VERIFY, '<',
-     "Verify a signature using public key in file"},
-    {"prverify", OPT_PRVERIFY, '<',
-     "Verify a signature using private key in file"},
-    {"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
-    {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
-    {"hex", OPT_HEX, '-', "Print as hex dump"},
-    {"binary", OPT_BINARY, '-', "Print in binary form"},
-    {"d", OPT_DEBUG, '-', "Print debug info"},
-    {"debug", OPT_DEBUG, '-'},
-    {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-'},
-    {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
-    {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
-    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
-    {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
-    {"", OPT_DIGEST, '-', "Any supported digest"},
-#ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-    {"engine_impl", OPT_ENGINE_IMPL, '-'},
+#ifndef NOPROTO
+void do_fp(unsigned char *buf,BIO *f,int sep);
+#else
+void do_fp();
 #endif
-    {NULL}
-};
 
-int dgst_main(int argc, char **argv)
-{
-    BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
-    ENGINE *e = NULL, *impl = NULL;
-    EVP_PKEY *sigkey = NULL;
-    STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
-    char *hmac_key = NULL;
-    char *mac_name = NULL;
-    char *passinarg = NULL, *passin = NULL;
-    const EVP_MD *md = NULL, *m;
-    const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
-    const char *sigfile = NULL, *randfile = NULL;
-    OPTION_CHOICE o;
-    int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
-    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
-    unsigned char *buf = NULL, *sigbuf = NULL;
-    int engine_impl = 0;
+int MAIN(argc,argv)
+int argc;
+char **argv;
+	{
+	unsigned char *buf=NULL;
+	int i,err=0;
+	EVP_MD *md=NULL,*m;
+	BIO *in=NULL,*inp;
+	BIO *bmd=NULL;
+	char *name;
+#define PROG_NAME_SIZE  16
+        char pname[PROG_NAME_SIZE];
+	int separator=0;
+	int debug=0;
 
-    prog = opt_progname(argv[0]);
-    buf = app_malloc(BUFSIZE, "I/O buffer");
-    md = EVP_get_digestbyname(prog);
+	apps_startup();
 
-    prog = opt_init(argc, argv, dgst_options);
-    while ((o = opt_next()) != OPT_EOF) {
-        switch (o) {
-        case OPT_EOF:
-        case OPT_ERR:
- opthelp:
-            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
-            goto end;
-        case OPT_HELP:
-            opt_help(dgst_options);
-            ret = 0;
-            goto end;
-        case OPT_C:
-            separator = 1;
-            break;
-        case OPT_R:
-            separator = 2;
-            break;
-        case OPT_RAND:
-            randfile = opt_arg();
-            break;
-        case OPT_OUT:
-            outfile = opt_arg();
-            break;
-        case OPT_SIGN:
-            keyfile = opt_arg();
-            break;
-        case OPT_PASSIN:
-            passinarg = opt_arg();
-            break;
-        case OPT_VERIFY:
-            keyfile = opt_arg();
-            want_pub = do_verify = 1;
-            break;
-        case OPT_PRVERIFY:
-            keyfile = opt_arg();
-            do_verify = 1;
-            break;
-        case OPT_SIGNATURE:
-            sigfile = opt_arg();
-            break;
-        case OPT_KEYFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
-                goto opthelp;
-            break;
-        case OPT_ENGINE:
-            e = setup_engine(opt_arg(), 0);
-            break;
-        case OPT_ENGINE_IMPL:
-            engine_impl = 1;
-            break;
-        case OPT_HEX:
-            out_bin = 0;
-            break;
-        case OPT_BINARY:
-            out_bin = 1;
-            break;
-        case OPT_DEBUG:
-            debug = 1;
-            break;
-        case OPT_FIPS_FINGERPRINT:
-            hmac_key = "etaonrishdlcupfm";
-            break;
-        case OPT_HMAC:
-            hmac_key = opt_arg();
-            break;
-        case OPT_MAC:
-            mac_name = opt_arg();
-            break;
-        case OPT_SIGOPT:
-            if (!sigopts)
-                sigopts = sk_OPENSSL_STRING_new_null();
-            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
-                goto opthelp;
-            break;
-        case OPT_MACOPT:
-            if (!macopts)
-                macopts = sk_OPENSSL_STRING_new_null();
-            if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
-                goto opthelp;
-            break;
-        case OPT_DIGEST:
-            if (!opt_md(opt_unknown(), &m))
-                goto opthelp;
-            md = m;
-            break;
-        }
-    }
-    argc = opt_num_rest();
-    argv = opt_rest();
+	if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL)
+		{
+		BIO_printf(bio_err,"out of memory\n");
+		goto end;
+		}
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
-    if (do_verify && !sigfile) {
-        BIO_printf(bio_err,
-                   "No signature to verify: use the -signature option\n");
-        goto end;
-    }
-    if (engine_impl)
-        impl = e;
+	/* first check the program name */
+        program_name(argv[0],pname,PROG_NAME_SIZE);
 
-    in = BIO_new(BIO_s_file());
-    bmd = BIO_new(BIO_f_md());
-    if ((in == NULL) || (bmd == NULL)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
+	md=EVP_get_digestbyname(pname);
 
-    if (debug) {
-        BIO_set_callback(in, BIO_debug_callback);
-        /* needed for windows 3.1 */
-        BIO_set_callback_arg(in, (char *)bio_err);
-    }
+	argc--;
+	argv++;
+	for (i=0; i<argc; i++)
+		{
+		if ((*argv)[0] != '-') break;
+		if (strcmp(*argv,"-c") == 0)
+			separator=1;
+		else if (strcmp(*argv,"-d") == 0)
+			debug=1;
+		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+			md=m;
+		else
+			break;
+		argc--;
+		argv++;
+		}
 
-    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
-        BIO_printf(bio_err, "Error getting password\n");
-        goto end;
-    }
+	if (md == NULL)
+		md=EVP_md5();
 
-    if (out_bin == -1) {
-        if (keyfile)
-            out_bin = 1;
-        else
-            out_bin = 0;
-    }
+	if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
+		{
+		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
+		BIO_printf(bio_err,"options are\n");
+		BIO_printf(bio_err,"-c   to output the digest with separating colons\n");
+		BIO_printf(bio_err,"-d   to output debug info\n");
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
+			LN_md5,LN_md5);
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+			LN_md2,LN_md2);
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+			LN_sha1,LN_sha1);
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+			LN_sha,LN_sha);
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+			LN_mdc2,LN_mdc2);
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+			LN_ripemd160,LN_ripemd160);
+		err=1;
+		goto end;
+		}
+	
+	in=BIO_new(BIO_s_file());
+	bmd=BIO_new(BIO_f_md());
+	if (debug)
+		{
+		BIO_set_callback(in,BIO_debug_callback);
+		/* needed for windows 3.1 */
+		BIO_set_callback_arg(in,bio_err);
+		}
 
-    if (randfile)
-        app_RAND_load_file(randfile, 0);
+	if ((in == NULL) || (bmd == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
 
-    out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
-    if (out == NULL)
-        goto end;
+	/* we use md as a filter, reading from 'in' */
+	BIO_set_md(bmd,md);
+	inp=BIO_push(bmd,in);
 
-    if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
-        BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
-        goto end;
-    }
+	if (argc == 0)
+		{
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+		do_fp(buf,inp,separator);
+		}
+	else
+		{
+		name=OBJ_nid2sn(md->type);
+		for (i=0; i<argc; i++)
+			{
+			if (BIO_read_filename(in,argv[i]) <= 0)
+				{
+				perror(argv[i]);
+				err++;
+				continue;
+				}
+			printf("%s(%s)= ",name,argv[i]);
+			do_fp(buf,inp,separator);
+			BIO_reset(bmd);
+			}
+		}
+end:
+	if (buf != NULL)
+		{
+		memset(buf,0,BUFSIZE);
+		Free(buf);
+		}
+	if (in != NULL) BIO_free(in);
+	if (bmd != NULL) BIO_free(bmd);
+	EXIT(err);
+	}
 
-    if (keyfile) {
-        if (want_pub)
-            sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
-        else
-            sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
-        if (!sigkey) {
-            /*
-             * load_[pub]key() has already printed an appropriate message
-             */
-            goto end;
-        }
-    }
+void do_fp(buf,bp,sep)
+unsigned char *buf;
+BIO *bp;
+int sep;
+	{
+	int len;
+	int i;
 
-    if (mac_name) {
-        EVP_PKEY_CTX *mac_ctx = NULL;
-        int r = 0;
-        if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
-            goto mac_end;
-        if (macopts) {
-            char *macopt;
-            for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
-                macopt = sk_OPENSSL_STRING_value(macopts, i);
-                if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
-                    BIO_printf(bio_err,
-                               "MAC parameter error \"%s\"\n", macopt);
-                    ERR_print_errors(bio_err);
-                    goto mac_end;
-                }
-            }
-        }
-        if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
-            BIO_puts(bio_err, "Error generating key\n");
-            ERR_print_errors(bio_err);
-            goto mac_end;
-        }
-        r = 1;
- mac_end:
-        EVP_PKEY_CTX_free(mac_ctx);
-        if (r == 0)
-            goto end;
-    }
+	for (;;)
+		{
+		i=BIO_read(bp,(char *)buf,BUFSIZE);
+		if (i <= 0) break;
+		}
+	len=BIO_gets(bp,(char *)buf,BUFSIZE);
 
-    if (hmac_key) {
-        sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
-                                      (unsigned char *)hmac_key, -1);
-        if (!sigkey)
-            goto end;
-    }
+	for (i=0; i<len; i++)
+		{
+		if (sep && (i != 0))
+			putc(':',stdout);
+		printf("%02x",buf[i]);
+		}
+	printf("\n");
+	}
 
-    if (sigkey) {
-        EVP_MD_CTX *mctx = NULL;
-        EVP_PKEY_CTX *pctx = NULL;
-        int r;
-        if (!BIO_get_md_ctx(bmd, &mctx)) {
-            BIO_printf(bio_err, "Error getting context\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        if (do_verify)
-            r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
-        else
-            r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
-        if (!r) {
-            BIO_printf(bio_err, "Error setting context\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        if (sigopts) {
-            char *sigopt;
-            for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
-                sigopt = sk_OPENSSL_STRING_value(sigopts, i);
-                if (pkey_ctrl_string(pctx, sigopt) <= 0) {
-                    BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
-                    ERR_print_errors(bio_err);
-                    goto end;
-                }
-            }
-        }
-    }
-    /* we use md as a filter, reading from 'in' */
-    else {
-        EVP_MD_CTX *mctx = NULL;
-        if (!BIO_get_md_ctx(bmd, &mctx)) {
-            BIO_printf(bio_err, "Error getting context\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        if (md == NULL)
-            md = EVP_sha256();
-        if (!EVP_DigestInit_ex(mctx, md, impl)) {
-            BIO_printf(bio_err, "Error setting digest\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
-
-    if (sigfile && sigkey) {
-        BIO *sigbio = BIO_new_file(sigfile, "rb");
-        if (!sigbio) {
-            BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        siglen = EVP_PKEY_size(sigkey);
-        sigbuf = app_malloc(siglen, "signature buffer");
-        siglen = BIO_read(sigbio, sigbuf, siglen);
-        BIO_free(sigbio);
-        if (siglen <= 0) {
-            BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
-    inp = BIO_push(bmd, in);
-
-    if (md == NULL) {
-        EVP_MD_CTX *tctx;
-        BIO_get_md_ctx(bmd, &tctx);
-        md = EVP_MD_CTX_md(tctx);
-    }
-
-    if (argc == 0) {
-        BIO_set_fp(in, stdin, BIO_NOCLOSE);
-        ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
-                    siglen, NULL, NULL, "stdin", bmd);
-    } else {
-        const char *md_name = NULL, *sig_name = NULL;
-        if (!out_bin) {
-            if (sigkey) {
-                const EVP_PKEY_ASN1_METHOD *ameth;
-                ameth = EVP_PKEY_get0_asn1(sigkey);
-                if (ameth)
-                    EVP_PKEY_asn1_get0_info(NULL, NULL,
-                                            NULL, NULL, &sig_name, ameth);
-            }
-            if (md)
-                md_name = EVP_MD_name(md);
-        }
-        ret = 0;
-        for (i = 0; i < argc; i++) {
-            int r;
-            if (BIO_read_filename(in, argv[i]) <= 0) {
-                perror(argv[i]);
-                ret++;
-                continue;
-            } else
-                r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
-                          siglen, sig_name, md_name, argv[i], bmd);
-            if (r)
-                ret = r;
-            (void)BIO_reset(bmd);
-        }
-    }
- end:
-    OPENSSL_clear_free(buf, BUFSIZE);
-    BIO_free(in);
-    OPENSSL_free(passin);
-    BIO_free_all(out);
-    EVP_PKEY_free(sigkey);
-    sk_OPENSSL_STRING_free(sigopts);
-    sk_OPENSSL_STRING_free(macopts);
-    OPENSSL_free(sigbuf);
-    BIO_free(bmd);
-    return (ret);
-}
-
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-          EVP_PKEY *key, unsigned char *sigin, int siglen,
-          const char *sig_name, const char *md_name,
-          const char *file, BIO *bmd)
-{
-    size_t len;
-    int i;
-
-    for (;;) {
-        i = BIO_read(bp, (char *)buf, BUFSIZE);
-        if (i < 0) {
-            BIO_printf(bio_err, "Read Error in %s\n", file);
-            ERR_print_errors(bio_err);
-            return 1;
-        }
-        if (i == 0)
-            break;
-    }
-    if (sigin) {
-        EVP_MD_CTX *ctx;
-        BIO_get_md_ctx(bp, &ctx);
-        i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
-        if (i > 0)
-            BIO_printf(out, "Verified OK\n");
-        else if (i == 0) {
-            BIO_printf(out, "Verification Failure\n");
-            return 1;
-        } else {
-            BIO_printf(bio_err, "Error Verifying Data\n");
-            ERR_print_errors(bio_err);
-            return 1;
-        }
-        return 0;
-    }
-    if (key) {
-        EVP_MD_CTX *ctx;
-        BIO_get_md_ctx(bp, &ctx);
-        len = BUFSIZE;
-        if (!EVP_DigestSignFinal(ctx, buf, &len)) {
-            BIO_printf(bio_err, "Error Signing Data\n");
-            ERR_print_errors(bio_err);
-            return 1;
-        }
-    } else {
-        len = BIO_gets(bp, (char *)buf, BUFSIZE);
-        if ((int)len < 0) {
-            ERR_print_errors(bio_err);
-            return 1;
-        }
-    }
-
-    if (binout)
-        BIO_write(out, buf, len);
-    else if (sep == 2) {
-        for (i = 0; i < (int)len; i++)
-            BIO_printf(out, "%02x", buf[i]);
-        BIO_printf(out, " *%s\n", file);
-    } else {
-        if (sig_name) {
-            BIO_puts(out, sig_name);
-            if (md_name)
-                BIO_printf(out, "-%s", md_name);
-            BIO_printf(out, "(%s)= ", file);
-        } else if (md_name)
-            BIO_printf(out, "%s(%s)= ", md_name, file);
-        else
-            BIO_printf(out, "(%s)= ", file);
-        for (i = 0; i < (int)len; i++) {
-            if (sep && (i != 0))
-                BIO_printf(out, ":");
-            BIO_printf(out, "%02x", buf[i]);
-        }
-        BIO_printf(out, "\n");
-    }
-    return 0;
-}

apps/dh.c

@@ -0,0 +1,312 @@
+/* apps/dh.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "bn.h"
+#include "dh.h"
+#include "x509.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG	dh_main
+
+/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg	- input file - default stdin
+ * -out arg	- output file - default stdout
+ * -check	- check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	DH *dh=NULL;
+	int i,badops=0,text=0;
+	BIO *in=NULL,*out=NULL;
+	int informat,outformat,check=0,noout=0,C=0,ret=1;
+	char *infile,*outfile,*prog;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	infile=NULL;
+	outfile=NULL;
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+
+	prog=argv[0];
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-check") == 0)
+			check=1;
+		else if (strcmp(*argv,"-text") == 0)
+			text=1;
+		else if (strcmp(*argv,"-C") == 0)
+			C=1;
+		else if (strcmp(*argv,"-noout") == 0)
+			noout=1;
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+		BIO_printf(bio_err,"where options are\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -out arg      output file\n");
+		BIO_printf(bio_err," -check        check the DH parameters\n");
+		BIO_printf(bio_err," -text         check the DH parameters\n");
+		BIO_printf(bio_err," -C            Output C code\n");
+		BIO_printf(bio_err," -noout        no output\n");
+		goto end;
+		}
+
+	ERR_load_crypto_strings();
+
+	in=BIO_new(BIO_s_file());
+	out=BIO_new(BIO_s_file());
+	if ((in == NULL) || (out == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (infile == NULL)
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
+			perror(infile);
+			goto end;
+			}
+		}
+	if (outfile == NULL)
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
+			perror(outfile);
+			goto end;
+			}
+		}
+
+	if	(informat == FORMAT_ASN1)
+		dh=d2i_DHparams_bio(in,NULL);
+	else if (informat == FORMAT_PEM)
+		dh=PEM_read_bio_DHparams(in,NULL,NULL);
+	else
+		{
+		BIO_printf(bio_err,"bad input format specified\n");
+		goto end;
+		}
+	if (dh == NULL)
+		{
+		BIO_printf(bio_err,"unable to load DH parameters\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	
+
+	if (text)
+		{
+		DHparams_print(out,dh);
+#ifdef undef
+		printf("p=");
+		BN_print(stdout,dh->p);
+		printf("\ng=");
+		BN_print(stdout,dh->g);
+		printf("\n");
+		if (dh->length != 0)
+			printf("recomented private length=%ld\n",dh->length);
+#endif
+		}
+	
+	if (check)
+		{
+		if (!DH_check(dh,&i))
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		if (i & DH_CHECK_P_NOT_PRIME)
+			printf("p value is not prime\n");
+		if (i & DH_CHECK_P_NOT_STRONG_PRIME)
+			printf("p value is not a strong prime\n");
+		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+			printf("unable to check the generator value\n");
+		if (i & DH_NOT_SUITABLE_GENERATOR)
+			printf("the g value is not a generator\n");
+		if (i == 0)
+			printf("DH parameters appear to be ok.\n");
+		}
+	if (C)
+		{
+		unsigned char *data;
+		int len,l,bits;
+
+		len=BN_num_bytes(dh->p);
+		bits=BN_num_bits(dh->p);
+		data=(unsigned char *)Malloc(len);
+		if (data == NULL)
+			{
+			perror("Malloc");
+			goto end;
+			}
+		l=BN_bn2bin(dh->p,data);
+		printf("static unsigned char dh%d_p[]={",bits);
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
+			printf("0x%02X,",data[i]);
+			}
+		printf("\n\t};\n");
+
+		l=BN_bn2bin(dh->g,data);
+		printf("static unsigned char dh%d_g[]={",bits);
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
+			printf("0x%02X,",data[i]);
+			}
+		printf("\n\t};\n\n");
+
+		printf("DH *get_dh%d()\n\t{\n",bits);
+		printf("\tDH *dh;\n\n");
+		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+			bits,bits);
+		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+			bits,bits);
+		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+		printf("\t\treturn(NULL);\n");
+		printf("\treturn(dh);\n\t}\n");
+		}
+
+
+	if (!noout)
+		{
+		if 	(outformat == FORMAT_ASN1)
+			i=i2d_DHparams_bio(out,dh);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_DHparams(out,dh);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		if (!i)
+			{
+			BIO_printf(bio_err,"unable to write DH paramaters\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+	ret=0;
+end:
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free(out);
+	if (dh != NULL) DH_free(dh);
+	EXIT(ret);
+	}

apps/dh1024.pem

@@ -1,10 +1,5 @@
 -----BEGIN DH PARAMETERS-----
-MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
-jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
-ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
 -----END DH PARAMETERS-----
-
-These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.

apps/dh2048.pem

@@ -1,12 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
------END DH PARAMETERS-----
-
-These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.

apps/dh4096.pem

@@ -1,18 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
-l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
-Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
-Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
-VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
-alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
-sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
-ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
-OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
-AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
-KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
------END DH PARAMETERS-----
-
-These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.

apps/dhparam.c

@@ -1,453 +0,0 @@
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_DH
-# include <stdio.h>
-# include <stdlib.h>
-# include <time.h>
-# include <string.h>
-# include "apps.h"
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/bn.h>
-# include <openssl/dh.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-
-# ifndef OPENSSL_NO_DSA
-#  include <openssl/dsa.h>
-# endif
-
-# define DEFBITS 2048
-
-static int dh_cb(int p, int n, BN_GENCB *cb);
-
-typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
-    OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
-    OPT_RAND, OPT_DSAPARAM, OPT_C, OPT_2, OPT_5
-} OPTION_CHOICE;
-
-OPTIONS dhparam_options[] = {
-    {OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
-    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
-    {"help", OPT_HELP, '-', "Display this summary"},
-    {"in", OPT_IN, '<', "Input file"},
-    {"inform", OPT_INFORM, 'F', "Input format, DER or PEM"},
-    {"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"},
-    {"out", OPT_OUT, '>', "Output file"},
-    {"check", OPT_CHECK, '-', "Check the DH parameters"},
-    {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
-    {"noout", OPT_NOOUT, '-'},
-    {"rand", OPT_RAND, 's',
-     "Load the file(s) into the random number generator"},
-    {"C", OPT_C, '-', "Print C code"},
-    {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
-    {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
-# ifndef OPENSSL_NO_DSA
-    {"dsaparam", OPT_DSAPARAM, '-',
-     "Read or generate DSA parameters, convert to DH"},
-# endif
-# ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
-    {NULL}
-};
-
-int dhparam_main(int argc, char **argv)
-{
-    BIO *in = NULL, *out = NULL;
-    DH *dh = NULL;
-    char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL;
-    int dsaparam = 0, i, text = 0, C = 0, ret = 1, num = 0, g = 0;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0;
-    OPTION_CHOICE o;
-
-    prog = opt_init(argc, argv, dhparam_options);
-    while ((o = opt_next()) != OPT_EOF) {
-        switch (o) {
-        case OPT_EOF:
-        case OPT_ERR:
- opthelp:
-            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
-            goto end;
-        case OPT_HELP:
-            opt_help(dhparam_options);
-            ret = 0;
-            goto end;
-        case OPT_INFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
-                goto opthelp;
-            break;
-        case OPT_OUTFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
-                goto opthelp;
-            break;
-        case OPT_IN:
-            infile = opt_arg();
-            break;
-        case OPT_OUT:
-            outfile = opt_arg();
-            break;
-        case OPT_ENGINE:
-            (void)setup_engine(opt_arg(), 0);
-            break;
-        case OPT_CHECK:
-            check = 1;
-            break;
-        case OPT_TEXT:
-            text = 1;
-            break;
-        case OPT_DSAPARAM:
-            dsaparam = 1;
-            break;
-        case OPT_C:
-            C = 1;
-            break;
-        case OPT_2:
-            g = 2;
-            break;
-        case OPT_5:
-            g = 5;
-            break;
-        case OPT_NOOUT:
-            noout = 1;
-            break;
-        case OPT_RAND:
-            inrand = opt_arg();
-            break;
-        }
-    }
-    argc = opt_num_rest();
-    argv = opt_rest();
-
-    if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
-        goto end;
-
-    if (g && !num)
-        num = DEFBITS;
-
-# ifndef OPENSSL_NO_DSA
-    if (dsaparam && g) {
-        BIO_printf(bio_err,
-                   "generator may not be chosen for DSA parameters\n");
-        goto end;
-    }
-# endif
-    /* DH parameters */
-    if (num && !g)
-        g = 2;
-
-    if (num) {
-
-        BN_GENCB *cb;
-        cb = BN_GENCB_new();
-        if (cb == NULL) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-
-        BN_GENCB_set(cb, dh_cb, bio_err);
-        if (!app_RAND_load_file(NULL, 1) && inrand == NULL) {
-            BIO_printf(bio_err,
-                       "warning, not much extra random data, consider using the -rand option\n");
-        }
-        if (inrand != NULL)
-            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
-                       app_RAND_load_files(inrand));
-
-# ifndef OPENSSL_NO_DSA
-        if (dsaparam) {
-            DSA *dsa = DSA_new();
-
-            BIO_printf(bio_err,
-                       "Generating DSA parameters, %d bit long prime\n", num);
-            if (dsa == NULL
-                || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
-                                               cb)) {
-                DSA_free(dsa);
-                BN_GENCB_free(cb);
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-
-            dh = DSA_dup_DH(dsa);
-            DSA_free(dsa);
-            if (dh == NULL) {
-                BN_GENCB_free(cb);
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-        } else
-# endif
-        {
-            dh = DH_new();
-            BIO_printf(bio_err,
-                       "Generating DH parameters, %d bit long safe prime, generator %d\n",
-                       num, g);
-            BIO_printf(bio_err, "This is going to take a long time\n");
-            if (dh == NULL || !DH_generate_parameters_ex(dh, num, g, cb)) {
-                BN_GENCB_free(cb);
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-        }
-
-        BN_GENCB_free(cb);
-        app_RAND_write_file(NULL);
-    } else {
-
-        in = bio_open_default(infile, 'r', informat);
-        if (in == NULL)
-            goto end;
-
-# ifndef OPENSSL_NO_DSA
-        if (dsaparam) {
-            DSA *dsa;
-
-            if (informat == FORMAT_ASN1)
-                dsa = d2i_DSAparams_bio(in, NULL);
-            else                /* informat == FORMAT_PEM */
-                dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
-
-            if (dsa == NULL) {
-                BIO_printf(bio_err, "unable to load DSA parameters\n");
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-
-            dh = DSA_dup_DH(dsa);
-            DSA_free(dsa);
-            if (dh == NULL) {
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-        } else
-# endif
-        {
-            if (informat == FORMAT_ASN1)
-                dh = d2i_DHparams_bio(in, NULL);
-            else                /* informat == FORMAT_PEM */
-                dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
-
-            if (dh == NULL) {
-                BIO_printf(bio_err, "unable to load DH parameters\n");
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-        }
-
-        /* dh != NULL */
-    }
-
-    out = bio_open_default(outfile, 'w', outformat);
-    if (out == NULL)
-        goto end;
-
-    if (text) {
-        DHparams_print(out, dh);
-    }
-
-    if (check) {
-        if (!DH_check(dh, &i)) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        if (i & DH_CHECK_P_NOT_PRIME)
-            printf("p value is not prime\n");
-        if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-            printf("p value is not a safe prime\n");
-        if (i & DH_UNABLE_TO_CHECK_GENERATOR)
-            printf("unable to check the generator value\n");
-        if (i & DH_NOT_SUITABLE_GENERATOR)
-            printf("the g value is not a generator\n");
-        if (i == 0)
-            printf("DH parameters appear to be ok.\n");
-    }
-    if (C) {
-        unsigned char *data;
-        int len, bits;
-
-        len = BN_num_bytes(dh->p);
-        bits = BN_num_bits(dh->p);
-        data = app_malloc(len, "print a BN");
-        BIO_printf(out, "#ifndef HEADER_DH_H\n"
-                        "# include <openssl/dh.h>\n"
-                        "#endif\n"
-                        "\n");
-        BIO_printf(out, "DH *get_dh%d()\n{\n", bits);
-        print_bignum_var(out, dh->p, "dhp", bits, data);
-        print_bignum_var(out, dh->g, "dhg", bits, data);
-        BIO_printf(out, "    DH *dh = DN_new();\n"
-                        "\n"
-                        "    if (dh == NULL)\n"
-                        "        return NULL;\n");
-        BIO_printf(out, "    dh->p = BN_bin2bn(dhp_%d, sizeof (dhp_%d), NULL);\n",
-               bits, bits);
-        BIO_printf(out, "    dh->g = BN_bin2bn(dhg_%d, sizeof (dhg_%d), NULL);\n",
-               bits, bits);
-        BIO_printf(out, "    if (!dh->p || !dh->g) {\n"
-                        "        DH_free(dh);\n"
-                        "        return NULL;\n"
-                        "    }\n");
-        if (dh->length)
-            BIO_printf(out,
-                        "    dh->length = %ld;\n", dh->length);
-        BIO_printf(out, "    return dh;\n}\n");
-        OPENSSL_free(data);
-    }
-
-    if (!noout) {
-        if (outformat == FORMAT_ASN1)
-            i = i2d_DHparams_bio(out, dh);
-        else if (dh->q)
-            i = PEM_write_bio_DHxparams(out, dh);
-        else
-            i = PEM_write_bio_DHparams(out, dh);
-        if (!i) {
-            BIO_printf(bio_err, "unable to write DH parameters\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
-    ret = 0;
- end:
-    BIO_free(in);
-    BIO_free_all(out);
-    DH_free(dh);
-    return (ret);
-}
-
-static int dh_cb(int p, int n, BN_GENCB *cb)
-{
-    char c = '*';
-
-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
-    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
-    (void)BIO_flush(BN_GENCB_get_arg(cb));
-    return 1;
-}
-
-#else                           /* !OPENSSL_NO_DH */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif

apps/dsa-ca.pem

@@ -1,47 +1,43 @@
 -----BEGIN DSA PRIVATE KEY-----
-MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
-PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
-u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
-Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
-hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
-SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
-Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
-94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
-tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
-J6zsFbSEHaQGUmfSeoM=
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+
+svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+MVqOsYxGCb+kez0FoDSTgw==
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
-MIICVjCCAhMCAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAwwCQ0Ew
-ggG2MIIBKwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9
-hpazFeBTLo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhu
-zmaua4g2++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82A
-EeRwlVtQzUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ
-5WhvMONp4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeo
-epEJnbbxTZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJ
-bEEXlZLrAbVzpWp+2DLtDgK4A4GEAAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfs
-i4e9IvD1hSslqFwEeZum+3j3iUXiALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj2
-5SoDKU5UUkkle6KtUn6j7RO04UMhMQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17
-ry7d6fGGqcMZoAAwCwYJYIZIAWUDBAMCAzAAMC0CFCp7rUwGJNtxK6Aqo6k6US+S
-KP8sAhUAyfSi8Zs3QAvkJoFG0IMRaq8M03I=
+MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
 -----END CERTIFICATE REQUEST-----
 -----BEGIN CERTIFICATE-----
-MIIDMDCCAuygAwIBAgIBAjALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
-BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
-IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
-MTQ5WjBSMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
-CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDDAJDQTCCAbYwggEr
-BgcqhkjOOAQBMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMu
-j+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb7
-7Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DN
-SQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh
-5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFN
-nFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusB
-tXOlan7YMu0OArgDgYQAAoGAGqZZeoqs/V62RZZNhglXAfioocVpx+yLh70i8PWF
-KyWoXAR5m6b7ePeJReIAucN1jzPr1yaH27rJOBqEBBLEDTA2moeJuPblKgMpTlRS
-SSV7oq1SfqPtE7ThQyExAJfmGWWq4lzg+7XTkjpfUSzDwuvnWhykvXuvLt3p8Yap
-wxmjUDBOMB0GA1UdDgQWBBTMZcORcBEVlqO/CD4pf4V6N1NM1zAfBgNVHSMEGDAW
-gBTGjwJ33uvjSa20RNrMKWoGptOLdDAMBgNVHRMEBTADAQH/MAsGCWCGSAFlAwQD
-AgMxADAuAhUA4V6MrHufG8R79E+AtVO02olPxK8CFQDkZyo/TWpavsUBRDJbCeD9
-jgjIkA==
+MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+C1Q=
 -----END CERTIFICATE-----
+

apps/dsa-pca.pem

@@ -1,47 +1,49 @@
 -----BEGIN DSA PRIVATE KEY-----
-MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
-PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
-u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
-Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
-hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
-SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
-Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
-6TicfImU7UFRn9h00j0lJQ==
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+
+GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
-MIICWDCCAhUCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDUENB
-MIIBtzCCASsGByqGSM44BAEwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7F
-PYaWsxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmI
-bs5mrmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/N
-gBHkcJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYl
-meVobzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEn
-qHqRCZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/Xk
-CWxBF5WS6wG1c6Vqftgy7Q4CuAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYg
-rB7o1kQxeDf34dDVRM9OZ8tkumz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQ
-lNnKvbtlmMDULpqkZJD0bO7A29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgT
-mvTPT2j9TPjq7RWgADALBglghkgBZQMEAwIDMAAwLQIVAPA6/jxCT1D2HgzE4iZR
-AEup/C7YAhRPLTQvQnAiS5FRrA+8SwBLvDAsaw==
+MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
 -----END CERTIFICATE REQUEST-----
 -----BEGIN CERTIFICATE-----
-MIIDMDCCAu6gAwIBAgIBATALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
-BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
-IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
-MTQ5WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
-CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDDANQQ0EwggG3MIIB
-KwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9hpazFeBT
-Lo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhuzmaua4g2
-++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82AEeRwlVtQ
-zUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ5WhvMONp
-4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeoepEJnbbx
-TZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJbEEXlZLr
-AbVzpWp+2DLtDgK4A4GFAAKBgQCm7bkeQHVviAowhXtosY1IiSczNiCsHujWRDF4
-N/fh0NVEz05ny2S6bPq2X6JRw17kSjF2xhXUhdJ12M6LTws4uxmrsBCU2cq9u2WY
-wNQumqRkkPRs7sDb2eKwl8rLVRGoAEvDkOB9w+HVkte2YN9SAm+aOBOa9M9PaP1M
-+OrtFaNQME4wHQYDVR0OBBYEFMaPAnfe6+NJrbRE2swpagam04t0MB8GA1UdIwQY
-MBaAFMaPAnfe6+NJrbRE2swpagam04t0MAwGA1UdEwQFMAMBAf8wCwYJYIZIAWUD
-BAMCAy8AMCwCFFhdz4fzQo9BBF20U1CHldYTi/D7AhQydDnDMj21y+U1UhDZJrvh
-lnt88g==
+MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+5rKUjNBhSg==
 -----END CERTIFICATE-----
+

apps/dsa.c

@@ -1,24 +1,25 @@
+/* apps/dsa.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- *
+ * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ * 
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- *
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -33,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -48,262 +49,209 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
+ * 
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_DSA
-# include <stdio.h>
-# include <stdlib.h>
-# include <string.h>
-# include <time.h>
-# include "apps.h"
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/dsa.h>
-# include <openssl/evp.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/bn.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "dsa.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
 
-typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
-    OPT_ENGINE, OPT_PVK_STRONG, OPT_PVK_WEAK,
-    OPT_PVK_NONE, OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
-    OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
-} OPTION_CHOICE;
+#undef PROG
+#define PROG	dsa_main
 
-OPTIONS dsa_options[] = {
-    {"help", OPT_HELP, '-', "Display this summary"},
-    {"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"},
-    {"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"},
-    {"in", OPT_IN, '<', "Input file"},
-    {"out", OPT_OUT, '>', "Output file"},
-    {"noout", OPT_NOOUT, '-', "Don't print key out"},
-    {"text", OPT_TEXT, '-', "Print the key in text"},
-    {"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
-    {"pubin", OPT_PUBIN, '-'},
-    {"pubout", OPT_PUBOUT, '-'},
-    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
-    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
-    {"", OPT_CIPHER, '-', "Any supported cipher"},
-# ifndef OPENSSL_NO_RC4
-    {"pvk-strong", OPT_PVK_STRONG, '-'},
-    {"pvk-weak", OPT_PVK_WEAK, '-'},
-    {"pvk-none", OPT_PVK_NONE, '-'},
-# endif
-# ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
-    {NULL}
-};
+/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg	- input file - default stdin
+ * -out arg	- output file - default stdout
+ * -des		- encrypt output if PEM format with DES in cbc mode
+ * -des3	- encrypt output if PEM format
+ * -idea	- encrypt output if PEM format
+ * -text	- print a text version
+ * -modulus	- print the DSA public key
+ */
 
-int dsa_main(int argc, char **argv)
-{
-    BIO *out = NULL;
-    DSA *dsa = NULL;
-    ENGINE *e = NULL;
-    const EVP_CIPHER *enc = NULL;
-    char *infile = NULL, *outfile = NULL, *prog;
-    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
-    OPTION_CHOICE o;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
-    int i, modulus = 0, pubin = 0, pubout = 0, pvk_encr = 2, ret = 1;
-    int private = 0;
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	int ret=1;
+	DSA *dsa=NULL;
+	int i,badops=0;
+	EVP_CIPHER *enc=NULL;
+	BIO *in=NULL,*out=NULL;
+	int informat,outformat,text=0,noout=0;
+	char *infile,*outfile,*prog;
+	int modulus=0;
 
-    prog = opt_init(argc, argv, dsa_options);
-    while ((o = opt_next()) != OPT_EOF) {
-        switch (o) {
-        case OPT_EOF:
-        case OPT_ERR:
- opthelp:
-            ret = 0;
-            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
-            goto end;
-        case OPT_HELP:
-            opt_help(dsa_options);
-            ret = 0;
-            goto end;
-        case OPT_INFORM:
-            if (!opt_format
-                (opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &informat))
-                goto opthelp;
-            break;
-        case OPT_IN:
-            infile = opt_arg();
-            break;
-        case OPT_OUTFORM:
-            if (!opt_format
-                (opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &outformat))
-                goto opthelp;
-            break;
-        case OPT_OUT:
-            outfile = opt_arg();
-            break;
-        case OPT_ENGINE:
-            e = setup_engine(opt_arg(), 0);
-            break;
-        case OPT_PASSIN:
-            passinarg = opt_arg();
-            break;
-        case OPT_PASSOUT:
-            passoutarg = opt_arg();
-            break;
-#ifndef OPENSSL_NO_RC4
-        case OPT_PVK_STRONG:
-            pvk_encr = 2;
-            break;
-        case OPT_PVK_WEAK:
-            pvk_encr = 1;
-            break;
-        case OPT_PVK_NONE:
-            pvk_encr = 0;
-            break;
-#else
-        case OPT_PVK_STRONG:
-        case OPT_PVK_WEAK:
-        case OPT_PVK_NONE:
-            break;
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	infile=NULL;
+	outfile=NULL;
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+
+	prog=argv[0];
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-noout") == 0)
+			noout=1;
+		else if (strcmp(*argv,"-text") == 0)
+			text=1;
+		else if (strcmp(*argv,"-modulus") == 0)
+			modulus=1;
+		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+		BIO_printf(bio_err,"where options are\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -out arg      output file\n");
+		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
+		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef NO_IDEA
+		BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
 #endif
-        case OPT_NOOUT:
-            noout = 1;
-            break;
-        case OPT_TEXT:
-            text = 1;
-            break;
-        case OPT_MODULUS:
-            modulus = 1;
-            break;
-        case OPT_PUBIN:
-            pubin = 1;
-            break;
-        case OPT_PUBOUT:
-            pubout = 1;
-            break;
-        case OPT_CIPHER:
-            if (!opt_cipher(opt_unknown(), &enc))
-                goto end;
-            break;
-        }
-    }
-    argc = opt_num_rest();
-    argv = opt_rest();
-    private = pubin || pubout ? 0 : 1;
-    if (text && !pubin)
-        private = 1;
+		BIO_printf(bio_err," -text         print the key in text\n");
+		BIO_printf(bio_err," -noout        don't print key out\n");
+		BIO_printf(bio_err," -modulus      print the DSA public value\n");
+		goto end;
+		}
 
-    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
-        BIO_printf(bio_err, "Error getting passwords\n");
-        goto end;
-    }
+	ERR_load_crypto_strings();
 
-    BIO_printf(bio_err, "read DSA key\n");
-    {
-        EVP_PKEY *pkey;
+	in=BIO_new(BIO_s_file());
+	out=BIO_new(BIO_s_file());
+	if ((in == NULL) || (out == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
 
-        if (pubin)
-            pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
-        else
-            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+	if (infile == NULL)
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
+			perror(infile);
+			goto end;
+			}
+		}
 
-        if (pkey) {
-            dsa = EVP_PKEY_get1_DSA(pkey);
-            EVP_PKEY_free(pkey);
-        }
-    }
-    if (dsa == NULL) {
-        BIO_printf(bio_err, "unable to load Key\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }
+	BIO_printf(bio_err,"read DSA private key\n");
+	if	(informat == FORMAT_ASN1)
+		dsa=d2i_DSAPrivateKey_bio(in,NULL);
+	else if (informat == FORMAT_PEM)
+		dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL);
+	else
+		{
+		BIO_printf(bio_err,"bad input format specified for key\n");
+		goto end;
+		}
+	if (dsa == NULL)
+		{
+		BIO_printf(bio_err,"unable to load Private Key\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
 
-    out = bio_open_owner(outfile, outformat, private);
-    if (out == NULL)
-        goto end;
+	if (outfile == NULL)
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
+			perror(outfile);
+			goto end;
+			}
+		}
 
-    if (text) {
-        assert(pubin || private);
-        if (!DSA_print(out, dsa, 0)) {
-            perror(outfile);
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
+	if (text) 
+		if (!DSA_print(out,dsa,0))
+			{
+			perror(outfile);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
 
-    if (modulus) {
-        BIO_printf(out, "Public Key=");
-        BN_print(out, dsa->pub_key);
-        BIO_printf(out, "\n");
-    }
+	if (modulus)
+		{
+		fprintf(stdout,"Public Key=");
+		BN_print(out,dsa->pub_key);
+		fprintf(stdout,"\n");
+		}
 
-    if (noout) {
-        ret = 0;
-        goto end;
-    }
-    BIO_printf(bio_err, "writing DSA key\n");
-    if (outformat == FORMAT_ASN1) {
-        if (pubin || pubout)
-            i = i2d_DSA_PUBKEY_bio(out, dsa);
-        else {
-            assert(private);
-            i = i2d_DSAPrivateKey_bio(out, dsa);
-        }
-    } else if (outformat == FORMAT_PEM) {
-        if (pubin || pubout)
-            i = PEM_write_bio_DSA_PUBKEY(out, dsa);
-        else {
-            assert(private);
-            i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
-                                            NULL, 0, NULL, passout);
-        }
-# if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
-    } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
-        EVP_PKEY *pk;
-        pk = EVP_PKEY_new();
-        EVP_PKEY_set1_DSA(pk, dsa);
-        if (outformat == FORMAT_PVK) {
-            if (pubin) {
-                BIO_printf(bio_err, "PVK form impossible with public key input\n");
-                EVP_PKEY_free(pk);
-                goto end;
-            }
-            assert(private);
-            i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
-        }
-        else if (pubin || pubout)
-            i = i2b_PublicKey_bio(out, pk);
-        else {
-            assert(private);
-            i = i2b_PrivateKey_bio(out, pk);
-        }
-        EVP_PKEY_free(pk);
-# endif
-    } else {
-        BIO_printf(bio_err, "bad output format specified for outfile\n");
-        goto end;
-    }
-    if (i <= 0) {
-        BIO_printf(bio_err, "unable to write private key\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-    ret = 0;
- end:
-    BIO_free_all(out);
-    DSA_free(dsa);
-    OPENSSL_free(passin);
-    OPENSSL_free(passout);
-    return (ret);
-}
-#else                           /* !OPENSSL_NO_DSA */
+	if (noout) goto end;
+	BIO_printf(bio_err,"writing DSA private key\n");
+	if 	(outformat == FORMAT_ASN1)
+		i=i2d_DSAPrivateKey_bio(out,dsa);
+	else if (outformat == FORMAT_PEM)
+		i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL);
+	else	{
+		BIO_printf(bio_err,"bad output format specified for outfile\n");
+		goto end;
+		}
+	if (!i)
+		{
+		BIO_printf(bio_err,"unable to write private key\n");
+		ERR_print_errors(bio_err);
+		}
+	else
+		ret=0;
+end:
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free(out);
+	if (dsa != NULL) DSA_free(dsa);
+	EXIT(ret);
+	}
 
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif

apps/dsaparam.c

@@ -1,24 +1,25 @@
+/* apps/dsaparam.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- *
+ * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ * 
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- *
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -33,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ * 
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -48,309 +49,313 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
+ * 
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "bn.h"
+#include "rand.h"
+#include "dsa.h"
+#include "x509.h"
+#include "pem.h"
 
-#ifndef OPENSSL_NO_DSA
-# include <stdio.h>
-# include <stdlib.h>
-# include <time.h>
-# include <string.h>
-# include "apps.h"
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
+#undef PROG
+#define PROG	dsaparam_main
 
-# ifdef GENCB_TEST
-
-static int stop_keygen_flag = 0;
-
-static void timebomb_sigalarm(int foo)
-{
-    stop_keygen_flag = 1;
-}
-
-# endif
-
-static int dsa_cb(int p, int n, BN_GENCB *cb);
-
-typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
-    OPT_NOOUT, OPT_GENKEY, OPT_RAND, OPT_ENGINE,
-    OPT_TIMEBOMB
-} OPTION_CHOICE;
-
-OPTIONS dsaparam_options[] = {
-    {"help", OPT_HELP, '-', "Display this summary"},
-    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
-    {"in", OPT_IN, '<', "Input file"},
-    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
-    {"out", OPT_OUT, '>', "Output file"},
-    {"text", OPT_TEXT, '-', "Print as text"},
-    {"C", OPT_C, '-', "Output C code"},
-    {"noout", OPT_NOOUT, '-', "No output"},
-    {"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
-    {"rand", OPT_RAND, 's', "Files to use for random number input"},
-# ifdef GENCB_TEST
-    {"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"},
-# endif
-# ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
-    {NULL}
-};
-
-int dsaparam_main(int argc, char **argv)
-{
-    DSA *dsa = NULL;
-    BIO *in = NULL, *out = NULL;
-    BN_GENCB *cb = NULL;
-    int numbits = -1, num = 0, genkey = 0, need_rand = 0;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
-    int ret = 1, i, text = 0, private = 0;
-# ifdef GENCB_TEST
-    int timebomb = 0;
-# endif
-    char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL;
-    OPTION_CHOICE o;
-
-    prog = opt_init(argc, argv, dsaparam_options);
-    while ((o = opt_next()) != OPT_EOF) {
-        switch (o) {
-        case OPT_EOF:
-        case OPT_ERR:
- opthelp:
-            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
-            goto end;
-        case OPT_HELP:
-            opt_help(dsaparam_options);
-            ret = 0;
-            goto end;
-        case OPT_INFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
-                goto opthelp;
-            break;
-        case OPT_IN:
-            infile = opt_arg();
-            break;
-        case OPT_OUTFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
-                goto opthelp;
-            break;
-        case OPT_OUT:
-            outfile = opt_arg();
-            break;
-        case OPT_ENGINE:
-            (void)setup_engine(opt_arg(), 0);
-            break;
-        case OPT_TIMEBOMB:
-# ifdef GENCB_TEST
-            timebomb = atoi(opt_arg());
-            break;
-# endif
-        case OPT_TEXT:
-            text = 1;
-            break;
-        case OPT_C:
-            C = 1;
-            break;
-        case OPT_GENKEY:
-            genkey = need_rand = 1;
-            break;
-        case OPT_RAND:
-            inrand = opt_arg();
-            need_rand = 1;
-            break;
-        case OPT_NOOUT:
-            noout = 1;
-            break;
-        }
-    }
-    argc = opt_num_rest();
-    argv = opt_rest();
-
-    if (argc == 1) {
-        if (!opt_int(argv[0], &num) || num < 0)
-            goto end;
-        /* generate a key */
-        numbits = num;
-        need_rand = 1;
-    }
-    private = genkey ? 1 : 0;
-
-    in = bio_open_default(infile, 'r', informat);
-    if (in == NULL)
-        goto end;
-    out = bio_open_owner(outfile, outformat, private);
-    if (out == NULL)
-        goto end;
-
-    if (need_rand) {
-        app_RAND_load_file(NULL, (inrand != NULL));
-        if (inrand != NULL)
-            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
-                       app_RAND_load_files(inrand));
-    }
-
-    if (numbits > 0) {
-        cb = BN_GENCB_new();
-        if (cb == NULL) {
-            BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
-            goto end;
-        }
-        BN_GENCB_set(cb, dsa_cb, bio_err);
-        assert(need_rand);
-        dsa = DSA_new();
-        if (dsa == NULL) {
-            BIO_printf(bio_err, "Error allocating DSA object\n");
-            goto end;
-        }
-        BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
-                   num);
-        BIO_printf(bio_err, "This could take some time\n");
-# ifdef GENCB_TEST
-        if (timebomb > 0) {
-            struct sigaction act;
-            act.sa_handler = timebomb_sigalarm;
-            act.sa_flags = 0;
-            BIO_printf(bio_err,
-                       "(though I'll stop it if not done within %d secs)\n",
-                       timebomb);
-            if (sigaction(SIGALRM, &act, NULL) != 0) {
-                BIO_printf(bio_err, "Error, couldn't set SIGALRM handler\n");
-                goto end;
-            }
-            alarm(timebomb);
-        }
-# endif
-        if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) {
-# ifdef GENCB_TEST
-            if (stop_keygen_flag) {
-                BIO_printf(bio_err, "DSA key generation time-stopped\n");
-                /* This is an asked-for behaviour! */
-                ret = 0;
-                goto end;
-            }
-# endif
-            ERR_print_errors(bio_err);
-            BIO_printf(bio_err, "Error, DSA key generation failed\n");
-            goto end;
-        }
-    } else if (informat == FORMAT_ASN1)
-        dsa = d2i_DSAparams_bio(in, NULL);
-    else
-        dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
-    if (dsa == NULL) {
-        BIO_printf(bio_err, "unable to load DSA parameters\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (text) {
-        DSAparams_print(out, dsa);
-    }
-
-    if (C) {
-        int len = BN_num_bytes(dsa->p);
-        int bits_p = BN_num_bits(dsa->p);
-        unsigned char *data = app_malloc(len + 20, "BN space");
-
-        BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p);
-        print_bignum_var(bio_out, dsa->p, "dsap", len, data);
-        print_bignum_var(bio_out, dsa->q, "dsaq", len, data);
-        print_bignum_var(bio_out, dsa->g, "dsag", len, data);
-        BIO_printf(bio_out, "    DSA *dsa = DSA_new();\n"
-                            "\n");
-        BIO_printf(bio_out, "    if (dsa == NULL)\n"
-                            "        return NULL;\n");
-        BIO_printf(bio_out, "    dsa->p = BN_bin2bn(dsap_%d, sizeof (dsap_%d), NULL);\n",
-               bits_p, bits_p);
-        BIO_printf(bio_out, "    dsa->q = BN_bin2bn(dsaq_%d, sizeof (dsaq_%d), NULL);\n",
-               bits_p, bits_p);
-        BIO_printf(bio_out, "    dsa->g = BN_bin2bn(dsag_%d, sizeof (dsag_%d), NULL);\n",
-               bits_p, bits_p);
-        BIO_printf(bio_out, "    if (!dsa->p || !dsa->q || !dsa->g) {\n"
-                            "        DSA_free(dsa);\n"
-                            "        return NULL;\n"
-                            "    }\n"
-                            "    return(dsa);\n}\n");
-    }
-
-    if (!noout) {
-        if (outformat == FORMAT_ASN1)
-            i = i2d_DSAparams_bio(out, dsa);
-        else
-            i = PEM_write_bio_DSAparams(out, dsa);
-        if (!i) {
-            BIO_printf(bio_err, "unable to write DSA parameters\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
-    if (genkey) {
-        DSA *dsakey;
-
-        assert(need_rand);
-        if ((dsakey = DSAparams_dup(dsa)) == NULL)
-            goto end;
-        if (!DSA_generate_key(dsakey)) {
-            ERR_print_errors(bio_err);
-            DSA_free(dsakey);
-            goto end;
-        }
-        assert(private);
-        if (outformat == FORMAT_ASN1)
-            i = i2d_DSAPrivateKey_bio(out, dsakey);
-        else
-            i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
-                                            NULL);
-        DSA_free(dsakey);
-    }
-    if (need_rand)
-        app_RAND_write_file(NULL);
-    ret = 0;
- end:
-    BN_GENCB_free(cb);
-    BIO_free(in);
-    BIO_free_all(out);
-    DSA_free(dsa);
-    return (ret);
-}
-
-static int dsa_cb(int p, int n, BN_GENCB *cb)
-{
-    char c = '*';
-
-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
-    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
-    (void)BIO_flush(BN_GENCB_get_arg(cb));
-# ifdef GENCB_TEST
-    if (stop_keygen_flag)
-        return 0;
-# endif
-    return 1;
-}
-#else                           /* !OPENSSL_NO_DSA */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
+/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg	- input file - default stdin
+ * -out arg	- output file - default stdout
+ * -noout
+ * -text
+ * -C
+ * -noout
+ * -genkey
+ */
 
+#ifndef NOPROTO
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+#else
+static void MS_CALLBACK dsa_cb();
 #endif
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	DSA *dsa=NULL;
+	int i,badops=0,text=0;
+	BIO *in=NULL,*out=NULL;
+	int informat,outformat,noout=0,C=0,ret=1;
+	char *infile,*outfile,*prog,*inrand=NULL;
+	int numbits= -1,num,genkey=0;
+	char buffer[200],*randfile=NULL;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	infile=NULL;
+	outfile=NULL;
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+
+	prog=argv[0];
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-text") == 0)
+			text=1;
+		else if (strcmp(*argv,"-C") == 0)
+			C=1;
+		else if (strcmp(*argv,"-genkey") == 0)
+			genkey=1;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
+		else if (strcmp(*argv,"-noout") == 0)
+			noout=1;
+		else if (sscanf(*argv,"%d",&num) == 1)
+			{
+			/* generate a key */
+			numbits=num;
+			}
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
+		BIO_printf(bio_err,"where options are\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -out arg      output file\n");
+		BIO_printf(bio_err," -text         check the DSA parameters\n");
+		BIO_printf(bio_err," -C            Output C code\n");
+		BIO_printf(bio_err," -noout        no output\n");
+		BIO_printf(bio_err," -rand         files to use for random number input\n");
+		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
+		goto end;
+		}
+
+	ERR_load_crypto_strings();
+
+	in=BIO_new(BIO_s_file());
+	out=BIO_new(BIO_s_file());
+	if ((in == NULL) || (out == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (infile == NULL)
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
+			perror(infile);
+			goto end;
+			}
+		}
+	if (outfile == NULL)
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
+			perror(outfile);
+			goto end;
+			}
+		}
+
+	if (numbits > 0)
+		{
+		randfile=RAND_file_name(buffer,200);
+		RAND_load_file(randfile,1024L*1024L);
+
+		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+	        BIO_printf(bio_err,"This could take some time\n");
+	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
+			dsa_cb,(char *)bio_err);
+		}
+	else if	(informat == FORMAT_ASN1)
+		dsa=d2i_DSAparams_bio(in,NULL);
+	else if (informat == FORMAT_PEM)
+		dsa=PEM_read_bio_DSAparams(in,NULL,NULL);
+	else
+		{
+		BIO_printf(bio_err,"bad input format specified\n");
+		goto end;
+		}
+	if (dsa == NULL)
+		{
+		BIO_printf(bio_err,"unable to load DSA parameters\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (text)
+		{
+		DSAparams_print(out,dsa);
+		}
+	
+	if (C)
+		{
+		unsigned char *data;
+		int l,len,bits_p,bits_q,bits_g;
+
+		len=BN_num_bytes(dsa->p);
+		bits_p=BN_num_bits(dsa->p);
+		bits_q=BN_num_bits(dsa->q);
+		bits_g=BN_num_bits(dsa->g);
+		data=(unsigned char *)Malloc(len+20);
+		if (data == NULL)
+			{
+			perror("Malloc");
+			goto end;
+			}
+		l=BN_bn2bin(dsa->p,data);
+		printf("static unsigned char dsa%d_p[]={",bits_p);
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
+			printf("0x%02X,",data[i]);
+			}
+		printf("\n\t};\n");
+
+		l=BN_bn2bin(dsa->q,data);
+		printf("static unsigned char dsa%d_q[]={",bits_p);
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
+			printf("0x%02X,",data[i]);
+			}
+		printf("\n\t};\n");
+
+		l=BN_bn2bin(dsa->g,data);
+		printf("static unsigned char dsa%d_g[]={",bits_p);
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
+			printf("0x%02X,",data[i]);
+			}
+		printf("\n\t};\n\n");
+
+		printf("DSA *get_dsa%d()\n\t{\n",bits_p);
+		printf("\tDSA *dsa;\n\n");
+		printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
+		printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
+			bits_p,bits_p);
+		printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
+			bits_p,bits_p);
+		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
+			bits_p,bits_p);
+		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
+		printf("\t\treturn(NULL);\n");
+		printf("\treturn(dsa);\n\t}\n");
+		}
+
+
+	if (!noout)
+		{
+		if 	(outformat == FORMAT_ASN1)
+			i=i2d_DSAparams_bio(out,dsa);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_DSAparams(out,dsa);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		if (!i)
+			{
+			BIO_printf(bio_err,"unable to write DSA paramaters\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+	if (genkey)
+		{
+		DSA *dsakey;
+
+		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
+		if (!DSA_generate_key(dsakey)) goto end;
+		if 	(outformat == FORMAT_ASN1)
+			i=i2d_DSAPrivateKey_bio(out,dsakey);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		DSA_free(dsakey);
+		}
+	ret=0;
+end:
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free(out);
+	if (dsa != NULL) DSA_free(dsa);
+	EXIT(ret);
+	}
+
+static void MS_CALLBACK dsa_cb(p, n, arg)
+int p;
+int n;
+char *arg;
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
+#ifdef LINT
+	p=n;
+#endif
+	}