Oops!

Submitted by: strube@physik3.gwdg.de (Hans Werner Strube)

.cvsignore

@@ -0,0 +1,6 @@
+Makefile.ssl
+MINFO
+makefile.one
+tmp
+out
+outinc

CHANGES.SSLeay

@@ -1,4 +1,529 @@
-SSLeay 0.6.5
+This file contains the changes for the SSLeay library up to version
+0.9.0b. For later changes, see the file "CHANGES".
+
+  SSLeay CHANGES
+  ______________
+
+Changes between 0.8.x and 0.9.0b
+
+10-Apr-1998
+
+I said the next version would go out at easter, and so it shall.
+I expect a 0.9.1 will follow with portability fixes in the next few weeks.
+
+This is a quick, meet the deadline.  Look to ssl-users for comments on what
+is new etc.
+
+eric (about to go bushwalking for the 4 day easter break :-)
+
+16-Mar-98
+    - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
+    - Lots and lots of changes
+
+29-Jan-98
+    - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
+      Goetz Babin-Ebell <babinebell@trustcenter.de>.
+    - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
+      TLS1_VERSION.
+
+7-Jan-98
+    - Finally reworked the cipher string to ciphers again, so it
+      works correctly
+    - All the app_data stuff is now ex_data with funcion calls to access.
+      The index is supplied by a function and 'methods' can be setup
+      for the types that are called on XXX_new/XXX_free.  This lets
+      applications get notified on creation and destruction.  Some of
+      the RSA methods could be implemented this way and I may do so.
+    - Oh yes, SSL under perl5 is working at the basic level.
+
+15-Dec-97
+    - Warning - the gethostbyname cache is not fully thread safe,
+      but it should work well enough.
+    - Major internal reworking of the app_data stuff.  More functions
+      but if you were accessing ->app_data directly, things will
+      stop working.
+    - The perlv5 stuff is working.  Currently on message digests,
+      ciphers and the bignum library.
+
+9-Dec-97
+    - Modified re-negotiation so that server initated re-neg
+      will cause a SSL_read() to return -1 should retry.
+      The danger otherwise was that the server and the
+      client could end up both trying to read when using non-blocking
+      sockets.
+
+4-Dec-97
+    - Lots of small changes
+    - Fix for binaray mode in Windows for the FILE BIO, thanks to
+      Bob Denny <rdenny@dc3.com>
+
+17-Nov-97
+    - Quite a few internal cleanups, (removal of errno, and using macros
+      defined in e_os.h).
+    - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
+      the automactic naming out output files was being stuffed up.
+
+29-Oct-97
+    - The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
+      for x86.
+
+21-Oct-97
+    - Fixed a bug in the BIO_gethostbyname() cache.
+
+15-Oct-97
+    - cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
+      has also been improved.  At this point in time, on the pentium,
+      md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
+      des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
+      is %62 faster.
+
+12-Oct-97
+    - MEM_BUF_grow() has been fixed so that it always sets the buf->length
+      to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
+      way to set the length value correctly.
+
+10-Oct-97
+    - I now hash for certificate lookup on the raw DER encoded RDN (md5).
+      This breaks things again :-(.  This is efficent since I cache
+      the DER encoding of the RDN.
+    - The text DN now puts in the numeric OID instead of UNKNOWN.
+    - req can now process arbitary OIDs in the config file.
+    - I've been implementing md5 in x86 asm, much faster :-).
+    - Started sha1 in x86 asm, needs more work.
+    - Quite a few speedups in the BN stuff.  RSA public operation
+      has been made faster by caching the BN_MONT_CTX structure.
+      The calulating of the Ai where A*Ai === 1 mod m was rather
+      expensive.  Basically a 40-50% speedup on public operations.
+      The RSA speedup is now 15% on pentiums and %20 on pentium
+      pro.
+
+30-Sep-97
+    - After doing some profiling, I added x86 adm for bn_add_words(),
+      which just adds 2 arrays of longs together.  A %10 speedup
+      for 512 and 1024 bit RSA on the pentium pro.
+
+29-Sep-97
+    - Converted the x86 bignum assembler to us the perl scripts
+      for generation.
+
+23-Sep-97
+    - If SSL_set_session() is passed a NULL session, it now clears the
+      current session-id.
+
+22-Sep-97
+    - Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
+      certificates.
+    - Bug in crypto/evp/encode.c where by decoding of 65 base64
+      encoded lines, one line at a time (via a memory BIO) would report
+      EOF after the first line was decoded.
+    - Fix in X509_find_by_issuer_and_serial() from
+      Dr Stephen Henson <shenson@bigfoot.com>
+
+19-Sep-97
+    - NO_FP_API and NO_STDIO added.
+    - Put in sh config command.  It auto runs Configure with the correct
+      parameters.
+
+18-Sep-97
+    - Fix x509.c so if a DSA cert has different parameters to its parent,
+      they are left in place.  Not tested yet.
+
+16-Sep-97
+    - ssl_create_cipher_list() had some bugs, fixes from
+      Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
+    - Fixed a bug in the Base64 BIO, where it would return 1 instead
+      of -1 when end of input was encountered but should retry.
+      Basically a Base64/Memory BIO interaction problem.
+    - Added a HMAC set of functions in preporarion for TLS work.
+
+15-Sep-97
+    - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
+    - Prime generation spead up %25 (512 bit prime, pentium pro linux)
+      by using montgomery multiplication in the prime number test.
+
+11-Sep-97
+    - Ugly bug in ssl3_write_bytes().  Basically if application land
+      does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
+      did not check the size and tried to copy the entire buffer.
+      This would tend to cause memory overwrites since SSLv3 has
+      a maximum packet size of 16k.  If your program uses
+      buffers <= 16k, you would probably never see this problem.
+    - Fixed a new errors that were cause by malloc() not returning
+      0 initialised memory..
+    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
+      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
+      since this flags stops SSLeay being able to handle client
+      cert requests correctly.
+
+08-Sep-97
+    - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
+      on, the SSL server routines will not use a SSL_SESSION that is
+      held in it's cache.  This in intended to be used with the session-id
+      callbacks so that while the session-ids are still stored in the
+      cache, the decision to use them and how to look them up can be
+      done by the callbacks.  The are the 'new', 'get' and 'remove'
+      callbacks.  This can be used to determine the session-id
+      to use depending on information like which port/host the connection
+      is coming from.  Since the are also SSL_SESSION_set_app_data() and
+      SSL_SESSION_get_app_data() functions, the application can hold
+      information against the session-id as well.
+
+03-Sep-97
+    - Added lookup of CRLs to the by_dir method,
+      X509_load_crl_file() also added.  Basically it means you can
+      lookup CRLs via the same system used to lookup certificates.
+    - Changed things so that the X509_NAME structure can contain
+      ASN.1 BIT_STRINGS which is required for the unique
+      identifier OID.
+    - Fixed some problems with the auto flushing of the session-id
+      cache.  It was not occuring on the server side.
+
+02-Sep-97
+    - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
+      which is the maximum number of entries allowed in the
+      session-id cache.  This is enforced with a simple FIFO list.
+      The default size is 20*1024 entries which is rather large :-).
+      The Timeout code is still always operating.
+
+01-Sep-97
+    - Added an argument to all the 'generate private key/prime`
+      callbacks.  It is the last parameter so this should not
+      break existing code but it is needed for C++.
+    - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
+      BIO.  This lets the BIO read and write base64 encoded data
+      without inserting or looking for '\n' characters.  The '-A'
+      flag turns this on when using apps/enc.c.
+    - RSA_NO_PADDING added to help BSAFE functionality.  This is a
+      very dangerous thing to use, since RSA private key
+      operations without random padding bytes (as PKCS#1 adds) can
+      be attacked such that the private key can be revealed.
+    - ASN.1 bug and rc2-40-cbc and rc4-40 added by
+      Dr Stephen Henson <shenson@bigfoot.com>
+
+31-Aug-97 (stuff added while I was away)    
+    - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
+    - RSA_flags() added allowing bypass of pub/priv match check
+      in ssl/ssl_rsa.c - Tim Hudson.
+    - A few minor bugs.
+
+SSLeay 0.8.1 released.
+
+19-Jul-97
+    - Server side initated dynamic renegotiation is broken.  I will fix
+      it when I get back from holidays.
+
+15-Jul-97
+    - Quite a few small changes.
+    - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
+
+09-Jul-97
+    - Added 2 new values to the SSL info callback.
+      SSL_CB_START which is passed when the SSL protocol is started
+      and SSL_CB_DONE when it has finished sucsessfully.
+
+08-Jul-97
+    - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
+      that related to DSA public/private keys.
+    - Added all the relevent PEM and normal IO functions to support
+      reading and writing RSAPublic keys.
+    - Changed makefiles to use ${AR} instead of 'ar r'
+
+07-Jul-97
+    - Error in ERR_remove_state() that would leave a dangling reference
+      to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
+    - s_client now prints the X509_NAMEs passed from the server
+      when requesting a client cert.
+    - Added a ssl->type, which is one of SSL_ST_CONNECT or
+      SSL_ST_ACCEPT.  I had to add it so I could tell if I was
+      a connect or an accept after the handshake had finished.
+    - SSL_get_client_CA_list(SSL *s) now returns the CA names
+      passed by the server if called by a client side SSL.
+
+05-Jul-97
+    - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
+      0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
+
+04-Jul-97
+    - Fixed some things in X509_NAME_add_entry(), thanks to
+      Matthew Donald <matthew@world.net>.
+    - I had a look at the cipher section and though that it was a
+      bit confused, so I've changed it.
+    - I was not setting up the RC4-64-MD5 cipher correctly.  It is
+      a MS special that appears in exported MS Money.
+    - Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
+      spec.  I was missing the two byte length header for the
+      ClientDiffieHellmanPublic value.  This is a packet sent from
+      the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+      option will enable SSLeay server side SSLv3 accept either
+      the correct or my 080 packet format.
+    - Fixed a few typos in crypto/pem.org.
+
+02-Jul-97
+    - Alias mapping for EVP_get_(digest|cipher)byname is now
+      performed before a lookup for actual cipher.  This means
+      that an alias can be used to 're-direct' a cipher or a
+      digest.
+    - ASN1_read_bio() had a bug that only showed up when using a
+      memory BIO.  When EOF is reached in the memory BIO, it is
+      reported as a -1 with BIO_should_retry() set to true.
+
+01-Jul-97
+    - Fixed an error in X509_verify_cert() caused by my
+      miss-understanding how 'do { contine } while(0);' works.
+      Thanks to Emil Sit <sit@mit.edu> for educating me :-)
+
+30-Jun-97
+    - Base64 decoding error.  If the last data line did not end with
+      a '=', sometimes extra data would be returned.
+    - Another 'cut and paste' bug in x509.c related to setting up the
+      STDout BIO.
+
+27-Jun-97
+    - apps/ciphers.c was not printing due to an editing error.
+    - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
+      a library build error in util/mk1mf.pl
+
+26-Jun-97
+    - Still did not have the auto 'experimental' code removal
+      script correct.
+    - A few header tweaks for Watcom 11.0 under Win32 from
+      Rolf Lindemann <Lindemann@maz-hh.de>
+    - 0 length OCTET_STRING bug in asn1_parse
+    - A minor fix with an non-existent function in the MS .def files.
+    - A few changes to the PKCS7 stuff.
+
+25-Jun-97
+    SSLeay 0.8.0 finally it gets released.
+
+24-Jun-97
+    Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
+    use a temporary RSA key.  This is experimental and needs some more work.
+    Fixed a few Win16 build problems.
+
+23-Jun-97
+    SSLv3 bug. I was not doing the 'lookup' of the CERT structure
+    correctly. I was taking the SSL->ctx->default_cert when I should
+    have been using SSL->cert. The bug was in ssl/s3_srvr.c
+
+20-Jun-97
+    X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
+    rest of the library. Even though I had the code required to do
+    it correctly, apps/req.c was doing the wrong thing.  I have fixed
+    and tested everything.
+
+    Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
+
+19-Jun-97
+    Fixed a bug in the SSLv2 server side first packet handling. When
+    using the non-blocking test BIO, the ssl->s2->first_packet flag
+    was being reset when a would-block failure occurred when reading
+    the first 5 bytes of the first packet. This caused the checking
+    logic to run at the wrong time and cause an error.
+
+    Fixed a problem with specifying cipher. If RC4-MD5 were used,
+    only the SSLv3 version would be picked up.  Now this will pick
+    up both SSLv2 and SSLv3 versions. This required changing the
+    SSL_CIPHER->mask values so that they only mask the ciphers,
+    digests, authentication, export type and key-exchange algorithms.
+
+    I found that when a SSLv23 session is established, a reused
+    session, of type SSLv3 was attempting to write the SSLv2 
+    ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
+    method has been modified so it will only write out cipher which
+    that method knows about.  
+
+
+ Changes between 0.8.0 and 0.8.1
+
+  *) Mostly bug fixes. 
+     There is an Ephemeral DH cipher problem which is fixed.
+
+ SSLeay 0.8.0
+
+This version of SSLeay has quite a lot of things different from the
+previous version.
+
+Basically check all callback parameters, I will be producing documentation
+about how to use things in th future.  Currently I'm just getting 080 out
+the door.  Please not that there are several ways to do everything, and
+most of the applications in the apps directory are hybrids, some using old
+methods and some using new methods.
+
+Have a look in demos/bio for some very simple programs and
+apps/s_client.c and apps/s_server.c for some more advanced versions.
+Notes are definitly needed but they are a week or so away.
+
+Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
+---
+Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
+get those people that want to move to using the new code base off to
+a quick start.
+
+Note that Eric has tidied up a lot of the areas of the API that were
+less than desirable and renamed quite a few things (as he had to break
+the API in lots of places anyrate). There are a whole pile of additional
+functions for making dealing with (and creating) certificates a lot
+cleaner.
+
+01-Jul-97
+Tim Hudson
+tjh@cryptsoft.com
+
+---8<---
+
+To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
+use something like the following (assuming you #include "crypto.h" which
+is something that you really should be doing).
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+#define SSLEAY8
+#endif
+
+buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
+            too if you are working with BIO internal stuff (as distinct
+        from simply using the interface in an opaque manner)
+
+#include "bio.h"    - required along with "buffer.h" if you write
+              your own BIO routines as the buffer and bio
+              stuff that was intermixed has been separated
+              out 
+            
+envelope.h -> evp.h  (which should have been done ages ago)
+
+Initialisation ... don't forget these or you end up with code that
+is missing the bits required to do useful things (like ciphers):
+
+SSLeay_add_ssl_algorithms()
+(probably also want SSL_load_error_strings() too but you should have
+ already had that call in place)
+
+SSL_CTX_new()   - requires an extra method parameter
+              SSL_CTX_new(SSLv23_method()) 
+              SSL_CTX_new(SSLv2_method()) 
+              SSL_CTX_new(SSLv3_method()) 
+
+          OR to only have the server or the client code
+              SSL_CTX_new(SSLv23_server_method()) 
+              SSL_CTX_new(SSLv2_server_method()) 
+              SSL_CTX_new(SSLv3_server_method()) 
+          or  
+              SSL_CTX_new(SSLv23_client_method()) 
+              SSL_CTX_new(SSLv2_client_method()) 
+              SSL_CTX_new(SSLv3_client_method()) 
+
+SSL_set_default_verify_paths() ... renamed to the more appropriate
+SSL_CTX_set_default_verify_paths()
+
+If you want to use client certificates then you have to add in a bit
+of extra stuff in that a SSLv3 server sends a list of those CAs that
+it will accept certificates from ... so you have to provide a list to
+SSLeay otherwise certain browsers will not send client certs.
+
+SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+
+X509_NAME_oneline(X)    -> X509_NAME_oneline(X,NULL,0)  
+               or provide a buffer and size to copy the
+               result into
+
+X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
+          notes on X509_NAME structure changes too)
+
+
+VERIFICATION CODE
+=================
+
+The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
+more accurately reflect things.
+
+The verification callback args are now packaged differently so that
+extra fields for verification can be added easily in future without
+having to break things by adding extra parameters each release :-)
+
+X509_cert_verify_error_string -> X509_verify_cert_error_string
+
+
+BIO INTERNALS
+=============
+
+Eric has fixed things so that extra flags can be introduced in
+the BIO layer in future without having to play with all the BIO
+modules by adding in some macros.
+
+The ugly stuff using 
+    b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
+becomes
+    BIO_clear_retry_flags(b)
+
+    b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
+becomes
+    BIO_set_retry_read(b)
+
+Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
+
+
+
+OTHER THINGS
+============
+
+X509_NAME has been altered so that it isn't just a STACK ... the STACK
+is now in the "entries" field ... and there are a pile of nice functions
+for getting at the details in a much cleaner manner.
+
+SSL_CTX has been altered ... "cert" is no longer a direct member of this
+structure ... things are now down under "cert_store" (see x509_vfy.h) and
+things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
+If your code "knows" about this level of detail then it will need some 
+surgery.
+
+If you depending on the incorrect spelling of a number of the error codes
+then you will have to change your code as these have been fixed.
+
+ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
+has been all along so this makes things clearer.
+ify_cert_error_string(ctx->error));
+
+SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
+            and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
+
+
+
+ Changes between 0.7.x and 0.8.0
+  
+  *) There have been lots of changes, mostly the addition of SSLv3.
+     There have been many additions from people and amongst
+     others, C2Net has assisted greatly.
+ 
+ Changes between 0.7.x and 0.7.x
+
+  *) Internal development version only
+
+SSLeay 0.6.6 13-Jan-1997
+
+The main additions are
+
+- assember for x86 DES improvments.
+  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
+  loop and the IP/FP modifications are from
+  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
+  contribution.
+- The 'DES macros' introduced in 0.6.5 now have 3 types.
+  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
+  is best and there is a summery of mine in crypto/des/options.txt
+- A few bug fixes.
+- Added blowfish.  It is not used by SSL but all the other stuff that
+  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
+  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
+  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
+  the 'Configure' script.
+- There is now a 'get client certificate' callback which can be
+  'non-blocking'.  If more details are required, let me know.  It will
+  documented more in SSLv3 when I finish it.
+- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
+  now tests the ca program.
+- Lots of little things modified and tweaked.
+
+ SSLeay 0.6.5
 
 After quite some time (3 months), the new release.  I have been very busy
 for the last few months and so this is mostly bug fixes and improvments.
@@ -57,7 +582,7 @@ The main changes in this release
 - 'ssleay ciphers' added, lists the default cipher list for SSLeay.
 - RC2 key setup is now compatable with Netscape.
 - Modifed server side of SSL implementation, big performance difference when
-	  using session-id reuse.
+      using session-id reuse.
 
 0.6.3
 
@@ -186,16 +711,16 @@ The wrappers are easy to write
 
 function_fp(fp,x)
 FILE *fp;
-	{
-	BIO *b;
-	int ret;
+    {
+    BIO *b;
+    int ret;
 
-	if ((b=BIO_new(BIO_s_file())) == NULL) error.....
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=function_bio(b,x);
-	BIO_free(b);
-	return(ret);
-	}
+    if ((b=BIO_new(BIO_s_file())) == NULL) error.....
+    BIO_set_fp(b,fp,BIO_NOCLOSE);
+    ret=function_bio(b,x);
+    BIO_free(b);
+    return(ret);
+    }
 Remember, there are no functions that take FILE * in SSLeay when
 compiled for Windows 3.1 DLL's.
 
@@ -236,8 +761,8 @@ The list of things to read and do
 
 dgst -d
 s_client -state (this uses a callback placed in the SSL state loop and
-		will be used else-where to help debug/monitor what
-		is happening.)
+        will be used else-where to help debug/monitor what
+        is happening.)
 
 doc/why.doc
 doc/bio.doc <- hmmm, needs lots of work.

COPYRIGHT

@@ -1,64 +0,0 @@
-Copyright (C) 1997 Eric Young (eay@cryptsoft.com)
-All rights reserved.
-
-This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
-The implementation was written so as to conform with Netscapes SSL.
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution, be it the RC4, RSA,
-lhash, DES, etc., code; not just the SSL code.  The SSL documentation
-included with this distribution is covered by the same copyright terms
-except that the holder is Tim Hudson (tjh@cryptsoft.com).
-
-Please note that MD2, MD5 and IDEA are publically available standards
-that contain sample implementations, I have re-coded them in my own
-way but there is nothing special about those implementations.  The DES
-library is another mater :-).
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-If this package is used in a product, Eric Young should be given attribution
-as the author of the parts of the library used.
-This can be in the form of a textual message at program startup or
-in documentation (online or textual) provided with the package.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   "This product includes cryptographic software written by
-    Eric Young (eay@cryptsoft.com)"
-   The word 'cryptographic' can be left out if the rouines from the library
-   being used are not cryptographic related :-).
-4. If you include any Windows specific code (or a derivative thereof) from 
-   the apps directory (application code) you must include an acknowledgement:
-   "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The licence and distribution terms for any publically available version or
-derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distribution licence
-[including the GNU Public Licence.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.

HISTORY

@@ -1,126 +0,0 @@
-SSLeay 0.8.1 released.
-
-19-Jul-97
-	- Server side initated dynamic renegotiation is broken.  I will fix
-	  it when I get back from holidays.
-
-15-Jul-97
-	- Quite a few small changes.
-	- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
-
-09-Jul-97
-	- Added 2 new values to the SSL info callback.
-	  SSL_CB_START which is passed when the SSL protocol is started
-	  and SSL_CB_DONE when it has finished sucsessfully.
-
-08-Jul-97
-	- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
-	  that related to DSA public/private keys.
-	- Added all the relevent PEM and normal IO functions to support
-	  reading and writing RSAPublic keys.
-	- Changed makefiles to use ${AR} instead of 'ar r'
-
-07-Jul-97
-	- Error in ERR_remove_state() that would leave a dangling reference
-	  to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
-	- s_client now prints the X509_NAMEs passed from the server
-	  when requesting a client cert.
-	- Added a ssl->type, which is one of SSL_ST_CONNECT or
-	  SSL_ST_ACCEPT.  I had to add it so I could tell if I was
-	  a connect or an accept after the handshake had finished.
-	- SSL_get_client_CA_list(SSL *s) now returns the CA names
-	  passed by the server if called by a client side SSL.
-
-05-Jul-97
-	- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
-	  0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
-
-04-Jul-97
-	- Fixed some things in X509_NAME_add_entry(), thanks to
-	  Matthew Donald <matthew@world.net>.
-	- I had a look at the cipher section and though that it was a
-	  bit confused, so I've changed it.
-	- I was not setting up the RC4-64-MD5 cipher correctly.  It is
-	  a MS special that appears in exported MS Money.
-	- Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
-	  spec.  I was missing the two byte length header for the
-	  ClientDiffieHellmanPublic value.  This is a packet sent from
-	  the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-	  option will enable SSLeay server side SSLv3 accept either
-	  the correct or my 080 packet format.
-	- Fixed a few typos in crypto/pem.org.
-
-02-Jul-97
-	- Alias mapping for EVP_get_(digest|cipher)byname is now
-	  performed before a lookup for actual cipher.  This means
-	  that an alias can be used to 're-direct' a cipher or a
-	  digest.
-	- ASN1_read_bio() had a bug that only showed up when using a
-	  memory BIO.  When EOF is reached in the memory BIO, it is
-	  reported as a -1 with BIO_should_retry() set to true.
-
-01-Jul-97
-	- Fixed an error in X509_verify_cert() caused by my
-	  miss-understanding how 'do { contine } while(0);' works.
-	  Thanks to Emil Sit <sit@mit.edu> for educating me :-)
-
-30-Jun-97
-	- Base64 decoding error.  If the last data line did not end with
-	  a '=', sometimes extra data would be returned.
-	- Another 'cut and paste' bug in x509.c related to setting up the
-	  STDout BIO.
-
-27-Jun-97
-	- apps/ciphers.c was not printing due to an editing error.
-	- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
-	  a library build error in util/mk1mf.pl
-
-26-Jun-97
-	- Still did not have the auto 'experimental' code removal
-	  script correct.
-	- A few header tweaks for Watcom 11.0 under Win32 from
-	  Rolf Lindemann <Lindemann@maz-hh.de>
-	- 0 length OCTET_STRING bug in asn1_parse
-	- A minor fix with an non-existent function in the MS .def files.
-	- A few changes to the PKCS7 stuff.
-
-25-Jun-97
-	SSLeay 0.8.0 finally it gets released.
-
-24-Jun-97
-	Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
-	use a temporary RSA key.  This is experimental and needs some more work.
-	Fixed a few Win16 build problems.
-
-23-Jun-97
-	SSLv3 bug. I was not doing the 'lookup' of the CERT structure
-	correctly. I was taking the SSL->ctx->default_cert when I should
-	have been using SSL->cert. The bug was in ssl/s3_srvr.c
-
-20-Jun-97
-	X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
-	rest of the library. Even though I had the code required to do
-	it correctly, apps/req.c was doing the wrong thing.  I have fixed
-	and tested everything.
-
-	Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
-
-19-Jun-97
-	Fixed a bug in the SSLv2 server side first packet handling. When
-	using the non-blocking test BIO, the ssl->s2->first_packet flag
-	was being reset when a would-block failure occurred when reading
-	the first 5 bytes of the first packet. This caused the checking
-	logic to run at the wrong time and cause an error.
-
-	Fixed a problem with specifying cipher. If RC4-MD5 were used,
-	only the SSLv3 version would be picked up.  Now this will pick
-	up both SSLv2 and SSLv3 versions. This required changing the
-	SSL_CIPHER->mask values so that they only mask the ciphers,
-	digests, authentication, export type and key-exchange algorithms.
-
-	I found that when a SSLv23 session is established, a reused
-	session, of type SSLv3 was attempting to write the SSLv2 
-	ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
-	method has been modified so it will only write out cipher which
-	that method knows about.  
-

INSTALL

@@ -1,6 +1,257 @@
-# Installation of SSLeay.
-# It depends on perl for a few bits but those steps can be skipped and
-# the top level makefile edited by hand
+
+ INSTALLATION ON THE UNIX PLATFORM
+ ---------------------------------
+
+ [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
+  and INSTALL.VMS for installing on OpenVMS systems.]
+
+ To install OpenSSL, you will need:
+
+  * Perl 5
+  * an ANSI C compiler
+  * a supported Unix operating system
+
+ Quick Start
+ -----------
+
+ If you want to just get on with it, do:
+
+  $ ./config
+  $ make
+  $ make test
+  $ make install
+
+ [If any of these steps fails, see section Installation in Detail below.]
+
+ This will build and install OpenSSL in the default location, which is (for
+ historical reasons) /usr/local/ssl. If you want to install it anywhere else,
+ run config like this:
+
+  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
+
+
+ Configuration Options
+ ---------------------
+
+ There are several options to ./config to customize the build:
+
+  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
+	        Configuration files used by OpenSSL will be in DIR/ssl
+                or the directory specified by --openssldir.
+
+  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+                the library files and binaries are also installed there.
+
+  rsaref        Build with RSADSI's RSAREF toolkit (this assumes that
+                librsaref.a is in the library search path).
+
+  no-threads    Don't try to build with support for multi-threaded
+                applications.
+
+  threads       Build with support for multi-threaded applications.
+                This will usually require additional system-dependent options!
+                See "Note on multi-threading" below.
+
+  no-asm        Do not use assembler code.
+
+  386           Use the 80386 instruction set only (the default x86 code is
+                more efficient, but requires at least a 486).
+
+  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
+                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
+                The crypto/<cipher> directory can be removed after running
+                "make depend".
+
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
+                be passed through to the compiler to allow you to
+                define preprocessor symbols, specify additional libraries,
+                library directories or other compiler options.
+
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+       $ ./config [options]
+
+     This guesses at your operating system (and compiler, if necessary) and
+     configures OpenSSL based on this guess. Run ./config -t to see
+     if it guessed correctly. If it did not get it correct or you want to
+     use a different compiler then go to step 1b. Otherwise go to step 2.
+
+     On some systems, you can include debugging information as follows:
+
+       $ ./config -d [options]
+
+ 1b. Configure OpenSSL for your operating system manually
+
+     OpenSSL knows about a range of different operating system, hardware and
+     compiler combinations. To see the ones it knows about, run
+
+       $ ./Configure
+
+     Pick a suitable name from the list that matches your system. For most
+     operating systems there is a choice between using "cc" or "gcc".  When
+     you have identified your system (and if necessary compiler) use this name
+     as the argument to ./Configure. For example, a "linux-elf" user would
+     run:
+
+       $ ./Configure linux-elf [options]
+
+     If your system is not available, you will have to edit the Configure
+     program and add the correct configuration for your system. The
+     generic configurations "cc" or "gcc" should usually work.
+
+     Configure creates the file Makefile.ssl from Makefile.org and
+     defines various macros in crypto/opensslconf.h (generated from
+     crypto/opensslconf.h.in).
+
+  2. Build OpenSSL by running:
+
+       $ make
+
+     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
+     OpenSSL binary ("openssl"). The libraries will be built in the top-level
+     directory, and the binary will be in the "apps" directory.
+
+     If "make" fails, please report the problem to <openssl-bugs@openssl.org>.
+     Include the output of "./config -t" and the OpenSSL version
+     number in your message.
+
+     [If you encounter assembler error messages, try the "no-asm"
+     configuration option as an immediate fix.  Note that on Solaris x86
+     (not on Sparcs!) you may have to install the GNU assembler to use
+     OpenSSL assembler code -- /usr/ccs/bin/as won't do.]
+
+  3. After a successful build, the libraries should be tested. Run:
+
+       $ make test
+
+    If a test fails, try removing any compiler optimization flags from
+    the CFLAGS line in Makefile.ssl and run "make clean; make". Please
+    send a bug report to <openssl-bugs@openssl.org>, including the
+    output of "openssl version -a" and of the failed test.
+
+  4. If everything tests ok, install OpenSSL with
+
+       $ make install
+
+     This will create the installation directory (if it does not exist) and
+     then the following subdirectories:
+
+       certs           Initially empty, this is the default location
+                       for certificate files.
+       misc            Various scripts.
+       private         Initially empty, this is the default location
+                       for private key files.
+
+     If you didn't chose a different installation prefix, the
+     following additional subdirectories will be created:
+
+       bin             Contains the openssl binary and a few other 
+                       utility programs. 
+       include/openssl Contains the header files needed if you want to
+                       compile programs with libcrypto or libssl.
+       lib             Contains the OpenSSL library files themselves.
+
+     Package builders who want to configure the library for standard
+     locations, but have the package installed somewhere else so that
+     it can easily be packaged, can use
+
+       $ make INSTALL_PREFIX=/tmp/package-root install
+
+     (or specify "--install_prefix=/tmp/package-root" as a configure
+     option).  The specified prefix will be prepended to all
+     installation target filenames.
+
+
+  NOTE: The header files used to reside directly in the include
+  directory, but have now been moved to include/openssl so that
+  OpenSSL can co-exist with other libraries which use some of the
+  same filenames.  This means that applications that use OpenSSL
+  should now use C preprocessor directives of the form
+
+       #include <openssl/ssl.h>
+
+  instead of "#include <ssl.h>", which was used with library versions
+  up to OpenSSL 0.9.2b.
+
+  If you install a new version of OpenSSL over an old library version,
+  you should delete the old header files in the include directory.
+
+  Compatibility issues:
+
+  *  COMPILING existing applications
+
+     To compile an application that uses old filenames -- e.g.
+     "#include <ssl.h>" --, it will usually be enough to find
+     the CFLAGS definition in the application's Makefile and
+     add a C option such as
+
+          -I/usr/local/ssl/include/openssl
+
+     to it.
+
+     But don't delete the existing -I option that points to
+     the ..../include directory!  Otherwise, OpenSSL header files
+     could not #include each other.
+
+  *  WRITING applications
+
+     To write an application that is able to handle both the new
+     and the old directory layout, so that it can still be compiled
+     with library versions up to OpenSSL 0.9.2b without bothering
+     the user, you can proceed as follows:
+
+     -  Always use the new filename of OpenSSL header files,
+        e.g. #include <openssl/ssl.h>.
+
+     -  Create a directory "incl" that contains only a symbolic
+        link named "openssl", which points to the "include" directory
+        of OpenSSL.
+        For example, your application's Makefile might contain the
+        following rule, if OPENSSLDIR is a pathname (absolute or
+        relative) of the directory where OpenSSL resides:
+
+        incl/openssl:
+        	-mkdir incl
+        	cd $(OPENSSLDIR) # Check whether the directory really exists
+        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
+
+        You will have to add "incl/openssl" to the dependencies
+        of those C files that include some OpenSSL header file.
+
+     -  Add "-Iincl" to your CFLAGS.
+
+     With these additions, the OpenSSL header files will be available
+     under both name variants if an old library version is used:
+     Your application can reach them under names like <openssl/foo.h>,
+     while the header files still are able to #include each other
+     with names of the form <foo.h>.
+
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications.  On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.)  The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
+
+
+--------------------------------------------------------------------------------
+The orignal Unix build instructions from SSLeay follow. 
+Note: some of this may be out of date and no longer applicable
+--------------------------------------------------------------------------------
 
 # When bringing the SSLeay distribution back from the evil intel world
 # of Windows NT, do the following to make it nice again under unix :-)
@@ -38,7 +289,7 @@ make -f Makefile.ssl links
 Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
 crypto/des/des.h	DES_LONG
 crypto/des/des_locl.h	DES_PTR
-crypto/md/md2.h		MD2_INT
+crypto/md2/md2.h	MD2_INT
 crypto/rc4/rc4.h	RC4_INT
 crypto/rc4/rc4_enc.c	RC4_INDEX
 crypto/rc2/rc2.h	RC2_INT
@@ -126,3 +377,8 @@ The examples for solaris and windows NT/95 are in the mt directory.
 have fun
 
 eric 25-Jun-1997
+
+IRIX 5.x will build as a 32 bit system with mips1 assember.
+IRIX 6.x will build as a 64 bit system with mips3 assember.  It conforms
+to n32 standards. In theory you can compile the 64 bit assember under
+IRIX 5.x but you will have to have the correct system software installed.

INSTALL.VMS

@@ -0,0 +1,245 @@
+			VMS Installation instructions
+			written by Richard Levitte
+			<richard@levitte.org>
+
+
+Intro:
+======
+
+This file is divided in the following parts:
+
+  Compilation			- Mandatory reading.
+  Test				- Mandatory reading.
+  Installation			- Mandatory reading.
+  Backward portability		- Read if it's an issue.
+  Possible bugs or quirks	- A few warnings on things that
+				  may go wrong or may surprise you.
+  Report			- How to get in touch with me.
+
+Compilation:
+============
+
+I've used the very good command procedures written by Robert Byer
+<byer@mail.all-net.net>, and just slightly modified them, making
+them slightly more general and easier to maintain.
+
+You can actually compile in almost any directory separately.  Look
+for a command procedure name xxx-LIB.COM (in the library directories)
+or MAKExxx.COM (in the program directories) and read the comments at
+the top to understand how to use them.  However, if you want to
+compile all you can get, the simplest is to use MAKEVMS.COM in the top
+directory.  The syntax is trhe following:
+
+  @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
+
+<option> must be one of the following:
+
+      ALL       Just build "everything".
+      DATE      Just build the "[.INCLUDE]DATE.H" file.
+      SOFTLINKS Just copies some files, to simulate Unix soft links.
+      RSAREF    Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
+      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
+      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
+      SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
+      TEST      Just build the "test" programs for OpenSSL.
+      APPS      Just build the "application" programs for OpenSSL.
+
+<rsaref-p> must be one of the following:
+
+      RSAREF    compile using the RSAREF Library
+      NORSAREF  compile without using RSAREF
+
+Note: The RSAREF libraries are NOT INCLUDED and you have to
+      download it from "ftp://ftp.rsa.com/rsaref".  You have to
+      get the ".tar-Z" file as the ".zip" file dosen't have the
+      directory structure stored.  You have to extract the file
+      into the [.RSAREF] directory as that is where the scripts
+      will look for the files.
+
+Note 2: I have never done this, so I've no idea if it works or not.
+
+<debug-p> must be one of the following:
+
+      DEBUG     compile with debugging info (will not optimize)
+      NODEBUG   compile without debugging info (will optimize)
+
+<compiler> must be one of the following:
+
+      VAXC      For VAX C.
+      DECC      For DEC C.
+      GNUC      For GNU C.
+
+
+You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
+where xxx is VAX or AXP.  You will find the SSL library in [.xxx.EXE.SSL],
+named LIBSSL.OLB, and you will find a bunch of useful programs in
+[.xxx.EXE.APPS].  However, these shouldn't be used right off unless it's
+just to test them.  For production use, make sure you install first, see
+Installation below.
+
+Note: Some programs in this package require a TCP/IP library.
+
+Note 2: if you want to compile the crypto library only, please make sure
+        you have at least done a @MAKEVMS DATE and a @MAKEVMS SOFTLINKS.
+        A lot of things will break if you don't.
+
+Note 3: Alpha users will get a number of informational messages when
+        compiling the [.asm]vms.mar file in the BN (bignum) part of
+        the crypto library.  These can be safely ignored.
+
+Test:
+=====
+
+Testing is very simple, just do the following:
+
+  @[.TEST]TESTS
+
+If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
+it's an ugly hack!) and rebuild. Please send a bug report to
+<openssl-bugs@openssl.org>, including the output of "openssl version -a"
+and of the failed test.
+
+Installation:
+=============
+
+Installation is easy, just do the following:
+
+  @INSTALL <root>
+
+<root> is the directory in which everything will be installed,
+subdirectories, libraries, header files, programs and startup command
+procedures.
+
+N.B.: INSTALL.COM builds a new directory structure, different from
+the directory tree where you have now build OpenSSL.
+
+In the [.VMS] subdirectory of the installation, you will find the
+following command procedures:
+
+  OPENSSL_STARTUP.COM
+
+        defines all needed logical names.  Takes one argument that
+        tells it in what logical name table to insert the logical
+        names.  If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
+        call should look like this: 
+
+          @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
+
+  OPENSSL_UTILS.COM
+
+        sets up the symbols to the applications.  Should be called
+        from for example SYS$MANAGER:SYLOGIN.COM 
+
+The logical names that are set up are the following:
+
+  SSLROOT       a dotted concealed logical name pointing at the
+                root directory.
+
+  SSLCERTS      Initially an empty directory, this is the default
+		location for certificate files.
+  SSLMISC	Various scripts.
+  SSLPRIVATE	Initially an empty directory, this is the default
+		location for private key files.
+
+  SSLEXE        Contains the openssl binary and a few other utility
+		programs.
+  SSLINCLUDE    Contains the header files needed if you want to
+		compile programs with libcrypto or libssl.
+  SSLLIB        Contains the OpenSSL library files (LIBCRYPTO.OLB
+		and LIBSSL.OLB) themselves.
+
+  OPENSSL	Same as SSLINCLUDE.  This is because the standard
+		way to include OpenSSL header files from version
+		0.9.3 and on is:
+
+			#include <openssl/header.h>
+
+		For more info on this issue, see the INSTALL. file
+		(the NOTE in section 4 of "Installation in Detail").
+		You don't need to "deleting old header files"!!!
+
+Backward portability:
+=====================
+
+One great problem when you build a library is making sure it will work
+on as many versions of VMS as possible.  Especially, code compiled on
+OpenVMS version 7.x and above tend to be unusable in version 6.x or
+lower, because some C library routines have changed names internally
+(the C programmer won't usually see it, because the old name is
+maintained through C macros).  One obvious solution is to make sure
+you have a development machine with an old enough version of OpenVMS.
+However, if you are stuck with a bunch of Alphas running OpenVMS version
+7.1, you seem to be out of luck.  Fortunately, the DEC C header files
+are cluttered with conditionals that make some declarations and definitions
+dependent on the OpenVMS version or the C library version, *and* you
+can use those macros to simulate older OpenVMS or C library versions,
+by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
+correct values.  In the compilation scripts, I've provided the possibility
+for the user to influense the creation of such macros, through a bunch of
+symbols, all having names starting with USER_.  Here's the list of them:
+
+  USER_CCFLAGS		 - Used to give additional qualifiers to the
+			   compiler.  It can't be used to define macros
+			   since the scripts will do such things as well.
+			   To do such things, use USER_CCDEFS.
+  USER_CCDEFS		 - Used to define macros on the command line.  The
+			   value of this symbol will be inserted inside a
+			   /DEFINE=(...).
+  USER_CCDISABLEWARNINGS - Used to disable some warnings.  The value is
+			   inserted inside a /DISABLE=WARNING=(...).
+
+So, to maintain backward compatibility with older VMS versions, do the
+following before you start compiling:
+
+  $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
+  $ USER_CCDISABLEWARNINGS := PREOPTW
+
+The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
+that those macros have been changed.
+
+Note: Currently, this is only usefull for library compilation.  The
+      programs will still be linked with the current version of the
+      C library shareable image, and will thus complain if they are
+      faced with an older version of the same C library shareable image.
+      This will probably be fixed in a future revision of OpenSSL.
+
+
+Possible bugs or quirks:
+========================
+
+I'm not perfectly sure all the programs will use the SSLCERTS:
+directory by default, it may very well be that you have to give them
+extra arguments.  Please experiment.
+
+
+Report:
+=======
+
+I maintain a few mailinglists for bug reports and such on software that
+I develop/port/enhance/destroy.  Please look at http://www.free.lp.se/
+for further info.
+
+
+-- 
+Richard Levitte <richard@levitte.org>
+1999-03-09
+
+
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users@openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard@levitte.org>
+1999-05-24

INSTALL.W32

@@ -1,3 +1,148 @@
+ 
+ INSTALLATION ON THE WIN32 PLATFORM
+ ----------------------------------
+
+ Heres a few comments about building OpenSSL in Windows environments. Most of
+ this is tested on Win32 but it may also work in Win 3.1 with some
+ modification.  See the end of this file for Eric's original comments.
+
+ You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
+ and one of the following C compilers:
+
+  * Visual C++
+  * Borland C
+  * GNU C (Mingw32 or Cygwin32)
+
+ If you are compiling from a tarball or a CVS snapshot then the Win32 files
+ may well be not up to date. This may mean that some "tweaking" is required to
+ get it all to work. See the trouble shooting section later on for if (when?)
+ it goes wrong.
+
+ Visual C++
+ ----------
+
+ Firstly you should run Configure and build the Win32 Makefiles:
+
+ > perl Configure VC-WIN32
+ > ms\do_ms
+
+ If you get errors about things not having numbers assigned then check the
+ troubleshooting section: you probably wont be able to compile it as it
+ stands.
+
+ Then from the VC++ environment at a prompt do:
+
+ > nmake -f ms\ntdll.mak
+
+ If all is well it should compile and you will have some DLLs and executables
+ in out32dll. If you want to try the tests then do:
+ 
+ > cd out32dll
+ > ..\ms\test
+
+ Tweaks:
+
+ There are various changes you can make to the Win32 compile environment. If
+ you have the MASM assembler 'ml' then you can try the assembly language code.
+ To do this remove the 'no-asm' part from do_ms.bat. You can also add 'debug'
+ here to make a debugging version of the library.
+
+ The default Win32 environment is to leave out any Windows NT specific
+ features.
+
+ If you want to enable the NT specific features of OpenSSL (currently only the
+ logging BIO) follow the instructions above but call the batch file do_nt.bat
+ instead of do_ms.bat.
+
+ You can also build a static version of the library using the Makefile
+ ms\nt.mak
+
+ Borland C++ builder 3 and 4
+ ---------------------------
+
+ * Setup PATH. First must be GNU make then bcb4/bin 
+
+ * Run ms\bcb4.bat
+
+ * Run make:
+   > make -f bcb.mak
+
+ GNU C (Mingw32)
+ ---------------
+
+ To build OpenSSL, you need the Mingw32 package and GNU make.
+
+ * Compiler installation:
+
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
+   mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
+   <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
+   make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
+   C:\egcs-1.1.2\mingw32.bat to set the PATH.
+
+ * Compile OpenSSL:
+
+   > perl Configure Mingw32
+   > ms\mw.bat
+
+   This will create the library and binaries in out.
+
+   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
+   link with libeay32.a and libssl32.a instead.
+
+   See troubleshooting if you get error messages about functions not having
+   a number assigned.
+
+ * You can now try the tests:
+
+   > cd out
+   > ..\ms\test
+
+ Troubleshooting
+ ---------------
+
+ Since the Win32 build is only occasionally tested it may not always compile
+ cleanly.  If you get an error about functions not having numbers assigned
+ when you run ms\do_ms then this means the Win32 ordinal files are not up to
+ date. You can do:
+
+ > perl util\mkdef.pl crypto ssl update
+
+ then ms\do_ms should not give a warning any more. However the numbers that
+ get assigned by this technique may not match those that eventually get
+ assigned in the CVS tree: so anything linked against this version of the
+ library may need to be recompiled.
+
+ If you get errors about unresolved externals then this means that either you
+ didn't read the note above about functions not having numbers assigned or
+ someone forgot to add a function to the header file.
+
+ In this latter case check out the header file to see if the function is
+ defined in the header file.
+
+ If you get warnings in the code then the compilation will halt.
+
+ The default Makefile for Win32 halts whenever any warnings occur. Since VC++
+ has its own ideas about warnings which don't always match up to other
+ environments this can happen. The best fix is to edit the file with the
+ warning in and fix it. Alternatively you can turn off the halt on warnings by
+ editing the CFLAG line in the Makefile and deleting the /WX option.
+
+ You might get compilation errors. Again you will have to fix these or report
+ them.
+
+ One final comment about compiling applications linked to the OpenSSL library.
+ If you don't use the multithreaded DLL runtime library (/MD option) your
+ program will almost certainly crash: see the original SSLeay description
+ below for more details.
+
+--------------------------------------------------------------------------------
+The orignal Windows build instructions from SSLeay follow. 
+Note: some of this may be out of date and no longer applicable. In particular
+the Crypto_malloc_init() comment appears to be wrong: you always need to use
+the same runtime library as the DLL itself.
+--------------------------------------------------------------------------------
+
 The Microsoft World.
 
 The good news, to build SSLeay for the Microsft World

LICENSE

@@ -0,0 +1,127 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts. Actually both licenses are BSD-style
+  Open Source licenses. In case of any license issues related to OpenSSL
+  please contact openssl-core@openssl.org.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+

MINFO

@@ -1,831 +0,0 @@
-RELATIVE_DIRECTORY=.
-AR=ar r
-BASENAME=SSLeay
-BF_ENC=bf_enc.o
-BN_MULW=bn_mulw.o
-CC=cc
-CFLAG=-O -DNOPROTO
-DES_ENC=des_enc.o fcrypt_b.o
-DIRS=crypto ssl rsaref apps test tools
-EDIRS=times doc bugs util include certs ms shlib mt demos
-EX_HEADER=
-EX_LIBS=
-GENERAL=Makefile
-HEADER=e_os.h
-INSTALLTOP=/usr/local/ssl
-LIBS=libcrypto.a libssl.a
-MAKE=make -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-MAN1=1
-MAN3=3
-MISC=COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile README TODO HISTORY README.066 README.080 VERSION PROBLEMS MINFO makefile.one e_os.h MICROSOFT makevms.com
-NAME=SSLeay-0.8.1
-ONEDIRS=out tmp
-PEX_LIBS=-L. -L.. -L../.. -L../../..
-SDIRS=md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh buffer bio stack lhash rand err objects evp pem asn1 x509 conf txt_db pkcs7
-SHELL=/bin/sh
-TARFILE=SSLeay-0.8.1.tar
-TOP=.
-VERSION=0.8.1
-WDIRS=windows
-WTARFILE=SSLeay-0.8.1-win.tar
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto
-ALL=Makefile README cryptlib.c mem.c cversion.c cryptlib.h date.h crypto.h cryptall.h
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I. -I../include -g -DCFLAGS=" \"cc -g\" "
-DIR=crypto
-EXHEADER=crypto.h cryptall.h
-EX_LIBS=
-GENERAL=Makefile README
-HEADER=cryptlib.h date.h crypto.h cryptall.h
-INCLUDE=-I. -I../include
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../libcrypto.a
-LIBOBJ=cryptlib.o mem.o cversion.o
-LIBS=
-LIBSRC=cryptlib.c mem.c cversion.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-PEX_LIBS=
-RM=/bin/rm -f
-SDIRS=md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh buffer bio stack lhash rand err objects evp pem x509 asn1 conf txt_db pkcs7
-SRC=cryptlib.c mem.c cversion.c
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/md
-ALL=Makefile md2_dgst.c md5_dgst.c md2_one.c md5_one.c md5_locl.h md2.h md5.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=md
-EXHEADER=md2.h md5.h
-GENERAL=Makefile
-HEADER=md5_locl.h md2.h md5.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=md2_dgst.o md5_dgst.o md2_one.o md5_one.o
-LIBSRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c
-TEST=md2test.c md5test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/sha
-ALL=Makefile sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha_locl.h sha.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=sha
-EXHEADER=sha.h
-GENERAL=Makefile
-HEADER=sha_locl.h sha.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o
-LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
-TEST=shatest.c sha1test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/mdc2
-ALL=Makefile mdc2dgst.c mdc2_one.c mdc2.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=mdc2
-EXHEADER=mdc2.h
-GENERAL=Makefile
-HEADER=mdc2.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=mdc2dgst.o mdc2_one.o
-LIBSRC=mdc2dgst.c mdc2_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=mdc2dgst.c mdc2_one.c
-TEST=mdc2test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/des
-ALL=Makefile des.org des_locl.org cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DES_ENC=des_enc.o fcrypt_b.o
-DIR=des
-EXHEADER=des.h
-GENERAL=Makefile des.org des_locl.org
-HEADER=des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=set_key.o ecb_enc.o ede_enc.o cbc_enc.o cbc3_enc.o ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o enc_read.o enc_writ.o ncbc_enc.o ofb64enc.o ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o des_enc.o fcrypt_b.o read2pwd.o fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o
-LIBSRC=cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
-TEST=destest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rc4
-ALL=Makefile rc4_enc.c rc4.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=rc4
-EXHEADER=rc4.h
-GENERAL=Makefile
-HEADER=rc4.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rc4_enc.o
-LIBSRC=rc4_enc.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rc4_enc.c
-TEST=rc4test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rc2
-ALL=Makefile rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c rc2_locl.h rc2.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=rc2
-EXHEADER=rc2.h
-GENERAL=Makefile
-HEADER=rc2_locl.h rc2.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
-LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
-TEST=rc2test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/idea
-ALL=Makefile i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c idea_lcl.h idea.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=idea
-EXHEADER=idea.h
-GENERAL=Makefile
-HEADER=idea_lcl.h idea.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
-LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
-TEST=ideatest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/bf
-ALL=Makefile bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c bf_pi.h bf_locl.h blowfish.h
-APPS=
-AR=ar r
-BF_ENC=bf_enc.o
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=bf
-EXHEADER=blowfish.h
-GENERAL=Makefile
-HEADER=bf_pi.h bf_locl.h blowfish.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=bf_skey.o bf_ecb.o bf_enc.o bf_cbc.o bf_cfb64.o bf_ofb64.o
-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c
-TEST=bftest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/bn
-ALL=Makefile bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_lcl.h bn_prime.h bn.h
-APPS=
-AR=ar r
-BN_MULW=bn_mulw.o
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=bn
-ERR=bn
-ERRC=bn_err
-EXHEADER=bn.h
-GENERAL=Makefile
-HEADER=bn_lcl.h bn_prime.h bn.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o bn_mulw.o bn_recp.o bn_mont.o
-LIBSRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c
-TEST=bntest.c exptest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rsa
-ALL=Makefile rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=rsa
-ERR=rsa
-ERRC=rsa_err
-EXHEADER=rsa.h
-GENERAL=Makefile
-HEADER=rsa.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rsa_enc.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o
-LIBSRC=rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/dsa
-ALL=Makefile dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c dsa.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=dsa
-ERR=dsa
-ERRC=dsa_err
-EXHEADER=dsa.h
-GENERAL=Makefile
-HEADER=dsa.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o dsa_err.o
-LIBSRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c
-TEST=dsatest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/dh
-ALL=Makefile dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=dh
-ERR=dh
-ERRC=dh_err
-EXHEADER=dh.h
-GENERAL=Makefile
-HEADER=dh.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
-LIBSRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
-TEST=dhtest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/buffer
-ALL=Makefile buffer.c buf_err.c buffer.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=buffer
-ERR=buffer
-ERRC=buf_err
-EXHEADER=buffer.h
-GENERAL=Makefile
-HEADER=buffer.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=buffer.o buf_err.o
-LIBSRC=buffer.c buf_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=buffer.c buf_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/bio
-ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bio.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=bio
-ERR=bio
-ERRC=bio_err
-EXHEADER=bio.h
-GENERAL=Makefile
-HEADER=bio.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=bio_lib.o bio_cb.o bio_err.o bss_mem.o bss_null.o bss_fd.o bss_file.o bss_sock.o bss_conn.o bf_null.o bf_buff.o b_print.o b_dump.o b_sock.o bss_acpt.o bf_nbio.o
-LIBSRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/stack
-ALL=Makefile stack.c stack.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=stack
-EXHEADER=stack.h
-GENERAL=Makefile
-HEADER=stack.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=stack.o
-LIBSRC=stack.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=stack.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/lhash
-ALL=Makefile lhash.c lh_stats.c lhash.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=lhash
-EXHEADER=lhash.h
-GENERAL=Makefile
-HEADER=lhash.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=lhash.o lh_stats.o
-LIBSRC=lhash.c lh_stats.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=lhash.c lh_stats.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rand
-ALL=Makefile md_rand.c randfile.c rand.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=rand
-EXHEADER=rand.h
-GENERAL=Makefile
-HEADER=rand.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=md_rand.o randfile.o
-LIBSRC=md_rand.c randfile.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=md_rand.c randfile.c
-TEST=randtest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/err
-ALL=Makefile err.c err_all.c err_prn.c err.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=error
-EXHEADER=err.h
-GENERAL=Makefile
-HEADER=err.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=err.o err_all.o err_prn.o
-LIBSRC=err.c err_all.c err_prn.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=err.c err_all.c err_prn.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/objects
-ALL=Makefile README obj_dat.c obj_lib.c obj_err.c objects.h obj_dat.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=objects
-ERR=objects
-ERRC=obj_err
-EXHEADER=objects.h
-GENERAL=Makefile README
-HEADER=objects.h obj_dat.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=obj_dat.o obj_lib.o obj_err.o
-LIBSRC=obj_dat.c obj_lib.c obj_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=obj_dat.c obj_lib.c obj_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/evp
-ALL=Makefile encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=evp
-ERR=evp
-ERRC=evp_err
-EXHEADER=evp.h
-GENERAL=Makefile
-HEADER=evp.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=encode.o digest.o evp_enc.o evp_key.o e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o p_open.o p_seal.o p_sign.o p_verify.o p_lib.o bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o c_all.o
-LIBSRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/pem
-ALL=Makefile pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c pem.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-CTX_SIZE=ctx_size
-DIR=pem
-ERR=pem
-ERRC=pem_err
-EXHEADER=pem.h
-GENERAL=Makefile
-HEADER=pem.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
-LIBSRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/asn1
-ALL=Makefile README a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c asn1.h asn1_mac.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=asn1
-ERR=asn1
-ERRC=asn1_err
-EXHEADER=asn1.h asn1_mac.h
-GENERAL=Makefile README
-HEADER=asn1.h asn1_mac.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_sign.o a_digest.o a_verify.o x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o t_req.o t_x509.o t_pkey.o p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o
-LIBSRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/x509
-ALL=Makefile README x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c x509.h x509_vfy.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=x509
-ERR=x509
-ERRC=x509_err
-EXHEADER=x509.h x509_vfy.h
-GENERAL=Makefile README
-HEADER=x509.h x509_vfy.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=x509_def.o x509_d2.o x509_r2x.o x509_cmp.o x509_obj.o x509_req.o x509_vfy.o x509_set.o x509rset.o x509_err.o x509name.o x509_v3.o x509_ext.o x509pack.o x509type.o x509_lu.o x_all.o x509_txt.o by_file.o by_dir.o v3_net.o v3_x509.o
-LIBSRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/conf
-ALL=Makefile conf.c conf_err.c conf_lcl.h conf.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=conf
-ERR=conf
-ERRC=conf_err
-EXHEADER=conf.h
-GENERAL=Makefile
-HEADER=conf_lcl.h conf.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=conf.o conf_err.o
-LIBSRC=conf.c conf_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=conf.c conf_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/txt_db
-ALL=Makefile txt_db.c txt_db.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=txt_db
-EXHEADER=txt_db.h
-GENERAL=Makefile
-HEADER=txt_db.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=txt_db.o
-LIBSRC=txt_db.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=txt_db.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/pkcs7
-ALL=Makefile README pk7_lib.c pkcs7err.c pk7_doit.c pkcs7.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=pkcs7
-ERR=pkcs7
-ERRC=pkcs7err
-EXHEADER=pkcs7.h
-GENERAL=Makefile README
-HEADER=pkcs7.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=pk7_lib.o pkcs7err.o pk7_doit.o
-LIBSRC=pk7_lib.c pkcs7err.c pk7_doit.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=pk7_lib.c pkcs7err.c pk7_doit.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=ssl
-ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h ssl_locl.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I../crypto -I../include -g
-DIR=ssl
-ERR=ssl
-ERRC=ssl_err
-EXHEADER=ssl.h ssl2.h ssl3.h ssl23.h
-GENERAL=Makefile README
-HEADER=ssl.h ssl2.h ssl3.h ssl23.h ssl_locl.h
-INCLUDES=-I../crypto -I../include
-INSTALLTOP=/usr/local/ssl
-LIB=../libssl.a
-LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_pkt.o s2_enc.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_pkt.o s3_enc.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o
-LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
-TEST=ssltest.c
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=rsaref
-ALL=Makefile rsaref.c rsar_err.c  rsaref.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I../crypto -I../include -g
-DIR=rsaref
-ERR=rsaref
-ERRC=rsar_err
-EXHEADER=
-GENERAL=Makefile
-HEADER= rsaref.h
-INCLUDES=-I../crypto -I../include
-INSTALLTOP=/usr/local/ssl
-LIB=../libRSAglue.a
-LIBOBJ=rsaref.o rsar_err.o
-LIBSRC=rsaref.c rsar_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rsaref.c rsar_err.c
-TEST=
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=apps
-ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c apps.h progs.h s_apps.h testdsa.h testrsa.h 
-A_OBJ=apps.o
-A_SRC=apps.c
-CC=cc
-CFLAG=-g -static
-CFLAGS=-DMONOLITH -I../include -g -static
-DIR=apps
-DLIBCRYPTO=../libcrypto.a
-DLIBSSL=../libssl.a
-EXE=ssleay
-EXHEADER=
-EX_LIBS=
-E_EXE=verify asn1pars req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers
-E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o gendsa.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o
-E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
-GENERAL=Makefile
-HEADER=apps.h progs.h s_apps.h testdsa.h testrsa.h 
-INCLUDES=-I../include
-INSTALLTOP=/usr/local/ssl
-LIBCRYPTO=-L.. -lcrypto
-LIBSSL=-L.. -lssl
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-PEX_LIBS=
-PROGS=ssleay.c
-RM=/bin/rm -f
-SCRIPTS=CA.sh der_chop
-SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
-SSLEAY=ssleay
-S_OBJ=s_cb.o s_socket.o
-S_SRC=s_cb.c s_socket.c
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=test
-ALL=Makefile.ssl bntest.c ideatest.c md2test.c md5test.c rc4test.c destest.c shatest.c sha1test.c mdc2test.c randtest.c dhtest.c rc2test.c bftest.c ssltest.c dsatest.c exptest.c 
-BFTEST=bftest
-BNTEST=bntest
-CC=cc
-CFLAG=-g
-CFLAGS=-I../include -g
-DESTEST=destest
-DHTEST=dhtest
-DIR=test
-DLIBCRYPTO=../libcrypto.a
-DLIBSSL=../libssl.a
-DSATEST=dsatest
-EXE=bntest ideatest md2test md5test rc4test destest shatest sha1test mdc2test randtest dhtest rc2test bftest ssltest exptest dsatest
-EXHEADER=
-EXPTEST=exptest
-EX_LIBS=-lnsl -lsocket
-GENERAL=Makefile.ssl
-HEADER=
-IDEATEST=ideatest
-INCLUDES=-I../include
-INSTALLTOP=/usr/local/ssl
-LIBCRYPTO=-L.. -lcrypto
-LIBSSL=-L.. -lssl
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -fMakefile.ssl
-MAKEFILE=Makefile.ssl
-MD2TEST=md2test
-MD5TEST=md5test
-MDC2TEST=mdc2test
-METHTEST=methtest
-OBJ=bntest.o ideatest.o md2test.o md5test.o rc4test.o destest.o shatest.o sha1test.o mdc2test.o randtest.o dhtest.o rc2test.o bftest.o ssltest.o dsatest.o exptest.o
-PEX_LIBS=
-RANDTEST=randtest
-RC2TEST=rc2test
-RC4TEST=rc4test
-SHA1TEST=sha1test
-SHATEST=shatest
-SRC=bntest.c ideatest.c md2test.c md5test.c rc4test.c destest.c shatest.c sha1test.c mdc2test.c randtest.c dhtest.c rc2test.c bftest.c ssltest.c dsatest.c exptest.c
-SSLTEST=ssltest
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=tools
-APPS=c_hash c_info c_issuer c_name c_rehash
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=tools
-GENERAL=Makefile.ssl
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-TEST=
-TOP=..
-RELATIVE_DIRECTORY=

Makefile.org

@@ -0,0 +1,339 @@
+##
+## Makefile for OpenSSL
+##
+
+VERSION=
+MAJOR=
+MINOR=
+PLATFORM=dist
+OPTIONS=
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# RSAref  - Define if we are to link with RSAref.
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
+# SSL_ALLOW_ADH - define if you want the server to be able to use the
+#           SSLv3 anon-DH ciphers.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+#           NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= gcc
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+DEPFLAG= 
+PEX_LIBS= -L. -L.. -L../.. -L../../..
+EX_LIBS= 
+AR=ar r
+RANLIB= ranlib
+PERL= perl
+
+# Set BN_ASM to bn_asm.o if you want to use the C version
+BN_ASM= bn_asm.o
+#BN_ASM= bn_asm.o
+#BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+#BN_ASM= asm/bn86-sol.o # solaris
+#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
+#BN_ASM= asm/bn86bsdi.o # bsdi
+#BN_ASM= asm/alpha.o    # DEC Alpha
+#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
+#BN_ASM= asm/r3000.o    # SGI MIPS cpu
+#BN_ASM= asm/sparc.o    # Sun solaris/SunOS
+#BN_ASM= asm/bn-win32.o # Windows 95/NT
+#BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
+#BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# Set DES_ENC to des_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+DES_ENC= asm/dx86-out.o asm/yx86-out.o
+#DES_ENC= des_enc.o fcrypt_b.o          # C
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
+
+# Set BF_ENC to bf_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+BF_ENC= asm/bx86-out.o
+#BF_ENC= bf_enc.o
+#BF_ENC= asm/bx86-elf.o # elf
+#BF_ENC= asm/bx86-sol.o # solaris
+#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o # bsdi
+
+# Set CAST_ENC to c_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+CAST_ENC= asm/cx86-out.o
+#CAST_ENC= c_enc.o
+#CAST_ENC= asm/cx86-elf.o # elf
+#CAST_ENC= asm/cx86-sol.o # solaris
+#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
+#CAST_ENC= asm/cx86bsdi.o # bsdi
+
+# Set RC4_ENC to rc4_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC4_ENC= asm/rx86-out.o
+#RC4_ENC= rc4_enc.o
+#RC4_ENC= asm/rx86-elf.o # elf
+#RC4_ENC= asm/rx86-sol.o # solaris
+#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
+#RC4_ENC= asm/rx86bsdi.o # bsdi
+
+# Set RC5_ENC to rc5_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC5_ENC= asm/r586-out.o
+#RC5_ENC= rc5_enc.o
+#RC5_ENC= asm/r586-elf.o # elf
+#RC5_ENC= asm/r586-sol.o # solaris
+#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
+#RC5_ENC= asm/r586bsdi.o # bsdi
+
+# Also need MD5_ASM defined
+MD5_ASM_OBJ= asm/mx86-out.o
+#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+
+# Also need SHA1_ASM defined
+SHA1_ASM_OBJ= asm/sx86-out.o
+#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+
+# Also need RMD160_ASM defined
+RMD160_ASM_OBJ= asm/rm86-out.o
+#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
+
+DIRS=   crypto ssl rsaref apps test tools
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS=  \
+	md2 md5 sha mdc2 hmac ripemd \
+	des rc2 rc4 rc5 idea bf cast \
+	bn rsa dsa dh \
+	buffer bio stack lhash rand err objects \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+
+MAKEFILE= Makefile.ssl
+MAKE=     make -f Makefile.ssl
+
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+
+TOP=    .
+ONEDIRS=out tmp
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a 
+
+GENERAL=        Makefile
+BASENAME=       openssl
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        $(NAME).tar
+WTARFILE=       $(NAME)-win.tar
+EXHEADER=       e_os.h e_os2.h
+HEADER=         e_os.h
+
+all: Makefile.ssl
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making all in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+	done;
+
+sub_all:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making all in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+	done;
+
+linux-shared:
+	for i in ${SHLIBDIRS}; do \
+	rm -f lib$$i.a lib$$i.so \
+		lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
+	${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
+	( set -x; ${CC}  -shared -o lib$$i.so.${MAJOR}.${MINOR} \
+		-Wl,-S,-soname=lib$$i.so.${MAJOR} \
+		-Wl,--whole-archive lib$$i.a \
+		-Wl,--no-whole-archive -lc ) || exit 1; \
+	rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
+	done;
+	@set -x; \
+	for i in ${SHLIBDIRS}; do \
+	ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
+	ln -s lib$$i.so.${MAJOR} lib$$i.so; \
+	done;
+
+Makefile.ssl: Makefile.org
+	@echo "Makefile.ssl is older than Makefile.org."
+	@echo "Reconfigure the source tree (via 'perl Configure' or 'sh config')"
+	@echo "and update the error lists (via 'make errors'), please."
+	@false
+
+libclean:
+	rm -f *.a */lib */*/lib
+
+clean:
+	rm -f shlib/*.o *.o core a.out fluff *.map
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making clean in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+	rm -f $(LIBS); \
+	done;
+	rm -f *.a *.o speed.* *.map *.so .pure core
+	rm -f $(TARFILE)
+	@for i in $(ONEDIRS) ;\
+	do \
+	rm -fr $$i/*; \
+	done
+
+makefile.one: files
+	$(PERL) util/mk1mf.pl >makefile.one; \
+	sh util/do_ms.sh
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making 'files' in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+	done;
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@-mkdir -p include/openssl 2>/dev/null
+	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+	@for i in $(DIRS); do \
+	(cd $$i && echo "making links in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+	done;
+
+dclean:
+	rm -f *.bak
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making dclean in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+	done;
+
+rehash:
+	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+
+test:   tests
+
+tests: rehash
+	@(cd test && echo "testing..." && \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
+	@apps/openssl version -a
+
+depend:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making dependancies $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+	done;
+
+lint:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making lint $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+	done;
+
+tags:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making tags $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+	done;
+
+errors:
+	perl util/mkerr.pl -recurse -write
+
+tar:
+	@tar --norecurse -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS | sort` |\
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - |\
+	gzip --best >../$(TARFILE).gz; \
+	ls -l ../$(TARFILE).gz
+
+dist:   
+	$(PERL) Configure dist
+	@$(MAKE) dist_pem_h
+	@$(MAKE) SDIRS='${SDIRS}' clean
+	@$(MAKE) tar
+
+dist_pem_h:
+	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+
+install: all
+	@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/bin 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/lib 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/misc 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/certs 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/private 2>/dev/null
+	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/lib 2>/dev/null
+	@for i in $(EXHEADER) ;\
+	do \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "installing $$i..."; \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+	done
+	@for i in $(LIBS) ;\
+	do \
+	(       echo installing $$i; \
+		cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+		$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+		chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+	done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.

Makefile.ssl

@@ -1,276 +0,0 @@
-#
-# Makefile for all the SSL related library routines and utilities
-VERSION	= 0.8.1a
-#
-# make install will install:
-#   libraries into $INSTALLTOP/lib
-#   headers   into $INSTALLTOP/include
-#   utilities into $INSTALLTOP/bin
-#
-# By default INSTALLTOP is set to /usr/local/ssl
-# If you want things install elsewere, consider running
-# perl util/ssldir.pl /new/path
-#
-# Interesting Mailing Lists:
-#     ssl-bugs@mincom.oz.au
-#     ssl-users@mincom.oz.au
-#
-# To join the Mailing Lists:
-#     ssl-bugs-request@mincom.oz.au
-#     ssl-users-request@mincom.oz.au
-#
-# If you must get hold of people directly (we much prefer the above
-# lists to be used if the question is of general interest!):
-#	Eric Young <eay@cryptsoft.com>
-#	Tim Hudson <tjh@cryptsoft.com>
-#	or both    <ssleay@cryptsoft.com>
-#
-# The primary distribution of SSLeay is from
-# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
-#
-# NOCONST - Define for C compilers that don't like the const key word.
-# NOPROTO - Define in if your compiler does not support prototypes.
-# RSAref  - Define if we are to link with RSAref.
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#	    system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#	    one.  32 bytes will be read from this when the random
-#	    number generator is initalised.
-# SSL_ALLOW_ADH - define if you want the server to be able to use the
-#	    SSLv3 anon-DH ciphers.
-# SSL_ALLOW_ENULL - define if you want the server to be able to use the
-#	    NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#	CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#	call application defined callbacks via CRYPTO_set_mem_functions()
-
-
-CC= cc
-CFLAG= -O -DNOPROTO
-#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
-PEX_LIBS= -L. -L.. -L../.. -L../../..
-EX_LIBS= 
-#EX_LIBS= #-lRSAglue -lrsaref -lnsl -lsocket
-AR=ar r
-
-# Set BN_MULW to bn_mulw.o if you want to use the C version
-#BN_MULW= asm/x86-lnx.o
-BN_MULW= bn_mulw.o
-#BN_MULW= asm/x86-lnx.o		# elf
-#BN_MULW= asm/x86-sol.o		# solaris
-#BN_MULW= asm/x86-lnxa.o	# a.out, FreeBSD
-#BN_MULW= asm/x86-bsdi.o	# bsdi
-#BN_MULW= asm/alpha.o		# DEC Alpha
-#BN_MULW= asm/pa-risc2.o	# HP-UX PA-RISC
-#BN_MULW= asm/r3000.o		# SGI MIPS cpu
-#BN_MULW= asm/sparc.o		# Sun solaris/SunOS
-#BN_MULW= asm/x86nt32.o		# Windows 95/NT
-#BN_MULW= asm/x86w16.o		# 16 bit code for Windows 3.1/DOS
-#BN_MULW= asm/x86w32.o		# 32 bit code for Windows 3.1
-
-# Set DES_ENC to des_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-DES_ENC= des_enc.o fcrypt_b.o
-#DES_ENC= des_enc.o fcrypt_b.o		# C
-#DES_ENC= asm/dx86-elf.o asm/cx86-elf.o # elf
-#DES_ENC= asm/dx86-sol.o asm/cx86-sol.o	# solaris
-#DES_ENC= asm/dx86-out.o asm/cx86-out.o	# a.out, FreeBSD
-#DES_ENC= asm/dx86bsdi.o asm/cx86bsdi.o	# bsdi
-
-# Set BF_ENC to bf_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-BF_ENC= bf_enc.o
-#BF_ENC= bf_enc.o	# C
-#BF_ENC= asm/bx86-elf.o # elf
-#BF_ENC= asm/bx86-sol.o	# solaris
-#BF_ENC= asm/bx86-out.o	# a.out, FreeBSD
-#BF_ENC= asm/bx86bsdi.o	# bsdi
-
-DIRS=	crypto ssl rsaref apps test tools
-# dirs in crypto to build
-SDIRS=  \
-	md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh \
-	buffer bio stack lhash rand err objects \
-	evp pem asn1 x509 conf txt_db pkcs7
-
-# If you change the INSTALLTOP, make sure to also change the values
-# in crypto/location.h
-INSTALLTOP=/usr/local/ssl
-
-MAKEFILE= Makefile.ssl
-MAKE=	  make -f Makefile.ssl
-
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-
-TOP=	.
-ONEDIRS=out tmp
-EDIRS=	times doc bugs util include certs ms shlib mt demos
-MISC=	COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile \
-	README TODO HISTORY README.066 README.080 \
-	VERSION PROBLEMS MINFO makefile.one e_os.h \
-	MICROSOFT makevms.com
-WDIRS=	windows
-LIBS=	libcrypto.a libssl.a 
-
-GENERAL=	Makefile
-BASENAME=	SSLeay
-NAME=		$(BASENAME)-$(VERSION)
-TARFILE=	$(NAME).tar
-WTARFILE=	$(NAME)-win.tar
-EX_HEADER=
-HEADER=		e_os.h
-
-all:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' SDIRS='${SDIRS}' AR='${AR}' all ); \
-	done;
-
-sub_all:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' AR='${AR}' all ); \
-	done;
-
-clean:
-	/bin/rm -f *.o core a.out fluff *.map
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "cleaning $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' clean ); \
-	/bin/rm -f $(LIBS); \
-	done;
-	/bin/rm -f *.a *.o speed.* *.map *.so .pure core
-	/bin/rm -f $(TARFILE)
-	@for i in $(ONEDIRS) ;\
-	do \
-	/bin/rm -f $$i/*; \
-	done
-
-makefile.one: files
-	perl util/mk1mf.pl >makefile.one; \
-	sh util/do_ms.sh
-
-files:	MINFO
-	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making 'files' in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' files ); \
-	done;
-
-links:
-	/bin/rm -f Makefile;
-	./util/point.sh Makefile.ssl Makefile;
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making links in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' links ); \
-	done;
-	# @(cd apps; sh ./mklinks)
-	sh tools/c_rehash certs
-
-dclean:
-	/bin/rm -f *.bak
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "undoing makedepend in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' dclean ); \
-	done;
-
-rehash:
-	@(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
-
-test:	tests
-
-tests:
-	(cd test; echo "testing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' SDIRS='${SDIRS}' AR='${AR}' tests );
-	@apps/ssleay version -a
-
-depend:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making dependancies $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' depend ); \
-	done;
-
-lint:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making lint $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' lint ); \
-	done;
-
-tags:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making tags $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' tags ); \
-	done;
-
-errors:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making errors in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' errors ); \
-	done;
-
-tar:
-	@(cd ..;\
-	mv $(BASENAME) $(NAME); \
-	export STUFF; \
-	for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
-	do \
-		STUFF="$$STUFF $(NAME)/$$i"; \
-	done; \
-	tar cf $(NAME)/$(TARFILE) $$STUFF; \
-	mv $(NAME) $(BASENAME) ) 
-	gzip -f $(TARFILE)
-
-dist:	
-	perl Configure dist
-	@$(MAKE) dist_pem_h
-	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) SDIRS='${SDIRS}' dclean
-	@(cd apps; sh ./rmlinks)
-	@$(MAKE) makefile.one
-	@$(MAKE) tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-
-install: all
-	@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "installing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
-	done
-	@for i in $(LIBS) ;\
-	do \
-	(	echo installing $$i; \
-		cp $$i $(INSTALLTOP)/lib; \
-		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
-		chmod 644 $(INSTALLTOP)/lib/$$i ); \
-	done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.

NEWS

@@ -0,0 +1,54 @@
+
+  NEWS
+  ====
+
+  This file gives a brief overview of the major changes between each OpenSSL
+  release. For more details please read the CHANGES file.
+
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
+      o Lots of enhancements and cleanups to the Configuration mechanism
+      o RSA OEAP related fixes
+      o Added `openssl ca -revoke' option for revoking a certificate
+      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+      o Source tree cleanups: removed lots of obsolete files
+      o Thawte SXNet, certificate policies and CRL distribution points
+        extension support
+      o Preliminary (experimental) S/MIME support
+      o Support for ASN.1 UTF8String and VisibleString
+      o Full integration of PKCS#12 code
+      o Sparc assembler bignum implementation, optimized hash functions
+      o Option to disable selected ciphers
+
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
+      o Fixed a security hole related to session resumption
+      o Fixed RSA encryption routines for the p < q case
+      o "ALL" in cipher lists now means "everything except NULL ciphers"
+      o Support for Triple-DES CBCM cipher
+      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+      o First support for new TLSv1 ciphers
+      o Added a few new BIOs (syslog BIO, reliable BIO)
+      o Extended support for DSA certificate/keys.
+      o Extended support for Certificate Signing Requests (CSR)
+      o Initial support for X.509v3 extensions
+      o Extended support for compression inside the SSL record layer
+      o Overhauled Win32 builds
+      o Cleanups and fixes to the Big Number (BN) library
+      o Support for ASN.1 GeneralizedTime
+      o Splitted ASN.1 SETs from SEQUENCEs
+      o ASN1 and PEM support for Netscape Certificate Sequences
+      o Overhauled Perl interface
+      o Lots of source tree cleanups.
+      o Lots of memory leak fixes.
+      o Lots of bug fixes.
+
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
+      o Integration of the popular NO_RSA/NO_DSA patches
+      o Initial support for compression inside the SSL record layer
+      o Added BIO proxy and filtering functionality
+      o Extended Big Number (BN) library
+      o Added RIPE MD160 message digest
+      o Addeed support for RC2/64bit cipher
+      o Extended ASN.1 parser routines
+      o Adjustations of the source tree for CVS
+      o Support for various new platforms
+

PROBLEMS

@@ -1,50 +0,0 @@
-If you have any problems with SSLeay then please take the following 
-steps:
-
-    Remove the ASM version of the BN routines (edit Configure)
-    Remove the compiler optimisation flags
-    Add in the compiler debug flags (-g)
-
-Note: if using gcc then remove -fomit-frame-pointer before you try
-      to debug things.
-
-If you wish to report a bug then please include the following information
-in any bug report:
-
-    SSLeay Details
-	- Version, most of these details can be got from the
-	  'ssleay version -a' command.
-    Operating System Details
-	- OS Name
-	- OS Version
-	- Hardware platform
-    Compiler Details
-	- Name
-	- Version
-    Application Details 
-	- Name 
-	- Version 
-    Problem Description
-	- include steps that will reproduce the problem (if known)
-    Stack Traceback (if the application dumps core)
-
-For example:
-
-    SSLeay-0.5.1a
-    SunOS 5.3, SPARC, SunC 3.0
-    SSLtelnet-0.7
-
-    Core dumps when using telnet with SSL support in bn_mul() with 
-    the following stack trackback 
-	...
-
-
-Report the bug to either
-    ssleay@mincom.oz.au (Eric and Tim)
-or
-    ssl-bugs@mincom.oz.au (mailing list of active developers)
-
-
-Tim Hudson
-tjh@mincom.oz.au
-

README

@@ -1,173 +1,205 @@
-		SSLeay 0.8.1b 29-Jun-1998
-		Copyright (c) 1997, Eric Young
-		All rights reserved.
 
-This directory contains Eric Young's (eay@cryptsoft.com) implementation
-of SSL and supporting libraries.
+ OpenSSL 0.9.3 24 May 1999
 
-The current version of this library is available from
-    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+ Copyright (c) 1998-1999 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
 
-There are patches to a number of internet applications which can be found in
-    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
+ DESCRIPTION
+ -----------
 
-A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com> 
-can be found at 
-    http://www.psy.uq.oz.au/~ftp/Crypto
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols with full-strength cryptography world-wide. The project is managed
+ by a worldwide community of volunteers that use the Internet to communicate,
+ plan, and develop the OpenSSL toolkit and its related documentation. 
 
-Additional documentation is being slowly written by Eric Young, and is being
-added to http://www.cryptsoft.com/ssleay/doc.  It will normally also be
-available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses. 
 
-This Library and programs are FREE for commercial and non-commercial
-usage.  The only restriction is that I must be attributed with the
-development of this code.  See the COPYRIGHT file for more details.
-Donations would still be accepted :-).
+ OVERVIEW
+ --------
 
-THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
+ The OpenSSL toolkit includes:
 
-The package includes
+ libssl.a:
+     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+     both SSLv2, SSLv3 and TLSv1 in the one server and client.
 
-libssl.a:
-	My implementation of SSLv2, SSLv3 and the required code to support
-	both SSLv2 and SSLv3 in the one server.
+ libcrypto.a:
+     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+     actually logically part of it. It includes routines for the following:
 
-libcrypto.a:
-	General encryption and X509 stuff needed by SSL but not
-	actually logically part of it.  It includes routines for the following:
+     Ciphers
+        libdes - EAY's libdes DES encryption package which has been floating
+                 around the net for a few years.  It includes 15
+                 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
+                 cbc, cfb and ofb; pcbc and a more general form of cfb and
+                 ofb) including desx in cbc mode, a fast crypt(3), and
+                 routines to read passwords from the keyboard.
+        RC4 encryption,
+        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
+        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
+        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.
 
-  Ciphers
-	libdes - My libdes DES encryption package which has been floating
-		around the net for a few years.  It includes 15
-		'modes/variations' of DES (1, 2 and 3 key versions of ecb,
-		cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
-		including desx in cbc mode,
-		a fast crypt(3), and routines to read passwords from the
-		keyboard.
-	RC4 encryption,
-	RC2 encryption 		- 4 different modes, ecb, cbc, cfb and ofb.
-	Blowfish encryption	- 4 different modes, ecb, cbc, cfb and ofb.
-	IDEA encryption		- 4 different modes, ecb, cbc, cfb and ofb.
+     Digests
+        MD5 and MD2 message digest algorithms, fast implementations,
+        SHA (SHA-0) and SHA-1 message digest algorithms,
+        MDC2 message digest. A DES based hash that is popular on smart cards.
 
-  Digests
-	MD5 and MD2 message digest algorithms, fast implementations,
-	SHA (SHA-0) and SHA-1 message digest algorithms,
-	MDC2 message digest.  A DES based hash that is polular on smart cards.
+     Public Key
+        RSA encryption/decryption/generation.  
+            There is no limit on the number of bits.
+        DSA encryption/decryption/generation.   
+            There is no limit on the number of bits.
+        Diffie-Hellman key-exchange/key generation.  
+            There is no limit on the number of bits.
 
-  Public Key
-	RSA encryption/decryption/generation.  There is no limit
-		on the number of bits.
-	DSA encryption/decryption/generation.   There is no limit on the
-		number of bits.
-	Diffie-Hellman key-exchange/key generation.  There is no limit
-		on the number of bits.
+     X.509v3 certificates
+        X509 encoding/decoding into/from binary ASN1 and a PEM
+             based ascii-binary encoding which supports encryption with a
+             private key.  Program to generate RSA and DSA certificate
+             requests and to generate RSA and DSA certificates.
 
-  X509v3 certificates
-	X509 encoding/decoding into/from binary ASN1 and a PEM
-		based ascii-binary encoding which supports encryption with
-		a private key.
-	Program to generate RSA and DSA certificate requests and to
-		generate RSA and DSA certificates.
+     Systems
+        The normal digital envelope routines and base64 encoding.  Higher
+        level access to ciphers and digests by name.  New ciphers can be
+        loaded at run time.  The BIO io system which is a simple non-blocking
+        IO abstraction.  Current methods supported are file descriptors,
+        sockets, socket accept, socket connect, memory buffer, buffering, SSL
+        client/server, file pointer, encryption, digest, non-blocking testing
+        and null.
 
-  Systems
-  	The normal digital envelope routines and base64 encoding.
-	Higher level access to ciphers and digests by name.  New ciphers can be
-		loaded at run time.
-	The BIO io system which is a simple non-blocking IO abstraction.
-		Current methods supported are file descriptors, sockets,
-		socket accept, socket connect, memory buffer, buffering,
-		SSL client/server, file pointer, encryption, digest,
-		non-blocking testing and null.
-  Data structures
-  	A dynamically growing hashing system
-	A simple stack.
-	A Configuration loader that uses a format similar to MS .ini files.
+     Data structures
+        A dynamically growing hashing system
+        A simple stack.
+        A Configuration loader that uses a format similar to MS .ini files.
 
-Programs in this package include
-	enc	- a general encryption program that can encrypt/decrypt using
-		one of 17 different cipher/mode combinations.  The
-		input/output can also be converted to/from base64
-		ascii encoding.
-	dgst	- a generate message digesting program that will generate
-		message digests for any of md2, md5, sha (sha-0 or sha-1)
-		or mdc2.
-	asn1parse - parse and display the structure of an asn1 encoded
-		binary file.
-	rsa	- Manipulate RSA private keys.
-	dsa	- Manipulate DSA private keys.
-	dh	- Manipulate Diffie-Hellman parameter files.
-	dsaparam- Manipulate and generate DSA parameter files.
-	crl	- Manipulate certificate revocation lists.
-	crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
-	x509	- Manipulate x509 certificates, self-sign certificates.
-	req	- Manipulate PKCS#10 certificate requests and also
-		  generate certificate requests.
-	genrsa  - Generates an arbitrary sized RSA private key.
-	gendh	- Generates a set of Diffie-Hellman parameters, the prime
-		  will be a strong prime.
-	ca	- Create certificates from PKCS#10 certificate requests.
-		  This program also maintains a database of certificates
-		  issued.
-	verify	- Check x509 certificate signatures.
-	speed	- Benchmark SSLeay's ciphers.
-	s_server- A test SSL server.
-	s_client- A test SSL client.
-	s_time	- Benchmark SSL performance of SSL server programs.
-	errstr	- Convert from SSLeay hex error codes to a readable form.
-	
-Documents avaliable are
-	A Postscript and html reference manual
-	(written by Tim Hudson tjh@cryptsoft.com).
+ openssl: 
+     A command line tool which provides the following functions:
 
-	A list of text protocol references I used.
-	An initial version of the library manual.
+     enc     - a general encryption program that can encrypt/decrypt using
+               one of 17 different cipher/mode combinations.  The
+               input/output can also be converted to/from base64
+               ascii encoding.
+     dgst    - a generate message digesting program that will generate
+               message digests for any of md2, md5, sha (sha-0 or sha-1)
+               or mdc2.
+     asn1parse - parse and display the structure of an asn1 encoded
+               binary file.
+     rsa     - Manipulate RSA private keys.
+     dsa     - Manipulate DSA private keys.
+     dh      - Manipulate Diffie-Hellman parameter files.
+     dsaparam- Manipulate and generate DSA parameter files.
+     crl     - Manipulate certificate revocation lists.
+     crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
+     x509    - Manipulate x509 certificates, self-sign certificates.
+     req     - Manipulate PKCS#10 certificate requests and also
+               generate certificate requests.
+     genrsa  - Generates an arbitrary sized RSA private key.
+     gendsa  - Generates DSA parameters.
+     gendh   - Generates a set of Diffie-Hellman parameters, the prime
+               will be a strong prime.
+     ca      - Create certificates from PKCS#10 certificate requests.
+               This program also maintains a database of certificates
+               issued.
+     verify  - Check x509 certificate signatures.
+     speed   - Benchmark OpenSSL's ciphers.
+     s_server- A test SSL server.
+     s_client- A test SSL client.
+     s_time  - Benchmark SSL performance of SSL server programs.
+     errstr  - Convert from OpenSSL hex error codes to a readable form.
+     nseq    - Netscape certificate sequence utility
+        
+ PATENTS
+ -------
 
-To install this package, read the INSTALL file.
-For the Microsoft word, read MICROSOFT
-This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
-SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
-LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country.  The file contains some of the patents that we know about or are
+ rumoured to exist. This is not a definitive list.
 
-Multithreading has been tested under Windows NT and Solaris 2.5.1
+ RSA Data Security holds software patents on the RSA and RC5 algorithms.  If
+ their ciphers are used used inside the USA (and Japan?), you must contact RSA
+ Data Security for licensing conditions. Their web page is
+ http://www.rsa.com/.
 
-Due to time constraints, the current release has only be rigorously tested
-on Solaris 2.[45], Linux and Windows NT.
+ RC4 is a trademark of RSA Data Security, so use of this label should perhaps
+ only be used with RSA Data Security's permission. 
 
-For people in the USA, it is possible to compile SSLeay to use RSA
-Inc.'s public key library, RSAref.  From my understanding, it is
-claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
-Read doc/rsaref.doc on how to build with RSAref.
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
+ be contacted if that algorithm is to be used, their web page is
+ http://www.ascom.ch/.
 
-Read the documentation in the doc directory.  It is quite rough,
-but it lists the functions, you will probably have to look at
-the code to work out how to used them.  I will be working on
-documentation.  Look at the example programs.
+ INSTALLATION
+ ------------
 
-There should be a SSL reference manual which is being put together by
-Tim Hudson (tjh@cryptsoft.com) in the same location as this
-distribution.  This contains a lot more information that is very
-useful.  For a description of X509 Certificates, their use, and
-certification, read rfc1421, rfc1422, rfc1423 and rfc1424.  ssl/README
-also goes over the mechanism.
+ To install this package under a Unix derivative, read the INSTALL file.  For
+ a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
+ INSTALL.VMS.
 
-We have setup some mailing lists for use by people that are interested
-in helping develop this code and/or ask questions.
-    ssl-bugs@mincom.oz.au
-    ssl-users@mincom.oz.au
-    ssl-bugs-request@mincom.oz.au
-    ssl-users-request@mincom.oz.au
+ For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
+ public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
 
-I have recently read about a new form of software, that which is in
-a permanent state of beta release.  Linux and Netscape are 2 good 
-examples of this, and I would also add SSLeay to this category.
-The Current stable release is 0.6.6.  It has a few minor problems.
-0.8.0 is not call compatable so make sure you have the correct version
-of SSLeay to link with.  
+ Read the documentation in the doc/ directory.  It is quite rough, but it
+ lists the functions, you will probably have to look at the code to work out
+ how to used them. Look at the example programs.
 
-eric (Jun 1997)
+ SUPPORT 
+ -------
 
-Eric Young (eay@cryptsoft.com)
-86 Taunton St.
-Annerley 4103.
-Australia.
+ If you have any problems with OpenSSL then please take the following steps
+ first:
 
+    - Remove ASM versions of libraries
+    - Remove compiler optimisation flags 
+    - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer
+      before you try to debug things)
+
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+    OpenSSL Details
+    - Version, most of these details can be got from the
+      'openssl version -a' command.
+    Operating System Details
+    - On Unix systems: Output of './config -t'
+    - OS Name, Version
+    - Hardware platform
+    Compiler Details
+    - Name
+    - Version
+    Application Details 
+    - Name 
+    - Version 
+    Problem Description
+    - include steps that will reproduce the problem (if known)
+    Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project at:
+
+    openssl-bugs@openssl.org
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-dev@openssl.org.
+ Please be sure to include a textual explanation of what your patch
+ does.
+
+ The preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -urN openssl-orig openssl-work > mydiffs.patch

README.066

@@ -1,27 +0,0 @@
-
-SSLeay 0.6.6 13-Jan-1997
-
-The main additions are
-
-- assember for x86 DES improvments.
-  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
-  loop and the IP/FP modifications are from
-  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
-  contribution.
-- The 'DES macros' introduced in 0.6.5 now have 3 types.
-  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
-  is best and there is a summery of mine in crypto/des/options.txt
-- A few bug fixes.
-- Added blowfish.  It is not used by SSL but all the other stuff that
-  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
-  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
-  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
-  the 'Configure' script.
-- There is now a 'get client certificate' callback which can be
-  'non-blocking'.  If more details are required, let me know.  It will
-  documented more in SSLv3 when I finish it.
-- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
-  now tests the ca program.
-- Lots of little things modified and tweaked.
-
-eric

README.080

@@ -1,147 +0,0 @@
-This version of SSLeay has quite a lot of things different from the
-previous version.
-
-Basically check all callback parameters, I will be producing documentation
-about how to use things in th future.  Currently I'm just getting 080 out
-the door.  Please not that there are several ways to do everything, and
-most of the applications in the apps directory are hybrids, some using old
-methods and some using new methods.
-
-Have a look in demos/bio for some very simple programs and
-apps/s_client.c and apps/s_server.c for some more advanced versions.
-Notes are definitly needed but they are a week or so away.
-
-Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
----
-Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
-get those people that want to move to using the new code base off to
-a quick start.
-
-Note that Eric has tidied up a lot of the areas of the API that were
-less than desirable and renamed quite a few things (as he had to break
-the API in lots of places anyrate). There are a whole pile of additional
-functions for making dealing with (and creating) certificates a lot
-cleaner.
-
-01-Jul-97
-Tim Hudson
-tjh@cryptsoft.com
-
----8<---
-
-To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
-use something like the following (assuming you #include "crypto.h" which
-is something that you really should be doing).
-
-#if SSLEAY_VERSION_NUMBER >= 0x0800
-#define SSLEAY8
-#endif
-
-buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
-            too if you are working with BIO internal stuff (as distinct
-	    from simply using the interface in an opaque manner)
-
-#include "bio.h"	- required along with "buffer.h" if you write
-			  your own BIO routines as the buffer and bio
-			  stuff that was intermixed has been separated
-			  out 
-			
-envelope.h -> evp.h  (which should have been done ages ago)
-
-Initialisation ... don't forget these or you end up with code that
-is missing the bits required to do useful things (like ciphers):
-
-SSLeay_add_ssl_algorithms()
-(probably also want SSL_load_error_strings() too but you should have
- already had that call in place)
-
-SSL_CTX_new()	- requires an extra method parameter
-		      SSL_CTX_new(SSLv23_method()) 
-		      SSL_CTX_new(SSLv2_method()) 
-		      SSL_CTX_new(SSLv3_method()) 
-
-		  OR to only have the server or the client code
-		      SSL_CTX_new(SSLv23_server_method()) 
-		      SSL_CTX_new(SSLv2_server_method()) 
-		      SSL_CTX_new(SSLv3_server_method()) 
-		  or  
-		      SSL_CTX_new(SSLv23_client_method()) 
-		      SSL_CTX_new(SSLv2_client_method()) 
-		      SSL_CTX_new(SSLv3_client_method()) 
-
-SSL_set_default_verify_paths() ... renamed to the more appropriate
-SSL_CTX_set_default_verify_paths()
-
-If you want to use client certificates then you have to add in a bit
-of extra stuff in that a SSLv3 server sends a list of those CAs that
-it will accept certificates from ... so you have to provide a list to
-SSLeay otherwise certain browsers will not send client certs.
-
-SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
-
-
-X509_NAME_oneline(X)	-> X509_NAME_oneline(X,NULL,0)	
-			   or provide a buffer and size to copy the
-			   result into
-
-X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
-		  notes on X509_NAME structure changes too)
-
-
-VERIFICATION CODE
-=================
-
-The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
-more accurately reflect things.
-
-The verification callback args are now packaged differently so that
-extra fields for verification can be added easily in future without
-having to break things by adding extra parameters each release :-)
-
-X509_cert_verify_error_string -> X509_verify_cert_error_string
-
-
-BIO INTERNALS
-=============
-
-Eric has fixed things so that extra flags can be introduced in
-the BIO layer in future without having to play with all the BIO
-modules by adding in some macros.
-
-The ugly stuff using 
-	b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
-becomes
-	BIO_clear_retry_flags(b)
-
-	b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
-becomes
-	BIO_set_retry_read(b)
-
-Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
-
-
-
-OTHER THINGS
-============
-
-X509_NAME has been altered so that it isn't just a STACK ... the STACK
-is now in the "entries" field ... and there are a pile of nice functions
-for getting at the details in a much cleaner manner.
-
-SSL_CTX has been altered ... "cert" is no longer a direct member of this
-structure ... things are now down under "cert_store" (see x509_vfy.h) and
-things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
-If your code "knows" about this level of detail then it will need some 
-surgery.
-
-If you depending on the incorrect spelling of a number of the error codes
-then you will have to change your code as these have been fixed.
-
-ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
-has been all along so this makes things clearer.
-ify_cert_error_string(ctx->error));
-
-SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
-			and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
-
-

STATUS

@@ -0,0 +1,137 @@
+
+  OpenSSL STATUS                           Last modified at
+  ______________                           $Date: 1999/05/20 01:42:57 $
+
+  DEVELOPMENT STATE
+
+    o  OpenSSL 0.9.3:  Freezed... only bugfixes and cleanups allowed!
+                       Proposed release date: Mon May 24th, 1999
+                       Release manager: Ben Laurie <ben@openssl.org>
+                       !! Important: Any non-bugfix, non-cleanup
+                       !! and non-documentation commits should
+                       !! be approved by Ben, first.
+
+    o  OpenSSL 0.9.2b: Released on March    22th, 1999
+    o  OpenSSL 0.9.1c: Released on December 23th, 1998
+
+  RELEASE SHOWSTOPPERS
+
+    o BSD/OS: assembler functions must not have leading underscores
+
+  AVAILABLE PATCHES
+
+    o OCSP (titchenert@certco.com) 
+    o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)
+
+  IN PROGRESS
+
+    o Steve is currently working on (in no particular order):
+        Proper (or at least usable) certificate chain verification.
+        Documentation on X509 V3 extension code.
+	PKCS #8 and PKCS#5 v2.0 support.
+	Private key, certificate and CRL API and implementation.
+	Checking and bugfixing PKCS#7 (S/MIME code).
+
+    o Mark is currently working on:
+        Folding in any changes that are in the C2Net code base that were
+        not in the original SSLeay-0.9.1.b release.  Plus other minor
+        tidying.
+
+    o Ralf is currently working on:
+        1. Support for SSL_set_default_verify_paths(),
+           SSL_load_verify_locations(), SSL_get_cert_store() and
+           SSL_set_cert_store() functions which work like their existing
+           SSL_CTX_xxx() variants but on a per connection basis. That's needed
+           to let us provide full-featured per-URL client verification in
+           mod_ssl or Apache-SSL.
+           => It still dumps core, so I suspend this and investigate
+              again for OpenSSL 0.9.3.
+        2. The perl/ stuff to make it really work the first time ;-)
+           => I'll investigate a few more hours for OpenSSL 0.9.2
+        3. The new documentation set in POD format under doc/
+           => I'll investigate a few more hours for OpenSSL 0.9.2
+        4. More cleanups to get rid of obsolete/old/ugly files in the
+           source tree which are not really needed.
+           => Done all which were possible with my personal knowledge
+
+    o Ben is currently working on:
+	1. Function Prototype Thought Police issues.
+	2. Integrated documentation.
+	3. New TLS Ciphersuites.
+	4. Anything else that takes his fancy.
+
+  NEEDS PATCH
+
+    o  broken demos
+    o  salzr@certco.com (Rich Salz): Bug in X509_name_print
+       <29E0A6D39ABED111A36000A0C99609CA2C2BA4@macertco-srv1.ma.certco.com>
+    o  [ Compilation warnings: ctype-related int vs. char ]
+       => now casts (unsigned char), maybe those arrays should have
+          members of that type rather than plain char (i.e.
+          unsigned char *p; ....; if (isspace(*p)) ...; where it's now
+          char *p; ....; if (isspace((unsigned char)*p)) ...;)
+    o  $(PERL) in */Makefile.ssl
+    o  "Sign the certificate?" - "n" creates empty certificate file
+    o  dubious declaration of crypt() in des.h
+
+  OPEN ISSUES
+
+    o  The Makefile hierarchy and build mechanism is still not a round thing:
+
+       1. The config vs. Configure scripts
+          It's the same nasty situation as for Apache with APACI vs.
+          src/Configure. It confuses.
+          Suggestion: Merge Configure and config into a single configure
+                      script with a Autoconf style interface ;-) and remove
+                      Configure and config. Or even let us use GNU Autoconf
+                      itself. Then we can avoid a lot of those platform checks
+                      which are currently in Configure.
+
+    o  Support for Shared Libraries has to be added at least
+       for the major Unix platforms. The details we can rip from the stuff
+       Ralf has done for the Apache src/Configure script. Ben wants the
+       solution to be really simple.
+
+       Status: Ralf will look how we can easily incorporate the
+               compiler PIC and linker DSO flags from Apache
+               into the OpenSSL Configure script.
+
+    o  The perl/ stuff needs a major overhaul. Currently it's
+       totally obsolete. Either we clean it up and enhance it to be up-to-date
+       with the C code or we also could replace it with the really nice
+       Net::SSLeay package we can find under
+       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
+       longer time and it works fine and is a nice Perl module. Best would be
+       to convince the author to work for the OpenSSL project and create a
+       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
+       us.
+
+       Status: Ralf thinks we should both contact the author of Net::SSLeay
+               and look how much effort it is to bring Eric's perl/ stuff up
+               to date.
+               Paul +1
+
+    o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER
+      structure for each cipher. This may make sense for things like DES but
+      for variable length ciphers like RC2 and RC4 it is NBG. Need a way to
+      use the EVP interface and set up the cipher parameters. The ASN1 stuff
+      is also foo wrt ciphers whose AlgorithmIdentifier has more than just
+      an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open
+      don't work unless the key length matches the fixed value (some vendors
+      use a key length decided by the size of the RSA encrypted key and expect
+      RC2 to adapt).
+
+    o Properly initialize the PRNG in the absence of /dev/random.
+
+    o ERR_error_string(..., buf) does not know how large buf is,
+      there should be ERR_error_string_n(..., buf, bufsize)
+      or similar.
+
+  WISHES
+
+    o  Mats Nilsson <mats.nilsson@xware.se>:
+       "Add reference counting to all substructures of X509 etc. For instance,
+       X509_NAME lacks a reference counter, while EVP_PKEY has one.  I'm
+       making COM-wrappers for selected parts of SSLeay for a project of ours,
+       and has found this inconsistency in copy semantics annoying."
+

TODO

@@ -1,28 +0,0 @@
-- The loading of the netscape RC4 encrypted key is a crock of pig pellets.
-  It will be reworked along with a nice general mechanism for encrypting
-  ASN.1 stuff. [ Jun 96 ] I've cleaned up private keys internally but
-  still have not done PKCS#8 support.
-
-- Winsock support in s_client/s_server for windows nt/3.1 is a crock.
-  I will probably not get this fixed for a while, it is just there so
-  I could test things.
-
-- Be able to generate DSS certificates.
-
-- Add CRL to the X509 verification stuff, this will probably be added with
-  SSLv3.
-
-+ X509 callback.  I need to callback the application to retrieve certificates
-  and CRL.
-
-*<- designates the things I'm activly working on.
-+<- designates that which I have next in the queue.
-
-====
-
-X509v3 extensions
-verify certificate chains
-X509 cert lookup methods
-RSA/DSA/DH methods mostly for smart cards
-dsa cert generation
-

VERSION

@@ -1,24 +0,0 @@
-SSLeay 0.8.1
-	- Mostly bug fixes.  There is an Ephemeral DH cipher problem which
-	  is fixed.
-
-SSLeay 0.8.0
-	- New release, for those that are wondering what happend to
-	  0.7.x, call it our internal development version :-)
-	- There have been lots of changes, mostly the addition of SSLv3.
-	- There have been many additions from people and amongst
-	  others, C2Net has assisted greatly.
-
-SSLeay 0.6.6
-	SSLeay 0.8.0 is not upward compatable with SSLeay 0.6.6, so
-	if your application requires 0.6.6, use it.  There have been
-	lots of bug fixes to 0.8.x that have not been applied to 0.6.6
-	so use 0.8.0+ in preference.
-
-PORTING 0.6.6 to 0.8.0
-	I'll be documenting this over the next few weeks but as
-	pressures have been increasing for making SSLv3 support
-	available I'm shipping it without this documentation as I
-	basically have not had time to write it (too busy earning a
-	living :-)
-

VMS/WISHLIST.TXT

@@ -0,0 +1,4 @@
+* Have the building procedure contain a LINK-only possibility.
+  Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
+
+  One way to enable that is also to go over to DESCRIP.MMS files.

VMS/install.com

@@ -0,0 +1,65 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 23-MAY-1998 19:22
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
+$	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
+$
+$	OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
+$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
+$	WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999"
+$	WRITE SF "$!"
+$	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
+$	WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
+$	WRITE SF "$!"
+$	WRITE SF "$! P1	a qualifier to DEFINE.  For example ""/SYSTEM"" to get the logical names"
+$	WRITE SF "$!	defined in the system logical name table."
+$	WRITE SF "$!"
+$	WRITE SF "$	ARCH = ""VAX"""
+$	WRITE SF "$	IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLROOT		",ROOT,".] /TRANS=CONC"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLLIB		SSLROOT:['ARCH'_LIB]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLINCLUDE	SSLROOT:[INCLUDE]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLEXE		SSLROOT:['ARCH'_EXE]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLCERTS	SSLROOT:[CERTS]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLPRIVATE	SSLROOT:[PRIVATE]"
+$	WRITE SF "$"
+$	WRITE SF "$!	This is program can include <openssl/{foo}.h>"
+$	WRITE SF "$	DEFINE/NOLOG'P1	OPENSSL		SSLINCLUDE:"
+$	WRITE SF "$"
+$	WRITE SF "$	IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
+$	WRITE SF "	   @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
+$	WRITE SF "$"
+$	WRITE SF "$	EXIT"
+$	CLOSE SF
+$
+$	COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
+$
+$	EXIT

VMS/multinet_shr.opt

@@ -0,0 +1 @@
+multinet:multinet_socket_library.exe/share

VMS/openssl_utils.com

@@ -0,0 +1,38 @@
+$!
+$!  APPS.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!
+$! Slightly modified by Richard Levitte <richard@levitte.org>
+$!
+$ OPENSSL  :== $SSLEXE:OPENSSL
+$ VERIFY   :== $SSLEXE:OPENSSL VERIFY
+$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
+$ REQ      :== $SSLEXE:OPENSSL REQ
+$ DGST     :== $SSLEXE:OPENSSL DGST
+$ DH       :== $SSLEXE:OPENSSL DH
+$ ENC      :== $SSLEXE:OPENSSL ENC
+$ GENDH    :== $SSLEXE:OPENSSL GENDH
+$ ERRSTR   :== $SSLEXE:OPENSSL ERRSTR
+$ CA       :== $SSLEXE:OPENSSL CA
+$ CRL      :== $SSLEXE:OPENSSL CRL
+$ RSA      :== $SSLEXE:OPENSSL RSA
+$ DSA      :== $SSLEXE:OPENSSL DSA
+$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
+$ X509     :== $SSLEXE:OPENSSL X509
+$ GENRSA   :== $SSLEXE:OPENSSL GENRSA
+$ GENDSA   :== $SSLEXE:OPENSSL GENDSA
+$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
+$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
+$ SPEED    :== $SSLEXE:OPENSSL SPEED
+$ S_TIME   :== $SSLEXE:OPENSSL S_TIME
+$ VERSION  :== $SSLEXE:OPENSSL VERSION
+$ PKCS7    :== $SSLEXE:OPENSSL PKCS7
+$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
+$ SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
+$ CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
+$ NSEQ     :== $SSLEXE:OPENSSL NSEQ
+$ PKCS12   :== $SSLEXE:OPENSSL PKCS12

VMS/socketshr_shr.opt

@@ -0,0 +1 @@
+socketshr/share

VMS/ucx_shr_decc.opt

@@ -0,0 +1 @@
+sys$share:ucx$ipc_shr.exe/share

VMS/ucx_shr_decc_log.opt

@@ -0,0 +1 @@
+ucx$ipc_shr/share

VMS/ucx_shr_vaxc.opt

@@ -0,0 +1 @@
+sys$library:ucx$ipc.olb/library

apps/.cvsignore

@@ -0,0 +1,4 @@
+openssl
+Makefile.save
+der_chop
+der_chop.bak

apps/CA.com

@@ -0,0 +1,200 @@
+$! CA - wrapper around ca to make it easier to use ... basically ca requires
+$!      some setup stuff to be done before you can use it and this makes
+$!      things easier between now and when Eric is convinced to fix it :-)
+$!
+$! CA -newca ... will setup the right stuff
+$! CA -newreq ... will generate a certificate request 
+$! CA -sign ... will sign the generated request and output 
+$!
+$! At the end of that grab newreq.pem and newcert.pem (one has the key 
+$! and the other the certificate) and cat them together and that is what
+$! you want/need ... I'll make even this a little cleaner later.
+$!
+$!
+$! 12-Jan-96 tjh    Added more things ... including CA -signcert which
+$!                  converts a certificate to a request and then signs it.
+$! 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+$!                 environment variable so this can be driven from
+$!                 a script.
+$! 25-Jul-96 eay    Cleaned up filenames some more.
+$! 11-Jun-96 eay    Fixed a few filename missmatches.
+$! 03-May-96 eay    Modified to use 'openssl cmd' instead of 'cmd'.
+$! 18-Apr-96 tjh    Original hacking
+$!
+$! Tim Hudson
+$! tjh@cryptsoft.com
+$!
+$!
+$! default ssleay.cnf file has setup as per the following
+$! demoCA ... where everything is stored
+$
+$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
+$
+$ DAYS   = "-days 365"
+$ REQ    = openssl + " req " + SSLEAY_CONFIG
+$ CA     = openssl + " ca " + SSLEAY_CONFIG
+$ VERIFY = openssl + " verify"
+$ X509   = openssl + " x509"
+$ echo   = "write sys$Output"
+$!
+$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
+$ CATOP  := 's'.demoCA
+$ CAKEY  := ]cakey.pem
+$ CACERT := ]cacert.pem
+$
+$ __INPUT := SYS$COMMAND
+$ RET = 1
+$!
+$ i = 1
+$opt_loop:
+$ if i .gt. 8 then goto opt_loop_end
+$
+$ prog_opt = F$EDIT(P'i',"lowercase")
+$
+$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
+$ THEN
+$   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
+$   exit
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-input")
+$ THEN
+$   ! Get input from somewhere other than SYS$COMMAND
+$   i = i + 1
+$   __INPUT = P'i'
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newcert")
+$ THEN
+$   ! Create a certificate.
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
+$   RET=$STATUS
+$   echo "Certificate (and private key) is in newreq.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newreq")
+$ THEN
+$   ! Create a certificate request
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
+$   RET=$STATUS
+$   echo "Request (and private key) is in newreq.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newca")
+$ THEN
+$   ! If explicitly asked for or it doesn't exist then setup the directory
+$   ! structure that Eric likes to manage things.
+$   IF F$SEARCH(CATOP+"]serial.") .EQS. ""
+$   THEN
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
+$     OPEN   /WRITE ser_file 'CATOP']serial. 
+$     WRITE ser_file "01"
+$     CLOSE ser_file
+$     APPEND/NEW NL: 'CATOP']index.txt
+$   ENDIF
+$!
+$   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
+$   THEN
+$     READ '__INPUT' FILE -
+	   /PROMT="CA certificate filename (or enter to create)"
+$     IF F$SEARCH(FILE) .NES. ""
+$     THEN
+$       COPY 'FILE' 'CATOP'.private'CAKEY'
+$	RET=$STATUS
+$     ELSE
+$       echo "Making CA certificate ..."
+$       DEFINE/USER SYS$INPUT '__INPUT'
+$       REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
+		       -out 'CATOP''CACERT' 'DAYS'
+$	RET=$STATUS
+$     ENDIF
+$   ENDIF
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-xsign")
+$ THEN
+$!
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -infiles newreq.pem
+$   RET=$STATUS
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
+$ THEN
+$!   
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+$   RET=$STATUS
+$   type newcert.pem
+$   echo "Signed certificate is in newcert.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-signcert")
+$  THEN
+$!   
+$   echo "Cert passphrase will be requested twice - bug?"
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+y
+y
+$   type newcert.pem
+$   echo "Signed certificate is in newcert.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-verify")
+$ THEN
+$!   
+$   i = i + 1
+$   IF (p'i' .EQS. "")
+$   THEN
+$     DEFINE/USER SYS$INPUT '__INPUT'
+$     VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
+$   ELSE
+$     j = i
+$    verify_opt_loop:
+$     IF j .GT. 8 THEN GOTO verify_opt_loop_end
+$     IF p'j' .NES. ""
+$     THEN 
+$       DEFINE/USER SYS$INPUT '__INPUT'
+$       __tmp = p'j'
+$       VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
+$       tmp=$STATUS
+$       IF tmp .NE. 0 THEN RET=tmp
+$     ENDIF
+$     j = j + 1
+$     GOTO verify_opt_loop
+$    verify_opt_loop_end:
+$   ENDIF
+$   
+$   GOTO opt_loop_end
+$ ENDIF
+$!
+$ IF (prog_opt .NES. "")
+$ THEN
+$!   
+$   echo "Unknown argument ''prog_opt'"
+$   
+$   EXIT 3
+$ ENDIF
+$
+$opt_loop_continue:
+$ i = i + 1
+$ GOTO opt_loop
+$
+$opt_loop_end:
+$ EXIT 'RET'

apps/CA.pl

@@ -0,0 +1,153 @@
+#!/usr/local/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+#      some setup stuff to be done before you can use it and this makes
+#      things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request 
+# CA -sign ... will sign the generated request and output 
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh    Added more things ... including CA -signcert which
+#                  converts a certificate to a request and then signs it.
+# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+#		   environment variable so this can be driven from
+#		   a script.
+# 25-Jul-96 eay    Cleaned up filenames some more.
+# 11-Jun-96 eay    Fixed a few filename missmatches.
+# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh    Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson@bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+$DAYS="-days 365";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+	if ( /^(-\?|-h|-help)$/ ) {
+	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+	    exit 0;
+	} elsif (/^-newcert$/) {
+	    # create a certificate
+	    system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Certificate (and private key) is in newreq.pem\n"
+	} elsif (/^-newreq$/) {
+	    # create a certificate request
+	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request (and private key) is in newreq.pem\n";
+	} elsif (/^-newca$/) {
+		# if explictly asked for or it doesn't exist then setup the
+		# directory structure that Eric likes to manage things 
+	    $NEW="1";
+	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+		# create the directory hierarchy
+		mkdir $CATOP, $DIRMODE;
+		mkdir "${CATOP}/certs", $DIRMODE;
+		mkdir "${CATOP}/crl", $DIRMODE ;
+		mkdir "${CATOP}/newcerts", $DIRMODE;
+		mkdir "${CATOP}/private", $DIRMODE;
+		open OUT, ">${CATOP}/serial";
+		print OUT "01\n";
+		close OUT;
+		open OUT, ">${CATOP}/index.txt";
+		close OUT;
+	    }
+	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
+		print "CA certificate filename (or enter to create)\n";
+		$FILE = <STDIN>;
+
+		chop $FILE;
+
+		# ask user for existing CA certificate
+		if ($FILE) {
+		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+		    $RET=$?;
+		} else {
+		    print "Making CA certificate ...\n";
+		    system ("$REQ -new -x509 -keyout " .
+			"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+		    $RET=$?;
+		}
+	    }
+	} elsif (/^-xsign$/) {
+	    system ("$CA -policy policy_anything -infiles newreq.pem");
+	    $RET=$?;
+	} elsif (/^(-sign|-signreq)$/) {
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles newreq.pem");
+	    $RET=$?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^-signcert$/) {
+	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+								"-out tmp.pem");
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles tmp.pem");
+	    $RET = $?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^-verify$/) {
+	    if (shift) {
+		foreach $j (@ARGV) {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+		    $RET=$? if ($? != 0);
+		}
+		exit $RET;
+	    } else {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+		    $RET=$?;
+	    	    exit 0;
+	    }
+	} else {
+	    print STDERR "Unknown arg $_\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+	    exit 1;
+	}
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+	$flag = 1 if (/^-----BEGIN.*$bound/) ;
+	print OUT $_ if ($flag);
+	if (/^-----END.*$bound/) {
+		close IN;
+		close OUT;
+		return;
+	}
+}
+}
+

apps/CA.sh

@@ -27,14 +27,14 @@
 # tjh@cryptsoft.com
 #
 
-# default ssleay.cnf file has setup as per the following
+# default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
 DAYS="-days 365"
-REQ="ssleay req $SSLEAY_CONFIG"
-CA="ssleay ca $SSLEAY_CONFIG"
-VERIFY="ssleay verify"
-X509="ssleay x509"
+REQ="openssl req $SSLEAY_CONFIG"
+CA="openssl ca $SSLEAY_CONFIG"
+VERIFY="openssl verify"
+X509="openssl x509"
 
 CATOP=./demoCA
 CAKEY=./cakey.pem

apps/Makefile.ssl

@@ -1,5 +1,5 @@
 #
-# SSLeay/apps/Makefile.ssl
+#  apps/Makefile.ssl
 #
 
 DIR=		apps
@@ -7,36 +7,38 @@ TOP=		..
 CC=		cc
 INCLUDES=	-I../include
 CFLAG=		-g -static
+INSTALL_PREFIX=
 INSTALLTOP=	/usr/local/ssl
+OPENSSLDIR=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
-RM=		/bin/rm -f
+RM=		rm -f
 
 PEX_LIBS=
 EX_LIBS= 
 
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
 
-GENERAL=Makefile
+GENERAL=Makefile makeapps.com install.com
 
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 
-SSLEAY= ssleay
+PROGRAM= openssl
 
-SCRIPTS=CA.sh der_chop
+SCRIPTS=CA.sh CA.pl der_chop
 
-EXE= $(SSLEAY)
+EXE= $(PROGRAM)
 
-E_EXE=	verify asn1pars req dgst dh enc gendh gendsa errstr ca crl \
+E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
 	rsa dsa dsaparam \
-	x509 genrsa s_server s_client speed \
-	s_time version pkcs7 crl2pkcs7 sess_id ciphers
+	x509 genrsa gendsa s_server s_client speed \
+	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12
 
-PROGS= $(SSLEAY).c
+PROGS= $(PROGRAM).c
 
 A_OBJ=apps.o
 A_SRC=apps.c
@@ -44,20 +46,20 @@ S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
 
 E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
-	gendsa.o pkcs7.o crl2p7.o crl.o \
+	pkcs7.o crl2p7.o crl.o \
 	rsa.o dsa.o dsaparam.o \
-	x509.o genrsa.o s_server.o s_client.o speed.o \
+	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
-	ciphers.o
+	ciphers.o nseq.o pkcs12.o
 
 #	pem_mail.o
 
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
-	gendsa.c pkcs7.c crl2p7.c crl.c \
+	pkcs7.c crl2p7.c crl.c \
 	rsa.c dsa.c dsaparam.c \
-	x509.c genrsa.c s_server.c s_client.c speed.c \
+	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
-	ciphers.c
+	ciphers.c nseq.c
 
 #	pem_mail.c
 
@@ -84,20 +86,23 @@ sreq.o: req.c
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
-install: mklinks
-	@for i in $(EXE) $(SCRIPTS) mklinks; \
+install:
+	@for i in $(EXE); \
 	do  \
 	(echo installing $$i; \
-	 cp $$i $(INSTALLTOP)/bin/$$i; \
-	 chmod 755 $(INSTALLTOP)/bin/$$i ); \
-	 done; \
-	cp ssleay.cnf $(INSTALLTOP)/lib
-	chmod 644 $(INSTALLTOP)/lib/ssleay.cnf
-	cd $(INSTALLTOP)/bin; \
-	/bin/sh ./mklinks; \
-	/bin/rm -f ./mklinks
+	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	 done;
+	@for i in $(SCRIPTS); \
+	do  \
+	(echo installing $$i; \
+	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+	 done
+	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
+	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 
 tags:
 	ctags $(SRC)
@@ -105,24 +110,21 @@ tags:
 tests:
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
-errors:
-
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
-	/bin/rm -f req
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+	rm -f req
 
 $(DLIBSSL):
 	(cd ../ssl; $(MAKE))
@@ -130,15 +132,557 @@ $(DLIBSSL):
 $(DLIBCRYPTO):
 	(cd ../crypto; $(MAKE))
 
-$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL)
-	$(RM) $(SSLEAY)
-	$(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+	$(RM) $(PROGRAM)
+	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 
 progs.h:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
-	$(RM) $(SSLEAY).o
-
-mklinks:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
+	$(PERL) ./progs.pl $(E_EXE) >progs.h
+	$(RM) $(PROGRAM).o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+apps.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+apps.o: ../include/openssl/e_os2.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/stack.h apps.h progs.h
+asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h
+asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: progs.h
+ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
+ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ca.o: ../include/openssl/x509v3.h apps.h progs.h
+ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ciphers.o: progs.h
+crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+crl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl.o: ../include/openssl/idea.h ../include/openssl/md2.h
+crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h progs.h
+crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: progs.h
+dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/x509_vfy.h apps.h progs.h
+enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/idea.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+errstr.o: progs.h
+gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h progs.h
+gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
+gendsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
+genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
+nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h
+nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/dh.h
+openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+req.o: ../include/openssl/des.h ../include/openssl/dh.h
+req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
+rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+s_cb.o: s_apps.h
+s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_client.o: progs.h s_apps.h
+s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_server.o: progs.h s_apps.h
+s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_time.o: progs.h s_apps.h
+sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+sess_id.o: progs.h
+speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/md2.h ../include/openssl/md5.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
+speed.o: ./testrsa.h apps.h progs.h
+verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
+verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/err.h ../include/openssl/evp.h
+verify.o: ../include/openssl/idea.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+verify.o: progs.h
+version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/md2.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h apps.h progs.h
+x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+x509.o: ../include/openssl/crypto.h ../include/openssl/des.h
+x509.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/err.h ../include/openssl/evp.h
+x509.o: ../include/openssl/idea.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h progs.h

apps/apps.c

@@ -1,5 +1,5 @@
 /* apps/apps.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -65,26 +65,13 @@
 #include "apps.h"
 #undef NON_MAIN
 
-#ifdef WIN16
-#define APPS_WIN16
-#ifdef FLAT_BUILD
-#include "bss_file.c"
-#else
-#include "../crypto/bio/bss_file.c"
-#endif
+#ifdef WINDOWS
+#  include "bss_file.c"
 #endif
 
-#ifndef NOPROTO
 int app_init(long mesgwin);
-#else
-int app_init();
-#endif
-
 #ifdef undef /* never finished - probably never will be :-) */
-int args_from_file(file,argc,argv)
-char *file;
-int *argc;
-char **argv[];
+int args_from_file(char *file, int *argc, char **argv[])
 	{
 	FILE *fp;
 	int num,i;
@@ -162,8 +149,7 @@ char **argv[];
 	}
 #endif
 
-int str2fmt(s)
-char *s;
+int str2fmt(char *s)
 	{
 	if 	((*s == 'D') || (*s == 'd'))
 		return(FORMAT_ASN1);
@@ -178,10 +164,7 @@ char *s;
 	}
 
 #if defined(MSDOS) || defined(WIN32) || defined(WIN16)
-void program_name(in,out,size)
-char *in;
-char *out;
-int size;
+void program_name(char *in, char *out, int size)
 	{
 	int i,n;
 	char *p=NULL;
@@ -218,10 +201,28 @@ int size;
 	out[n]='\0';
 	}
 #else
-void program_name(in,out,size)
-char *in;
-char *out;
-int size;
+#ifdef VMS
+void program_name(char *in, char *out, int size)
+	{
+	char *p=in, *q;
+	char *chars=":]>";
+
+	while(*chars != '\0')
+		{
+		q=strrchr(p,*chars);
+		if (q > p)
+			p = q + 1;
+		chars++;
+		}
+
+	q=strrchr(p,'.');
+	if (q == NULL)
+		q = in+size;
+	strncpy(out,p,q-p);
+	out[q-p]='\0';
+	}
+#else
+void program_name(char *in, char *out, int size)
 	{
 	char *p;
 
@@ -234,24 +235,25 @@ int size;
 	out[size-1]='\0';
 	}
 #endif
+#endif
 
 #ifdef WIN32
-int WIN32_rename(from,to)
-char *from;
-char *to;
+int WIN32_rename(char *from, char *to)
 	{
+#ifdef WINNT
 	int ret;
+/* Note: MoveFileEx() doesn't work under Win95, Win98 */
 
 	ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
 	return(ret?0:-1);
+#else
+        unlink(to);
+        return MoveFile(from, to);
+#endif
 	}
 #endif
 
-int chopup_args(arg,buf,argc,argv)
-ARGS *arg;
-char *buf;
-int *argc;
-char **argv[];
+int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
 	char *p;
@@ -317,8 +319,7 @@ char **argv[];
 	}
 
 #ifndef APP_INIT
-int app_init(mesgwin)
-long mesgwin;
+int app_init(long mesgwin)
 	{
 	return(1);
 	}

apps/apps.h

@@ -1,5 +1,5 @@
 /* apps/apps.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,18 +59,14 @@
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
 
-#ifdef FLAT_INC
-#include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
+#include "openssl/e_os.h"
 
-#include "buffer.h"
-#include "bio.h"
-#include "crypto.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
 #include "progs.h"
 
-#ifdef WIN16
+#ifdef NO_STDIO
 BIO_METHOD *BIO_s_file();
 #endif
 
@@ -92,7 +88,7 @@ extern BIO *bio_err;
 #else
 
 #define MAIN(a,v)	PROG(a,v)
-#include "conf.h"
+#include <openssl/conf.h>
 extern LHASH *config;
 extern char *default_config_file;
 extern BIO *bio_err;
@@ -131,20 +127,11 @@ typedef struct args_st
 	int count;
         } ARGS;
 
-#ifndef NOPROTO
 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#else
-int should_retry();
-int args_from_file();
-int str2fmt();
-void program_name();
-int chopup_args();
-#endif
-
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2

apps/asn1pars.c

@@ -1,5 +1,5 @@
 /* apps/asn1pars.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,54 +56,59 @@
  * [including the GNU Public Licence.]
  */
 
+/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to 
+ * add the -strparse option which parses nested binary structures
+ */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "err.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
-
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 /* -inform arg	- input format - default PEM (DER or PEM)
  * -in arg	- input file - default stdin
  * -i		- indent the details by depth
  * -offset	- where in the file to start
  * -length	- how many bytes to use
+ * -oid file	- extra oid decription file
  */
 
 #undef PROG
 #define PROG	asn1parse_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
-	int i,badops=0,offset=0,ret=1;
+	int i,badops=0,offset=0,ret=1,j;
 	unsigned int length=0;
-	long num;
-	BIO *in=NULL,*out=NULL,*b64=NULL;
+	long num,tmplen;
+	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
 	int informat,indent=0;
-	char *infile,*str=NULL,*prog;
+	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
+	unsigned char *tmpbuf;
 	BUF_MEM *buf=NULL;
+	STACK *osk=NULL;
+	ASN1_TYPE *at=NULL;
 
-	infile=NULL;
 	informat=FORMAT_PEM;
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	prog=argv[0];
 	argc--;
 	argv++;
+	if ((osk=sk_new_null()) == NULL)
+		{
+		BIO_printf(bio_err,"Malloc failure\n");
+		goto end;
+		}
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
@@ -116,10 +121,20 @@ char **argv;
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			derfile= *(++argv);
+			}
 		else if (strcmp(*argv,"-i") == 0)
 			{
 			indent=1;
 			}
+		else if (strcmp(*argv,"-oid") == 0)
+			{
+			if (--argc < 1) goto bad;
+			oidfile= *(++argv);
+			}
 		else if (strcmp(*argv,"-offset") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -131,6 +146,11 @@ char **argv;
 			length= atoi(*(++argv));
 			if (length == 0) goto bad;
 			}
+		else if (strcmp(*argv,"-strparse") == 0)
+			{
+			if (--argc < 1) goto bad;
+			sk_push(osk,*(++argv));
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -147,10 +167,15 @@ bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   lenth of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
+		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
+		BIO_printf(bio_err," -strparse offset\n");
+		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
+		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}
 
@@ -163,7 +188,19 @@ bad:
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (oidfile != NULL)
+		{
+		if (BIO_read_filename(in,oidfile) <= 0)
+			{
+			BIO_printf(bio_err,"problems opening %s\n",oidfile);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		OBJ_create_objects(in);
+		}
+
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
@@ -175,6 +212,14 @@ bad:
 			}
 		}
 
+	if (derfile) {
+		if(!(derout = BIO_new_file(derfile, "wb"))) {
+			BIO_printf(bio_err,"problems opening %s\n",derfile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+
 	if ((buf=BUF_MEM_new()) == NULL) goto end;
 	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
 
@@ -200,7 +245,48 @@ bad:
 		}
 	str=buf->data;
 
+	/* If any structs to parse go through in sequence */
+
+	if (sk_num(osk))
+		{
+		tmpbuf=(unsigned char *)str;
+		tmplen=num;
+		for (i=0; i<sk_num(osk); i++)
+			{
+			ASN1_TYPE *atmp;
+			j=atoi(sk_value(osk,i));
+			if (j == 0)
+				{
+				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
+				continue;
+				}
+			tmpbuf+=j;
+			tmplen-=j;
+			atmp = at;
+			at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
+			ASN1_TYPE_free(atmp);
+			if(!at)
+				{
+				BIO_printf(bio_err,"Error parsing structure\n");
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			/* hmm... this is a little evil but it works */
+			tmpbuf=at->value.asn1_string->data;
+			tmplen=at->value.asn1_string->length;
+			}
+		str=(char *)tmpbuf;
+		num=tmplen;
+		}
+
 	if (length == 0) length=(unsigned int)num;
+	if(derout) {
+		if(BIO_write(derout, str + offset, length) != (int)length) {
+			BIO_printf(bio_err, "Error writing output\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
 	if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
 		{
 		ERR_print_errors(bio_err);
@@ -208,12 +294,16 @@ bad:
 		}
 	ret=0;
 end:
+	BIO_free(derout);
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (buf != NULL) BUF_MEM_free(buf);
+	if (at != NULL) ASN1_TYPE_free(at);
+	if (osk != NULL) sk_free(osk);
+	OBJ_cleanup();
 	EXIT(ret);
 	}
 

apps/bss_file.c

@@ -1,324 +0,0 @@
-/* crypto/bio/bss_file.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define APPS_WIN16
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "bio.h"
-#include "err.h"
-
-#ifndef NOPROTO
-static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
-static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
-static int MS_CALLBACK file_puts(BIO *h,char *str);
-static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
-static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
-static int MS_CALLBACK file_new(BIO *h);
-static int MS_CALLBACK file_free(BIO *data);
-#else
-static int MS_CALLBACK file_write();
-static int MS_CALLBACK file_read();
-static int MS_CALLBACK file_puts();
-static int MS_CALLBACK file_gets();
-static long MS_CALLBACK file_ctrl();
-static int MS_CALLBACK file_new();
-static int MS_CALLBACK file_free();
-#endif
-
-static BIO_METHOD methods_filep=
-	{
-	BIO_TYPE_FILE,"FILE pointer",
-	file_write,
-	file_read,
-	file_puts,
-	file_gets,
-	file_ctrl,
-	file_new,
-	file_free,
-	};
-
-BIO *BIO_new_file(filename,mode)
-char *filename;
-char *mode;
-	{
-	BIO *ret;
-	FILE *file;
-
-	if ((file=fopen(filename,mode)) == NULL)
-		{
-		SYSerr(SYS_F_FOPEN,errno);
-		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-		return(NULL);
-		}
-	if ((ret=BIO_new_fp(file,BIO_CLOSE)) == NULL)
-		{
-		fclose(file);
-		return(NULL);
-		}
-	return(ret);
-	}
-
-BIO *BIO_new_fp(stream,close_flag)
-FILE *stream;
-int close_flag;
-	{
-	BIO *ret;
-
-	if ((ret=BIO_new(BIO_s_file())) == NULL)
-		return(NULL);
-	BIO_set_fp(ret,stream,close_flag);
-	return(ret);
-	}
-
-#if !defined(WIN16) || defined(APPS_WIN16)
-
-BIO_METHOD *BIO_s_file()
-	{
-	return(&methods_filep);
-	}
-
-#else
-
-BIO_METHOD *BIO_s_file_internal_w16()
-	{
-	return(&methods_filep);
-	}
-
-#endif
-
-static int MS_CALLBACK file_new(bi)
-BIO *bi;
-	{
-	bi->init=0;
-	bi->num=0;
-	bi->ptr=NULL;
-	return(1);
-	}
-
-static int MS_CALLBACK file_free(a)
-BIO *a;
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if ((a->init) && (a->ptr != NULL))
-			{
-			fclose((FILE *)a->ptr);
-			a->ptr=NULL;
-			}
-		a->init=0;
-		}
-	return(1);
-	}
-	
-static int MS_CALLBACK file_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
-	{
-	int ret=0;
-
-	if (b->init && (out != NULL))
-		{
-		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
-		}
-	return(ret);
-	}
-
-static int MS_CALLBACK file_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
-	{
-	int ret=0;
-
-	if (b->init && (in != NULL))
-		{
-		if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
-			ret=inl;
-		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
-		/* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
-		 * out version above can cause 'inl' write calls under
-		 * some stupid stdio implementations (VMS) */
-		}
-	return(ret);
-	}
-
-static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
-	{
-	long ret=1;
-	FILE *fp=(FILE *)b->ptr;
-	FILE **fpp;
-	char p[4];
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ret=(long)fseek(fp,num,0);
-		break;
-	case BIO_CTRL_EOF:
-		ret=(long)feof(fp);
-		break;
-	case BIO_CTRL_INFO:
-		ret=ftell(fp);
-		break;
-	case BIO_C_SET_FILE_PTR:
-		file_free(b);
-		b->shutdown=(int)num;
-		b->ptr=(char *)ptr;
-		b->init=1;
-		break;
-	case BIO_C_SET_FILENAME:
-		file_free(b);
-		b->shutdown=(int)num&BIO_CLOSE;
-		if (num & BIO_FP_APPEND)
-			{
-			if (num & BIO_FP_READ)
-				strcpy(p,"a+");
-			else	strcpy(p,"a");
-			}
-		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-			strcpy(p,"r+");
-		else if (num & BIO_FP_WRITE)
-			strcpy(p,"w");
-		else if (num & BIO_FP_READ)
-			strcpy(p,"r");
-		else
-			{
-			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
-			ret=0;
-			break;
-			}
-#if defined(MSDOS) || defined(WINDOWS)
-		if (!(num & BIO_FP_TEXT))
-			strcat(p,"b");
-		else
-			strcat(p,"t");
-#endif
-		fp=fopen(ptr,p);
-		if (fp == NULL)
-			{
-			SYSerr(SYS_F_FOPEN,errno);
-			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
-			ret=0;
-			break;
-			}
-		b->ptr=(char *)fp;
-		b->init=1;
-		break;
-	case BIO_C_GET_FILE_PTR:
-		/* the ptr parameter is actually a FILE ** in this case. */
-		if (ptr != NULL)
-			{
-			fpp=(FILE **)ptr;
-			*fpp=(FILE *)b->ptr;
-			}
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=(long)b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_FLUSH:
-		fflush((FILE *)b->ptr);
-		break;
-	case BIO_CTRL_DUP:
-		ret=1;
-		break;
-
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_PUSH:
-	case BIO_CTRL_POP:
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int MS_CALLBACK file_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
-	{
-	int ret=0;
-
-	buf[0]='\0';
-	fgets(buf,size,(FILE *)bp->ptr);
-	if (buf[0] != '\0')
-		ret=strlen(buf);
-	return(ret);
-	}
-
-static int MS_CALLBACK file_puts(bp,str)
-BIO *bp;
-char *str;
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=file_write(bp,str,n);
-	return(ret);
-	}
-

apps/c512-key.pem

@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
-q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
-/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
-HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
-ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
-nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
-ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
------END RSA PRIVATE KEY-----

apps/c512-req.pem

@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
-MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0
-IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i
-2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs6
-2NNtXrT8odkCAwEAATANBgkqhkiG9w0BAQQFAANBAC5JBTeji7RosqMaUIDzIW13
-oO6+kPhx9fXSpMFHIsY3aH92Milkov/2A4SuZTcnv/P6+8klmS0EaiUKcRzak4E=
------END CERTIFICATE REQUEST-----

apps/ca-cert.srl

@@ -1 +1 @@
-03
+05

apps/cert.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
+Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
+DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
+tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
+sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
+19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
+-----END CERTIFICATE-----

apps/ciphers.c

@@ -1,5 +1,5 @@
 /* apps/ciphers.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,12 +59,16 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
 
 #undef PROG
 #define PROG	ciphers_main
@@ -77,19 +81,18 @@ static char *ciphers_usage[]={
 NULL
 };
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
 	int verbose=0;
-	char **pp,*p;
+	char **pp;
+	const char *p;
 	int badops=0;
 	SSL_CTX *ctx=NULL;
 	SSL *ssl=NULL;
 	char *ciphers=NULL;
 	SSL_METHOD *meth=NULL;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	char buf[512];
 	BIO *STDout=NULL;
 
@@ -167,10 +170,10 @@ char **argv;
 		{
 		sk=SSL_get_ciphers(ssl);
 
-		for (i=0; i<sk_num(sk); i++)
+		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 			{
 			BIO_puts(STDout,SSL_CIPHER_description(
-				(SSL_CIPHER *)sk_value(sk,i),
+				sk_SSL_CIPHER_value(sk,i),
 				buf,512));
 			}
 		}

apps/crl.c

@@ -1,5 +1,5 @@
 /* apps/crl.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,10 +60,11 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	crl_main
@@ -71,11 +72,6 @@
 #undef POSTFIX
 #define	POSTFIX	".rvk"
 
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
-
 static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
@@ -92,32 +88,24 @@ static char *crl_usage[]={
 NULL
 };
 
-#ifndef NOPROTO
 static X509_CRL *load_crl(char *file, int format);
-#else
-static X509_CRL *load_crl();
-#endif
-
 static BIO *bio_out=NULL;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	X509_CRL *x=NULL;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
-	char *str=NULL;
-	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 	char **pp,buf[256];
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
@@ -148,10 +136,6 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
-		else if (strcmp(*argv,"-text") == 0)
-			{
-			outformat=FORMAT_TEXT;
-			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -162,6 +146,8 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-text") == 0)
+			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
 		else if (strcmp(*argv,"-issuer") == 0)
@@ -182,14 +168,6 @@ char **argv;
 		argv++;
 		}
 
-	if (outformat == FORMAT_TEXT)
-		{
-		num=0;
-		issuer= ++num;
-		lastupdate= ++num;
-		nextupdate= ++num;
-		}
-
 	if (badops)
 		{
 bad:
@@ -199,6 +177,7 @@ bad:
 		}
 
 	ERR_load_crypto_strings();
+	X509V3_add_standard_extensions();
 	x=load_crl(infile,informat);
 	if (x == NULL) { goto end; }
 
@@ -209,31 +188,32 @@ bad:
 			if (issuer == i)
 				{
 				X509_NAME_oneline(x->crl->issuer,buf,256);
-				fprintf(stdout,"issuer= %s\n",str);
+				BIO_printf(bio_out,"issuer= %s\n",buf);
 				}
 
 			if (hash == i)
 				{
-				fprintf(stdout,"%08lx\n",
+				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(x->crl->issuer));
 				}
 			if (lastupdate == i)
 				{
-				fprintf(stdout,"lastUpdate=");
-				ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
-				fprintf(stdout,"\n");
+				BIO_printf(bio_out,"lastUpdate=");
+				ASN1_TIME_print(bio_out,x->crl->lastUpdate);
+				BIO_printf(bio_out,"\n");
 				}
 			if (nextupdate == i)
 				{
-				fprintf(stdout,"nextUpdate=");
-				ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
-				fprintf(stdout,"\n");
+				BIO_printf(bio_out,"nextUpdate=");
+				if (x->crl->nextUpdate != NULL)
+					ASN1_TIME_print(bio_out,x->crl->nextUpdate);
+				else
+					BIO_printf(bio_out,"NONE");
+				BIO_printf(bio_out,"\n");
 				}
 			}
 		}
 
-	if (noout) goto end;
-
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -252,24 +232,14 @@ bad:
 			}
 		}
 
+	if (text) X509_CRL_print(out, x);
+
+	if (noout) goto end;
+
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
-	else if (outformat == FORMAT_TEXT)
-		{
-		X509_REVOKED *r;
-
-		while ((r=(X509_REVOKED *)sk_pop(x->crl->revoked)) != NULL)
-			{
-			fprintf(stdout,"revoked: serialNumber=");
-			i2a_ASN1_INTEGER(out,r->serialNumber);
-			fprintf(stdout," revocationDate=");
-			ASN1_UTCTIME_print(bio_out,r->revocationDate);
-			fprintf(stdout,"\n");
-			}
-		i=1;
-		}
 	else	
 		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -278,15 +248,14 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	if (out != NULL) BIO_free(out);
-	if (bio_out != NULL) BIO_free(bio_out);
-	if (x != NULL) X509_CRL_free(x);
+	BIO_free(out);
+	BIO_free(bio_out);
+	X509_CRL_free(x);
+	X509V3_EXT_cleanup();
 	EXIT(ret);
 	}
 
-static X509_CRL *load_crl(infile, format)
-char *infile;
-int format;
+static X509_CRL *load_crl(char *infile, int format)
 	{
 	X509_CRL *x=NULL;
 	BIO *in=NULL;
@@ -324,7 +293,7 @@ int format;
 		}
 	
 end:
-	if (in != NULL) BIO_free(in);
+	BIO_free(in);
 	return(x);
 	}
 

apps/crl.out

@@ -1,8 +0,0 @@
------BEGIN X509 CRL-----
-MIIBDjCBuTANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD
-UUxEMRkwFwYDVQQKExBNaW5jb20gUHR5LiBMdGQuMQswCQYDVQQLEwJDUzEbMBkG
-A1UEAxMSU1NMZWF5IGRlbW8gc2VydmVyFw05NzA3MDkwMDAwMjJaFw05NzA4MDgw
-MDAwMjJaMCgwEgIBARcNOTUxMDA5MjMzMjA1WjASAgEDFw05NTEyMDEwMTAwMDBa
-MA0GCSqGSIb3DQEBBAUAA0EAcEBIWVZPXxSlLMPPLfBi4s0N3lzTgskZkgO6pjZi
-oQRwh5vi5zFqDNQteGx7RTHpUYntgyoAZ87FZE0GOJgBaQ==
------END X509 CRL-----

apps/crl2p7.c

@@ -1,5 +1,5 @@
 /* apps/crl2p7.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -65,19 +65,14 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "err.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static int add_certs_from_file(STACK *stack, char *certfile);
-#else
-static int add_certs_from_file();
-#endif
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/objects.h>
 
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 #undef PROG
 #define PROG	crl2pkcs7_main
 
@@ -87,9 +82,7 @@ static int add_certs_from_file();
  * -out arg	- output file - default stdout
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -98,21 +91,21 @@ char **argv;
 	PKCS7 *p7 = NULL;
 	PKCS7_SIGNED *p7s = NULL;
 	X509_CRL *crl=NULL;
+	STACK *certflst=NULL;
 	STACK *crl_stack=NULL;
-	STACK *cert_stack=NULL;
+	STACK_OF(X509) *cert_stack=NULL;
 	int ret=1,nocrl=0;
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
-	certfile=NULL;
 
 	prog=argv[0];
 	argc--;
@@ -146,7 +139,8 @@ char **argv;
 		else if (strcmp(*argv,"-certfile") == 0)
 			{
 			if (--argc < 1) goto bad;
-			certfile= *(++argv);
+			if(!certflst) certflst = sk_new(NULL);
+			sk_push(certflst,*(++argv));
 			}
 		else
 			{
@@ -165,9 +159,10 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg        inout file\n");
+		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+		BIO_printf(bio_err,"                (can be used more than once)\n");
 		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
 		EXIT(1);
 		}
@@ -226,18 +221,20 @@ bad:
 		crl=NULL; /* now part of p7 for Freeing */
 		}
 
-	if ((cert_stack=sk_new(NULL)) == NULL) goto end;
+	if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end;
 	p7s->cert=cert_stack;
 
-	if (certfile != NULL) 
-		{
+	if(certflst) for(i = 0; i < sk_num(certflst); i++) {
+		certfile = sk_value(certflst, i);
 		if (add_certs_from_file(cert_stack,certfile) < 0)
 			{
-			BIO_printf(bio_err,"error loading certificates\n");
+			BIO_printf(bio_err, "error loading certificates\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-		}
+	}
+
+	sk_free(certflst);
 
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -284,40 +281,42 @@ end:
  *	number of certs added if successful, -1 if not.
  *----------------------------------------------------------------------
  */
-static int add_certs_from_file(stack,certfile)
-STACK *stack;
-char *certfile;
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 	{
 	struct stat st;
 	BIO *in=NULL;
 	int count=0;
 	int ret= -1;
-	STACK *sk=NULL;
+	STACK_OF(X509_INFO) *sk=NULL;
 	X509_INFO *xi;
 
 	if ((stat(certfile,&st) != 0))
 		{
-		BIO_printf(bio_err,"unable to file the file, %s\n",certfile);
+		BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
 		goto end;
 		}
 
 	in=BIO_new(BIO_s_file());
 	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
 		{
+		BIO_printf(bio_err,"error opening the file, %s\n",certfile);
 		goto end;
 		}
 
 	/* This loads from a file, a stack of x509/crl/pkey sets */
 	sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
-	if (sk == NULL) goto end;
+	if (sk == NULL) {
+		BIO_printf(bio_err,"error reading the file, %s\n",certfile);
+		goto end;
+	}
 
 	/* scan over it and pull out the CRL's */
-	while (sk_num(sk))
+	while (sk_X509_INFO_num(sk))
 		{
-		xi=(X509_INFO *)sk_shift(sk);
+		xi=sk_X509_INFO_shift(sk);
 		if (xi->x509 != NULL)
 			{
-			sk_push(stack,(char *)xi->x509);
+			sk_X509_push(stack,xi->x509);
 			xi->x509=NULL;
 			count++;
 			}
@@ -328,7 +327,7 @@ char *certfile;
 end:
  	/* never need to Free x */
 	if (in != NULL) BIO_free(in);
-	if (sk != NULL) sk_free(sk);
+	if (sk != NULL) sk_X509_INFO_free(sk);
 	return(ret);
 	}
 

apps/der_chop.in

@@ -42,13 +42,13 @@ $md4_cmd="md4";
 $rsa_cmd="rsa -des -inform der ";
 
 # this was the 0.5.x way of doing things ...
-$cmd="ssleay asn1parse";
-$x509_cmd="ssleay x509";
-$crl_cmd="ssleay crl";
-$rc4_cmd="ssleay rc4";
-$md2_cmd="ssleay md2";
-$md4_cmd="ssleay md4";
-$rsa_cmd="ssleay rsa -des -inform der ";
+$cmd="openssl asn1parse";
+$x509_cmd="openssl x509";
+$crl_cmd="openssl crl";
+$rc4_cmd="openssl rc4";
+$md2_cmd="openssl md2";
+$md4_cmd="openssl md4";
+$rsa_cmd="openssl rsa -des -inform der ";
 
 &Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
 $depth=($opt_d =~ /^\d+$/)?$opt_d:0;

apps/dgst.c

@@ -1,5 +1,5 @@
 /* apps/dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,12 +60,12 @@
 #include <string.h>
 #include <stdlib.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -73,22 +73,15 @@
 #undef PROG
 #define PROG	dgst_main
 
-#ifndef NOPROTO
 void do_fp(unsigned char *buf,BIO *f,int sep);
-#else
-void do_fp();
-#endif
-
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	unsigned char *buf=NULL;
 	int i,err=0;
-	EVP_MD *md=NULL,*m;
+	const EVP_MD *md=NULL,*m;
 	BIO *in=NULL,*inp;
 	BIO *bmd=NULL;
-	char *name;
+	const char *name;
 #define PROG_NAME_SIZE  16
         char pname[PROG_NAME_SIZE];
 	int separator=0;
@@ -103,7 +96,7 @@ char **argv;
 		}
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	/* first check the program name */
         program_name(argv[0],pname,PROG_NAME_SIZE);
@@ -112,7 +105,7 @@ char **argv;
 
 	argc--;
 	argv++;
-	for (i=0; i<argc; i++)
+	while (argc > 0)
 		{
 		if ((*argv)[0] != '-') break;
 		if (strcmp(*argv,"-c") == 0)
@@ -135,17 +128,19 @@ char **argv;
 		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 		BIO_printf(bio_err,"options are\n");
 		BIO_printf(bio_err,"-c   to output the digest with separating colons\n");
-		BIO_printf(bio_err,"-c   to output debug info\n");
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm (default)\n",
+		BIO_printf(bio_err,"-d   to output debug info\n");
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_md2,LN_md2);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha1,LN_sha1);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha,LN_sha);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_mdc2,LN_mdc2);
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+			LN_ripemd160,LN_ripemd160);
 		err=1;
 		goto end;
 		}
@@ -201,10 +196,7 @@ end:
 	EXIT(err);
 	}
 
-void do_fp(buf,bp,sep)
-unsigned char *buf;
-BIO *bp;
-int sep;
+void do_fp(unsigned char *buf, BIO *bp, int sep)
 	{
 	int len;
 	int i;

apps/dh.c

@@ -1,5 +1,5 @@
 /* apps/dh.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "dh.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dh_main
@@ -81,9 +82,7 @@
  * -C
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	DH *dh=NULL;
 	int i,badops=0,text=0;
@@ -95,7 +94,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -152,10 +151,10 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -check        check the DH parameters\n");
-		BIO_printf(bio_err," -text         check the DH parameters\n");
+		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		goto end;
@@ -310,3 +309,4 @@ end:
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
+#endif

apps/dsa-ca.pem

@@ -1,17 +1,14 @@
 -----BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
-
-svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
-Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
-Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
-par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
-zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
-uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
-rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
-1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
-HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
-MVqOsYxGCb+kez0FoDSTgw==
+MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
+94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
+tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
+J6zsFbSEHaQGUmfSeoM=
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

apps/dsa-pca.pem

@@ -1,17 +1,14 @@
 -----BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
-
-GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
-mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
-of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
-FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
-RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
-qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
-diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
-V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
-hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
-dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
+6TicfImU7UFRn9h00j0lJQ==
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

apps/dsa.c

@@ -1,5 +1,5 @@
 /* apps/dsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "dsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dsa_main
@@ -82,14 +83,12 @@
  * -modulus	- print the DSA public key
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	char *infile,*outfile,*prog;
@@ -99,7 +98,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -154,7 +153,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
@@ -254,4 +253,4 @@ end:
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}
-
+#endif

apps/dsap.pem

@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
+GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
+t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
+ADiRffvSdhrNw5dkqdql
+-----END DSA PARAMETERS-----

apps/dsaparam.c

@@ -1,5 +1,5 @@
 /* apps/dsaparam.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,18 +56,19 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "rand.h"
-#include "dsa.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dsaparam_main
@@ -80,31 +81,25 @@
  * -text
  * -C
  * -noout
+ * -genkey
  */
 
-#ifndef NOPROTO
-static void MS_CALLBACK dsa_cb(int p, int n);
-#else
-static void MS_CALLBACK dsa_cb();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+int MAIN(int argc, char **argv)
 	{
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog,*inrand=NULL;
-	int numbits= -1,num;
+	int numbits= -1,num,genkey=0;
 	char buffer[200],*randfile=NULL;
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -140,6 +135,8 @@ char **argv;
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
+		else if (strcmp(*argv,"-genkey") == 0)
+			genkey=1;
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -169,7 +166,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -text         check the DSA parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
@@ -217,7 +214,8 @@ bad:
 
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
-	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,dsa_cb);
+	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
+			dsa_cb,(char *)bio_err);
 		}
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
@@ -314,6 +312,22 @@ bad:
 			goto end;
 			}
 		}
+	if (genkey)
+		{
+		DSA *dsakey;
+
+		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
+		if (!DSA_generate_key(dsakey)) goto end;
+		if 	(outformat == FORMAT_ASN1)
+			i=i2d_DSAPrivateKey_bio(out,dsakey);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		DSA_free(dsakey);
+		}
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
@@ -322,9 +336,7 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dsa_cb(p, n)
-int p;
-int n;
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
 	{
 	char c='*';
 
@@ -332,9 +344,10 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
+#endif

apps/eay.c

@@ -1,5 +1,5 @@
 /* apps/eay.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -62,33 +62,34 @@
 
 #define MONOLITH
 #define USE_SOCKETS
-#include "../e_os.h"
 
-#include "bio.h"
-#include "stack.h"
-#include "lhash.h"
+#include "openssl/e_os.h"
 
-#include "err.h"
+#include <openssl/bio.h>
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
 
-#include "bn.h"
+#include <openssl/err.h>
 
-#include "evp.h"
+#include <openssl/bn.h>
 
-#include "rand.h"
-#include "conf.h"
-#include "txt_db.h"
+#include <openssl/evp.h>
 
-#include "err.h"
+#include <openssl/rand.h>
+#include <openssl/conf.h>
+#include <openssl/txt_db.h>
 
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "asn1.h"
-#include "objects.h"
+#include <openssl/err.h>
+
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
 
 #define MONOLITH
 
-#include "ssleay.c"
+#include "openssl.c"
 #include "apps.c"
 #include "asn1pars.c"
 #ifndef NO_RSA

apps/enc.c

@@ -1,5 +1,5 @@
 /* apps/enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,22 +60,17 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#ifdef NO_MD5
-#include "md5.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#ifndef NO_MD5
+#include <openssl/md5.h>
 #endif
-#include "pem.h"
+#include <openssl/pem.h>
 
-#ifndef NOPROTO
 int set_hex(char *in,unsigned char *out,int size);
-#else
-int set_hex();
-#endif
-
 #undef SIZE
 #undef BSIZE
 #undef PROG
@@ -84,9 +79,7 @@ int set_hex();
 #define BSIZE	(8*1024)
 #define	PROG	enc_main
 
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	char *strbuf=NULL;
 	unsigned char *buff=NULL,*bufsize=NULL;
@@ -96,8 +89,8 @@ char **argv;
 	char *str=NULL;
 	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
-	int debug=0;
-	EVP_CIPHER *cipher=NULL,*c;
+	int debug=0,olb64=0;
+	const EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
@@ -107,7 +100,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	/* first check the program name */
         program_name(argv[0],pname,PROG_NAME_SIZE);
@@ -148,6 +141,8 @@ char **argv;
 			debug=1;
 		else if	(strcmp(*argv,"-P") == 0)
 			printkey=2;
+		else if	(strcmp(*argv,"-A") == 0)
+			olb64=1;
 		else if	(strcmp(*argv,"-a") == 0)
 			base64=1;
 		else if	(strcmp(*argv,"-base64") == 0)
@@ -237,7 +232,7 @@ bad:
 #ifndef NO_RC4
 			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 			BIO_printf(bio_err,"bf      :128 bit key BlowFish encryption\n");
 #endif
 #ifndef NO_RC4
@@ -275,11 +270,23 @@ bad:
 				LN_rc2_cfb64, LN_rc2_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_bf_ecb, LN_bf_cbc,
 				LN_bf_cfb64, LN_bf_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
+#endif
+#ifndef NO_CAST
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_cast5_ecb, LN_cast5_cbc,
+				LN_cast5_cfb64, LN_cast5_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
+#endif
+#ifndef NO_RC5
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_rc5_ecb, LN_rc5_cbc,
+				LN_rc5_cfb64, LN_rc5_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
 #endif
 			goto end;
 			}
@@ -463,6 +470,8 @@ bad:
 			BIO_set_callback(b64,BIO_debug_callback);
 			BIO_set_callback_arg(b64,bio_err);
 			}
+		if (olb64)
+			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
 		if (enc)
 			wbio=BIO_push(b64,wbio);
 		else
@@ -505,10 +514,7 @@ end:
 	EXIT(ret);
 	}
 
-int set_hex(in,out,size)
-char *in;
-unsigned char *out;
-int size;
+int set_hex(char *in, unsigned char *out, int size)
 	{
 	int i,n;
 	unsigned char j;

apps/errstr.c

@@ -1,5 +1,5 @@
 /* apps/errstr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,17 +60,15 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "lhash.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 #undef PROG
 #define PROG	errstr_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,ret=0;
 	char buf[256];
@@ -80,7 +78,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	SSL_load_error_strings();
 

apps/f

@@ -1,5 +0,0 @@
-586
-2481
-
-1400
-2064

apps/g_ssleay.pl

@@ -1,110 +0,0 @@
-#!/usr/local/bin/perl
-
-$mkprog='mklinks';
-$rmprog='rmlinks';
-
-print "#ifndef NOPROTO\n";
-
-grep(s/^asn1pars$/asn1parse/,@ARGV);
-
-foreach (@ARGV)
-	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
-print "#else\n";
-foreach (@ARGV)
-	{ printf "extern int %s_main();\n",$_; }
-print "#endif\n";
-
-
-print <<'EOF';
-
-#ifdef SSLEAY_SRC
-
-#define FUNC_TYPE_GENERAL	1
-#define FUNC_TYPE_MD		2
-#define FUNC_TYPE_CIPHER	3
-
-typedef struct {
-	int type;
-	char *name;
-	int (*func)();
-	} FUNCTION;
-
-FUNCTION functions[] = {
-EOF
-
-foreach (@ARGV)
-	{
-	push(@files,$_);
-	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
-	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
-		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
-		($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
-		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
-	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
-		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
-		{ print "#ifndef NO_DH\n${str}#endif\n"; }
-	else
-		{ print $str; }
-	}
-
-foreach ("md2","md5","sha","sha1","mdc2")
-	{
-	push(@files,$_);
-	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
-	}
-
-foreach (
-	"base64",
-	"des", "des3", "desx", "idea", "rc4", "rc2","bf",
-	"des-ecb", "des-ede",    "des-ede3",
-	"des-cbc", "des-ede-cbc","des-ede3-cbc",
-	"des-cfb", "des-ede-cfb","des-ede3-cfb",
-	"des-ofb", "des-ede-ofb","des-ede3-ofb",
-	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
-	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
-	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb")
-	{
-	push(@files,$_);
-
-	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
-	if    ($_ =~ /des/)  { $t="#ifndef NO_DES\n${t}#endif\n"; }
-	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
-	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
-	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
-	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
-	print $t;
-	}
-
-print "\t{0,NULL,NULL}\n\t};\n";
-print "#endif\n\n";
-
-open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
-EOF
-close(OUT);
-chmod(0755,$mkprog);
-
-open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo removing $i
-/bin/rm -f $i
-done
-EOF
-close(OUT);
-chmod(0755,$rmprog);

apps/gendh.c

@@ -1,5 +1,5 @@
 /* apps/gendh.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,34 +56,27 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DH
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "dh.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG gendh_main
 
-#ifndef NOPROTO
-static void MS_CALLBACK dh_cb(int p, int n);
+static void MS_CALLBACK dh_cb(int p, int n, char *arg);
 static long dh_load_rand(char *names);
-#else
-static void MS_CALLBACK dh_cb();
-static long dh_load_rand();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	char buffer[200];
 	DH *dh=NULL;
@@ -97,7 +90,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	argv++;
 	argc--;
@@ -171,7 +164,7 @@ bad:
 
 	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
-	dh=DH_generate_parameters(num,g,dh_cb);
+	dh=DH_generate_parameters(num,g,dh_cb,(char *)bio_err);
 		
 	if (dh == NULL) goto end;
 
@@ -191,9 +184,7 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dh_cb(p, n)
-int p;
-int n;
+static void MS_CALLBACK dh_cb(int p, int n, char *arg)
 	{
 	char c='*';
 
@@ -201,15 +192,14 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
 
-static long dh_load_rand(name)
-char *name;
+static long dh_load_rand(char *name)
 	{
 	char *p,*n;
 	int last;
@@ -230,5 +220,4 @@ char *name;
 		}
 	return(tot);
 	}
-
-
+#endif

apps/gendsa.c

@@ -1,5 +1,5 @@
 /* apps/gendsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,45 +56,40 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "dsa.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG gendsa_main
 
-#ifndef NOPROTO
 static long dsa_load_rand(char *names);
-#else
-static long dsa_load_rand();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	char buffer[200];
 	DSA *dsa=NULL;
-	int ret=1,num=DEFBITS;
+	int ret=1;
 	char *outfile=NULL;
 	char *inrand=NULL,*randfile,*dsaparams=NULL;
 	BIO *out=NULL,*in=NULL;
+	EVP_CIPHER *enc=NULL;
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	argv++;
 	argc--;
@@ -117,6 +112,16 @@ char **argv;
 			{
 			dsaparams= *argv;
 			}
+#ifndef NO_DES
+		else if (strcmp(*argv,"-des") == 0)
+			enc=EVP_des_cbc();
+		else if (strcmp(*argv,"-des3") == 0)
+			enc=EVP_des_ede3_cbc();
+#endif
+#ifndef NO_IDEA
+		else if (strcmp(*argv,"-idea") == 0)
+			enc=EVP_idea_cbc();
+#endif
 		else
 			goto bad;
 		argv++;
@@ -126,16 +131,25 @@ char **argv;
 	if (dsaparams == NULL)
 		{
 bad:
-		BIO_printf(bio_err,"usage: gendsa [args] [numbits]\n");
-		BIO_printf(bio_err," -out file - output the key to 'file\n");
+		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
+		BIO_printf(bio_err," -out file - output the key to 'file'\n");
+#ifndef NO_DES
+		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
+		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+#endif
+#ifndef NO_IDEA
+		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
+#endif
 		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
+		BIO_printf(bio_err," dsaparam-file\n");
+		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");
 		goto end;
 		}
 
 	in=BIO_new(BIO_s_file());
-	if (!(BIO_read_filename(in,"r")))
+	if (!(BIO_read_filename(in,dsaparams)))
 		{
 		perror(dsaparams);
 		goto end;
@@ -174,8 +188,8 @@ bad:
 			dsa_load_rand(inrand));
 		}
 
-	BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-	BIO_printf(bio_err,"This could take some time\n");
+	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
+							BN_num_bits(dsa->p));
 	if (!DSA_generate_key(dsa)) goto end;
 
 	if (randfile == NULL)
@@ -183,7 +197,7 @@ bad:
 	else
 		RAND_write_file(randfile);
 
-	if (!PEM_write_bio_DSAPrivateKey(out,dsa,EVP_des_ede3_cbc(),NULL,0,NULL))
+	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL))
 		goto end;
 	ret=0;
 end:
@@ -194,8 +208,7 @@ end:
 	EXIT(ret);
 	}
 
-static long dsa_load_rand(name)
-char *name;
+static long dsa_load_rand(char *name)
 	{
 	char *p,*n;
 	int last;
@@ -216,5 +229,4 @@ char *name;
 		}
 	return(tot);
 	}
-
-
+#endif

apps/genrsa.c

@@ -1,5 +1,5 @@
 /* apps/genrsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,35 +56,28 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "rsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG genrsa_main
 
-#ifndef NOPROTO
-static void MS_CALLBACK genrsa_cb(int p, int n);
+static void MS_CALLBACK genrsa_cb(int p, int n, char *arg);
 static long gr_load_rand(char *names);
-#else
-static void MS_CALLBACK genrsa_cb();
-static long gr_load_rand();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	char buffer[200];
@@ -101,7 +94,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
 		BIO_printf(bio_err,"unable to creat BIO for output\n");
@@ -201,7 +194,7 @@ bad:
 
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	rsa=RSA_generate_key(num,f4,genrsa_cb);
+	rsa=RSA_generate_key(num,f4,genrsa_cb,(char *)bio_err);
 		
 	if (randfile == NULL)
 		BIO_printf(bio_err,"unable to write 'random state'\n");
@@ -234,9 +227,7 @@ err:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK genrsa_cb(p, n)
-int p;
-int n;
+static void MS_CALLBACK genrsa_cb(int p, int n, char *arg)
 	{
 	char c='*';
 
@@ -244,15 +235,14 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
 
-static long gr_load_rand(name)
-char *name;
+static long gr_load_rand(char *name)
 	{
 	char *p,*n;
 	int last;
@@ -273,5 +263,4 @@ char *name;
 		}
 	return(tot);
 	}
-
-
+#endif

apps/install.com

@@ -0,0 +1,69 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVEXE:
+$	IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLAEXE:
+$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLLIB:
+$
+$	EXE := openssl
+$
+$	VEXE_DIR := [-.VAX.EXE.APPS]
+$	AEXE_DIR := [-.AXP.EXE.APPS]
+$
+$	I = 0
+$ LOOP_EXE: 
+$	E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
+$	I = I + 1
+$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
+$	SET NOON
+$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
+$	ENDIF
+$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
+$	ENDIF
+$	SET ON
+$	GOTO LOOP_EXE
+$ LOOP_EXE_END:
+$
+$	SET NOON
+$	COPY CA.COM WRK_SSLAEXE:CA.COM/LOG
+$	SET FILE/PROT=W:RE WRK_SSLAEXE:CA.COM
+$	COPY CA.COM WRK_SSLVEXE:CA.COM/LOG
+$	SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
+$	COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
+$	SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
+$	SET ON
+$
+$	EXIT

apps/mklinks

@@ -1,7 +0,0 @@
-#!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb 
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done

apps/nseq.c

@@ -0,0 +1,174 @@
+/* nseq.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include "apps.h"
+
+#undef PROG
+#define PROG nseq_main
+
+static int dump_cert_text(BIO *out, X509 *x);
+
+int MAIN(int argc, char **argv)
+{
+	char **args, *infile = NULL, *outfile = NULL;
+	BIO *in = NULL, *out = NULL;
+	int toseq = 0;
+	X509 *x509 = NULL;
+	NETSCAPE_CERT_SEQUENCE *seq = NULL;
+	int i, ret = 1;
+	int badarg = 0;
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+	ERR_load_crypto_strings();
+	args = argv + 1;
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp (*args, "-toseq")) toseq = 1;
+		else if (!strcmp (*args, "-in")) {
+			if (args[1]) {
+				args++;
+				infile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+			if (args[1]) {
+				args++;
+				outfile = *args;
+			} else badarg = 1;
+		} else badarg = 1;
+		args++;
+	}
+
+	if (badarg) {
+		BIO_printf (bio_err, "Netscape certificate sequence utility\n");
+		BIO_printf (bio_err, "Usage nseq [options]\n");
+		BIO_printf (bio_err, "where options are\n");
+                BIO_printf (bio_err, "-in file  input file\n");
+                BIO_printf (bio_err, "-out file output file\n");
+                BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+		EXIT(1);
+	}
+
+	if (infile) {
+		if (!(in = BIO_new_file (infile, "r"))) {
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
+			goto end;
+		}
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+	if (outfile) {
+		if (!(out = BIO_new_file (outfile, "w"))) {
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
+			goto end;
+		}
+	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+	if (toseq) {
+		seq = NETSCAPE_CERT_SEQUENCE_new();
+		seq->certs = sk_new(NULL);
+		while((x509 = PEM_read_bio_X509(in, NULL, NULL))) 
+					sk_push(seq->certs, (char *)x509);
+
+		if(!sk_num(seq->certs))
+		{
+			BIO_printf (bio_err, "Error reading certs file %s\n", infile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
+		ret = 0;
+		goto end;
+	}
+
+	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL))) {
+		BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	for(i = 0; i < sk_num(seq->certs); i++) {
+		x509 = (X509 *) sk_value(seq->certs, i);
+		dump_cert_text(out, x509);
+		PEM_write_bio_X509(out, x509);
+	}
+	ret = 0;
+end:
+	BIO_free(in);
+	BIO_free(out);
+	NETSCAPE_CERT_SEQUENCE_free(seq);
+
+	EXIT(ret);
+}
+
+static int dump_cert_text(BIO *out, X509 *x)
+{
+        char buf[256];
+        X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+        BIO_puts(out,"subject=");
+        BIO_puts(out,buf);
+
+        X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+        BIO_puts(out,"\nissuer= ");
+        BIO_puts(out,buf);
+        BIO_puts(out,"\n");
+        return 0;
+}
+

apps/oid.cnf

@@ -0,0 +1,6 @@
+2.99999.1       SET.ex1         SET x509v3 extension 1
+2.99999.2       SET.ex2         SET x509v3 extension 2
+2.99999.3       SET.ex3         SET x509v3 extension 3
+2.99999.4       SET.ex4         SET x509v3 extension 4
+2.99999.5       SET.ex5         SET x509v3 extension 5
+2.99999.6       SET.ex6         SET x509v3 extension 6

apps/openssl-vms.cnf

@@ -0,0 +1,214 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= $ENV::HOME/.rnd
+oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= sys\$disk:[.demoCA	# Where everything is kept
+certs		= $dir.certs]		# Where the issued certs are kept
+crl_dir		= $dir.crl]		# Where the issued crl are kept
+database	= $dir]index.txt	# database index file.
+new_certs_dir	= $dir.newcerts]	# default place for new certs.
+
+certificate	= $dir]cacert.pem 	# The CA certificate
+serial		= $dir]serial.		# The current serial number
+crl		= $dir]crl.pem 		# The current CRL
+private_key	= $dir.private]cakey.pem# The private key
+RANDFILE	= $dir.private].rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 40
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_ca]
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# RAW DER hex encoding of an extension: beware experts only!
+# 1.2.3.5=RAW:02:03
+# You can even override a supported extension:
+# basicConstraints= critical, RAW:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always

apps/openssl.c

@@ -1,5 +1,5 @@
-/* apps/ssleay.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* apps/openssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,49 +56,42 @@
  * [including the GNU Public Licence.]
  */
 
-#define DEBUG
+#ifndef DEBUG
+#undef DEBUG
+#endif
 
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#ifdef WIN16
-#define APPS_WIN16
-#endif
-#include "bio.h"
-#include "crypto.h"
-#include "lhash.h"
-#include "conf.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 #define SSLEAY	/* turn off a few special case MONOLITH macros */
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
 #define SSLEAY_SRC
 #include "apps.h"
 #include "s_apps.h"
-#include "err.h"
+#include <openssl/err.h>
 
+/*
+#ifdef WINDOWS
+#include "bss_file.c"
+#endif
+*/
 
-#ifndef NOPROTO
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
-static void sig_stop(int i);
-#else
-static unsigned long MS_CALLBACK hash();
-static int MS_CALLBACK cmp();
-static LHASH *prog_init();
-static int do_cmd();
-static void sig_stop();
-#endif
-
 LHASH *config=NULL;
 char *default_config_file=NULL;
 
 #ifdef DEBUG
-static void sig_stop(i)
-int i;
+static void sig_stop(int i)
 	{
 	char *a=NULL;
 
@@ -111,9 +104,7 @@ int i;
 BIO *bio_err=NULL;
 #endif
 
-int main(Argc,Argv)
-int Argc;
-char *Argv[];
+int main(int Argc, char *Argv[])
 	{
 	ARGS arg;
 #define PROG_NAME_SIZE	16
@@ -143,19 +134,23 @@ char *Argv[];
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
 	ERR_load_crypto_strings();
 
 	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
+	p=getenv("OPENSSL_CONF");
+	if (p == NULL)
+		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
+#ifndef VMS
+		strcat(config_name,"/");
+#endif
+		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
 
@@ -189,7 +184,7 @@ char *Argv[];
 		goto end;
 		}
 
-	/* ok, lets enter the old 'SSLeay>' mode */
+	/* ok, lets enter the old 'OpenSSL>' mode */
 	
 	for (;;)
 		{
@@ -202,7 +197,7 @@ char *Argv[];
 			p[0]='\0';
 			if (i++)
 				prompt=">";
-			else	prompt="SSLeay>";
+			else	prompt="OpenSSL> ";
 			fputs(prompt,stdout);
 			fflush(stdout);
 			fgets(p,n,stdin);
@@ -224,6 +219,7 @@ char *Argv[];
 			}
 		if (ret != 0)
 			BIO_printf(bio_err,"error in %s\n",argv[0]);
+		BIO_flush(bio_err);
 		}
 	BIO_printf(bio_err,"bad exit\n");
 	ret=1;
@@ -238,6 +234,7 @@ end:
 	ERR_remove_state(0);
 
 	EVP_cleanup();
+	ERR_free_strings();
 
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
@@ -248,10 +245,11 @@ end:
 	EXIT(ret);
 	}
 
-static int do_cmd(prog,argc,argv)
-LHASH *prog;
-int argc;
-char *argv[];
+#define LIST_STANDARD_COMMANDS "list-standard-commands"
+#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
+#define LIST_CIPHER_COMMANDS "list-cipher-commands"
+
+static int do_cmd(LHASH *prog, int argc, char *argv[])
 	{
 	FUNCTION f,*fp;
 	int i,ret=1,tp,nl;
@@ -272,12 +270,34 @@ char *argv[];
 		ret= -1;
 		goto end;
 		}
+	else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
+		(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
+		(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
+		{
+		int list_type;
+		BIO *bio_stdout;
+
+		if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
+			list_type = FUNC_TYPE_GENERAL;
+		else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
+			list_type = FUNC_TYPE_MD;
+		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
+			list_type = FUNC_TYPE_CIPHER;
+		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+		
+		for (fp=functions; fp->name != NULL; fp++)
+			if (fp->type == list_type)
+				BIO_printf(bio_stdout, "%s\n", fp->name);
+		BIO_free(bio_stdout);
+		ret=0;
+		goto end;
+		}
 	else
 		{
-		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
+		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
 			argv[0]);
+		BIO_printf(bio_err, "\nStandard commands");
 		i=0;
-		fp=functions;
 		tp=0;
 		for (fp=functions; fp->name != NULL; fp++)
 			{
@@ -295,27 +315,43 @@ char *argv[];
 					{
 					i=1;
 					BIO_printf(bio_err,
-						"Message Digest commands - see the dgst command for more details\n");
+						"\nMessage Digest commands (see the `dgst' command for more details)\n");
 					}
 				else if (tp == FUNC_TYPE_CIPHER)
 					{
 					i=1;
-					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
+					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
 			BIO_printf(bio_err,"%-15s",fp->name);
 			}
-		BIO_printf(bio_err,"\nquit\n");
+		BIO_printf(bio_err,"\n\n");
 		ret=0;
 		}
 end:
 	return(ret);
 	}
 
-static LHASH *prog_init()
+static int SortFnByName(const void *_f1,const void *_f2)
+    {
+    const FUNCTION *f1=_f1;
+    const FUNCTION *f2=_f2;
+
+    if(f1->type != f2->type)
+	return f1->type-f2->type;
+    return strcmp(f1->name,f2->name);
+    }
+
+static LHASH *prog_init(void)
 	{
 	LHASH *ret;
 	FUNCTION *f;
+	int i;
+
+	/* Purely so it looks nice when the user hits ? */
+	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
+	    ;
+	qsort(functions,i,sizeof *functions,SortFnByName);
 
 	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
 
@@ -324,14 +360,12 @@ static LHASH *prog_init()
 	return(ret);
 	}
 
-static int MS_CALLBACK cmp(a,b)
-FUNCTION *a,*b;
+static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
 	{
 	return(strncmp(a->name,b->name,8));
 	}
 
-static unsigned long MS_CALLBACK hash(a)
-FUNCTION *a;
+static unsigned long MS_CALLBACK hash(FUNCTION *a)
 	{
 	return(lh_strhash(a->name));
 	}

apps/openssl.cnf

@@ -1,9 +1,26 @@
 #
-# SSLeay example configuration file.
+# OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 
 RANDFILE		= $ENV::HOME/.rnd
+oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
 
 ####################################################################
 [ ca ]
@@ -24,7 +41,12 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
 
-x509_extensions	= x509v3_extensions	# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= md5			# which md to use.
@@ -62,6 +84,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
@@ -79,7 +102,7 @@ localityName			= Locality Name (eg, city)
 
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= CryptSoft Pty Ltd
+#1.organizationName_default	= World Wide Web Pty Ltd
 
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
@@ -90,6 +113,8 @@ commonName_max			= 64
 emailAddress			= Email Address
 emailAddress_max		= 40
 
+# SET-ex3			= SET extension number 3
+
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
@@ -97,20 +122,93 @@ challengePassword_max		= 20
 
 unstructuredName		= An optional company name
 
-[ x509v3_extensions ]
+[ usr_cert ]
 
-nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
-nsComment			= "This is a comment"
+# These extensions are added when 'ca' signs a request.
 
-# under ASN.1, the 0 bit would be encoded as 80
-nsCertType			= 0x40
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
 
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
-#nsCertSequence
-#nsCertExt
-#nsDataType
 
+[ v3_ca]
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# RAW DER hex encoding of an extension: beware experts only!
+# 1.2.3.5=RAW:02:03
+# You can even override a supported extension:
+# basicConstraints= critical, RAW:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always

apps/pem_mail.c

@@ -1,5 +1,5 @@
 /* apps/pem_mail.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,13 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
 #include "apps.h"
 
 #undef PROG
@@ -87,9 +88,7 @@ typedef struct lines_St
 	struct lines_st *next;
 	} LINES;
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	FILE *in;
 	RSA *rsa=NULL;
@@ -168,3 +167,4 @@ err:
 	ERR_print_errors(bio_err);
 	EXIT(1);
 	}
+#endif

apps/pkcs12.c

@@ -0,0 +1,705 @@
+/* pkcs12.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/des.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "apps.h"
+#define PROG pkcs12_main
+
+EVP_CIPHER *enc;
+
+
+#define NOKEYS		0x1
+#define NOCERTS 	0x2
+#define INFO		0x4
+#define CLCERTS		0x8
+#define CACERTS		0x10
+
+int get_cert_chain(X509 *cert, STACK **chain);
+int dump_cert_text (BIO *out, X509 *x);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
+int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
+int print_attribs(BIO *out, STACK *attrlst, char *name);
+void hex_prin(BIO *out, unsigned char *buf, int len);
+int alg_print(BIO *x, X509_ALGOR *alg);
+int cert_load(BIO *in, STACK *sk);
+int MAIN(int argc, char **argv)
+{
+    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
+    char *certfile=NULL;
+    BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
+    char **args;
+    char *name = NULL;
+    PKCS12 *p12 = NULL;
+    char pass[50], macpass[50];
+    int export_cert = 0;
+    int options = 0;
+    int chain = 0;
+    int badarg = 0;
+    int iter = PKCS12_DEFAULT_ITER;
+    int maciter = 1;
+    int twopass = 0;
+    int keytype = 0;
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+    int ret = 1;
+    int macver = 1;
+    int noprompt = 0;
+    STACK *canames = NULL;
+    char *cpass = NULL, *mpass = NULL;
+
+    apps_startup();
+
+    enc = EVP_des_ede3_cbc();
+    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+    args = argv + 1;
+
+
+    while (*args) {
+	if (*args[0] == '-') {
+		if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
+		else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
+		else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
+		else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
+		else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
+		else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
+		else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
+		else if (!strcmp (*args, "-info")) options |= INFO;
+		else if (!strcmp (*args, "-chain")) chain = 1;
+		else if (!strcmp (*args, "-twopass")) twopass = 1;
+		else if (!strcmp (*args, "-nomacver")) macver = 0;
+		else if (!strcmp (*args, "-descert"))
+    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+		else if (!strcmp (*args, "-export")) export_cert = 1;
+		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
+#ifndef NO_IDEA
+		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
+#endif
+		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+		else if (!strcmp (*args, "-noiter")) iter = 1;
+		else if (!strcmp (*args, "-maciter"))
+					 maciter = PKCS12_DEFAULT_ITER;
+		else if (!strcmp (*args, "-nodes")) enc=NULL;
+		else if (!strcmp (*args, "-inkey")) {
+		    if (args[1]) {
+			args++;	
+			keyname = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-certfile")) {
+		    if (args[1]) {
+			args++;	
+			certfile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-name")) {
+		    if (args[1]) {
+			args++;	
+			name = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-caname")) {
+		    if (args[1]) {
+			args++;	
+			if (!canames) canames = sk_new(NULL);
+			sk_push(canames, *args);
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-in")) {
+		    if (args[1]) {
+			args++;	
+			infile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+		    if (args[1]) {
+			args++;	
+			outfile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-envpass")) {
+		    if (args[1]) {
+			args++;	
+			if(!(cpass = getenv(*args))) {
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n", *args);
+				goto end;
+			}
+			noprompt = 1;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-password")) {
+		    if (args[1]) {
+			args++;	
+			cpass = *args;
+		    	noprompt = 1;
+		    } else badarg = 1;
+		} else badarg = 1;
+
+	} else badarg = 1;
+	args++;
+    }
+
+    if (badarg) {
+	BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
+	BIO_printf (bio_err, "where options are\n");
+	BIO_printf (bio_err, "-export       output PKCS12 file\n");
+	BIO_printf (bio_err, "-chain        add certificate chain\n");
+	BIO_printf (bio_err, "-inkey file   private key if not infile\n");
+	BIO_printf (bio_err, "-certfile f   add all certs in f\n");
+	BIO_printf (bio_err, "-name \"name\"  use name as friendly name\n");
+	BIO_printf (bio_err, "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
+	BIO_printf (bio_err, "-in  infile   input filename\n");
+	BIO_printf (bio_err, "-out outfile  output filename\n");
+	BIO_printf (bio_err, "-noout        don't output anything, just verify.\n");
+	BIO_printf (bio_err, "-nomacver     don't verify MAC.\n");
+	BIO_printf (bio_err, "-nocerts      don't output certificates.\n");
+	BIO_printf (bio_err, "-clcerts      only output client certificates.\n");
+	BIO_printf (bio_err, "-cacerts      only output CA certificates.\n");
+	BIO_printf (bio_err, "-nokeys       don't output private keys.\n");
+	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");
+	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");
+	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
+#ifndef NO_IDEA
+	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
+#endif
+	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
+	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
+	BIO_printf (bio_err, "-maciter      use MAC iteration\n");
+	BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
+	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
+	BIO_printf (bio_err, "-keysig       set MS key signature type\n");
+	BIO_printf (bio_err, "-password p   set import/export password (NOT RECOMMENDED)\n");
+	BIO_printf (bio_err, "-envpass p    set import/export password from environment\n");
+    	goto end;
+    }
+
+    if(cpass) mpass = cpass;
+    else {
+	cpass = pass;
+	mpass = macpass;
+    }
+
+    ERR_load_crypto_strings();
+
+    in = BIO_new (BIO_s_file());
+    out = BIO_new (BIO_s_file());
+
+    if (!infile) BIO_set_fp (in, stdin, BIO_NOCLOSE);
+    else {
+        if (BIO_read_filename (in, infile) <= 0) {
+	    perror (infile);
+	    goto end;
+	}
+    }
+
+   if (certfile) {
+    	certsin = BIO_new (BIO_s_file());
+        if (BIO_read_filename (certsin, certfile) <= 0) {
+	    perror (certfile);
+	    goto end;
+	}
+    }
+
+    if (keyname) {
+    	inkey = BIO_new (BIO_s_file());
+        if (BIO_read_filename (inkey, keyname) <= 0) {
+	    perror (keyname);
+	    goto end;
+	}
+     }
+
+    if (!outfile) BIO_set_fp (out, stdout, BIO_NOCLOSE);
+    else {
+        if (BIO_write_filename (out, outfile) <= 0) {
+	    perror (outfile);
+	    goto end;
+	}
+    }
+    if (twopass) {
+	if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert)) {
+    	    BIO_printf (bio_err, "Can't read Password\n");
+    	    goto end;
+       	}
+    }
+
+if (export_cert) {
+	EVP_PKEY *key;
+	STACK *bags, *safes;
+	PKCS12_SAFEBAG *bag;
+	PKCS8_PRIV_KEY_INFO *p8;
+	PKCS7 *authsafe;
+	X509 *cert, *ucert = NULL;
+	STACK *certs;
+	char *catmp;
+	int i, pmatch = 0;
+	unsigned char keyid[EVP_MAX_MD_SIZE];
+	unsigned int keyidlen;
+	/* Get private key so we can match it to a certificate */
+	key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL);
+	if (!inkey) BIO_reset(in);
+	if (!key) {
+		BIO_printf (bio_err, "Error loading private key\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	certs = sk_new(NULL);
+
+	/* Load in all certs in input file */
+	if(!cert_load(in, certs)) {
+		BIO_printf(bio_err, "Error loading certificates from input\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+	
+	bags = sk_new (NULL);
+
+	/* Add any more certificates asked for */
+	if (certsin) {
+		if(!cert_load(certsin, certs)) {
+			BIO_printf(bio_err, "Error loading certificates from certfile\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	    	BIO_free(certsin);
+ 	}
+
+	/* Find certificate (if any) matching private key */
+
+	for(i = 0; i < sk_num(certs); i++) {
+			cert = (X509 *)sk_value(certs, i);
+			if(X509_check_private_key(cert, key)) {
+				ucert = cert;
+				break;
+			}
+	}
+
+	if(!ucert) {
+		BIO_printf(bio_err, "No certificate matches private key\n");
+		goto end;
+	}
+
+	/* If chaining get chain from user cert */
+	if (chain) {
+        	int vret;
+		STACK *chain2;
+			
+		vret = get_cert_chain (ucert, &chain2);
+		if (vret) {
+			BIO_printf (bio_err, "Error %s getting chain.\n",
+					X509_verify_cert_error_string(vret));
+			goto end;
+		}
+		/* Exclude verified certificate */
+		for (i = 1; i < sk_num (chain2) ; i++) 
+				 sk_push(certs, sk_value (chain2, i));
+		sk_free(chain2);
+			
+    	}
+
+	/* We now have loads of certificates: include them all */
+	for(i = 0; i < sk_num(certs); i++) {
+		cert = (X509 *)sk_value(certs, i);
+		bag = M_PKCS12_x5092certbag(cert);
+		/* If it matches private key mark it */
+		if(cert == ucert) {
+			if(name) PKCS12_add_friendlyname(bag, name, -1);
+			X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+			PKCS12_add_localkeyid(bag, keyid, keyidlen);
+			pmatch = 1;
+		} else if((catmp = sk_shift(canames))) 
+				PKCS12_add_friendlyname(bag, catmp, -1);
+		sk_push(bags, (char *)bag);
+	}
+
+	if (canames) sk_free(canames);
+
+	if(!noprompt &&
+		EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
+	    BIO_printf (bio_err, "Can't read Password\n");
+	    goto end;
+        }
+	if (!twopass) strcpy(macpass, pass);
+	/* Turn certbags into encrypted authsafe */
+	authsafe = PKCS12_pack_p7encdata (cert_pbe, cpass, -1, NULL, 0,
+								 iter, bags);
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);
+
+	if (!authsafe) {
+		ERR_print_errors (bio_err);
+		goto end;
+	}
+
+	safes = sk_new (NULL);
+	sk_push (safes, (char *)authsafe);
+
+	/* Make a shrouded key bag */
+	p8 = EVP_PKEY2PKCS8 (key);
+	EVP_PKEY_free(key);
+	if(keytype) PKCS8_add_keyusage(p8, keytype);
+	bag = PKCS12_MAKE_SHKEYBAG (NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+			cpass, -1, NULL, 0, iter, p8);
+	PKCS8_PRIV_KEY_INFO_free(p8);
+        if (name) PKCS12_add_friendlyname (bag, name, -1);
+	if(pmatch) PKCS12_add_localkeyid (bag, keyid, keyidlen);
+	bags = sk_new(NULL);
+	sk_push (bags, (char *)bag);
+	/* Turn it into unencrypted safe bag */
+	authsafe = PKCS12_pack_p7data (bags);
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);
+	sk_push (safes, (char *)authsafe);
+
+	p12 = PKCS12_init (NID_pkcs7_data);
+
+	M_PKCS12_pack_authsafes (p12, safes);
+
+	sk_pop_free(safes, PKCS7_free);
+
+	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
+
+	i2d_PKCS12_bio (out, p12);
+
+	PKCS12_free(p12);
+
+	ret = 0;
+	goto end;
+	
+    }
+
+    if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
+	ERR_print_errors(bio_err);
+	goto end;
+    }
+
+    if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
+	BIO_printf (bio_err, "Can't read Password\n");
+	goto end;
+    }
+
+    if (!twopass) strcpy(macpass, pass);
+
+    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+    if(macver) {
+	if (!PKCS12_verify_mac (p12, mpass, -1)) {
+	    BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
+	    ERR_print_errors (bio_err);
+	    goto end;
+	} else BIO_printf (bio_err, "MAC verified OK\n");
+    }
+
+    if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) {
+	BIO_printf(bio_err, "Error outputting keys and certificates\n");
+	ERR_print_errors (bio_err);
+	goto end;
+    }
+    PKCS12_free(p12);
+    ret = 0;
+    end:
+    BIO_free(out);
+    EXIT(ret);
+}
+
+int dump_cert_text (BIO *out, X509 *x)
+{
+	char buf[256];
+	X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+	BIO_puts(out,"subject=");
+	BIO_puts(out,buf);
+
+	X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+	BIO_puts(out,"\nissuer= ");
+	BIO_puts(out,buf);
+	BIO_puts(out,"\n");
+        return 0;
+}
+
+int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+	     int passlen, int options)
+{
+	STACK *asafes, *bags;
+	int i, bagnid;
+	PKCS7 *p7;
+	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
+	for (i = 0; i < sk_num (asafes); i++) {
+		p7 = (PKCS7 *) sk_value (asafes, i);
+		bagnid = OBJ_obj2nid (p7->type);
+		if (bagnid == NID_pkcs7_data) {
+			bags = M_PKCS12_unpack_p7data (p7);
+			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
+		} else if (bagnid == NID_pkcs7_encrypted) {
+			if (options & INFO) {
+				BIO_printf (bio_err, "PKCS7 Encrypted data: ");
+				alg_print (bio_err, 
+					p7->d.encrypted->enc_data->algorithm);
+			}
+			bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
+		} else continue;
+		if (!bags) return 0;
+	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
+							 options)) {
+			sk_pop_free (bags, PKCS12_SAFEBAG_free);
+			return 0;
+		}
+		sk_pop_free (bags, PKCS12_SAFEBAG_free);
+	}
+	sk_pop_free (asafes, PKCS7_free);
+	return 1;
+}
+
+int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
+	     int passlen, int options)
+{
+	int i;
+	for (i = 0; i < sk_num (bags); i++) {
+		if (!dump_certs_pkeys_bag (out,
+			 (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
+					 		options)) return 0;
+	}
+	return 1;
+}
+
+int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+	     int passlen, int options)
+{
+	EVP_PKEY *pkey;
+	PKCS8_PRIV_KEY_INFO *p8;
+	X509 *x509;
+	
+	switch (M_PKCS12_bag_type(bag))
+	{
+	case NID_keyBag:
+		if (options & INFO) BIO_printf (bio_err, "Key bag\n");
+		if (options & NOKEYS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		p8 = bag->value.keybag;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		print_attribs (out, p8->attributes, "Key Attributes");
+		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL);
+		EVP_PKEY_free(pkey);
+	break;
+
+	case NID_pkcs8ShroudedKeyBag:
+		if (options & INFO) {
+			BIO_printf (bio_err, "Shrouded Keybag: ");
+			alg_print (bio_err, bag->value.shkeybag->algor);
+		}
+		if (options & NOKEYS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
+				return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		print_attribs (out, p8->attributes, "Key Attributes");
+		PKCS8_PRIV_KEY_INFO_free(p8);
+		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL);
+		EVP_PKEY_free(pkey);
+	break;
+
+	case NID_certBag:
+		if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
+		if (options & NOCERTS) return 1;
+                if (PKCS12_get_attr(bag, NID_localKeyID)) {
+			if (options & CACERTS) return 1;
+		} else if (options & CLCERTS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
+								 return 1;
+		if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
+		dump_cert_text (out, x509);
+		PEM_write_bio_X509 (out, x509);
+		X509_free(x509);
+	break;
+
+	case NID_safeContentsBag:
+		if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		return dump_certs_pkeys_bags (out, bag->value.safes, pass,
+							    passlen, options);
+					
+	default:
+		BIO_printf (bio_err, "Warning unsupported bag type: ");
+		i2a_ASN1_OBJECT (bio_err, bag->type);
+		BIO_printf (bio_err, "\n");
+		return 1;
+	break;
+	}
+	return 1;
+}
+
+/* Given a single certificate return a verified chain or NULL if error */
+
+/* Hope this is OK .... */
+
+int get_cert_chain (X509 *cert, STACK **chain)
+{
+	X509_STORE *store;
+	X509_STORE_CTX store_ctx;
+	STACK *chn;
+	int i;
+	X509 *x;
+	store = X509_STORE_new ();
+	X509_STORE_set_default_paths (store);
+	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
+	if (X509_verify_cert(&store_ctx) <= 0) {
+		i = X509_STORE_CTX_get_error (&store_ctx);
+		goto err;
+	}
+	chn =  sk_dup(X509_STORE_CTX_get_chain (&store_ctx));
+	for (i = 0; i < sk_num(chn); i++) {
+		x = (X509 *)sk_value(chn, i);
+		CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+	}
+	i = 0;
+	*chain = chn;
+err:
+	X509_STORE_CTX_cleanup(&store_ctx);
+	X509_STORE_free(store);
+	
+	return i;
+}	
+
+int alg_print (BIO *x, X509_ALGOR *alg)
+{
+	PBEPARAM *pbe;
+	unsigned char *p;
+	p = alg->parameter->value.sequence->data;
+	pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
+	BIO_printf (bio_err, "%s, Iteration %d\n", 
+	OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter));
+	PBEPARAM_free (pbe);
+	return 0;
+}
+
+/* Load all certificates from a given file */
+
+int cert_load(BIO *in, STACK *sk)
+{
+	int ret;
+	X509 *cert;
+	ret = 0;
+	while((cert = PEM_read_bio_X509(in, NULL, NULL))) {
+		ret = 1;
+		sk_push(sk, (char *)cert);
+	}
+	if(ret) ERR_clear_error();
+	return ret;
+}
+
+/* Generalised attribute print: handle PKCS#8 and bag attributes */
+
+int print_attribs (BIO *out, STACK *attrlst, char *name)
+{
+	X509_ATTRIBUTE *attr;
+	ASN1_TYPE *av;
+	char *value;
+	int i, attr_nid;
+	if(!attrlst) {
+		BIO_printf(out, "%s: <No Attributes>\n", name);
+		return 1;
+	}
+	if(!sk_num(attrlst)) {
+		BIO_printf(out, "%s: <Empty Attributes>\n", name);
+		return 1;
+	}
+	BIO_printf(out, "%s\n", name);
+	for(i = 0; i < sk_num(attrlst); i++) {
+		attr = (X509_ATTRIBUTE *) sk_value(attrlst, i);
+		attr_nid = OBJ_obj2nid(attr->object);
+		BIO_printf(out, "    ");
+		if(attr_nid == NID_undef) {
+			i2a_ASN1_OBJECT (out, attr->object);
+			BIO_printf(out, ": ");
+		} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+
+		if(sk_ASN1_TYPE_num(attr->value.set)) {
+			av = sk_ASN1_TYPE_value(attr->value.set, 0);
+			switch(av->type) {
+				case V_ASN1_BMPSTRING:
+        			value = uni2asc(av->value.bmpstring->data,
+                                	       av->value.bmpstring->length);
+				BIO_printf(out, "%s\n", value);
+				Free(value);
+				break;
+
+				case V_ASN1_OCTET_STRING:
+				hex_prin(out, av->value.bit_string->data,
+					av->value.bit_string->length);
+				BIO_printf(out, "\n");	
+				break;
+
+				case V_ASN1_BIT_STRING:
+				hex_prin(out, av->value.octet_string->data,
+					av->value.octet_string->length);
+				BIO_printf(out, "\n");	
+				break;
+
+				default:
+					BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+				break;
+			}
+		} else BIO_printf(out, "<No Values>\n");
+	}
+	return 1;
+}
+
+void hex_prin(BIO *out, unsigned char *buf, int len)
+{
+	int i;
+	for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
+}

apps/pkcs7.c

@@ -1,5 +1,5 @@
 /* apps/pkcs7.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,12 +61,12 @@
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "err.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	pkcs7_main
@@ -81,13 +81,13 @@
  * -print_certs
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	PKCS7 *p7=NULL;
 	int i,badops=0;
+#if !defined(NO_DES) || !defined(NO_IDEA)
 	EVP_CIPHER *enc=NULL;
+#endif
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat;
 	char *infile,*outfile,*prog,buf[256];
@@ -98,7 +98,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -159,7 +159,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
@@ -221,7 +221,7 @@ bad:
 
 	if (print_certs)
 		{
-		STACK *certs=NULL;
+		STACK_OF(X509) *certs=NULL;
 		STACK *crls=NULL;
 
 		i=OBJ_obj2nid(p7->type);
@@ -243,9 +243,9 @@ bad:
 			{
 			X509 *x;
 
-			for (i=0; i<sk_num(certs); i++)
+			for (i=0; i<sk_X509_num(certs); i++)
 				{
-				x=(X509 *)sk_value(certs,i);
+				x=sk_X509_value(certs,i);
 
 				X509_NAME_oneline(X509_get_subject_name(x),
 					buf,256);
@@ -275,9 +275,9 @@ bad:
 				BIO_puts(out,buf);
 
 				BIO_puts(out,"\nlast update=");
-				ASN1_UTCTIME_print(out,crl->crl->lastUpdate);
+				ASN1_TIME_print(out,crl->crl->lastUpdate);
 				BIO_puts(out,"\nnext update=");
-				ASN1_UTCTIME_print(out,crl->crl->nextUpdate);
+				ASN1_TIME_print(out,crl->crl->nextUpdate);
 				BIO_puts(out,"\n");
 
 				PEM_write_bio_X509_CRL(out,crl);

apps/privkey.pem

@@ -1,15 +1,18 @@
------BEGIN DSA PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,2221AF3DAA41AB24
+DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF
 
-IOx3ubYOV2SETDSWiuG4bsioEl7jA2CulYKAJvIfy8z5GI+08NwptNOUqbMhDV1s
-156KhUvBvG48uz9mxcOyHjZRD0HNixGNMXDaFJSajINFoGtmYZRc20DEoY6buzsi
-E76GK95cJHsjJsdNrdggIJRTaiLayLzsMFVDrKhmaJVTKlBpcdnFM4BEKSyD2H5N
-OllrfK6GgmlH+WVXU9AlXoy5Jm0YXT7i5bPCB5eDDL/GkTISFHZsnEYpHCrMARsw
-5V15dYEwFc6NA/psBGk1qS2CHVIOYNcfCfndR90+UCos+rMBkcQDfvxI95+L8dbS
-ONJJrUqiCHV/zYSE+aXZN001mJJLvHOW65YbgdwSOfiowcv7HPbFrGdwOOJvSEx2
-d571YvqfsaDojwR5KLgfFDSwVBwzo/mfcFeVrT9Q8LwPL4/dwwoElWTmYbSaW0uZ
-Ov73xRUbVGa5LTJoGbFVMvjpmEO2qtBsx7vq9AT8v8gDzYSuEafyC7d0h85EIfTJ
-wPlIN3xKTiqFpp/eFCkdKqNn826NoC1TgQuoCBIrJ8gZsIr1l8R+iAuGxKGPASoF
-cyqnpcqGgaaTrxnk9cX4dQ==
------END DSA PRIVATE KEY-----
+6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9
+Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo
+F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3
+XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE
+jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy
+vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh
+JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf
+PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM
+POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS
+gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz
+8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v
+Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC
+dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==
+-----END RSA PRIVATE KEY-----

apps/progs.h

@@ -1,4 +1,5 @@
-#ifndef NOPROTO
+/* This file was generated by progs.pl. */
+
 extern int verify_main(int argc,char *argv[]);
 extern int asn1parse_main(int argc,char *argv[]);
 extern int req_main(int argc,char *argv[]);
@@ -6,7 +7,6 @@ extern int dgst_main(int argc,char *argv[]);
 extern int dh_main(int argc,char *argv[]);
 extern int enc_main(int argc,char *argv[]);
 extern int gendh_main(int argc,char *argv[]);
-extern int gendsa_main(int argc,char *argv[]);
 extern int errstr_main(int argc,char *argv[]);
 extern int ca_main(int argc,char *argv[]);
 extern int crl_main(int argc,char *argv[]);
@@ -15,6 +15,7 @@ extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
 extern int genrsa_main(int argc,char *argv[]);
+extern int gendsa_main(int argc,char *argv[]);
 extern int s_server_main(int argc,char *argv[]);
 extern int s_client_main(int argc,char *argv[]);
 extern int speed_main(int argc,char *argv[]);
@@ -24,35 +25,10 @@ extern int pkcs7_main(int argc,char *argv[]);
 extern int crl2pkcs7_main(int argc,char *argv[]);
 extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
-#else
-extern int verify_main();
-extern int asn1parse_main();
-extern int req_main();
-extern int dgst_main();
-extern int dh_main();
-extern int enc_main();
-extern int gendh_main();
-extern int gendsa_main();
-extern int errstr_main();
-extern int ca_main();
-extern int crl_main();
-extern int rsa_main();
-extern int dsa_main();
-extern int dsaparam_main();
-extern int x509_main();
-extern int genrsa_main();
-extern int s_server_main();
-extern int s_client_main();
-extern int speed_main();
-extern int s_time_main();
-extern int version_main();
-extern int pkcs7_main();
-extern int crl2pkcs7_main();
-extern int sess_id_main();
-extern int ciphers_main();
-#endif
+extern int nseq_main(int argc,char *argv[]);
+extern int pkcs12_main(int argc,char *argv[]);
 
-#ifdef SSLEAY_SRC
+#ifdef SSLEAY_SRC  /* Defined only in openssl.c. */
 
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -67,9 +43,7 @@ typedef struct {
 FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"verify",verify_main},
 	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"req",req_main},
-#endif
 	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
 #ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"dh",dh_main},
@@ -77,14 +51,9 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"enc",enc_main},
 #ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
-#endif
-#ifndef NO_DSA
-	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
 #endif
 	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"ca",ca_main},
-#endif
 	{FUNC_TYPE_GENERAL,"crl",crl_main},
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
@@ -95,12 +64,13 @@ FUNCTION functions[] = {
 #ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
 #endif
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
-#endif
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
 #endif
+#ifndef NO_DSA
+	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
+#endif
 #if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
 	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
 #endif
@@ -118,11 +88,14 @@ FUNCTION functions[] = {
 #if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
+	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
+	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
 	{FUNC_TYPE_MD,"sha",dgst_main},
 	{FUNC_TYPE_MD,"sha1",dgst_main},
 	{FUNC_TYPE_MD,"mdc2",dgst_main},
+	{FUNC_TYPE_MD,"rmd160",dgst_main},
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des",enc_main},
@@ -142,9 +115,15 @@ FUNCTION functions[] = {
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf",enc_main},
 #endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5",enc_main},
+#endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
 #endif
@@ -205,17 +184,44 @@ FUNCTION functions[] = {
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
 #endif
 	{0,NULL,NULL}
 	};

apps/progs.pl

@@ -1,23 +1,15 @@
 #!/usr/local/bin/perl
 
-$mkprog='mklinks';
-$rmprog='rmlinks';
-
-print "#ifndef NOPROTO\n";
+print "/* This file was generated by progs.pl. */\n\n";
 
 grep(s/^asn1pars$/asn1parse/,@ARGV);
 
 foreach (@ARGV)
 	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
-print "#else\n";
-foreach (@ARGV)
-	{ printf "extern int %s_main();\n",$_; }
-print "#endif\n";
-
 
 print <<'EOF';
 
-#ifdef SSLEAY_SRC
+#ifdef SSLEAY_SRC  /* Defined only in openssl.c. */
 
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -38,8 +30,7 @@ foreach (@ARGV)
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
-		($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
+	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) 
 		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
 		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
@@ -49,7 +40,7 @@ foreach (@ARGV)
 		{ print $str; }
 	}
 
-foreach ("md2","md5","sha","sha1","mdc2")
+foreach ("md2","md5","sha","sha1","mdc2","rmd160")
 	{
 	push(@files,$_);
 	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
@@ -57,14 +48,16 @@ foreach ("md2","md5","sha","sha1","mdc2")
 
 foreach (
 	"base64",
-	"des", "des3", "desx", "idea", "rc4", "rc2","bf",
+	"des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5",
 	"des-ecb", "des-ede",    "des-ede3",
 	"des-cbc", "des-ede-cbc","des-ede3-cbc",
 	"des-cfb", "des-ede-cfb","des-ede3-cfb",
 	"des-ofb", "des-ede-ofb","des-ede3-ofb",
 	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
 	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
-	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb")
+	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
+	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
+	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb")
 	{
 	push(@files,$_);
 
@@ -73,38 +66,12 @@ foreach (
 	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
 	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
 	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
-	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
+	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BF\n${t}#endif\n"; }
+	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
+	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
 	print $t;
 	}
 
 print "\t{0,NULL,NULL}\n\t};\n";
 print "#endif\n\n";
 
-open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
-EOF
-close(OUT);
-chmod(0755,$mkprog);
-
-open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo removing $i
-/bin/rm -f $i
-done
-EOF
-close(OUT);
-chmod(0755,$rmprog);

apps/req.c

@@ -1,5 +1,5 @@
 /* apps/req.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,19 +60,20 @@
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "bio.h"
-#include "evp.h"
-#include "rand.h"
-#include "conf.h"
-#include "err.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
 
 #define SECTION		"req"
 
@@ -80,6 +81,7 @@
 #define KEYFILE		"default_keyfile"
 #define DISTINGUISHED_NAME	"distinguished_name"
 #define ATTRIBUTES	"attributes"
+#define V3_EXTENSIONS	"x509_extensions"
 
 #define DEFAULT_KEY_LENGTH	512
 #define MIN_KEY_LENGTH		384
@@ -105,22 +107,16 @@
  *		  require.  This format is wrong
  */
 
-#ifndef NOPROTO
 static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
-static int add_attribute_object(STACK *n, char *text, char *def, 
-	char *value, int nid,int min,int max);
+static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
+				char *def, char *value, int nid, int min,
+				int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int min,int max);
-static void MS_CALLBACK req_cb(int p,int n);
+static void MS_CALLBACK req_cb(int p,int n,char *arg);
 static int req_fix_data(int nid,int *type,int len,int min,int max);
-#else
-static int make_REQ();
-static int add_attribute_object();
-static int add_DN_object();
-static void MS_CALLBACK req_cb();
-static int req_fix_data();
-#endif
-
+static int check_end(char *str, char *end);
+static int add_oid_section(LHASH *conf);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
 static LHASH *config=NULL;
@@ -131,11 +127,11 @@ static LHASH *req_conf=NULL;
 #define TYPE_DSA	2
 #define TYPE_DH		3
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
+#ifndef NO_DSA
 	DSA *dsa_params=NULL;
+#endif
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
@@ -145,10 +141,11 @@ char **argv;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+	char *extensions = NULL;
 	EVP_CIPHER *cipher=NULL;
 	int modulus=0;
 	char *p;
-	EVP_MD *md_alg=NULL,*digest=EVP_md5();
+	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 #ifndef MONOLITH
 	MS_STATIC char config_name[256];
 #endif
@@ -160,7 +157,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -219,16 +216,21 @@ char **argv;
 			}
 		else if (strcmp(*argv,"-newkey") == 0)
 			{
+			int is_numeric;
+
 			if (--argc < 1) goto bad;
 			p= *(++argv);
-			if ((strncmp("rsa:",p,4) == 0) ||
-				((p[0] >= '0') && (p[0] <= '9')))
+			is_numeric = p[0] >= '0' && p[0] <= '9';
+			if (strncmp("rsa:",p,4) == 0 || is_numeric)
 				{
 				pkey_type=TYPE_RSA;
-				p+=4;
+				if(!is_numeric)
+				    p+=4;
 				newkey= atoi(p);
 				}
-			else if (strncmp("dsa:",p,4) == 0)
+			else
+#ifndef NO_DSA
+				if (strncmp("dsa:",p,4) == 0)
 				{
 				X509 *xtmp=NULL;
 				EVP_PKEY *dtmp;
@@ -249,27 +251,32 @@ char **argv;
 						BIO_printf(bio_err,"unable to load DSA parameters from file\n");
 						goto end;
 						}
+
 					dtmp=X509_get_pubkey(xtmp);
 					if (dtmp->type == EVP_PKEY_DSA)
 						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
+					EVP_PKEY_free(dtmp);
 					X509_free(xtmp);
 					if (dsa_params == NULL)
 						{
 						BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
 						goto end;
 						}
-					
 					}
 				BIO_free(in);
 				newkey=BN_num_bits(dsa_params->p);
 				in=NULL;
 				}
-			else if (strncmp("dh:",p,4) == 0)
+			else 
+#endif
+#ifndef NO_DH
+				if (strncmp("dh:",p,4) == 0)
 				{
 				pkey_type=TYPE_DH;
 				p+=3;
 				}
 			else
+#endif
 				pkey_type=TYPE_RSA;
 
 			newreq=1;
@@ -319,7 +326,7 @@ bad:
 		BIO_printf(bio_err,"where options  are\n");
 		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg        inout file\n");
+		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -text          text form of request\n");
 		BIO_printf(bio_err," -noout         do not output REQ\n");
@@ -333,7 +340,7 @@ bad:
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
 
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
-		BIO_printf(bio_err," -config file   request templace file.\n");
+		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -new           new request.\n");
 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
 		BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
@@ -344,15 +351,20 @@ bad:
 		}
 
 	ERR_load_crypto_strings();
+	X509V3_add_standard_extensions();
 
 #ifndef MONOLITH
 	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
+	p=getenv("OPENSSL_CONF");
+	if (p == NULL)
+		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
+#ifndef VMS
+		strcat(config_name,"/");
+#endif
+		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
         default_config_file=p;
@@ -382,6 +394,30 @@ bad:
 			}
 		}
 
+	if (req_conf != NULL)
+		{
+		p=CONF_get_string(req_conf,NULL,"oid_file");
+		if (p != NULL)
+			{
+			BIO *oid_bio;
+
+			oid_bio=BIO_new_file(p,"r");
+			if (oid_bio == NULL) 
+				{
+				/*
+				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+				ERR_print_errors(bio_err);
+				*/
+				}
+			else
+				{
+				OBJ_create_objects(oid_bio);
+				BIO_free(oid_bio);
+				}
+			}
+		}
+		if(!add_oid_section(req_conf)) goto end;
+
 	if ((md_alg == NULL) &&
 		((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
 		{
@@ -389,6 +425,19 @@ bad:
 			digest=md_alg;
 		}
 
+	extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+	if(extensions) {
+		/* Check syntax of file */
+		X509V3_CTX ctx;
+		X509V3_set_ctx_test(&ctx);
+		X509V3_set_conf_lhash(&ctx, req_conf);
+		if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
+			BIO_printf(bio_err,
+			 "Error Loading extension section %s\n", extensions);
+			goto end;
+		}
+	}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -463,7 +512,8 @@ bad:
 		if (pkey_type == TYPE_RSA)
 			{
 			if (!EVP_PKEY_assign_RSA(pkey,
-				RSA_generate_key(newkey,0x10001,req_cb)))
+				RSA_generate_key(newkey,0x10001,
+					req_cb,(char *)bio_err)))
 				goto end;
 			}
 		else
@@ -559,8 +609,10 @@ loop:
 
 	if (newreq || x509)
 		{
+#ifndef NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
+#endif
 
 		if (pkey == NULL)
 			{
@@ -586,12 +638,12 @@ loop:
 			}
 		if (x509)
 			{
+			EVP_PKEY *tmppkey;
+			X509V3_CTX ext_ctx;
 			if ((x509ss=X509_new()) == NULL) goto end;
 
-			/* don't set the version number, for starters
-			 * the field is null and second, null is v0 
-			 * if (!ASN1_INTEGER_set(ci->version,0L)) goto end;
-			 */
+			/* Set version to V3 */
+			if(!X509_set_version(x509ss, 2)) goto end;
 			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
 
 			X509_set_issuer_name(x509ss,
@@ -601,7 +653,24 @@ loop:
 				(long)60*60*24*days);
 			X509_set_subject_name(x509ss,
 				X509_REQ_get_subject_name(req));
-			X509_set_pubkey(x509ss,X509_REQ_get_pubkey(req));
+			tmppkey = X509_REQ_get_pubkey(req);
+			X509_set_pubkey(x509ss,tmppkey);
+			EVP_PKEY_free(tmppkey);
+
+			/* Set up V3 context struct */
+
+			X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+			X509V3_set_conf_lhash(&ext_ctx, req_conf);
+
+			/* Add extensions */
+			if(extensions && !X509V3_EXT_add_conf(req_conf, 
+				 	&ext_ctx, extensions, x509ss))
+			    {
+			    BIO_printf(bio_err,
+				       "Error Loading extension section %s\n",
+				       extensions);
+			    goto end;
+			    }
 
 			if (!(i=X509_sign(x509ss,pkey,digest)))
 				goto end;
@@ -625,7 +694,10 @@ loop:
 			}
 
 		i=X509_REQ_verify(req,pkey);
-		if (tmp) pkey=NULL;
+		if (tmp) {
+			EVP_PKEY_free(pkey);
+			pkey=NULL;
+		}
 
 		if (i < 0)
 			{
@@ -682,9 +754,11 @@ loop:
 			goto end; 
 			}
 		fprintf(stdout,"Modulus=");
+#ifndef NO_RSA
 		if (pubkey->type == EVP_PKEY_RSA)
 			BN_print(out,pubkey->pkey.rsa->n);
 		else
+#endif
 			fprintf(stdout,"Wrong Algorithm type");
 		fprintf(stdout,"\n");
 		}
@@ -728,22 +802,23 @@ end:
 		ERR_print_errors(bio_err);
 		}
 	if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
-	if (pkey != NULL) EVP_PKEY_free(pkey);
-	if (req != NULL) X509_REQ_free(req);
-	if (x509ss != NULL) X509_free(x509ss);
+	BIO_free(in);
+	BIO_free(out);
+	EVP_PKEY_free(pkey);
+	X509_REQ_free(req);
+	X509_free(x509ss);
+	X509V3_EXT_cleanup();
+	OBJ_cleanup();
+#ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
+#endif
 	EXIT(ex);
 	}
 
-static int make_REQ(req,pkey,attribs)
-X509_REQ *req;
-EVP_PKEY *pkey;
-int attribs;
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	{
-	int ret=0,i,j;
-	unsigned char *p;
+	int ret=0,i;
+	char *p,*q;
 	X509_REQ_INFO *ri;
 	char buf[100];
 	int nid,min,max;
@@ -800,20 +875,23 @@ start:		for (;;)
 			if ((int)sk_num(sk) <= i) break;
 
 			v=(CONF_VALUE *)sk_value(sk,i);
-			p=NULL;
+			p=q=NULL;
 			type=v->name;
-			for (j=0; type[j] != '\0'; j++)
-				{
-				if (	(type[j] == ':') ||
-					(type[j] == ',') ||
-					(type[j] == '.'))
-					p= (unsigned char *)&(type[j+1]);
+			if(!check_end(type,"_min") || !check_end(type,"_max") ||
+				!check_end(type,"_default") ||
+					 !check_end(type,"_value")) continue;
+			/* Skip past any leading X. X: X, etc to allow for
+			 * multiple instances 
+			 */
+			for(p = v->name; *p ; p++) 
+				if ((*p == ':') || (*p == ',') ||
+							 (*p == '.')) {
+					p++;
+					if(*p) type = p;
+					break;
 				}
-			if (p != NULL)
-				type=(char *)p;
-			if ((nid=OBJ_txt2nid(type)) == NID_undef)
-				goto start;
-
+			/* If OBJ not recognised ignore it */
+			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
 			sprintf(buf,"%s_default",v->name);
 			if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
 				def="";
@@ -832,7 +910,7 @@ start:		for (;;)
 				min,max))
 				goto err;
 			}
-		if (sk_num(ri->subject->entries) == 0)
+		if (sk_X509_NAME_ENTRY_num(ri->subject->entries) == 0)
 			{
 			BIO_printf(bio_err,"error, no objects specified in config file\n");
 			goto err;
@@ -893,14 +971,8 @@ err:
 	return(ret);
 	}
 
-static int add_DN_object(n,text,def,value,nid,min,max)
-X509_NAME *n;
-char *text;
-char *def;
-char *value;
-int nid;
-int min;
-int max;
+static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
+	     int nid, int min, int max)
 	{
 	int i,j,ret=0;
 	X509_NAME_ENTRY *ne=NULL;
@@ -953,14 +1025,9 @@ err:
 	return(ret);
 	}
 
-static int add_attribute_object(n,text,def,value,nid,min,max)
-STACK *n;
-char *text;
-char *def;
-char *value;
-int nid;
-int min;
-int max;
+static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
+				char *def, char *value, int nid, int min,
+				int max)
 	{
 	int i,z;
 	X509_ATTRIBUTE *xa=NULL;
@@ -1004,7 +1071,7 @@ start:
 	/* add object plus value */
 	if ((xa=X509_ATTRIBUTE_new()) == NULL)
 		goto err;
-	if ((xa->value.set=sk_new_null()) == NULL)
+	if ((xa->value.set=sk_ASN1_TYPE_new_null()) == NULL)
 		goto err;
 	xa->set=1;
 
@@ -1030,12 +1097,12 @@ start:
 		{ BIO_printf(bio_err,"Malloc failure\n"); goto err; }
 
 	ASN1_TYPE_set(at,bs->type,(char *)bs);
-	sk_push(xa->value.set,(char *)at);
+	sk_ASN1_TYPE_push(xa->value.set,at);
 	bs=NULL;
 	at=NULL;
 	/* only one item per attribute */
 
-	if (!sk_push(n,(char *)xa)) goto err;
+	if (!sk_X509_ATTRIBUTE_push(n,xa)) goto err;
 	return(1);
 err:
 	if (xa != NULL) X509_ATTRIBUTE_free(xa);
@@ -1044,9 +1111,7 @@ err:
 	return(0);
 	}
 
-static void MS_CALLBACK req_cb(p, n)
-int p;
-int n;
+static void MS_CALLBACK req_cb(int p, int n, char *arg)
 	{
 	char c='*';
 
@@ -1054,17 +1119,14 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
 
-static int req_fix_data(nid,type,len,min,max)
-int nid;
-int *type;
-int len,min,max;
+static int req_fix_data(int nid, int *type, int len, int min, int max)
 	{
 	if (nid == NID_pkcs9_emailAddress)
 		*type=V_ASN1_IA5STRING;
@@ -1095,3 +1157,37 @@ int len,min,max;
 		}
 	return(1);
 	}
+
+/* Check if the end of a string matches 'end' */
+static int check_end(char *str, char *end)
+{
+	int elen, slen;	
+	char *tmp;
+	elen = strlen(end);
+	slen = strlen(str);
+	if(elen > slen) return 1;
+	tmp = str + slen - elen;
+	return strcmp(tmp, end);
+}
+
+static int add_oid_section(LHASH *conf)
+{	
+	char *p;
+	STACK *sktmp;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
+	if(!(sktmp = CONF_get_section(conf, p))) {
+		BIO_printf(bio_err, "problem loading oid section %s\n", p);
+		return 0;
+	}
+	for(i = 0; i < sk_num(sktmp); i++) {
+		cnf = (CONF_VALUE *)sk_value(sktmp, i);
+		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+			BIO_printf(bio_err, "problem creating object %s=%s\n",
+							 cnf->name, cnf->value);
+			return 0;
+		}
+	}
+	return 1;
+}

apps/req.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
+YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
+S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
+AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
+tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
+84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
+CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
+Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
+-----END CERTIFICATE REQUEST-----

apps/rmlinks

@@ -1,6 +0,0 @@
-#!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb 
-do
-echo removing $i
-/bin/rm -f $i
-done

apps/rsa.c

@@ -1,5 +1,5 @@
 /* apps/rsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "rsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	rsa_main
@@ -82,14 +83,12 @@
  * -modulus	- print the RSA key modulus
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	char *infile,*outfile,*prog;
@@ -99,7 +98,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -154,7 +153,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
@@ -300,4 +299,4 @@ end:
 	if (rsa != NULL) RSA_free(rsa);
 	EXIT(ret);
 	}
-
+#endif

apps/rsa/01.pem

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+Pjrmw2eSgbdmmdumWAcNPVbV
+-----END CERTIFICATE-----

apps/rsa/1.txt

@@ -0,0 +1,50 @@
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : May 18 23:59:59 1999 GMT
+        Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e:
+                    d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3:
+                    83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40:
+                    11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a:
+                    ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb:
+                    f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61:
+                    75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df:
+                    51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5:
+                    b0:91:2d:85:ad:2a:1c:e7:f7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe:
+        d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9:
+        e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37:
+        6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5:
+        7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05:
+        1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e:
+        3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5
+-----BEGIN CERTIFICATE-----
+MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+Pjrmw2eSgbdmmdumWAcNPVbV
+-----END CERTIFICATE-----

apps/rsa/SecureServer.pem

@@ -0,0 +1,47 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----

apps/rsa/s.txt

@@ -0,0 +1,49 @@
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----

apps/s_apps.h

@@ -1,5 +1,5 @@
 /* apps/s_apps.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,13 +56,36 @@
  * [including the GNU Public Licence.]
  */
 
+#include <sys/types.h>
+#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET)
+/* VAX C does not defined fd_set and friends, but it's actually quite simple */
+/* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */
+#define MAX_NOFILE	32
+#define	NBBY		 8		/* number of bits in a byte	*/
+
+#ifndef	FD_SETSIZE
+#define	FD_SETSIZE	MAX_NOFILE
+#endif	/* FD_SETSIZE */
+
+/* How many things we'll allow select to use. 0 if unlimited */
+#define MAXSELFD	MAX_NOFILE
+typedef int	fd_mask;	/* int here! VMS prototypes int, not long */
+#define NFDBITS	(sizeof(fd_mask) * NBBY)	/* bits per mask (power of 2!)*/
+#define NFDSHIFT 5				/* Shift based on above */
+
+typedef fd_mask fd_set;
+#define	FD_SET(n, p)	(*(p) |= (1 << ((n) % NFDBITS)))
+#define	FD_CLR(n, p)	(*(p) &= ~(1 << ((n) % NFDBITS)))
+#define	FD_ISSET(n, p)	(*(p) & (1 << ((n) % NFDBITS)))
+#define FD_ZERO(p)	memset((char *)(p), 0, sizeof(*(p)))
+#endif
+
 #define PORT            4433
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
 
-#ifndef NOPROTO
 int do_accept(int acc_sock, int *sock, char **host);
-int do_server(int port, int *ret, int (*cb) ());
+int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #else
@@ -79,15 +102,14 @@ int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
 int nbio_sock_error(int sock);
 int spawn(int argc, char **argv, int *in, int *out);
 int init_server(int *sock, int port);
+int init_server_long(int *sock, int port,char *ip);
 int should_retry(int i);
-int sock_err(void );
-int socket_ioctl(int, long,unsigned long *);
 void sock_cleanup(void );
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
 int host_ip(char *str, unsigned char ip[4]);
 
-long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, char *argp,
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);
 
 #ifdef HEADER_SSL_H
@@ -96,27 +118,3 @@ void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
 void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
 #endif
 
-#else
-int do_accept();
-int do_server();
-int MS_CALLBACK verify_callback();
-int set_cert_stuff();
-int init_client();
-int init_client_ip();
-int nbio_init_client_ip();
-int nbio_sock_error();
-int spawn();
-int init_server();
-int should_retry();
-int sock_err();
-int socket_ioctl();
-void sock_cleanup();
-int extract_port();
-int extract_host_port();
-int host_ip();
-
-long MS_CALLBACK bio_dump_cb();
-void MS_CALLBACK apps_ssl_info_callback();
-
-#endif
-

apps/s_cb.c

@@ -1,5 +1,5 @@
 /* apps/s_cb.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,18 +63,15 @@
 #include "apps.h"
 #undef NON_MAIN
 #undef USE_SOCKETS
-#include "err.h"
-#include "x509.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
 #include "s_apps.h"
 
 int verify_depth=0;
 int verify_error=X509_V_OK;
 
-/* should be X509 * but we can just have them as char *. */
-int MS_CALLBACK verify_callback(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 	X509 *err_cert;
@@ -110,13 +107,13 @@ X509_STORE_CTX *ctx;
 	case X509_V_ERR_CERT_NOT_YET_VALID:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
 		BIO_printf(bio_err,"notBefore=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+		ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
 		BIO_printf(bio_err,"\n");
 		break;
 	case X509_V_ERR_CERT_HAS_EXPIRED:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
 		BIO_printf(bio_err,"notAfter=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+		ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
 		BIO_printf(bio_err,"\n");
 		break;
 		}
@@ -124,20 +121,19 @@ X509_STORE_CTX *ctx;
 	return(ok);
 	}
 
-int set_cert_stuff(ctx, cert_file, key_file)
-SSL_CTX *ctx;
-char *cert_file;
-char *key_file;
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 	{
 	if (cert_file != NULL)
 		{
+		/*
 		SSL *ssl;
 		X509 *x509;
+		*/
 
 		if (SSL_CTX_use_certificate_file(ctx,cert_file,
 			SSL_FILETYPE_PEM) <= 0)
 			{
-			BIO_printf(bio_err,"unable to set certificate file\n");
+			BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
 			ERR_print_errors(bio_err);
 			return(0);
 			}
@@ -145,18 +141,25 @@ char *key_file;
 		if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
 			SSL_FILETYPE_PEM) <= 0)
 			{
-			BIO_printf(bio_err,"unable to set public key file\n");
+			BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
 			ERR_print_errors(bio_err);
 			return(0);
 			}
 
+		/*
+		In theory this is no longer needed 
 		ssl=SSL_new(ctx);
 		x509=SSL_get_certificate(ssl);
 
-		if (x509 != NULL)
-			EVP_PKEY_copy_parameters(X509_get_pubkey(x509),
-				SSL_get_privatekey(ssl));
+		if (x509 != NULL) {
+			EVP_PKEY *pktmp;
+			pktmp = X509_get_pubkey(x509);
+			EVP_PKEY_copy_parameters(pktmp,
+						SSL_get_privatekey(ssl));
+			EVP_PKEY_free(pktmp);
+		}
 		SSL_free(ssl);
+		*/
 
 		/* If we are using DSA, we can copy the parameters from
 		 * the private key */
@@ -173,13 +176,8 @@ char *key_file;
 	return(1);
 	}
 
-long MS_CALLBACK bio_dump_cb(bio,cmd,argp,argi,argl,ret)
-BIO *bio;
-int cmd;
-char *argp;
-int argi;
-long argl;
-long ret;
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
+	     long argl, long ret)
 	{
 	BIO *out;
 
@@ -202,10 +200,7 @@ long ret;
 	return(ret);
 	}
 
-void MS_CALLBACK apps_ssl_info_callback(s,where,ret)
-SSL *s;
-int where;
-int ret;
+void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
 	{
 	char *str;
 	int w;

apps/s_client.c

@@ -1,5 +1,5 @@
 /* apps/s_client.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,20 +56,38 @@
  * [including the GNU Public Licence.]
  */
 
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #define USE_SOCKETS
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-#include "pem.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
 #include "s_apps.h"
 
+#if (defined(VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
 #undef PROG
 #define PROG	s_client_main
 
@@ -90,21 +108,16 @@ static int c_nbio=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;
+static int c_showcerts=0;
 
-#ifndef NOPROTO
 static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
-#else
-static void sc_usage();
-static void print_stuff();
-#endif
-
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
 
-static void sc_usage()
+static void sc_usage(void)
 	{
-	BIO_printf(bio_err,"usage: client args\n");
+	BIO_printf(bio_err,"usage: s_client args\n");
 	BIO_printf(bio_err,"\n");
 	BIO_printf(bio_err," -host host     - use -connect instead\n");
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
@@ -118,6 +131,7 @@ static void sc_usage()
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
@@ -127,16 +141,17 @@ static void sc_usage()
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
+	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
+	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
-	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'ssleay ciphers'\n");
-	BIO_printf(bio_err,"                 command to se what is available\n");
+	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
+	BIO_printf(bio_err,"                 command to see what is available\n");
 
 	}
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
+	int off=0;
 	SSL *con=NULL,*con2=NULL;
 	int s,k,width,state=0;
 	char *cbuf=NULL,*sbuf=NULL;
@@ -149,7 +164,7 @@ char **argv;
 	char *cert_file=NULL,*key_file=NULL;
 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
+	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
 	SSL_METHOD *meth=NULL;
@@ -165,8 +180,10 @@ char **argv;
 #endif
 
 	apps_startup();
+	c_Pause=0;
 	c_quiet=0;
 	c_debug=0;
+	c_showcerts=0;
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -223,6 +240,8 @@ char **argv;
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
+		else if	(strcmp(*argv,"-showcerts") == 0)
+			c_showcerts=1;
 		else if	(strcmp(*argv,"-nbio_test") == 0)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
@@ -234,6 +253,10 @@ char **argv;
 #ifndef NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
+#endif
+#ifndef NO_TLS1
+		else if	(strcmp(*argv,"-tls1") == 0)
+			meth=TLSv1_client_method();
 #endif
 		else if (strcmp(*argv,"-bugs") == 0)
 			bugs=1;
@@ -256,6 +279,12 @@ char **argv;
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-no_tls1") == 0)
+			off|=SSL_OP_NO_TLSv1;
+		else if (strcmp(*argv,"-no_ssl3") == 0)
+			off|=SSL_OP_NO_SSLv3;
+		else if (strcmp(*argv,"-no_ssl2") == 0)
+			off|=SSL_OP_NO_SSLv2;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -302,7 +331,10 @@ bad:
 		goto end;
 		}
 
-	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
+	if (bugs)
+		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
+	else
+		SSL_CTX_set_options(ctx,off);
 
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 	if (cipher != NULL)
@@ -319,20 +351,21 @@ bad:
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
-		BIO_printf(bio_err,"error seting default verify locations\n");
+		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
 		ERR_print_errors(bio_err);
-		goto end;
+		/* goto end; */
 		}
 
 	SSL_load_error_strings();
 
 	con=(SSL *)SSL_new(ctx);
+/*	SSL_set_cipher_list(con,"RC4-MD5"); */
 
 re_start:
 
 	if (init_client(&s,host,port) == 0)
 		{
-		BIO_printf(bio_err,"connect:errno=%d\n",errno);
+		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
 		goto end;
 		}
@@ -343,7 +376,11 @@ re_start:
 		{
 		unsigned long l=1;
 		BIO_printf(bio_c_out,"turning on non blocking io\n");
-		socket_ioctl(s,FIONBIO,&l);
+		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
 		}
 #endif                                              
 	if (c_Pause & 0x01) con->debug=1;
@@ -386,7 +423,7 @@ re_start:
 		FD_ZERO(&readfds);
 		FD_ZERO(&writefds);
 
-		if (SSL_in_init(con))
+		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
 			{
 			in_init=1;
 			tty_on=0;
@@ -412,31 +449,43 @@ re_start:
 				}
 			}
 
+		ssl_pending = read_ssl && SSL_pending(con);
+
+		if (!ssl_pending)
+			{
 #ifndef WINDOWS
-		if (tty_on)
-			{
-			if (read_tty)  FD_SET(fileno(stdin),&readfds);
-			if (write_tty) FD_SET(fileno(stdout),&writefds);
-			}
+			if (tty_on)
+				{
+				if (read_tty)  FD_SET(fileno(stdin),&readfds);
+				if (write_tty) FD_SET(fileno(stdout),&writefds);
+				}
 #endif
-		if (read_ssl)
-			FD_SET(SSL_get_fd(con),&readfds);
-		if (write_ssl)
-			FD_SET(SSL_get_fd(con),&writefds);
+			if (read_ssl)
+				FD_SET(SSL_get_fd(con),&readfds);
+			if (write_ssl)
+				FD_SET(SSL_get_fd(con),&writefds);
 
-/*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
-			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",
+				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
 
-/*		printf("pending=%d\n",SSL_pending(con)); */
-		i=select(width,&readfds,&writefds,NULL,NULL);
-		if ( i < 0)
-			{
-			BIO_printf(bio_err,"bad select %d\n",sock_err());
-			goto shut;
-			/* goto end; */
+			/* Note: under VMS with SOCKETSHR the second parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
+			 */
+			i=select(width,(void *)&readfds,(void *)&writefds,
+				 NULL,NULL);
+			if ( i < 0)
+				{
+				BIO_printf(bio_err,"bad select %d\n",
+				get_last_socket_error());
+				goto shut;
+				/* goto end; */
+				}
 			}
 
-		if (FD_ISSET(SSL_get_fd(con),&writefds))
+		if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
 			{
 			k=SSL_write(con,&(cbuf[cbuf_off]),
 				(unsigned int)cbuf_len);
@@ -489,7 +538,7 @@ re_start:
 				if ((k != 0) || (cbuf_len != 0))
 					{
 					BIO_printf(bio_err,"write:errno=%d\n",
-						errno);
+						get_last_socket_error());
 					goto shut;
 					}
 				else
@@ -504,7 +553,7 @@ re_start:
 				}
 			}
 #ifndef WINDOWS
-		else if (FD_ISSET(fileno(stdout),&writefds))
+		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
 			{
 			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
 
@@ -524,9 +573,20 @@ re_start:
 				}
 			}
 #endif
-		else if (FD_ISSET(SSL_get_fd(con),&readfds))
+		else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
 			{
-			k=SSL_read(con,sbuf,BUFSIZZ);
+#ifdef RENEG
+{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
+#endif
+#if 1
+			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
+#else
+/* Demo for pending and peek :-) */
+			k=SSL_read(con,sbuf,16);
+{ char zbuf[10240]; 
+printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
+}
+#endif
 
 			switch (SSL_get_error(con,k))
 				{
@@ -555,7 +615,7 @@ re_start:
 				BIO_printf(bio_c_out,"read X BLOCK\n");
 				break;
 			case SSL_ERROR_SYSCALL:
-				BIO_printf(bio_err,"read:errno=%d\n",errno);
+				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
 				goto shut;
 			case SSL_ERROR_ZERO_RETURN:
 				BIO_printf(bio_c_out,"closed\n");
@@ -563,7 +623,7 @@ re_start:
 			case SSL_ERROR_SSL:
 				ERR_print_errors(bio_err);
 				goto shut;
-				break;
+				/* break; */
 				}
 			}
 
@@ -580,9 +640,9 @@ re_start:
 
 			if ((!c_quiet) && (cbuf[0] == 'R'))
 				{
+				BIO_printf(bio_err,"RENEGOTIATING\n");
 				SSL_renegotiate(con);
-				read_tty=0;
-				write_ssl=1;
+				cbuf_len=0;
 				}
 			else
 				{
@@ -590,8 +650,8 @@ re_start:
 				cbuf_off=0;
 				}
 
-			read_tty=0;
 			write_ssl=1;
+			read_tty=0;
 			}
 #endif
 		}
@@ -614,34 +674,38 @@ end:
 	}
 
 
-static void print_stuff(bio,s,full)
-BIO *bio;
-SSL *s;
-int full;
+static void print_stuff(BIO *bio, SSL *s, int full)
 	{
-	X509 *peer;
+	X509 *peer=NULL;
 	char *p;
 	static char *space="                ";
 	char buf[BUFSIZ];
-	STACK *sk;
+	STACK_OF(X509) *sk;
+	STACK_OF(X509_NAME) *sk2;
 	SSL_CIPHER *c;
 	X509_NAME *xn;
 	int j,i;
 
 	if (full)
 		{
+		int got_a_chain = 0;
+
 		sk=SSL_get_peer_cert_chain(s);
 		if (sk != NULL)
 			{
-			BIO_printf(bio,"---\nCertficate chain\n");
-			for (i=0; i<sk_num(sk); i++)
+			got_a_chain = 1; /* we don't have it for SSL2 (yet) */
+
+			BIO_printf(bio,"---\nCertificate chain\n");
+			for (i=0; i<sk_X509_num(sk); i++)
 				{
-				X509_NAME_oneline(X509_get_subject_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
+				X509_NAME_oneline(X509_get_subject_name(
+					sk_X509_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"%2d s:%s\n",i,buf);
-				X509_NAME_oneline(X509_get_issuer_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
+				X509_NAME_oneline(X509_get_issuer_name(
+					sk_X509_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"   i:%s\n",buf);
+				if (c_showcerts)
+					PEM_write_bio_X509(bio,sk_X509_value(sk,i));
 				}
 			}
 
@@ -650,25 +714,25 @@ int full;
 		if (peer != NULL)
 			{
 			BIO_printf(bio,"Server certificate\n");
-			PEM_write_bio_X509(bio,peer);
+			if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
+				PEM_write_bio_X509(bio,peer);
 			X509_NAME_oneline(X509_get_subject_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"subject=%s\n",buf);
 			X509_NAME_oneline(X509_get_issuer_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"issuer=%s\n",buf);
-			X509_free(peer);
 			}
 		else
 			BIO_printf(bio,"no peer certificate available\n");
 
-		sk=SSL_get_client_CA_list(s);
-		if ((sk != NULL) && (sk_num(sk) > 0))
+		sk2=SSL_get_client_CA_list(s);
+		if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
 			{
 			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
-			for (i=0; i<sk_num(sk); i++)
+			for (i=0; i<sk_X509_NAME_num(sk2); i++)
 				{
-				xn=(X509_NAME *)sk_value(sk,i);
+				xn=sk_X509_NAME_value(sk2,i);
 				X509_NAME_oneline(xn,buf,sizeof(buf));
 				BIO_write(bio,buf,strlen(buf));
 				BIO_write(bio,"\n",1);
@@ -681,13 +745,18 @@ int full;
 		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
 		if (p != NULL)
 			{
+			/* This works only for SSL 2.  In later protocol
+			 * versions, the client does not know what other
+			 * ciphers (in addition to the one to be used
+			 * in the current connection) the server supports. */
+
 			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
 			j=i=0;
 			while (*p)
 				{
 				if (*p == ':')
 					{
-					BIO_write(bio,space,15-j);
+					BIO_write(bio,space,15-j%25);
 					i++;
 					j=0;
 					BIO_write(bio,((i%3)?" ":"\n"),1);
@@ -711,7 +780,16 @@ int full;
 	BIO_printf(bio,"%s, Cipher is %s\n",
 		SSL_CIPHER_get_version(c),
 		SSL_CIPHER_get_name(c));
+	if (peer != NULL) {
+		EVP_PKEY *pktmp;
+		pktmp = X509_get_pubkey(peer);
+		BIO_printf(bio,"Server public key is %d bit\n",
+							 EVP_PKEY_bits(pktmp));
+		EVP_PKEY_free(pktmp);
+	}
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
+	if (peer != NULL)
+		X509_free(peer);
 	}
 

apps/s_server.c

@@ -1,5 +1,5 @@
 /* apps/s_server.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,51 +56,66 @@
  * [including the GNU Public Licence.]
  */
 
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
-#include "lhash.h"
-#include "bn.h"
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
 #define USE_SOCKETS
 #include "apps.h"
-#include "err.h"
-#include "pem.h"
-#include "x509.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
 #include "s_apps.h"
 
-#ifndef NOPROTO
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
-static int sv_body(char *hostname, int s);
-static int www_body(char *hostname, int s);
+#if (defined(VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
+#ifndef NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength);
+#endif
+static int sv_body(char *hostname, int s, unsigned char *context);
+static int www_body(char *hostname, int s, unsigned char *context);
 static void close_accept_socket(void );
 static void sv_usage(void);
 static int init_ssl_connection(SSL *s);
 static void print_stats(BIO *bp,SSL_CTX *ctx);
+#ifndef NO_DH
 static DH *load_dh_param(void );
 static DH *get_dh512(void);
-#else
-static RSA MS_CALLBACK *tmp_rsa_cb();
-static int sv_body();
-static int www_body();
-static void close_accept_socket();
-static void sv_usage();
-static int init_ssl_connection();
-static void print_stats();
-static DH *load_dh_param();
-static DH *get_dh512();
 #endif
-
+/* static void s_server_init(void);*/
 
 #ifndef S_ISDIR
+#if defined(VMS) && !defined(__DECC)
+#define S_ISDIR(a)	(((a) & S_IFMT) == S_IFDIR)
+#else
 #define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
 #endif
+#endif
 
+#ifndef NO_DH
 static unsigned char dh512_p[]={
 	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
 	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
@@ -113,24 +128,24 @@ static unsigned char dh512_g[]={
 	0x02,
 	};
 
-static DH *get_dh512()
+static DH *get_dh512(void)
 	{
 	DH *dh=NULL;
 
-#ifndef NO_DH
 	if ((dh=DH_new()) == NULL) return(NULL);
 	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
 	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
 	if ((dh->p == NULL) || (dh->g == NULL))
 		return(NULL);
-#endif
 	return(dh);
 	}
+#endif
 
 /* static int load_CA(SSL_CTX *ctx, char *file);*/
 
 #undef BUFSIZZ
-#define BUFSIZZ	8*1024
+#define BUFSIZZ	16*1024
+static int bufsize=32;
 static int accept_socket= -1;
 
 #define TEST_CERT	"server.pem"
@@ -142,8 +157,10 @@ static int accept_socket= -1;
 extern int verify_depth;
 
 static char *cipher=NULL;
-int verify=SSL_VERIFY_NONE;
-char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+static int s_server_verify=SSL_VERIFY_NONE;
+static int s_server_session_id_context = 1; /* anything will do */
+static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+static char *s_dcert_file=NULL,*s_dkey_file=NULL;
 #ifdef FIONBIO
 static int s_nbio=0;
 #endif
@@ -155,17 +172,42 @@ static BIO *bio_s_out=NULL;
 static int s_debug=0;
 static int s_quiet=0;
 
-static void sv_usage()
+#if 0
+static void s_server_init(void)
+	{
+	cipher=NULL;
+	s_server_verify=SSL_VERIFY_NONE;
+	s_dcert_file=NULL;
+	s_dkey_file=NULL;
+	s_cert_file=TEST_CERT;
+	s_key_file=NULL;
+#ifdef FIONBIO
+	s_nbio=0;
+#endif
+	s_nbio_test=0;
+	ctx=NULL;
+	www=0;
+
+	bio_s_out=NULL;
+	s_debug=0;
+	s_quiet=0;
+	}
+#endif
+
+static void sv_usage(void)
 	{
 	BIO_printf(bio_err,"usage: s_server [args ...]\n");
 	BIO_printf(bio_err,"\n");
-	BIO_printf(bio_err," -accpet arg   - port to accept on (default is %d\n",PORT);
+	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d)\n",PORT);
+	BIO_printf(bio_err," -context arg  - set session ID context\n");
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
 	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
 	BIO_printf(bio_err," -key arg      - RSA file to use, PEM format assumed, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);
+	BIO_printf(bio_err," -dcert arg    - second certificate file to use (usually for DSA)\n");
+	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
@@ -175,32 +217,38 @@ static void sv_usage()
 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
-	BIO_printf(bio_err," -cipher arg   - play with 'ssleay ciphers' to see what goes here\n");
+	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
 	BIO_printf(bio_err," -quiet        - No server output\n");
 	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
+	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
+	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
+	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
+	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
-	BIO_printf(bio_err," -WWW          - Returns requested page from to a 'GET <path> HTTP/1.0'\n");
+	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	}
 
-static int local_argc;
+static int local_argc=0;
 static char **local_argv;
-static int hack;
+static int hack=0;
 
-int MAIN(argc, argv)
-int argc;
-char *argv[];
+int MAIN(int argc, char *argv[])
 	{
 	short port=PORT;
 	char *CApath=NULL,*CAfile=NULL;
+	char *context = NULL;
 	int badop=0,bugs=0;
 	int ret=1;
+	int off=0;
 	int no_tmp_rsa=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
+#ifndef NO_DH
 	DH *dh=NULL;
+#endif
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_server_method();
@@ -240,19 +288,24 @@ char *argv[];
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
 			{
-			verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
 			if (--argc < 1) goto bad;
 			verify_depth=atoi(*(++argv));
 			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
 			}
 		else if	(strcmp(*argv,"-Verify") == 0)
 			{
-			verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
+			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
 				SSL_VERIFY_CLIENT_ONCE;
 			if (--argc < 1) goto bad;
 			verify_depth=atoi(*(++argv));
 			BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
 			}
+		else if	(strcmp(*argv,"-context") == 0)
+			{
+			if (--argc < 1) goto bad;
+			context= *(++argv);
+			}
 		else if	(strcmp(*argv,"-cert") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -263,6 +316,16 @@ char *argv[];
 			if (--argc < 1) goto bad;
 			s_key_file= *(++argv);
 			}
+		else if	(strcmp(*argv,"-dcert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			s_dcert_file= *(++argv);
+			}
+		else if	(strcmp(*argv,"-dkey") == 0)
+			{
+			if (--argc < 1) goto bad;
+			s_dkey_file= *(++argv);
+			}
 		else if (strcmp(*argv,"-nocert") == 0)
 			{
 			nocert=1;
@@ -309,6 +372,12 @@ char *argv[];
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
 			{ www=2; }
+		else if	(strcmp(*argv,"-no_ssl2") == 0)
+			{ off|=SSL_OP_NO_SSLv2; }
+		else if	(strcmp(*argv,"-no_ssl3") == 0)
+			{ off|=SSL_OP_NO_SSLv3; }
+		else if	(strcmp(*argv,"-no_tls1") == 0)
+			{ off|=SSL_OP_NO_TLSv1; }
 #ifndef NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			{ meth=SSLv2_server_method(); }
@@ -316,6 +385,10 @@ char *argv[];
 #ifndef NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			{ meth=SSLv3_server_method(); }
+#endif
+#ifndef NO_TLS1
+		else if	(strcmp(*argv,"-tls1") == 0)
+			{ meth=TLSv1_server_method(); }
 #endif
 		else
 			{
@@ -352,6 +425,8 @@ bad:
 		{
 		s_cert_file=NULL;
 		s_key_file=NULL;
+		s_dcert_file=NULL;
+		s_dkey_file=NULL;
 		}
 
 	SSL_load_error_strings();
@@ -364,12 +439,16 @@ bad:
 		goto end;
 		}
 
+	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+	SSL_CTX_set_options(ctx,off);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
 
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 
+	SSL_CTX_sess_set_cache_size(ctx,128);
+
 #if 0
 	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
 #endif
@@ -385,9 +464,9 @@ bad:
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
-		BIO_printf(bio_err,"X509_load_verify_locations\n");
+		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
 		ERR_print_errors(bio_err);
-		goto end;
+		/* goto end; */
 		}
 
 #ifndef NO_DH
@@ -410,7 +489,13 @@ bad:
 	
 	if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
 		goto end;
+	if (s_dcert_file != NULL)
+		{
+		if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file))
+			goto end;
+		}
 
+#ifndef NO_RSA
 #if 1
 	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
 #else
@@ -431,19 +516,22 @@ bad:
 		RSA_free(rsa);
 		BIO_printf(bio_s_out,"\n");
 		}
+#endif
 #endif
 
 	if (cipher != NULL)
 		SSL_CTX_set_cipher_list(ctx,cipher);
-	SSL_CTX_set_verify(ctx,verify,verify_callback);
+	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
+	SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
+		sizeof s_server_session_id_context);
 
-	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
 
 	BIO_printf(bio_s_out,"ACCEPT\n");
 	if (www)
-		do_server(port,&accept_socket,www_body);
+		do_server(port,&accept_socket,www_body, context);
 	else
-		do_server(port,&accept_socket,sv_body);
+		do_server(port,&accept_socket,sv_body, context);
 	print_stats(bio_s_out,ctx);
 	ret=0;
 end:
@@ -456,29 +544,32 @@ end:
 	EXIT(ret);
 	}
 
-static void print_stats(bio,ssl_ctx)
-BIO *bio;
-SSL_CTX *ssl_ctx;
+static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
 	{
 	BIO_printf(bio,"%4ld items in the session cache\n",
 		SSL_CTX_sess_number(ssl_ctx));
 	BIO_printf(bio,"%4d client connects (SSL_connect())\n",
 		SSL_CTX_sess_connect(ssl_ctx));
+	BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n",
+		SSL_CTX_sess_connect_renegotiate(ssl_ctx));
 	BIO_printf(bio,"%4d client connects that finished\n",
 		SSL_CTX_sess_connect_good(ssl_ctx));
 	BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
 		SSL_CTX_sess_accept(ssl_ctx));
+	BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n",
+		SSL_CTX_sess_accept_renegotiate(ssl_ctx));
 	BIO_printf(bio,"%4d server accepts that finished\n",
 		SSL_CTX_sess_accept_good(ssl_ctx));
 	BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
 	BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
 	BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
 	BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
+	BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
+		SSL_CTX_sess_cache_full(ssl_ctx),
+		SSL_CTX_sess_get_cache_size(ssl_ctx));
 	}
 
-static int sv_body(hostname, s)
-char *hostname;
-int s;
+static int sv_body(char *hostname, int s, unsigned char *context)
 	{
 	char *buf=NULL;
 	fd_set readfds;
@@ -488,7 +579,7 @@ int s;
 	SSL *con=NULL;
 	BIO *sbio;
 
-	if ((buf=Malloc(BUFSIZZ)) == NULL)
+	if ((buf=Malloc(bufsize)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto err;
@@ -500,12 +591,17 @@ int s;
 
 		if (!s_quiet)
 			BIO_printf(bio_err,"turning on non blocking io\n");
-		socket_ioctl(s,FIONBIO,&sl);
+		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+			ERR_print_errors(bio_err);
 		}
 #endif
 
-	if (con == NULL)
+	if (con == NULL) {
 		con=(SSL *)SSL_new(ctx);
+		if(context)
+		      SSL_set_session_id_context(con, context,
+						 strlen((char *)context));
+	}
 	SSL_clear(con);
 
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
@@ -535,11 +631,17 @@ int s;
 		FD_SET(fileno(stdin),&readfds);
 #endif
 		FD_SET(s,&readfds);
-		i=select(width,&readfds,NULL,NULL,NULL);
+		/* Note: under VMS with SOCKETSHR the second parameter is
+		 * currently of type (int *) whereas under other systems
+		 * it is (void *) if you don't have a cast it will choke
+		 * the compiler: if you do have a cast then you can either
+		 * go for (int *) or (void *).
+		 */
+		i=select(width,(void *)&readfds,NULL,NULL,NULL);
 		if (i <= 0) continue;
 		if (FD_ISSET(fileno(stdin),&readfds))
 			{
-			i=read(fileno(stdin),buf,BUFSIZZ);
+			i=read(fileno(stdin),buf,bufsize);
 			if (!s_quiet)
 				{
 				if ((i <= 0) || (buf[0] == 'Q'))
@@ -558,21 +660,27 @@ int s;
 					ret= -11;*/
 					goto err;
 					}
-				if (buf[0] == 'r')
+				if ((buf[0] == 'r') && 
+					((buf[1] == '\n') || (buf[1] == '\r')))
 					{
 					SSL_renegotiate(con);
+					i=SSL_do_handshake(con);
+					printf("SSL_do_handshake -> %d\n",i);
 					i=0; /*13; */
 					continue;
-					strcpy(buf,"server side RE-NEGOTIATE\n");
+					/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
 					}
-				if (buf[0] == 'R')
+				if ((buf[0] == 'R') &&
+					((buf[1] == '\n') || (buf[1] == '\r')))
 					{
 					SSL_set_verify(con,
 						SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
 					SSL_renegotiate(con);
+					i=SSL_do_handshake(con);
+					printf("SSL_do_handshake -> %d\n",i);
 					i=0; /* 13; */
 					continue;
-					strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n");
+					/* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
 					}
 				if (buf[0] == 'P')
 					{
@@ -588,19 +696,27 @@ int s;
 			for (;;)
 				{
 				/* should do a select for the write */
-				k=SSL_write(con,&(buf[l]),(unsigned int)i);
-				if (
-#ifdef FIONBIO
-					s_nbio &&
+#ifdef RENEG
+{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
 #endif
-					BIO_sock_should_retry(k))
+				k=SSL_write(con,&(buf[l]),(unsigned int)i);
+				switch (SSL_get_error(con,k))
 					{
+				case SSL_ERROR_NONE:
+					break;
+				case SSL_ERROR_WANT_WRITE:
+				case SSL_ERROR_WANT_READ:
+				case SSL_ERROR_WANT_X509_LOOKUP:
 					BIO_printf(bio_s_out,"Write BLOCK\n");
-					continue;
-					}
-				if (k <= 0)
-					{
+					break;
+				case SSL_ERROR_SYSCALL:
+				case SSL_ERROR_SSL:
+					BIO_printf(bio_s_out,"ERROR\n");
 					ERR_print_errors(bio_err);
+					ret=1;
+					goto err;
+					/* break; */
+				case SSL_ERROR_ZERO_RETURN:
 					BIO_printf(bio_s_out,"DONE\n");
 					ret=1;
 					goto err;
@@ -629,25 +745,31 @@ int s;
 				}
 			else
 				{
-				i=SSL_read(con,(char *)buf,BUFSIZZ);
-				if ((i <= 0) &&
-#ifdef FIONBIO
-					s_nbio &&
-#endif
-					BIO_sock_should_retry(i))
+again:	
+				i=SSL_read(con,(char *)buf,bufsize);
+				switch (SSL_get_error(con,i))
 					{
+				case SSL_ERROR_NONE:
+					write(fileno(stdout),buf,
+						(unsigned int)i);
+					if (SSL_pending(con)) goto again;
+					break;
+				case SSL_ERROR_WANT_WRITE:
+				case SSL_ERROR_WANT_READ:
+				case SSL_ERROR_WANT_X509_LOOKUP:
 					BIO_printf(bio_s_out,"Read BLOCK\n");
-					}
-				else if (i <= 0)
-					{
+					break;
+				case SSL_ERROR_SYSCALL:
+				case SSL_ERROR_SSL:
+					BIO_printf(bio_s_out,"ERROR\n");
 					ERR_print_errors(bio_err);
+					ret=1;
+					goto err;
+				case SSL_ERROR_ZERO_RETURN:
 					BIO_printf(bio_s_out,"DONE\n");
 					ret=1;
 					goto err;
 					}
-				else
-					write(fileno(stdout),buf,
-						(unsigned int)i);
 				}
 			}
 		}
@@ -662,7 +784,7 @@ err:
 	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
 	if (buf != NULL)
 		{
-		memset(buf,0,BUFSIZZ);
+		memset(buf,0,bufsize);
 		Free(buf);
 		}
 	if (ret >= 0)
@@ -670,7 +792,7 @@ err:
 	return(ret);
 	}
 
-static void close_accept_socket()
+static void close_accept_socket(void)
 	{
 	BIO_printf(bio_err,"shutdown accept socket\n");
 	if (accept_socket >= 0)
@@ -679,13 +801,12 @@ static void close_accept_socket()
 		}
 	}
 
-static int init_ssl_connection(con)
-SSL *con;
+static int init_ssl_connection(SSL *con)
 	{
 	int i;
-	char *str;
+	const char *str;
 	X509 *peer;
-	int verify_error;
+	long verify_error;
 	MS_STATIC char buf[BUFSIZ];
 
 	if ((i=SSL_accept(con)) <= 0)
@@ -727,28 +848,30 @@ SSL *con;
 	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
 	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
 	if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
+	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
+		TLS1_FLAGS_TLS_PADDING_BUG)
+		BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
+
 	return(1);
 	}
 
-static DH *load_dh_param()
+#ifndef NO_DH
+static DH *load_dh_param(void)
 	{
 	DH *ret=NULL;
 	BIO *bio;
 
-#ifndef NO_DH
 	if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
 		goto err;
 	ret=PEM_read_bio_DHparams(bio,NULL,NULL);
 err:
 	if (bio != NULL) BIO_free(bio);
-#endif
 	return(ret);
 	}
+#endif
 
 #if 0
-static int load_CA(ctx,file)
-SSL_CTX *ctx;
-char *file;
+static int load_CA(SSL_CTX *ctx, char *file)
 	{
 	FILE *in;
 	X509 *x=NULL;
@@ -768,18 +891,19 @@ char *file;
 	}
 #endif
 
-static int www_body(hostname, s)
-char *hostname;
-int s;
+static int www_body(char *hostname, int s, unsigned char *context)
 	{
-	char buf[1024];
+	char *buf=NULL;
 	int ret=1;
 	int i,j,k,blank,dot;
 	struct stat st_buf;
 	SSL *con;
 	SSL_CIPHER *c;
 	BIO *io,*ssl_bio,*sbio;
+	long total_bytes;
 
+	buf=Malloc(bufsize);
+	if (buf == NULL) return(0);
 	io=BIO_new(BIO_f_buffer());
 	ssl_bio=BIO_new(BIO_f_ssl());
 	if ((io == NULL) || (ssl_bio == NULL)) goto err;
@@ -787,18 +911,21 @@ int s;
 #ifdef FIONBIO	
 	if (s_nbio)
 		{
-		unsigned int long sl=1;
+		unsigned long sl=1;
 
 		if (!s_quiet)
 			BIO_printf(bio_err,"turning on non blocking io\n");
-		socket_ioctl(s,FIONBIO,&sl);
+		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+			ERR_print_errors(bio_err);
 		}
 #endif
 
 	/* lets make the output buffer a reasonable size */
-	if (!BIO_set_write_buffer_size(io,16*1024)) goto err;
+	if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
 
 	if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+	if(context) SSL_set_session_id_context(con, context,
+					       strlen((char *)context));
 
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if (s_nbio_test)
@@ -842,14 +969,14 @@ int s;
 			case SSL_ERROR_ZERO_RETURN:
 				ret=1;
 				goto err;
-				break;
+				/* break; */
 				}
 
 			SSL_renegotiate(con);
 			SSL_write(con,NULL,0);
 			}
 
-		i=BIO_gets(io,buf,sizeof(buf)-1);
+		i=BIO_gets(io,buf,bufsize-1);
 		if (i < 0) /* error */
 			{
 			if (!BIO_should_retry(io))
@@ -875,14 +1002,15 @@ int s;
 
 		/* else we have data */
 		if (	((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
-			((www == 2) && (strncmp("GET stats ",buf,10) == 0)))
+			((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
 			{
 			char *p;
 			X509 *peer;
-			STACK *sk;
-			static char *space="                ";
+			STACK_OF(SSL_CIPHER) *sk;
+			static char *space="                          ";
 
 			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+			BIO_puts(io,"<HTML><BODY BGCOLOR=ffffff>\n");
 			BIO_puts(io,"<pre>\n");
 /*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
 			BIO_puts(io,"\n");
@@ -897,18 +1025,18 @@ int s;
 			 * be done */
 			BIO_printf(io,"Ciphers supported in s_server binary\n");
 			sk=SSL_get_ciphers(con);
-			j=sk_num(sk);
+			j=sk_SSL_CIPHER_num(sk);
 			for (i=0; i<j; i++)
 				{
-				c=(SSL_CIPHER *)sk_value(sk,i);
-				BIO_printf(io,"%s:%-25s",
+				c=sk_SSL_CIPHER_value(sk,i);
+				BIO_printf(io,"%-11s:%-25s",
 					SSL_CIPHER_get_version(c),
 					SSL_CIPHER_get_name(c));
-				if ((((i+1)%3) == 0) && (i+1 != j))
+				if ((((i+1)%2) == 0) && (i+1 != j))
 					BIO_puts(io,"\n");
 				}
 			BIO_puts(io,"\n");
-			p=SSL_get_shared_ciphers(con,buf,sizeof(buf));
+			p=SSL_get_shared_ciphers(con,buf,bufsize);
 			if (p != NULL)
 				{
 				BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
@@ -917,7 +1045,7 @@ int s;
 					{
 					if (*p == ':')
 						{
-						BIO_write(io,space,15-j);
+						BIO_write(io,space,26-j);
 						i++;
 						j=0;
 						BIO_write(io,((i%3)?" ":"\n"),1);
@@ -935,7 +1063,7 @@ int s;
 				?"---\nReused, "
 				:"---\nNew, "));
 			c=SSL_get_current_cipher(con);
-			BIO_printf(io,"SSLv%d, Cipher is %s\n",
+			BIO_printf(io,"%s, Cipher is %s\n",
 				SSL_CIPHER_get_version(c),
 				SSL_CIPHER_get_name(c));
 			SSL_SESSION_print(io,SSL_get_session(con));
@@ -951,6 +1079,7 @@ int s;
 				}
 			else
 				BIO_puts(io,"no client certificate available\n");
+			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
 			break;
 			}
 		else if ((www == 2) && (strncmp("GET ",buf,4) == 0))
@@ -969,6 +1098,7 @@ int s;
 					(strncmp(&(e[-1]),"/../",4) == 0))
 					dot=1;
 				}
+			
 
 			if (*e == '\0')
 				{
@@ -1028,18 +1158,33 @@ int s;
 			else
 				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
 			/* send the file */
+			total_bytes=0;
 			for (;;)
 				{
-				i=BIO_read(file,buf,1024);
+				i=BIO_read(file,buf,bufsize);
 				if (i <= 0) break;
 
+#ifdef RENEG
+				total_bytes+=i;
+				fprintf(stderr,"%d\n",i);
+				if (total_bytes > 3*1024)
+					{
+					total_bytes=0;
+					fprintf(stderr,"RENEGOTIATE\n");
+					SSL_renegotiate(con);
+					}
+#endif
+
 				for (j=0; j<i; )
 					{
+#ifdef RENEG
+{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
+#endif
 					k=BIO_write(io,&(buf[j]),i-j);
 					if (k <= 0)
 						{
 						if (!BIO_should_retry(io))
-							break;
+							goto write_error;
 						else
 							{
 							BIO_printf(bio_s_out,"rwrite W BLOCK\n");
@@ -1051,6 +1196,7 @@ int s;
 						}
 					}
 				}
+write_error:
 			BIO_free(file);
 			break;
 			}
@@ -1068,12 +1214,13 @@ int s;
 			break;
 		}
 end:
-#if 0
+#if 1
 	/* make sure we re-use sessions */
 	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
 	/* This kills performace */
-	SSL_shutdown(con);
+/*	SSL_shutdown(con); A shutdown gets sent in the
+ *	BIO_free_all(io) procession */
 #endif
 
 err:
@@ -1081,14 +1228,14 @@ err:
 	if (ret >= 0)
 		BIO_printf(bio_s_out,"ACCEPT\n");
 
+	if (buf != NULL) Free(buf);
 	if (io != NULL) BIO_free_all(io);
-/*	if (ssl_bio != NULL) BIO_free(ssl_bio); */
+/*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
 	return(ret);
 	}
 
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
-SSL *s;
-int export;
+#ifndef NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export, int keylength)
 	{
 	static RSA *rsa_tmp=NULL;
 
@@ -1096,12 +1243,10 @@ int export;
 		{
 		if (!s_quiet)
 			{
-			BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
 			BIO_flush(bio_err);
 			}
-#ifndef NO_RSA
-		rsa_tmp=RSA_generate_key(512,RSA_F4,NULL);
-#endif
+		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
 		if (!s_quiet)
 			{
 			BIO_printf(bio_err,"\n");
@@ -1110,3 +1255,4 @@ int export;
 		}
 	return(rsa_tmp);
 	}
+#endif

apps/s_socket.c

@@ -1,5 +1,5 @@
 /* apps/s_socket.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,6 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -67,16 +76,18 @@
 #undef USE_SOCKETS
 #undef NON_MAIN
 #include "s_apps.h"
-#include "ssl.h"
+#include <openssl/ssl.h>
 
-#ifndef NOPROTO
-static struct hostent *GetHostByName(char *name);
-int sock_init(void );
-#else
-static struct hostent *GetHostByName();
-int sock_init();
+#ifdef VMS
+#if (__VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl,
+			      and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+#include <processes.h> /* for vfork() */
 #endif
 
+static struct hostent *GetHostByName(char *name);
+int sock_init(void );
 #ifdef WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
@@ -93,11 +104,8 @@ static FARPROC lpTopWndProc=NULL;
 static FARPROC lpTopHookProc=NULL;
 extern HINSTANCE _hInstance;  /* nice global CRT provides */
 
-static LONG FAR PASCAL topHookProc(hwnd,message,wParam,lParam)
-HWND hwnd;
-UINT message;
-WPARAM wParam;
-LPARAM lParam;
+static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
+	     LPARAM lParam)
 	{
 	if (hwnd == topWnd)
 		{
@@ -122,7 +130,7 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 #endif /* WIN32 */
 #endif /* WINDOWS */
 
-void sock_cleanup()
+void sock_cleanup(void)
 	{
 #ifdef WINDOWS
 	if (wsa_init_done)
@@ -134,7 +142,7 @@ void sock_cleanup()
 #endif
 	}
 
-int sock_init()
+int sock_init(void)
 	{
 #ifdef WINDOWS
 	if (!wsa_init_done)
@@ -165,10 +173,7 @@ int sock_init()
 	return(1);
 	}
 
-int init_client(sock, host, port)
-int *sock;
-char *host;
-int port;
+int init_client(int *sock, char *host, int port)
 	{
 	unsigned char ip[4];
 	short p=0;
@@ -181,10 +186,7 @@ int port;
 	return(init_client_ip(sock,ip,port));
 	}
 
-int init_client_ip(sock, ip, port)
-int *sock;
-unsigned char ip[4];
-int port;
+int init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -215,23 +217,25 @@ int port;
 	return(1);
 	}
 
-int nbio_sock_error(sock)
-int sock;
+int nbio_sock_error(int sock)
 	{
-	int j,i,size;
+	int j,i;
+	int size;
 
 	size=sizeof(int);
-	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
+	/* Note: under VMS with SOCKETSHR the third parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,(void *)&size);
 	if (i < 0)
 		return(1);
 	else
 		return(j);
 	}
 
-int nbio_init_client_ip(sock, ip, port)
-int *sock;
-unsigned char ip[4];
-int port;
+int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -251,7 +255,9 @@ int port;
 
 	if (*sock <= 0)
 		{
+#ifdef FIONBIO
 		unsigned long l=1;
+#endif
 
 		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 		if (s == INVALID_SOCKET) { perror("socket"); return(0); }
@@ -262,7 +268,7 @@ int port;
 		*sock=s;
 
 #ifdef FIONBIO
-		socket_ioctl(s,FIONBIO,&l);
+		BIO_socket_ioctl(s,FIONBIO,&l);
 #endif
 		}
 	else
@@ -280,10 +286,7 @@ int port;
 		return(1);
 	}
 
-int do_server(port, ret, cb)
-int port;
-int *ret;
-int (*cb)();
+int do_server(int port, int *ret, int (*cb)(), char *context)
 	{
 	int sock;
 	char *name;
@@ -304,20 +307,18 @@ int (*cb)();
 			SHUTDOWN(accept_socket);
 			return(0);
 			}
-		i=(*cb)(name,sock);
+		i=(*cb)(name,sock, context);
 		if (name != NULL) Free(name);
-		SHUTDOWN(sock);
+		SHUTDOWN2(sock);
 		if (i < 0)
 			{
-			SHUTDOWN(accept_socket);
+			SHUTDOWN2(accept_socket);
 			return(i);
 			}
 		}
 	}
 
-int init_server(sock, port)
-int *sock;
-int port;
+int init_server_long(int *sock, int port, char *ip)
 	{
 	int ret=0;
 	struct sockaddr_in server;
@@ -328,10 +329,25 @@ int port;
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
 	server.sin_port=htons((unsigned short)port);
-	server.sin_addr.s_addr=INADDR_ANY;
+	if (ip == NULL)
+		server.sin_addr.s_addr=INADDR_ANY;
+	else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+#ifndef BIT_FIELD_LIMITS
+		memcpy(&server.sin_addr.s_addr,ip,4);
+#else
+		memcpy(&server.sin_addr,ip,4);
+#endif
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 
 	if (s == INVALID_SOCKET) goto err;
+#if defined SOL_SOCKET && defined SO_REUSEADDR
+		{
+		int j = 1;
+		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+			   (void *) &j, sizeof j);
+		}
+#endif
 	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 		{
 #ifndef WINDOWS
@@ -339,7 +355,8 @@ int port;
 #endif
 		goto err;
 		}
-	if (listen(s,5) == -1) goto err;
+	/* Make it 128 for linux */
+	if (listen(s,128) == -1) goto err;
 	i=0;
 	*sock=s;
 	ret=1;
@@ -351,10 +368,12 @@ err:
 	return(ret);
 	}
 
-int do_accept(acc_sock, sock, host)
-int acc_sock;
-int *sock;
-char **host;
+int init_server(int *sock, int port)
+	{
+	return(init_server_long(sock, port, NULL));
+	}
+
+int do_accept(int acc_sock, int *sock, char **host)
 	{
 	int ret,i;
 	struct hostent *h1,*h2;
@@ -370,7 +389,12 @@ redoit:
 
 	memset((char *)&from,0,sizeof(from));
 	len=sizeof(from);
-	ret=accept(acc_sock,(struct sockaddr *)&from,&len);
+	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
 #ifdef WINDOWS
@@ -399,9 +423,14 @@ redoit:
 */
 
 	if (host == NULL) goto end;
+#ifndef BIT_FIELD_LIMITS
 	/* I should use WSAAsyncGetHostByName() under windows */
 	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
 		sizeof(from.sin_addr.s_addr),AF_INET);
+#else
+	h1=gethostbyaddr((char *)&from.sin_addr,
+		sizeof(struct in_addr),AF_INET);
+#endif
 	if (h1 == NULL)
 		{
 		BIO_printf(bio_err,"bad gethostbyaddr\n");
@@ -435,43 +464,8 @@ end:
 	return(1);
 	}
 
-int socket_ioctl(fd,type,arg)
-int fd;
-long type;
-unsigned long *arg;
-	{
-	int i,err;
-#ifdef WINDOWS
-	i=ioctlsocket(fd,type,arg);
-#else
-	i=ioctl(fd,type,arg);
-#endif
-	if (i < 0)
-		{
-#ifdef WINDOWS
-		err=WSAGetLastError();
-#else
-		err=errno;
-#endif
-		BIO_printf(bio_err,"ioctl on socket failed:error %d\n",err);
-		}
-	return(i);
-	}
-
-int sock_err()
-	{
-#ifdef WINDOWS
-	return(WSAGetLastError());
-#else
-	return(errno);
-#endif
-	}
-
-int extract_host_port(str,host_ptr,ip,port_ptr)
-char *str;
-char **host_ptr;
-unsigned char *ip;
-short *port_ptr;
+int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+	     short *port_ptr)
 	{
 	char *h,*p;
 
@@ -495,9 +489,7 @@ err:
 	return(0);
 	}
 
-int host_ip(str,ip)
-char *str;
-unsigned char ip[4];
+int host_ip(char *str, unsigned char ip[4])
 	{
 	unsigned int in[4]; 
 	int i;
@@ -543,9 +535,7 @@ err:
 	return(0);
 	}
 
-int extract_port(str,port_ptr)
-char *str;
-short *port_ptr;
+int extract_port(char *str, short *port_ptr)
 	{
 	int i;
 	struct servent *s;
@@ -577,8 +567,7 @@ static struct ghbn_cache_st
 static unsigned long ghbn_hits=0L;
 static unsigned long ghbn_miss=0L;
 
-static struct hostent *GetHostByName(name)
-char *name;
+static struct hostent *GetHostByName(char *name)
 	{
 	struct hostent *ret;
 	int i,lowi=0;
@@ -618,11 +607,7 @@ char *name;
 	}
 
 #ifndef MSDOS
-int spawn(argc, argv, in, out)
-int argc;
-char **argv;
-int *in;
-int *out;
+int spawn(int argc, char **argv, int *in, int *out)
 	{
 	int pid;
 #define CHILD_READ	p1[0]
@@ -633,7 +618,11 @@ int *out;
 
 	if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
 
+#ifdef VMS
+	if ((pid=vfork()) == 0)
+#else
 	if ((pid=fork()) == 0)
+#endif
 		{ /* child */
 		if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
 			perror("dup2");

apps/s_time.c

@@ -1,5 +1,5 @@
 /* apps/s_time.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,10 +56,10 @@
  * [including the GNU Public Licence.]
  */
 
-#undef NO_SHUTDOWN
+#define NO_SHUTDOWN
 
 /*-----------------------------------------
-   cntime - SSL client connection timer program
+   s_time - SSL client connection timer program
    Written and donated by Larry Streepy <streepy@healthcare.com>
   -----------------------------------------*/
 
@@ -67,26 +67,29 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef WIN16
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
-#include "x509.h"
-#include "ssl.h"
-#include "pem.h"
 #define USE_SOCKETS
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
 #include "apps.h"
 #include "s_apps.h"
-#include "err.h"
+#include <openssl/err.h>
 #ifdef WIN32_STUFF
 #include "winmain.h"
 #include "wintext.h"
 #endif
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -94,15 +97,15 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -111,7 +114,8 @@ struct tms {
 #include <sys/select.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
@@ -120,11 +124,7 @@ struct tms {
 */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
 #define HZ      100.0
-#else /* VMS */
-#define HZ      100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -133,6 +133,7 @@ struct tms {
 #undef PROG
 #define PROG s_time_main
 
+#undef ioctl
 #define ioctl ioctlsocket
 
 #define SSL_CONNECT_NAME	"localhost:4433"
@@ -150,16 +151,10 @@ struct tms {
 extern int verify_depth;
 extern int verify_error;
 
-#ifndef NOPROTO
 static void s_time_usage(void);
 static int parseArgs( int argc, char **argv );
 static SSL *doConnection( SSL *scon );
-#else
-static void s_time_usage();
-static int parseArgs();
-static SSL *doConnection();
-#endif
-
+static void s_time_init(void);
 
 /***********************************************************************
  * Static data declarations
@@ -180,31 +175,54 @@ static char *s_www_path=NULL;
 static long bytes_read=0; 
 static int st_bugs=0;
 static int perform=0;
-
 #ifdef FIONBIO
 static int t_nbio=0;
 #endif
-
 #ifdef WIN32
 static int exitNow = 0;		/* Set when it's time to exit main */
 #endif
 
+static void s_time_init(void)
+	{
+	host=SSL_CONNECT_NAME;
+	t_cert_file=NULL;
+	t_key_file=NULL;
+	CApath=NULL;
+	CAfile=NULL;
+	tm_cipher=NULL;
+	tm_verify = SSL_VERIFY_NONE;
+	maxTime = SECONDS;
+	tm_ctx=NULL;
+	s_time_meth=NULL;
+	s_www_path=NULL;
+	bytes_read=0; 
+	st_bugs=0;
+	perform=0;
+
+#ifdef FIONBIO
+	t_nbio=0;
+#endif
+#ifdef WIN32
+	exitNow = 0;		/* Set when it's time to exit main */
+#endif
+	}
+
 /***********************************************************************
  * usage - display usage message
  */
-static void s_time_usage()
+static void s_time_usage(void)
 {
 	static char umsg[] = "\
 -time arg     - max number of seconds to collect data, default %d\n\
 -verify arg   - turn on peer certificate verification, arg == depth\n\
 -cert arg     - certificate file to use, PEM format assumed\n\
--key arg      - RSA file to use, PEM format assumed, in cert file if\n\
-                not specified but cert fill is.\n\
+-key arg      - RSA file to use, PEM format assumed, key is in cert file\n\
+                file if not specified by this option\n\
 -CApath arg   - PEM format directory of CA's\n\
 -CAfile arg   - PEM format file of CA's\n\
--cipher       - prefered cipher to use, play with 'ssleay ciphers'\n\n";
+-cipher       - prefered cipher to use, play with 'openssl ciphers'\n\n";
 
-	printf( "usage: client <args>\n\n" );
+	printf( "usage: s_time <args>\n\n" );
 
 	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
 #ifdef FIONBIO
@@ -224,9 +242,7 @@ static void s_time_usage()
  *
  * Returns 0 if ok, -1 on bad args
  */
-static int parseArgs(argc,argv)
-int argc;
-char **argv;
+static int parseArgs(int argc, char **argv)
 {
     int badop = 0;
 
@@ -237,6 +253,7 @@ char **argv;
 #endif
 
 	apps_startup();
+	s_time_init();
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -350,8 +367,7 @@ bad:
 #define START	0
 #define STOP	1
 
-static double tm_Time_F(s)
-int s;
+static double tm_Time_F(int s)
 	{
 	static double ret;
 #ifdef TIMES
@@ -385,10 +401,7 @@ int s;
  * MAIN - main processing area for client
  *			real name depends on MONOLITH
  */
-int
-MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	double totalTime = 0.0;
 	int nConn = 0;
@@ -396,6 +409,7 @@ char **argv;
 	long finishtime=0;
 	int ret=1,i;
 	MS_STATIC char buf[1024*8];
+	int ver;
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	s_time_meth=SSLv23_client_method();
@@ -412,6 +426,8 @@ char **argv;
 	SSLeay_add_ssl_algorithms();
 	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
 
+	SSL_CTX_set_quiet_shutdown(tm_ctx,1);
+
 	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
 	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
 	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
@@ -422,9 +438,9 @@ char **argv;
 	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
 		{
-		BIO_printf(bio_err,"error seting default verify locations\n");
+		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
 		ERR_print_errors(bio_err);
-		goto end;
+		/* goto end; */
 		}
 
 	if (tm_cipher == NULL)
@@ -471,11 +487,24 @@ char **argv;
 #else
 		SSL_shutdown(scon);
 #endif
-		SHUTDOWN(SSL_get_fd(scon));
+		SHUTDOWN2(SSL_get_fd(scon));
 
 		nConn += 1;
-		fputc(SSL_session_reused(scon)?'r':
-			(SSL_version(scon))+'0', stdout );
+		if (SSL_session_reused(scon))
+			ver='r';
+		else
+			{
+			ver=SSL_version(scon);
+			if (ver == TLS1_VERSION)
+				ver='t';
+			else if (ver == SSL3_VERSION)
+				ver='3';
+			else if (ver == SSL2_VERSION)
+				ver='2';
+			else
+				ver='*';
+			}
+		fputc(ver,stdout);
 		fflush(stdout);
 
 		SSL_free( scon );
@@ -512,7 +541,7 @@ next:
 #else
 	SSL_shutdown(scon);
 #endif
-	SHUTDOWN(SSL_get_fd(scon));
+	SHUTDOWN2(SSL_get_fd(scon));
 
 	nConn = 0;
 	totalTime = 0.0;
@@ -551,11 +580,24 @@ next:
 #else
 		SSL_shutdown(scon);
 #endif
-		SHUTDOWN(SSL_get_fd(scon));
+		SHUTDOWN2(SSL_get_fd(scon));
 	
 		nConn += 1;
-		fputc(SSL_session_reused(scon)?'r':
-			(SSL_version(scon))+'0', stdout );
+		if (SSL_session_reused(scon))
+			ver='r';
+		else
+			{
+			ver=SSL_version(scon);
+			if (ver == TLS1_VERSION)
+				ver='t';
+			else if (ver == SSL3_VERSION)
+				ver='3';
+			else if (ver == SSL2_VERSION)
+				ver='2';
+			else
+				ver='*';
+			}
+		fputc(ver,stdout);
 		fflush(stdout);
 		}
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
@@ -583,9 +625,7 @@ end:
  * Returns:
  *		SSL *	= the connection pointer.
  */
-static SSL *
-doConnection(scon)
-SSL *scon;
+static SSL *doConnection(SSL *scon)
 	{
 	BIO *conn;
 	SSL *serverCon;
@@ -595,8 +635,8 @@ SSL *scon;
 	if ((conn=BIO_new(BIO_s_connect())) == NULL)
 		return(NULL);
 
-/*	BIO_set_port(conn,port);*/
-	BIO_set_hostname(conn,host);
+/*	BIO_set_conn_port(conn,port);*/
+	BIO_set_conn_hostname(conn,host);
 
 	if (scon == NULL)
 		serverCon=(SSL *)SSL_new(tm_ctx);
@@ -624,7 +664,13 @@ SSL *scon;
 			width=i+1;
 			FD_ZERO(&readfds);
 			FD_SET(i,&readfds);
-			select(width,&readfds,NULL,NULL,NULL);
+			/* Note: under VMS with SOCKETSHR the 2nd parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
+			 */
+			select(width,(void *)&readfds,NULL,NULL,NULL);
 			continue;
 			}
 		break;

apps/server.pem

@@ -1,17 +1,17 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
-MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
+MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
 cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
 Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
-mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
-xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
-irObpESxAZLySCmPPg==
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
+JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
+IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
+FUGcPZf9ND22Etc+AQ==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD

apps/server.srl

@@ -0,0 +1 @@
+01

apps/sess_id.c

@@ -1,5 +1,5 @@
 /* apps/sess_id.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,48 +60,37 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 #undef PROG
 #define PROG	sess_id_main
 
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
-
 static char *sess_id_usage[]={
-"usage: crl args\n",
+"usage: sess_id args\n",
 "\n",
 " -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -text           - print ssl session id details\n",
-" -cert           - output certificaet \n",
+" -cert           - output certificate \n",
 " -noout          - no CRL output\n",
+" -context arg    - set the session ID context\n",
 NULL
 };
 
-#ifndef NOPROTO
 static SSL_SESSION *load_sess_id(char *file, int format);
-#else
-static SSL_SESSION *load_sess_id();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	SSL_SESSION *x=NULL;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
-	char *infile=NULL,*outfile=NULL;
+	char *infile=NULL,*outfile=NULL,*context=NULL;
 	int cert=0,noout=0,text=0;
 	char **pp;
 
@@ -109,7 +98,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -145,6 +134,11 @@ char **argv;
 			cert= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
+		else if (strcmp(*argv,"-context") == 0)
+		    {
+		    if(--argc < 1) goto bad;
+		    context=*++argv;
+		    }
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -167,6 +161,17 @@ bad:
 	x=load_sess_id(infile,informat);
 	if (x == NULL) { goto end; }
 
+	if(context)
+	    {
+	    x->sid_ctx_length=strlen(context);
+	    if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
+		{
+		BIO_printf(bio_err,"Context too long\n");
+		goto end;
+		}
+	    memcpy(x->sid_ctx,context,x->sid_ctx_length);
+	    }
+
 #ifdef undef
 	/* just testing for memory leaks :-) */
 	{
@@ -259,9 +264,7 @@ end:
 	EXIT(ret);
 	}
 
-static SSL_SESSION *load_sess_id(infile, format)
-char *infile;
-int format;
+static SSL_SESSION *load_sess_id(char *infile, int format)
 	{
 	SSL_SESSION *x=NULL;
 	BIO *in=NULL;

apps/speed.c

@@ -1,5 +1,5 @@
 /* apps/speed.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,8 +60,8 @@
 
 #undef SECONDS
 #define SECONDS		3	
-#define RSA_SECONDS	10	
-#define DSA_SECONDS	10	
+#define RSA_SECONDS	10
+#define DSA_SECONDS	10
 
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
@@ -73,19 +73,19 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <string.h>
+#include <math.h>
 #include "apps.h"
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
-#include "crypto.h"
-#include "rand.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -93,56 +93,68 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
 #ifndef NO_DES
-#include "des.h"
+#include <openssl/des.h>
 #endif
 #ifndef NO_MD2
-#include "md2.h"
+#include <openssl/md2.h>
 #endif
 #ifndef NO_MDC2
-#include "mdc2.h"
+#include <openssl/mdc2.h>
 #endif
 #ifndef NO_MD5
-#include "md5.h"
+#include <openssl/md5.h>
+#include <openssl/hmac.h>
+#include <openssl/evp.h>
 #endif
-#if !defined(NO_SHA) && !defined(NO_SHA1)
-#include "sha.h"
+#ifndef NO_SHA
+#include <openssl/sha.h>
+#endif
+#ifndef NO_RIPEMD
+#include <openssl/ripemd.h>
 #endif
 #ifndef NO_RC4
-#include "rc4.h"
+#include <openssl/rc4.h>
+#endif
+#ifndef NO_RC5
+#include <openssl/rc5.h>
 #endif
 #ifndef NO_RC2
-#include "rc2.h"
+#include <openssl/rc2.h>
 #endif
 #ifndef NO_IDEA
-#include "idea.h"
+#include <openssl/idea.h>
 #endif
-#ifndef NO_BLOWFISH
-#include "blowfish.h"
+#ifndef NO_BF
+#include <openssl/blowfish.h>
+#endif
+#ifndef NO_CAST
+#include <openssl/cast.h>
 #endif
 #ifndef NO_RSA
-#include "rsa.h"
-#endif
-#include "x509.h"
+#include <openssl/rsa.h>
 #include "./testrsa.h"
+#endif
+#include <openssl/x509.h>
 #ifndef NO_DSA
 #include "./testdsa.h"
 #endif
@@ -151,11 +163,7 @@ struct tms {
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -165,19 +173,12 @@ struct tms {
 #endif
 
 #undef BUFSIZE
-#define BUFSIZE	((long)1024*8)
+#define BUFSIZE	((long)1024*8+1)
 int run=0;
 
-#ifndef NOPROTO
 static double Time_F(int s);
 static void print_message(char *s,long num,int length);
 static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
-#else
-static double Time_F();
-static void print_message();
-static void pkey_print_message();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -185,14 +186,8 @@ static void pkey_print_message();
 #define SIGRETTYPE int
 #endif 
 
-#ifndef NOPROTO
 static SIGRETTYPE sig_done(int sig);
-#else
-static SIGRETTYPE sig_done();
-#endif
-
-static SIGRETTYPE sig_done(sig)
-int sig;
+static SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -205,8 +200,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-static double Time_F(s)
-int s;
+static double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -242,19 +236,17 @@ int s;
 #endif
 	}
 
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	unsigned char *buf=NULL,*buf2=NULL;
+	des_cblock *buf_as_des_cblock = NULL;
 	int ret=1;
-#define ALGOR_NUM	11
+#define ALGOR_NUM	14
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
 	long count,rsa_count;
 	int i,j,k,rsa_num,rsa_num2;
-	unsigned int kk;
 #ifndef NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
@@ -263,21 +255,31 @@ char **argv;
 #endif
 #ifndef NO_MD5
 	unsigned char md5[MD5_DIGEST_LENGTH];
+	unsigned char hmac[MD5_DIGEST_LENGTH];
 #endif
-#if !defined(NO_SHA) || !defined(NO_SHA1)
+#ifndef NO_SHA
 	unsigned char sha[SHA_DIGEST_LENGTH];
 #endif
+#ifndef NO_RIPEMD
+	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+#endif
 #ifndef NO_RC4
 	RC4_KEY rc4_ks;
 #endif
+#ifndef NO_RC5
+	RC5_32_KEY rc5_ks;
+#endif
 #ifndef NO_RC2
 	RC2_KEY rc2_ks;
 #endif
 #ifndef NO_IDEA
 	IDEA_KEY_SCHEDULE idea_ks;
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	BF_KEY bf_ks;
+#endif
+#ifndef NO_CAST
+	CAST_KEY cast_ks;
 #endif
 	static unsigned char key16[16]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
@@ -292,21 +294,24 @@ char **argv;
 #define	D_MD2		0
 #define	D_MDC2		1
 #define	D_MD5		2
-#define	D_SHA		3
+#define	D_HMAC		3
 #define	D_SHA1		4
-#define	D_RC4		5
-#define	D_CBC_DES	6
-#define	D_EDE3_DES	7
-#define	D_CBC_IDEA	8
-#define	D_CBC_RC2	9
-#define	D_CBC_BF	10
+#define D_RMD160	5
+#define	D_RC4		6
+#define	D_CBC_DES	7
+#define	D_EDE3_DES	8
+#define	D_CBC_IDEA	9
+#define	D_CBC_RC2	10
+#define	D_CBC_RC5	11
+#define	D_CBC_BF	12
+#define	D_CBC_CAST	13
 	double d,results[ALGOR_NUM][SIZE_NUM];
 	static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
 	long c[ALGOR_NUM][SIZE_NUM];
 	static char *names[ALGOR_NUM]={
-		"md2","mdc2","md5","sha","sha1","rc4",
+		"md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4",
 		"des cbc","des ede3","idea cbc",
-		"rc2 cbc","blowfish cbc"};
+		"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
 #define	R_DSA_512	0
 #define	R_DSA_1024	1
 #define	R_DSA_2048	2
@@ -314,42 +319,49 @@ char **argv;
 #define	R_RSA_1024	1
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
-	RSA *rsa_key[RSA_NUM];
-	DSA *dsa_key[DSA_NUM];
-	long rsa_c[RSA_NUM][2];
-	long dsa_c[DSA_NUM][2];
 #ifndef NO_RSA
+	RSA *rsa_key[RSA_NUM];
+	long rsa_c[RSA_NUM][2];
 	double rsa_results[RSA_NUM][2];
-#endif
-#ifndef NO_DSA
-	double dsa_results[DSA_NUM][2];
-#endif
 	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
-	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
 	static unsigned char *rsa_data[RSA_NUM]=
 		{test512,test1024,test2048,test4096};
 	static int rsa_data_length[RSA_NUM]={
 		sizeof(test512),sizeof(test1024),
 		sizeof(test2048),sizeof(test4096)};
-	int doit[ALGOR_NUM];
+#endif
+#ifndef NO_DSA
+	DSA *dsa_key[DSA_NUM];
+	long dsa_c[DSA_NUM][2];
+	double dsa_results[DSA_NUM][2];
+	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
+#endif
 	int rsa_doit[RSA_NUM];
 	int dsa_doit[DSA_NUM];
+	int doit[ALGOR_NUM];
 	int pr_header=0;
 
 	apps_startup();
+#ifndef NO_DSA
+	memset(dsa_key,0,sizeof(dsa_key));
+#endif
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+#ifndef NO_RSA
+	memset(rsa_key,0,sizeof(rsa_key));
 	for (i=0; i<RSA_NUM; i++)
 		rsa_key[i]=NULL;
+#endif
 
 	if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
+	buf_as_des_cblock = (des_cblock *)buf;
 	if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
@@ -383,13 +395,23 @@ char **argv;
 			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
 		else
 #endif
-#ifndef NO_SHA
-			if (strcmp(*argv,"sha") == 0) doit[D_SHA]=1;
+#ifndef NO_MD5
+			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
 		else
 #endif
-#ifndef NO_SHA1
+#ifndef NO_SHA
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
+			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
+		else
+#endif
+#ifndef NO_RIPEMD
+			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
+		else
+			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
+		else
+			if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
+		else
 #endif
 #ifndef NO_RC4
 			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
@@ -409,7 +431,7 @@ char **argv;
 			}
 		else
 #endif
-			if (strcmp(*argv,"ssleay") == 0) 
+			if (strcmp(*argv,"openssl") == 0) 
 			{
 			RSA_set_default_method(RSA_PKCS1_SSLeay());
 			j--;
@@ -429,14 +451,26 @@ char **argv;
 		else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
 		else
 #endif
+#ifndef NO_RC5
+		     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
+		else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
+		else
+#endif
 #ifndef NO_IDEA
 		     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
 		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
 		else
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
+		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
+		else
+#endif
+#ifndef NO_CAST
+		     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
+		else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
+		else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
 		else
 #endif
 #ifndef NO_DES
@@ -467,17 +501,20 @@ char **argv;
 #endif
 			{
 			BIO_printf(bio_err,"bad value, pick one of\n");
-			BIO_printf(bio_err,"md2      mdc2	md5      sha      sha1\n");
+			BIO_printf(bio_err,"md2      mdc2	md5      hmac      sha1    rmd160\n");
 #ifndef NO_IDEA
 			BIO_printf(bio_err,"idea-cbc ");
 #endif
 #ifndef NO_RC2
 			BIO_printf(bio_err,"rc2-cbc  ");
 #endif
-#ifndef NO_RC2
+#ifndef NO_RC5
+			BIO_printf(bio_err,"rc5-cbc  ");
+#endif
+#ifndef NO_BF
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH)
+#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BF) && !defined(NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif
 			BIO_printf(bio_err,"des-cbc  des-ede3 ");
@@ -527,6 +564,14 @@ char **argv;
 			BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
 			goto end;
 			}
+#if 0
+		else
+			{
+			BIO_printf(bio_err,"Loaded RSA key, %d bit modulus and e= 0x",BN_num_bits(rsa_key[i]->n));
+			BN_print(bio_err,rsa_key[i]->e);
+			BIO_printf(bio_err,"\n");
+			}
+#endif
 		}
 #endif
 
@@ -537,9 +582,9 @@ char **argv;
 #endif
 
 #ifndef NO_DES
-	des_set_key((C_Block *)key,sch);
-	des_set_key((C_Block *)key2,sch2);
-	des_set_key((C_Block *)key3,sch3);
+	des_set_key(&key,sch);
+	des_set_key(&key2,sch2);
+	des_set_key(&key3,sch3);
 #endif
 #ifndef NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
@@ -550,11 +595,18 @@ char **argv;
 #ifndef NO_RC2
 	RC2_set_key(&rc2_ks,16,key16,128);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_RC5
+	RC5_32_set_key(&rc5_ks,16,key16,12);
+#endif
+#ifndef NO_BF
 	BF_set_key(&bf_ks,16,key16);
 #endif
-
+#ifndef NO_CAST
+	CAST_set_key(&cast_ks,16,key16);
+#endif
+#ifndef NO_RSA
 	memset(rsa_c,0,sizeof(rsa_c));
+#endif
 #ifndef SIGALRM
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
@@ -563,29 +615,33 @@ char **argv;
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_ecb_encrypt((C_Block *)buf,(C_Block *)buf,
+			des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
 				&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d <3);
 	c[D_MD2][0]=count/10;
 	c[D_MDC2][0]=count/10;
 	c[D_MD5][0]=count;
-	c[D_SHA][0]=count;
+	c[D_HMAC][0]=count;
 	c[D_SHA1][0]=count;
+	c[D_RMD160][0]=count;
 	c[D_RC4][0]=count*5;
 	c[D_CBC_DES][0]=count;
 	c[D_EDE3_DES][0]=count/3;
 	c[D_CBC_IDEA][0]=count;
 	c[D_CBC_RC2][0]=count;
+	c[D_CBC_RC5][0]=count;
 	c[D_CBC_BF][0]=count;
+	c[D_CBC_CAST][0]=count;
 
 	for (i=1; i<SIZE_NUM; i++)
 		{
 		c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
 		c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
 		c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
-		c[D_SHA][i]=c[D_SHA][0]*4*lengths[0]/lengths[i];
+		c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
 		c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
+		c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
 		}
 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -598,8 +654,11 @@ char **argv;
 		c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
 		c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
 		c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
+		c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
+		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
 		}
+#ifndef NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
 	rsa_c[R_RSA_512][1]=count/400;
 	for (i=1; i<RSA_NUM; i++)
@@ -610,13 +669,14 @@ char **argv;
 			rsa_doit[i]=0;
 		else
 			{
-			if (rsa_c[i] == 0)
+			if (rsa_c[i][0] == 0)
 				{
 				rsa_c[i][0]=1;
 				rsa_c[i][1]=20;
 				}
 			}				
 		}
+#endif
 
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
@@ -636,7 +696,7 @@ char **argv;
 			}				
 		}
 
-#define COND(d)	(count != (d))
+#define COND(d)	(count < (d))
 #define COUNT(d) (d)
 #else
 #define COND(c)	(run)
@@ -685,7 +745,7 @@ char **argv;
 			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_MD5][j]); count++)
-				MD5(buf,(unsigned long)lengths[j],&(md5[0]));
+				MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD5],d);
@@ -694,23 +754,31 @@ char **argv;
 		}
 #endif
 
-#ifndef NO_SHA
-	if (doit[D_SHA])
+#ifndef NO_MD5
+	if (doit[D_HMAC])
 		{
+		HMAC_CTX hctx;
+		HMAC_Init(&hctx,(unsigned char *)"This is a key...",
+			16,EVP_md5());
+
 		for (j=0; j<SIZE_NUM; j++)
 			{
-			print_message(names[D_SHA],c[D_SHA][j],lengths[j]);
+			print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
 			Time_F(START);
-			for (count=0,run=1; COND(c[D_SHA][j]); count++)
-				SHA(buf,(unsigned long)lengths[j],&(sha[0]));
+			for (count=0,run=1; COND(c[D_HMAC][j]); count++)
+				{
+				HMAC_Init(&hctx,NULL,0,NULL);
+                                HMAC_Update(&hctx,buf,lengths[j]);
+                                HMAC_Final(&hctx,&(hmac[0]),NULL);
+				}
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_SHA],d);
-			results[D_SHA][j]=((double)count)/d*lengths[j];
+				count,names[D_HMAC],d);
+			results[D_HMAC][j]=((double)count)/d*lengths[j];
 			}
 		}
 #endif
-#ifndef NO_SHA1
+#ifndef NO_SHA
 	if (doit[D_SHA1])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -726,6 +794,22 @@ char **argv;
 			}
 		}
 #endif
+#ifndef NO_RIPEMD
+	if (doit[D_RMD160])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
+				RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
+			d=Time_F(STOP);
+			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+				count,names[D_RMD160],d);
+			results[D_RMD160][j]=((double)count)/d*lengths[j];
+			}
+		}
+#endif
 #ifndef NO_RC4
 	if (doit[D_RC4])
 		{
@@ -751,10 +835,8 @@ char **argv;
 			print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
-				des_ncbc_encrypt((C_Block *)buf,
-					(C_Block *)buf,
-					(long)lengths[j],sch,
-					(C_Block *)&(iv[0]),DES_ENCRYPT);
+				des_ncbc_encrypt(buf,buf,lengths[j],sch,
+						 &iv,DES_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_DES],d);
@@ -769,10 +851,9 @@ char **argv;
 			print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
-				des_ede3_cbc_encrypt((C_Block *)buf,
-					(C_Block *)buf,
-					(long)lengths[j],sch,sch2,sch3,
-					(C_Block *)&(iv[0]),DES_ENCRYPT);
+				des_ede3_cbc_encrypt(buf,buf,lengths[j],
+						     sch,sch2,sch3,
+						     &iv,DES_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_EDE3_DES],d);
@@ -790,7 +871,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
 				idea_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&idea_ks,
-					(unsigned char *)&(iv[0]),IDEA_ENCRYPT);
+					iv,IDEA_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_IDEA],d);
@@ -808,7 +889,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
 				RC2_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc2_ks,
-					(unsigned char *)&(iv[0]),RC2_ENCRYPT);
+					iv,RC2_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_RC2],d);
@@ -816,7 +897,25 @@ char **argv;
 			}
 		}
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_RC5
+	if (doit[D_CBC_RC5])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
+				RC5_32_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&rc5_ks,
+					iv,RC5_ENCRYPT);
+			d=Time_F(STOP);
+			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+				count,names[D_CBC_RC5],d);
+			results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
+			}
+		}
+#endif
+#ifndef NO_BF
 	if (doit[D_CBC_BF])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -826,7 +925,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
 				BF_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&bf_ks,
-					(unsigned char *)&(iv[0]),BF_ENCRYPT);
+					iv,BF_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_BF],d);
@@ -834,14 +933,35 @@ char **argv;
 			}
 		}
 #endif
+#ifndef NO_CAST
+	if (doit[D_CBC_CAST])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
+				CAST_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&cast_ks,
+					iv,CAST_ENCRYPT);
+			d=Time_F(STOP);
+			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+				count,names[D_CBC_CAST],d);
+			results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
+			}
+		}
+#endif
 
 	RAND_bytes(buf,30);
 #ifndef NO_RSA
 	for (j=0; j<RSA_NUM; j++)
 		{
 		if (!rsa_doit[j]) continue;
+		rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
+			RSA_PKCS1_PADDING);
 		pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
 			RSA_SECONDS);
+/*		RSA_blinding_on(rsa_key[j],NULL); */
 		Time_F(START);
 		for (count=0,run=1; COND(rsa_c[j][0]); count++)
 			{
@@ -861,6 +981,9 @@ char **argv;
 		rsa_results[j][0]=d/(double)count;
 		rsa_count=count;
 
+#if 1
+		rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
+			RSA_PKCS1_PADDING);
 		pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
 			RSA_SECONDS);
 		Time_F(START);
@@ -880,6 +1003,7 @@ char **argv;
 		BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
 			count,rsa_bits[j],d);
 		rsa_results[j][1]=d/(double)count;
+#endif
 
 		if (rsa_count <= 1)
 			{
@@ -894,9 +1018,13 @@ char **argv;
 #ifndef NO_DSA
 	for (j=0; j<DSA_NUM; j++)
 		{
+		unsigned int kk;
+
 		if (!dsa_doit[j]) continue;
 		DSA_generate_key(dsa_key[j]);
 /*		DSA_sign_setup(dsa_key[j],NULL); */
+		rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+			&kk,dsa_key[j]);
 		pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
 			DSA_SECONDS);
 		Time_F(START);
@@ -918,6 +1046,8 @@ char **argv;
 		dsa_results[j][0]=d/(double)count;
 		rsa_count=count;
 
+		rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+			kk,dsa_key[j]);
 		pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
 			DSA_SECONDS);
 		Time_F(START);
@@ -963,10 +1093,10 @@ char **argv;
 #ifndef NO_IDEA
 	printf("%s ",idea_options());
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	printf("%s ",BF_options());
 #endif
-	fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_CFLAGS));
+	fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
 
 	if (pr_header)
 		{
@@ -980,7 +1110,7 @@ char **argv;
 	for (k=0; k<ALGOR_NUM; k++)
 		{
 		if (!doit[k]) continue;
-		fprintf(stdout,"%-12s",names[k]);
+		fprintf(stdout,"%-13s",names[k]);
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			if (results[k][j] > 10000)
@@ -995,9 +1125,14 @@ char **argv;
 	for (k=0; k<RSA_NUM; k++)
 		{
 		if (!rsa_doit[k]) continue;
-		if (j) { printf("%18ssign    verify\n"," "); j=0; }
-		fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs",
-			rsa_bits[k],rsa_results[k][0],rsa_results[k][1]);
+		if (j)
+			{
+			printf("%18ssign    verify    sign/s verify/s\n"," ");
+			j=0;
+			}
+		fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+			rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
+			1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
 		fprintf(stdout,"\n");
 		}
 #endif
@@ -1006,9 +1141,13 @@ char **argv;
 	for (k=0; k<DSA_NUM; k++)
 		{
 		if (!dsa_doit[k]) continue;
-		if (j) { printf("%18ssign    verify\n"," "); j=0; }
-		fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs",
-			dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
+		if (j)	{
+			printf("%18ssign    verify    sign/s verify/s\n"," ");
+			j=0;
+			}
+		fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+			dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
+			1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		fprintf(stdout,"\n");
 		}
 #endif
@@ -1029,10 +1168,7 @@ end:
 	EXIT(ret);
 	}
 
-static void print_message(s,num,length)
-char *s;
-long num;
-int length;
+static void print_message(char *s, long num, int length)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
@@ -1047,12 +1183,8 @@ int length;
 #endif
 	}
 
-static void pkey_print_message(str,str2,num,bits,tm)
-char *str;
-char *str2;
-long num;
-int bits;
-int tm;
+static void pkey_print_message(char *str, char *str2, long num, int bits,
+	     int tm)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
@@ -1066,3 +1198,4 @@ int tm;
 	num=num;
 #endif
 	}
+

apps/ssleay.c

@@ -1,339 +0,0 @@
-/* apps/ssleay.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define DEBUG
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#ifdef WIN16
-#define APPS_WIN16
-#endif
-#include "bio.h"
-#include "crypto.h"
-#include "lhash.h"
-#include "conf.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#define SSLEAY	/* turn off a few special case MONOLITH macros */
-#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#define SSLEAY_SRC
-#include "apps.h"
-#include "s_apps.h"
-#include "err.h"
-
-
-#ifndef NOPROTO
-static unsigned long MS_CALLBACK hash(FUNCTION *a);
-static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
-static LHASH *prog_init(void );
-static int do_cmd(LHASH *prog,int argc,char *argv[]);
-static void sig_stop(int i);
-#else
-static unsigned long MS_CALLBACK hash();
-static int MS_CALLBACK cmp();
-static LHASH *prog_init();
-static int do_cmd();
-static void sig_stop();
-#endif
-
-LHASH *config=NULL;
-char *default_config_file=NULL;
-
-#ifdef DEBUG
-static void sig_stop(i)
-int i;
-	{
-	char *a=NULL;
-
-	*a='\0';
-	}
-#endif
-
-/* Make sure there is only one when MONOLITH is defined */
-#ifdef MONOLITH
-BIO *bio_err=NULL;
-#endif
-
-int main(Argc,Argv)
-int Argc;
-char *Argv[];
-	{
-	ARGS arg;
-#define PROG_NAME_SIZE	16
-	char pname[PROG_NAME_SIZE];
-	FUNCTION f,*fp;
-	MS_STATIC char *prompt,buf[1024],config_name[256];
-	int n,i,ret=0;
-	int argc;
-	char **argv,*p;
-	LHASH *prog=NULL;
-	long errline;
- 
-	arg.data=NULL;
-	arg.count=0;
-
-	/* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
-	apps_startup();
-
-#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
-#ifdef SIGBUS
-	signal(SIGBUS,sig_stop);
-#endif
-#ifdef SIGSEGV
-	signal(SIGSEGV,sig_stop);
-#endif
-#endif
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
-
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-	ERR_load_crypto_strings();
-
-	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
-	if (p == NULL)
-		{
-		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
-		p=config_name;
-		}
-
-	default_config_file=p;
-
-	config=CONF_load(config,p,&errline);
-	if (config == NULL) ERR_clear_error();
-
-	prog=prog_init();
-
-	/* first check the program name */
-	program_name(Argv[0],pname,PROG_NAME_SIZE);
-
-	f.name=pname;
-	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
-	if (fp != NULL)
-		{
-		Argv[0]=pname;
-		ret=fp->func(Argc,Argv);
-		goto end;
-		}
-
-	/* ok, now check that there are not arguments, if there are,
-	 * run with them, shifting the ssleay off the front */
-	if (Argc != 1)
-		{
-		Argc--;
-		Argv++;
-		ret=do_cmd(prog,Argc,Argv);
-		if (ret < 0) ret=0;
-		goto end;
-		}
-
-	/* ok, lets enter the old 'SSLeay>' mode */
-	
-	for (;;)
-		{
-		ret=0;
-		p=buf;
-		n=1024;
-		i=0;
-		for (;;)
-			{
-			p[0]='\0';
-			if (i++)
-				prompt=">";
-			else	prompt="SSLeay>";
-			fputs(prompt,stdout);
-			fflush(stdout);
-			fgets(p,n,stdin);
-			if (p[0] == '\0') goto end;
-			i=strlen(p);
-			if (i <= 1) break;
-			if (p[i-2] != '\\') break;
-			i-=2;
-			p+=i;
-			n-=i;
-			}
-		if (!chopup_args(&arg,buf,&argc,&argv)) break;
-
-		ret=do_cmd(prog,argc,argv);
-		if (ret < 0)
-			{
-			ret=0;
-			goto end;
-			}
-		if (ret != 0)
-			BIO_printf(bio_err,"error in %s\n",argv[0]);
-		}
-	BIO_printf(bio_err,"bad exit\n");
-	ret=1;
-end:
-	if (config != NULL)
-		{
-		CONF_free(config);
-		config=NULL;
-		}
-	if (prog != NULL) lh_free(prog);
-	if (arg.data != NULL) Free(arg.data);
-	ERR_remove_state(0);
-
-	EVP_cleanup();
-
-	CRYPTO_mem_leaks(bio_err);
-	if (bio_err != NULL)
-		{
-		BIO_free(bio_err);
-		bio_err=NULL;
-		}
-	EXIT(ret);
-	}
-
-static int do_cmd(prog,argc,argv)
-LHASH *prog;
-int argc;
-char *argv[];
-	{
-	FUNCTION f,*fp;
-	int i,ret=1,tp,nl;
-
-	if ((argc <= 0) || (argv[0] == NULL))
-		{ ret=0; goto end; }
-	f.name=argv[0];
-	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
-	if (fp != NULL)
-		{
-		ret=fp->func(argc,argv);
-		}
-	else if ((strcmp(argv[0],"quit") == 0) ||
-		(strcmp(argv[0],"q") == 0) ||
-		(strcmp(argv[0],"exit") == 0) ||
-		(strcmp(argv[0],"bye") == 0))
-		{
-		ret= -1;
-		goto end;
-		}
-	else
-		{
-		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
-			argv[0]);
-		i=0;
-		fp=functions;
-		tp=0;
-		for (fp=functions; fp->name != NULL; fp++)
-			{
-			nl=0;
-			if (((i++) % 5) == 0)
-				{
-				BIO_printf(bio_err,"\n");
-				nl=1;
-				}
-			if (fp->type != tp)
-				{
-				tp=fp->type;
-				if (!nl) BIO_printf(bio_err,"\n");
-				if (tp == FUNC_TYPE_MD)
-					{
-					i=1;
-					BIO_printf(bio_err,
-						"Message Digest commands - see the dgst command for more details\n");
-					}
-				else if (tp == FUNC_TYPE_CIPHER)
-					{
-					i=1;
-					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
-					}
-				}
-			BIO_printf(bio_err,"%-15s",fp->name);
-			}
-		BIO_printf(bio_err,"\nquit\n");
-		ret=0;
-		}
-end:
-	return(ret);
-	}
-
-static LHASH *prog_init()
-	{
-	LHASH *ret;
-	FUNCTION *f;
-
-	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
-
-	for (f=functions; f->name != NULL; f++)
-		lh_insert(ret,(char *)f);
-	return(ret);
-	}
-
-static int MS_CALLBACK cmp(a,b)
-FUNCTION *a,*b;
-	{
-	return(strncmp(a->name,b->name,8));
-	}
-
-static unsigned long MS_CALLBACK hash(a)
-FUNCTION *a;
-	{
-	return(lh_strhash(a->name));
-	}
-
-#undef SSLEAY

apps/ssleay.cnf

@@ -1,116 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE		= $ENV::HOME/.rnd
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./demoCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= x509v3_extensions	# The extentions to add to the cert
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= md5			# which md to use.
-preserve	= no			# keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 1024
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Some-State
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= CryptSoft Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 40
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-[ x509v3_extensions ]
-
-nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
-nsComment			= "This is a comment"
-
-# under ASN.1, the 0 bit would be encoded as 80
-nsCertType			= 0x40
-
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-#nsCertSequence
-#nsCertExt
-#nsDataType
-

apps/stuff/pkcs7.ex1

@@ -1,25 +0,0 @@
------BEGIN xxx-----
-MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIB
-rTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMT
-UGVyc29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4
-MDIxODM4NTdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
-YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZp
-Y2F0ZTEYMBYGA1UEAxMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcN
-AQEBBQADSwAwSAJBAMy8QcW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamI
-DElX/qw9mIQu4xNj1FfepfJNxzPvA0OtMKhy6+bkrlyMEU8CAwEAATAN
-BgkqhkiG9w0BAQIFAANPAAYn7jDgirhiIL4wnP8nGzUisGSpsFsF4/7z
-2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d82H5+Ndfhi2mRp4YHiGHz0Hl
-K6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANBgkqhkiG9w0BAQIFADBf
-MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHks
-IEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3MjM1OTU5
-WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJp
-dHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTAN
-BgkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1F
-pI9tXQ1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8
-nOkkuBi+AQvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7x
-Ddp49oZm9GoNcPhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6
-Wqf430Xe9Et5+jgnMTiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFc
-miin80RB8AAAMYAAAAAAAAAAAA==
------END xxx-----

apps/stuff/pkcs7.ex2

@@ -1,11 +0,0 @@
------BEGIN PRIVACY-ENHANCED MESSAGE-----
-MIAGCSqGSIb3DQEHBqCAMIACAQAwgAYJKoZIhvcNAQcBMBEGBSsOAwIHBAifqtdy
-x6uIMYCCARgvFzJtOZBn773DtmXlx037ck3giqnV0WC0QAx5f+fesAiGaxMqWcir
-r9XvT0nT0LgSQ/8tiLCDBEKdyCNgdcJAduy3D0r2sb5sNTT0TyL9uydG3w55vTnW
-aPbCPCWLudArI1UHDZbnoJICrVehxG/sYX069M8v6VO8PsJS7//hh1yM+0nekzQ5
-l1p0j7uWKu4W0csrlGqhLvEJanj6dQAGSTNCOoH3jzEXGQXntgesk8poFPfHdtj0
-5RH4MuJRajDmoEjlrNcnGl/BdHAd2JaCo6uZWGcnGAgVJ/TVfSVSwN5nlCK87tXl
-nL7DJwaPRYwxb3mnPKNq7ATiJPf5u162MbwxrddmiE7e3sST7naSN+GS0ateY5X7
-AAAAAAAAAAA=
------END PRIVACY-ENHANCED MESSAGE-----
-