Fix selftest.

Move the declaration of FIPS_allow_md5() from fips_locl.h to fips.h.
Consequently, util/mkdef.pl doesn't need to look at fips_locl.h any
more.

.cvsignore

@@ -1,5 +1,5 @@
 openssl.pc
-Makefile.ssl
+Makefile
 MINFO
 makefile.one
 tmp
@@ -14,3 +14,4 @@ cctest.c
 cctest.a
 libcrypto.so.*
 libssl.so.*
+libcrypto.sha1

CHANGES

@@ -2,214 +2,26 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]
+ Changes between 0.9.7d and 0.9.7e  [XX xxx XXXX]
 
-  *) New function X509_POLICY_NODE_print() which prints out policy nodes.
+  *) Reduce the chances of duplicate issuer name and serial numbers (in
+     violation of RFC3280) using the OpenSSL certificate creation utilities.
+     This is done by creating a random 64 bit value for the initial serial
+     number when a serial number file is created or when a self signed
+     certificate is created using 'openssl req -x509'. The initial serial
+     number file is created using 'openssl x509 -next_serial' in CA.pl
+     rather than being initialized to 1.
      [Steve Henson]
 
-  *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
-     This will generate a random key of the appropriate length based on the 
-     cipher context. The EVP_CIPHER can provide its own random key generation
-     routine to support keys of a specific form. This is used in the des and 
-     3des routines to generate a key of the correct parity. Update S/MIME
-     code to use new functions and hence generate correct parity DES keys.
-     Add EVP_CHECK_DES_KEY #define to return an error if the key is not 
-     valid (weak or incorrect parity).
-     [Steve Henson]
+ Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
 
-  *) Add a local set of CRLs that can be used by X509_verify_cert() as well
-     as looking them up. This is useful when the verified structure may contain
-     CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
-     present unless the new PKCS7_NO_CRL flag is asserted.
-     [Steve Henson]
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
+     by using the Codenomicon TLS Test Tool (CAN-2004-0079)                    
+     [Joe Orton, Steve Henson]   
 
-  *) Extend ASN1 oid configuration module. It now additionally accepts the
-     syntax:
-
-     shortName = some long name, 1.2.3.4
-     [Steve Henson]
-
-  *) Reimplemented the BN_CTX implementation. There is now no more static
-     limitation on the number of variables it can handle nor the depth of the
-     "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
-     information can now expand as required, and rather than having a single
-     static array of bignums, BN_CTX now uses a linked-list of such arrays
-     allowing it to expand on demand whilst maintaining the usefulness of
-     BN_CTX's "bundling".
-     [Geoff Thorpe]
-
-  *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
-     to allow all RSA operations to function using a single BN_CTX.
-     [Geoff Thorpe]
-
-  *) Preliminary support for certificate policy evaluation and checking. This
-     is initially intended to pass the tests outlined in "Conformance Testing
-     of Relying Party Client Certificate Path Processing Logic" v1.07.
-     [Steve Henson]
-
-  *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
-     remained unused and not that useful. A variety of other little bignum
-     tweaks and fixes have also been made continuing on from the audit (see
-     below).
-     [Geoff Thorpe]
-
-  *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
-     associated ASN1, EVP and SSL functions and old ASN1 macros.
-     [Richard Levitte]
-
-  *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
-     and this should never fail. So the return value from the use of
-     BN_set_word() (which can fail due to needless expansion) is now deprecated;
-     if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
-     [Geoff Thorpe]
-
-  *) BN_CTX_get() should return zero-valued bignums, providing the same
-     initialised value as BN_new().
-     [Geoff Thorpe, suggested by Ulf Möller]
-
-  *) Support for inhibitAnyPolicy certificate extension.
-     [Steve Henson]
-
-  *) An audit of the BIGNUM code is underway, for which debugging code is
-     enabled when BN_DEBUG is defined. This makes stricter enforcements on what
-     is considered valid when processing BIGNUMs, and causes execution to
-     assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
-     further steps are taken to deliberately pollute unused data in BIGNUM
-     structures to try and expose faulty code further on. For now, openssl will
-     (in its default mode of operation) continue to tolerate the inconsistent
-     forms that it has tolerated in the past, but authors and packagers should
-     consider trying openssl and their own applications when compiled with
-     these debugging symbols defined. It will help highlight potential bugs in
-     their own code, and will improve the test coverage for OpenSSL itself. At
-     some point, these tighter rules will become openssl's default to improve
-     maintainability, though the assert()s and other overheads will remain only
-     in debugging configurations. See bn.h for more details.
-     [Geoff Thorpe, Nils Larsch, Ulf Möller]
-
-  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
-     that can only be obtained through BN_CTX_new() (which implicitly
-     initialises it). The presence of this function only made it possible
-     to overwrite an existing structure (and cause memory leaks).
-     [Geoff Thorpe]
-
-  *) Because of the callback-based approach for implementing LHASH as a
-     template type, lh_insert() adds opaque objects to hash-tables and
-     lh_doall() or lh_doall_arg() are typically used with a destructor callback
-     to clean up those corresponding objects before destroying the hash table
-     (and losing the object pointers). So some over-zealous constifications in
-     LHASH have been relaxed so that lh_insert() does not take (nor store) the
-     objects as "const" and the lh_doall[_arg] callback wrappers are not
-     prototyped to have "const" restrictions on the object pointers they are
-     given (and so aren't required to cast them away any more).
-     [Geoff Thorpe]
-
-  *) The tmdiff.h API was so ugly and minimal that our own timing utility
-     (speed) prefers to use its own implementation. The two implementations
-     haven't been consolidated as yet (volunteers?) but the tmdiff API has had
-     its object type properly exposed (MS_TM) instead of casting to/from "char
-     *". This may still change yet if someone realises MS_TM and "ms_time_***"
-     aren't necessarily the greatest nomenclatures - but this is what was used
-     internally to the implementation so I've used that for now.
-     [Geoff Thorpe]
-
-  *) Ensure that deprecated functions do not get compiled when
-     OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
-     the self-tests were still using deprecated key-generation functions so
-     these have been updated also.
-     [Geoff Thorpe]
-
-  *) Reorganise PKCS#7 code to separate the digest location functionality
-     into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
-     New function PKCS7_set_digest() to set the digest type for PKCS#7
-     digestedData type. Add additional code to correctly generate the
-     digestedData type and add support for this type in PKCS7 initialization
-     functions.
-     [Steve Henson]
-
-  *) New function PKCS7_set0_type_other() this initializes a PKCS7 
-     structure of type "other".
-     [Steve Henson]
-
-  *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
-     sure the loop does correctly stop and breaking ("division by zero")
-     modulus operations are not performed. The (pre-generated) prime
-     table crypto/bn/bn_prime.h was already correct, but it could not be
-     re-generated on some platforms because of the "division by zero"
-     situation in the script.
-     [Ralf S. Engelschall]
-
-  *) Update support for ECC-based TLS ciphersuites according to
-     draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
-     SHA-1 now is only used for "small" curves (where the
-     representation of a field element takes up to 24 bytes); for
-     larger curves, the field element resulting from ECDH is directly
-     used as premaster secret.
-     [Douglas Stebila (Sun Microsystems Laboratories)]
-
-  *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
-     curve secp160r1 to the tests.
-     [Douglas Stebila (Sun Microsystems Laboratories)]
-
-  *) Add the possibility to load symbols globally with DSO.
-     [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
-
-  *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
-     control of the error stack.
-     [Richard Levitte]
-
-  *) Add support for STORE in ENGINE.
-     [Richard Levitte]
-
-  *) Add the STORE type.  The intention is to provide a common interface
-     to certificate and key stores, be they simple file-based stores, or
-     HSM-type store, or LDAP stores, or...
-     NOTE: The code is currently UNTESTED and isn't really used anywhere.
-     [Richard Levitte]
-
-  *) Add a generic structure called OPENSSL_ITEM.  This can be used to
-     pass a list of arguments to any function as well as provide a way
-     for a function to pass data back to the caller.
-     [Richard Levitte]
-
-  *) Add the functions BUF_strndup() and BUF_memdup().  BUF_strndup()
-     works like BUF_strdup() but can be used to duplicate a portion of
-     a string.  The copy gets NUL-terminated.  BUF_memdup() duplicates
-     a memory area.
-     [Richard Levitte]
-
-  *) Add the function sk_find_ex() which works like sk_find(), but will
-     return an index to an element even if an exact match couldn't be
-     found.  The index is guaranteed to point at the element where the
-     searched-for key would be inserted to preserve sorting order.
-     [Richard Levitte]
-
-  *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
-     takes an extra flags argument for optional functionality.  Currently,
-     the following flags are defined:
-
-	OBJ_BSEARCH_VALUE_ON_NOMATCH
-	This one gets OBJ_bsearch_ex() to return a pointer to the first
-	element where the comparing function returns a negative or zero
-	number.
-
-	OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
-	This one gets OBJ_bsearch_ex() to return a pointer to the first
-	element where the comparing function returns zero.  This is useful
-	if there are more than one element where the comparing function
-	returns zero.
-     [Richard Levitte]
-
-  *) Make it possible to create self-signed certificates with 'openssl ca'
-     in such a way that the self-signed certificate becomes part of the
-     CA database and uses the same mechanisms for serial number generation
-     as all other certificate signing.  The new flag '-selfsign' enables
-     this functionality.  Adapt CA.sh and CA.pl.in.
-     [Richard Levitte]
-
-  *) Add functionality to check the public key of a certificate request
-     against a given private.  This is useful to check that a certificate
-     request can be signed by that key (self-signing).
-     [Richard Levitte]
+  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+     (CAN-2004-0112)
+     [Joe Orton, Steve Henson]   
 
   *) Make it possible to have multiple active certificates with the same
      subject in the CA index file.  This is done only if the keyword
@@ -219,470 +31,6 @@
      named like the index file with '.attr' appended to the name.
      [Richard Levitte]
 
-  *) Generate muti valued AVAs using '+' notation in config files for
-     req and dirName.
-     [Steve Henson]
-
-  *) Support for nameConstraints certificate extension.
-     [Steve Henson]
-
-  *) Support for policyConstraints certificate extension.
-     [Steve Henson]
-
-  *) Support for policyMappings certificate extension.
-     [Steve Henson]
-
-  *) Fixed a typo bug that would cause ENGINE_set_default() to set an
-     ENGINE as defaults for all supported algorithms irrespective of
-     the 'flags' parameter. 'flags' is now honoured, so applications
-     should make sure they are passing it correctly.
-     [Geoff Thorpe]
-
-  *) Make sure the default DSA_METHOD implementation only uses its
-     dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
-     and change its own handlers to be NULL so as to remove unnecessary
-     indirection. This lets alternative implementations fallback to the
-     default implementation more easily.
-     [Geoff Thorpe]
-
-  *) Support for directoryName in GeneralName related extensions
-     in config files.
-     [Steve Henson]
-
-  *) Make it possible to link applications using Makefile.shared.
-     Make that possible even when linking against static libraries!
-     [Richard Levitte]
-
-  *) Support for single pass processing for S/MIME signing. This now
-     means that S/MIME signing can be done from a pipe, in addition
-     cleartext signing (multipart/signed type) is effectively streaming
-     and the signed data does not need to be all held in memory.
-
-     This is done with a new flag PKCS7_STREAM. When this flag is set
-     PKCS7_sign() only initializes the PKCS7 structure and the actual signing
-     is done after the data is output (and digests calculated) in
-     SMIME_write_PKCS7().
-     [Steve Henson]
-
-  *) Add full support for -rpath/-R, both in shared libraries and
-     applications, at least on the platforms where it's known how
-     to do it.
-     [Richard Levitte]
-
-  *) In crypto/ec/ec_mult.c, implement fast point multiplication with
-     precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
-     will now compute a table of multiples of the generator that
-     makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
-     faster (notably in the case of a single point multiplication,
-     scalar * generator).
-     [Nils Larsch, Bodo Moeller]
-
-  *) IPv6 support for certificate extensions. The various extensions
-     which use the IP:a.b.c.d can now take IPv6 addresses using the
-     formats of RFC1884 2.2 . IPv6 addresses are now also displayed
-     correctly.
-     [Steve Henson]
-
-  *) Added an ENGINE that implements RSA by performing private key
-     exponentiations with the GMP library. The conversions to and from
-     GMP's mpz_t format aren't optimised nor are any montgomery forms
-     cached, and on x86 it appears OpenSSL's own performance has caught up.
-     However there are likely to be other architectures where GMP could
-     provide a boost. This ENGINE is not built in by default, but it can be
-     specified at Configure time and should be accompanied by the necessary
-     linker additions, eg;
-         ./config -DOPENSSL_USE_GMP -lgmp
-     [Geoff Thorpe]
-
-  *) "openssl engine" will not display ENGINE/DSO load failure errors when
-     testing availability of engines with "-t" - the old behaviour is
-     produced by increasing the feature's verbosity with "-tt".
-     [Geoff Thorpe]
-
-  *) ECDSA routines: under certain error conditions uninitialized BN objects
-     could be freed. Solution: make sure initialization is performed early
-     enough. (Reported and fix supplied by Nils Larsch <nla@trustcenter.de>
-     via PR#459)
-     [Lutz Jaenicke]
-
-  *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
-     and DH_METHOD (eg. by ENGINE implementations) to override the normal
-     software implementations. For DSA and DH, parameter generation can
-     also be overriden by providing the appropriate method callbacks.
-     [Geoff Thorpe]
-
-  *) Change the "progress" mechanism used in key-generation and
-     primality testing to functions that take a new BN_GENCB pointer in
-     place of callback/argument pairs. The new API functions have "_ex"
-     postfixes and the older functions are reimplemented as wrappers for
-     the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
-     declarations of the old functions to help (graceful) attempts to
-     migrate to the new functions. Also, the new key-generation API
-     functions operate on a caller-supplied key-structure and return
-     success/failure rather than returning a key or NULL - this is to
-     help make "keygen" another member function of RSA_METHOD etc.
-
-     Example for using the new callback interface:
-
-          int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
-          void *my_arg = ...;
-          BN_GENCB my_cb;
-
-          BN_GENCB_set(&my_cb, my_callback, my_arg);
-
-          return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
-          /* For the meaning of a, b in calls to my_callback(), see the
-           * documentation of the function that calls the callback.
-           * cb will point to my_cb; my_arg can be retrieved as cb->arg.
-           * my_callback should return 1 if it wants BN_is_prime_ex()
-           * to continue, or 0 to stop.
-           */
-
-     [Geoff Thorpe]
-
-  *) Change the ZLIB compression method to be stateful, and make it
-     available to TLS with the number defined in 
-     draft-ietf-tls-compression-04.txt.
-     [Richard Levitte]
-
-  *) Add the ASN.1 structures and functions for CertificatePair, which
-     is defined as follows (according to X.509_4thEditionDraftV6.pdf):
-
-     CertificatePair ::= SEQUENCE {
-        forward		[0]	Certificate OPTIONAL,
-        reverse		[1]	Certificate OPTIONAL,
-        -- at least one of the pair shall be present -- }
-
-     Also implement the PEM functions to read and write certificate
-     pairs, and defined the PEM tag as "CERTIFICATE PAIR".
-
-     This needed to be defined, mostly for the sake of the LDAP
-     attribute crossCertificatePair, but may prove useful elsewhere as
-     well.
-     [Richard Levitte]
-
-  *) Make it possible to inhibit symlinking of shared libraries in
-     Makefile.shared, for Cygwin's sake.
-     [Richard Levitte]
-
-  *) Extend the BIGNUM API by creating new macros that behave like
-     functions
-
-          void BN_set_sign(BIGNUM *a, int neg);
-          int BN_get_sign(const BIGNUM *a);
-
-     and avoid the need to access 'a->neg' directly in applications.
-     [Nils Larsch  <nla@trustcenter.de>]
-
-  *) Implement fast modular reduction for pseudo-Mersenne primes
-     used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
-     EC_GROUP_new_curve_GFp() will now automatically use this
-     if applicable.
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add new lock type (CRYPTO_LOCK_BN).
-     [Bodo Moeller]
-
-  *) Change the ENGINE framework to automatically load engines
-     dynamically from specific directories unless they could be
-     found to already be built in or loaded.  Move all the
-     current engines except for the cryptodev one to a new
-     directory engines/.
-     The engines in engines/ are built as shared libraries if
-     the "shared" options was given to ./Configure or ./config.
-     Otherwise, they are inserted in libcrypto.a.
-     /usr/local/ssl/engines is the default directory for dynamic
-     engines, but that can be overriden at configure time through
-     the usual use of --prefix and/or --openssldir, and at run
-     time with the environment variable OPENSSL_ENGINES.
-     [Geoff Thorpe and Richard Levitte]
-
-  *) Add Makefile.shared, a helper makefile to build shared
-     libraries.  Addapt Makefile.org.
-     [Richard Levitte]
-
-  *) Add version info to Win32 DLLs.
-     [Peter 'Luna' Runestig" <peter@runestig.com>]
-
-  *) Add new 'medium level' PKCS#12 API. Certificates and keys
-     can be added using this API to created arbitrary PKCS#12
-     files while avoiding the low level API.
-
-     New options to PKCS12_create(), key or cert can be NULL and
-     will then be omitted from the output file. The encryption
-     algorithm NIDs can be set to -1 for no encryption, the mac
-     iteration count can be set to 0 to omit the mac.
-
-     Enhance pkcs12 utility by making the -nokeys and -nocerts
-     options work when creating a PKCS#12 file. New option -nomac
-     to omit the mac, NONE can be set for an encryption algorithm.
-     New code is modified to use the enhanced PKCS12_create()
-     instead of the low level API.
-     [Steve Henson]
-
-  *) Extend ASN1 encoder to support indefinite length constructed
-     encoding. This can output sequences tags and octet strings in
-     this form. Modify pk7_asn1.c to support indefinite length
-     encoding. This is experimental and needs additional code to
-     be useful, such as an ASN1 bio and some enhanced streaming
-     PKCS#7 code.
-
-     Extend template encode functionality so that tagging is passed
-     down to the template encoder.
-     [Steve Henson]
-
-  *) Let 'openssl req' fail if an argument to '-newkey' is not
-     recognized instead of using RSA as a default.
-     [Bodo Moeller]
-
-  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
-     As these are not official, they are not included in "ALL";
-     the "ECCdraft" ciphersuite group alias can be used to select them.
-     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
-
-  *) Add ECDH engine support.
-     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
-
-  *) Add ECDH in new directory crypto/ecdh/.
-     [Douglas Stebila (Sun Microsystems Laboratories)]
-
-  *) Let BN_rand_range() abort with an error after 100 iterations
-     without success (which indicates a broken PRNG).
-     [Bodo Moeller]
-
-  *) Change BN_mod_sqrt() so that it verifies that the input value
-     is really the square of the return value.  (Previously,
-     BN_mod_sqrt would show GIGO behaviour.)
-     [Bodo Moeller]
-
-  *) Add named elliptic curves over binary fields from X9.62, SECG,
-     and WAP/WTLS; add OIDs that were still missing.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Extend the EC library for elliptic curves over binary fields
-     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
-     New EC_METHOD:
-
-          EC_GF2m_simple_method
-
-     New API functions:
-
-          EC_GROUP_new_curve_GF2m
-          EC_GROUP_set_curve_GF2m
-          EC_GROUP_get_curve_GF2m
-          EC_POINT_set_affine_coordinates_GF2m
-          EC_POINT_get_affine_coordinates_GF2m
-          EC_POINT_set_compressed_coordinates_GF2m
-
-     Point compression for binary fields is disabled by default for
-     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
-     enable it).
-
-     As binary polynomials are represented as BIGNUMs, various members
-     of the EC_GROUP and EC_POINT data structures can be shared
-     between the implementations for prime fields and binary fields;
-     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
-     are essentially identical to their ..._GFp counterparts.
-     (For simplicity, the '..._GFp' prefix has been dropped from
-     various internal method names.)
-
-     An internal 'field_div' method (similar to 'field_mul' and
-     'field_sqr') has been added; this is used only for binary fields.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
-     through methods ('mul', 'precompute_mult').
-
-     The generic implementations (now internally called 'ec_wNAF_mul'
-     and 'ec_wNAF_precomputed_mult') remain the default if these
-     methods are undefined.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) New function EC_GROUP_get_degree, which is defined through
-     EC_METHOD.  For curves over prime fields, this returns the bit
-     length of the modulus.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) New functions EC_GROUP_dup, EC_POINT_dup.
-     (These simply call ..._new  and ..._copy).
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
-     Polynomials are represented as BIGNUMs (where the sign bit is not
-     used) in the following functions [macros]:  
-
-          BN_GF2m_add
-          BN_GF2m_sub             [= BN_GF2m_add]
-          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
-          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
-          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
-          BN_GF2m_mod_inv
-          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
-          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
-          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
-          BN_GF2m_cmp             [= BN_ucmp]
-
-     (Note that only the 'mod' functions are actually for fields GF(2^m).
-     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
-
-     For some functions, an the irreducible polynomial defining a
-     field can be given as an 'unsigned int[]' with strictly
-     decreasing elements giving the indices of those bits that are set;
-     i.e., p[] represents the polynomial
-          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
-     where
-          p[0] > p[1] > ... > p[k] = 0.
-     This applies to the following functions:
-
-          BN_GF2m_mod_arr
-          BN_GF2m_mod_mul_arr
-          BN_GF2m_mod_sqr_arr
-          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
-          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
-          BN_GF2m_mod_exp_arr
-          BN_GF2m_mod_sqrt_arr
-          BN_GF2m_mod_solve_quad_arr
-          BN_GF2m_poly2arr
-          BN_GF2m_arr2poly
-
-     Conversion can be performed by the following functions:
-
-          BN_GF2m_poly2arr
-          BN_GF2m_arr2poly
-
-     bntest.c has additional tests for binary polynomial arithmetic.
-
-     Two implementations for BN_GF2m_mod_div() are available.
-     The default algorithm simply uses BN_GF2m_mod_inv() and
-     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
-     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
-     copyright notice in crypto/bn/bn_gf2m.c before enabling it).
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Add new error code 'ERR_R_DISABLED' that can be used when some
-     functionality is disabled at compile-time.
-     [Douglas Stebila <douglas.stebila@sun.com>]
-
-  *) Change default behaviour of 'openssl asn1parse' so that more
-     information is visible when viewing, e.g., a certificate:
-
-     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
-     mode the content of non-printable OCTET STRINGs is output in a
-     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
-     avoid the appearance of a printable string.
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
-     functions
-          EC_GROUP_set_asn1_flag()
-          EC_GROUP_get_asn1_flag()
-          EC_GROUP_set_point_conversion_form()
-          EC_GROUP_get_point_conversion_form()
-     These control ASN1 encoding details:
-     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
-       has been set to OPENSSL_EC_NAMED_CURVE.
-     - Points are encoded in uncompressed form by default; options for
-       asn1_for are as for point2oct, namely
-          POINT_CONVERSION_COMPRESSED
-          POINT_CONVERSION_UNCOMPRESSED
-          POINT_CONVERSION_HYBRID
-
-     Also add 'seed' and 'seed_len' members to EC_GROUP with access
-     functions
-          EC_GROUP_set_seed()
-          EC_GROUP_get0_seed()
-          EC_GROUP_get_seed_len()
-     This is used only for ASN1 purposes (so far).
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add 'field_type' member to EC_METHOD, which holds the NID
-     of the appropriate field type OID.  The new function
-     EC_METHOD_get_field_type() returns this value.
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add functions 
-          EC_POINT_point2bn()
-          EC_POINT_bn2point()
-          EC_POINT_point2hex()
-          EC_POINT_hex2point()
-     providing useful interfaces to EC_POINT_point2oct() and
-     EC_POINT_oct2point().
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Change internals of the EC library so that the functions
-          EC_GROUP_set_generator()
-          EC_GROUP_get_generator()
-          EC_GROUP_get_order()
-          EC_GROUP_get_cofactor()
-     are implemented directly in crypto/ec/ec_lib.c and not dispatched
-     to methods, which would lead to unnecessary code duplication when
-     adding different types of curves.
-     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
-
-  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
-     arithmetic, and such that modified wNAFs are generated
-     (which avoid length expansion in many cases).
-     [Bodo Moeller]
-
-  *) Add a function EC_GROUP_check_discriminant() (defined via
-     EC_METHOD) that verifies that the curve discriminant is non-zero.
-
-     Add a function EC_GROUP_check() that makes some sanity tests
-     on a EC_GROUP, its generator and order.  This includes
-     EC_GROUP_check_discriminant().
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add ECDSA in new directory crypto/ecdsa/.
-
-     Add applications 'openssl ecparam' and 'openssl ecdsa'
-     (these are based on 'openssl dsaparam' and 'openssl dsa').
-
-     ECDSA support is also included in various other files across the
-     library.  Most notably,
-     - 'openssl req' now has a '-newkey ecdsa:file' option;
-     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
-     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
-       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
-       them suitable for ECDSA where domain parameters must be
-       extracted before the specific public key;
-     - ECDSA engine support has been added.
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Include some named elliptic curves, and add OIDs from X9.62,
-     SECG, and WAP/WTLS.  Each curve can be obtained from the new
-     function
-          EC_GROUP_new_by_nid(),
-     and the list of available named curves can be obtained with
-          EC_get_builtin_curves().
-     Also add a 'curve_name' member to EC_GROUP objects, which can be
-     accessed via
-         EC_GROUP_set_nid()
-         EC_GROUP_get_nid()
-     [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
- 
-  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
-     was actually never needed) and in BN_mul().  The removal in BN_mul()
-     required a small change in bn_mul_part_recursive() and the addition
-     of the functions bn_cmp_part_words(), bn_sub_part_words() and
-     bn_add_part_words(), which do the same thing as bn_cmp_words(),
-     bn_sub_words() and bn_add_words() except they take arrays with
-     differing sizes.
-     [Richard Levitte]
-
- Changes between 0.9.7c and 0.9.7d  [xx XXX XXXX]
-
   *) X509 verify fixes. Disable broken certificate workarounds when 
      X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
      keyUsage extension present. Don't accept CRLs with unhandled critical
@@ -786,8 +134,11 @@
      between threads, blinding will still be very fast).
      [Bodo Moeller]
 
-yet to be integrated into this CVS branch:
-- Geoff's ENGINE_set_default() fix
+  *) Fixed a typo bug that would cause ENGINE_set_default() to set an
+     ENGINE as defaults for all supported algorithms irrespective of
+     the 'flags' parameter. 'flags' is now honoured, so applications
+     should make sure they are passing it correctly.
+     [Geoff Thorpe]
 
   *) Target "mingw" now allows native Windows code to be generated in
      the Cygwin environment as well as with the MinGW compiler.
@@ -2697,18 +2048,22 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
- Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
+ Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
 
-  *) Fix various bugs revealed by running the NISCC test suite:
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+     by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+     [Joe Orton, Steve Henson]
 
-     Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+ Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
 
-     If verify callback ignores invalid public key errors don't try to check
-     certificate signature with the NULL public key.
+  *) Fix additional bug revealed by the NISCC test suite:
 
+     Stop bug triggering large recursion when presented with
+     certain ASN.1 tags (CAN-2003-0851)
      [Steve Henson]
 
+ Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
+
   *) Fix various bugs revealed by running the NISCC test suite:
 
      Stop out of bounds reads in the ASN1 code when presented with

Configure

@@ -10,7 +10,7 @@ use strict;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [[no-]fips] [debug] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -135,21 +135,21 @@ my %table=(
 # Our development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
 "debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
+"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+"debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_FIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32::::win32:cygwin-shared:::.dll",
-"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
-"debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn:linux-shared",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DBN_CTX_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",		"cc:-O::(unknown)::::::",
 
 # Basic configs that should work on any (32 and less bit) box
@@ -169,17 +169,18 @@ my %table=(
 
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:asm/des_enc-sparc.o fcrypt_b.o::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 ####
 "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
@@ -188,9 +189,9 @@ my %table=(
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:asm/des_enc-sparc.o fcrypt_b.o::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
 "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -199,12 +200,12 @@ my %table=(
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:asm/des_enc-sparc.o fcrypt_b.o::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # Sunos configs, assuming sparc for the gcc one.
 ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::",
@@ -241,7 +242,7 @@ my %table=(
 #   suitable for execution on the host you're currently compiling at.
 #   If the toolkit is ment to be used on various PA-RISC processors
 #   consider './config +DAportable'.
-# - +DD64 is chosen in favour of +DA2.0W because it's meant to be
+# - +DD64 is chosen in favour of +DA2.0W because it's ment to be
 #   compatible with *future* releases.
 # - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
 #   pass -D_REENTRANT on HP-UX 10 and later.
@@ -252,14 +253,21 @@ my %table=(
 #   crypto/sha/sha_lcl.h.
 #					<appro@fy.chalmers.se>
 #
+#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # Since there is mention of this in shlib/hpux10-cc.sh
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o:::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # 64bit PARISC for GCC without optimization, which seems to make problems.
 # Submitted by <ross.alexander@uk.neceur.com>
 "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# IA-64 targets
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
+# with debugging of the following config.
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -272,16 +280,6 @@ my %table=(
 # hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
 "hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
-# HP/UX IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
-# with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# GCC builds [not tested yet]...
-# _ILP32 should have been defined by compiler driver, but it isn't...
-"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_ILP32::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64.o:::::::::dlfcn:hpux-shared:-fpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64.o:::::::::dlfcn:hpux-shared:-fpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
-
 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
 # egcs.  gcc 2.8.1 is also broken.
@@ -378,7 +376,6 @@ my %table=(
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-pentium",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ppro",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -432,7 +429,7 @@ my %table=(
 # compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
 # patiently assisted to debug most of it.
 #
-# UnixWare 2.0x fails destest with -O.
+# UnixWare 2.0x fails destest with -O
 "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -521,13 +518,6 @@ my %table=(
 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",
-"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32::::win32:cygwin-shared:::.dll",
-
-# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools
-# netware-clib => legacy CLib c-runtime support
-"netware-clib", "mwccnlm:::::${x86_gcc_opts}:::",
-# netware-libc => LibC/NKS support
-"netware-libc", "mwccnlm:::::BN_LLONG ${x86_gcc_opts}:::",
 
 # DJGPP
 "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
@@ -546,8 +536,8 @@ my %table=(
 "OpenBSD-m88k",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-mips",		"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-powerpc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::asm/des_enc-sparc.o fcrypt_b.o::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::asm/des_enc-sparc.o fcrypt_b.o::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-vax",		"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-hppa",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
@@ -580,8 +570,8 @@ my %table=(
 
 );
 
-my @MK1MF_Builds=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS
-	BC-32 BC-16 Mingw32 OS2-EMX netware-clib netware-libc);
+my @WinTargets=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS
+	BC-32 BC-16 Mingw32 OS2-EMX);
 
 my $idx = 0;
 my $idx_cc = $idx++;
@@ -620,7 +610,7 @@ my $threads=0;
 my $no_asm=0;
 my $no_dso=0;
 my @skip=();
-my $Makefile="Makefile.ssl";
+my $Makefile="Makefile";
 my $des_locl="crypto/des/des_locl.h";
 my $des	="crypto/des/des.h";
 my $bn	="crypto/bn/bn.h";
@@ -632,6 +622,7 @@ my $rc2	="crypto/rc2/rc2.h";
 my $bf	="crypto/bf/bf_locl.h";
 my $bn_asm	="bn_asm.o";
 my $des_enc="des_enc.o fcrypt_b.o";
+my $fips_des_enc="fips_des_enc.o";
 my $bf_enc	="bf_enc.o";
 my $cast_enc="c_enc.o";
 my $rc4_enc="rc4_enc.o";
@@ -642,6 +633,8 @@ my $rmd160_obj="";
 my $processor="";
 my $default_ranlib;
 my $perl;
+my $fips=0;
+my $debug=0;
 
 my $no_ssl2=0;
 my $no_ssl3=0;
@@ -702,7 +695,7 @@ PROCESS_ARGS:
 		elsif (/^no-asm$/)
 		 	{
 			$no_asm=1;
-			#$flags .= "-DOPENSSL_NO_ASM ";
+			$flags .= "-DOPENSSL_NO_ASM ";
 			$openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
 			}
 		elsif (/^no-err$/)
@@ -714,12 +707,12 @@ PROCESS_ARGS:
 			{
 			my $hw=$1;
 			$hw =~ tr/[a-z]/[A-Z]/;
-			#$flags .= "-DOPENSSL_NO_HW_$hw ";
+			$flags .= "-DOPENSSL_NO_HW_$hw ";
 			$openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n";
 			}
 		elsif (/^no-hw$/)
 			{
-			#$flags .= "-DOPENSSL_NO_HW ";
+			$flags .= "-DOPENSSL_NO_HW ";
 			$openssl_other_defines .= "#define OPENSSL_NO_HW\n";
 			}
 		elsif (/^no-dso$/)
@@ -750,50 +743,31 @@ PROCESS_ARGS:
 			{ $no_ssl3 = 1; }
 		elsif (/^no-tls1?$/)
 			{ $no_tls1 = 1; }
+		elsif (/^no-fips$/)
+			{ $fips = 0; }
 		elsif (/^no-(.+)$/)
 			{
 			my $algo=$1;
 			push @skip,$algo;
 			$algo =~ tr/[a-z]/[A-Z]/;
-			#$flags .= "-DOPENSSL_NO_$algo ";
-			#$depflags .= "-DOPENSSL_NO_$algo ";
+			$flags .= "-DOPENSSL_NO_$algo ";
+			$depflags .= "-DOPENSSL_NO_$algo ";
 			$openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n";
 			if ($algo eq "RIJNDAEL")
 				{
 				push @skip, "aes";
-				#$flags .= "-DOPENSSL_NO_AES ";
-				#$depflags .= "-DOPENSSL_NO_AES ";
+				$flags .= "-DOPENSSL_NO_AES ";
+				$depflags .= "-DOPENSSL_NO_AES ";
 				$openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n";
 				}
 			if ($algo eq "DES")
 				{
 				push @skip, "mdc2";
 				$options .= " no-mdc2";
-				#$flags .= "-DOPENSSL_NO_MDC2 ";
-				#$depflags .= "-DOPENSSL_NO_MDC2 ";
+				$flags .= "-DOPENSSL_NO_MDC2 ";
+				$depflags .= "-DOPENSSL_NO_MDC2 ";
 				$openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
 				}
-			if ($algo eq "EC")
-				{
-				push @skip, "ecdsa";
-				push @skip, "ecdh";
-				$options .= " no-ecdsa";
-				$options .= " no-ecdh";
-				$flags .= "-DOPENSSL_NO_ECDSA ";
-				$flags .= "-DOPENSSL_NO_ECDH ";
-				$depflags .= "-DOPENSSL_NO_ECDSA ";
-				$depflags .= "-DOPENSSL_NO_ECDH ";
-				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDSA\n";
-				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDH\n";
-				}
-			if ($algo eq "SHA" || $algo eq "SHA1")
-				{
-				push @skip, "ecdsa";
-				$options .= " no-ecdsa";
-				$flags .= "-DOPENSSL_NO_ECDSA ";
-				$depflags .= "-DOPENSSL_NO_ECDSA ";
-				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDSA\n";
-				}
 			if ($algo eq "MD5")
 				{
 				$no_md5 = 1;
@@ -836,6 +810,14 @@ PROCESS_ARGS:
 			}
 		elsif (/^386$/)
 			{ $processor=386; }
+		elsif (/^fips$/)
+			{
+			$fips=1;
+		        }
+		elsif (/^debug$/)
+			{
+			$debug=1;
+			}
 		elsif (/^rsaref$/)
 			{
 			# No RSAref support any more since it's not needed.
@@ -906,24 +888,24 @@ $no_tls1=1 if ($no_dh);
 if ($no_ssl2)
 	{
 	push @skip,"SSL2";
-	#$flags .= "-DOPENSSL_NO_SSL2 ";
-	#$depflags .= "-DOPENSSL_NO_SSL2 ";
+	$flags .= "-DOPENSSL_NO_SSL2 ";
+	$depflags .= "-DOPENSSL_NO_SSL2 ";
 	$openssl_algorithm_defines .= "#define OPENSSL_NO_SSL2\n";
 	}
 
 if ($no_ssl3)
 	{
 	push @skip,"SSL3";
-	#$flags .= "-DOPENSSL_NO_SSL3 ";
-	#$depflags .= "-DOPENSSL_NO_SSL3 ";
+	$flags .= "-DOPENSSL_NO_SSL3 ";
+	$depflags .= "-DOPENSSL_NO_SSL3 ";
 	$openssl_algorithm_defines .= "#define OPENSSL_NO_SSL3\n";
 	}
 
 if ($no_tls1)
 	{
 	push @skip,"TLS1";
-	#$flags .= "-DOPENSSL_NO_TLS1 ";
-	#$depflags .= "-DOPENSSL_NO_TLS1 ";
+	$flags .= "-DOPENSSL_NO_TLS1 ";
+	$depflags .= "-DOPENSSL_NO_TLS1 ";
 	$openssl_algorithm_defines .= "#define OPENSSL_NO_TLS1\n";
 	}
 
@@ -950,7 +932,7 @@ print "Configuring for $target\n";
 
 &usage if (!defined($table{$target}));
 
-my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
+my $IsWindows=scalar grep /^$target$/,@WinTargets;
 
 $exe_ext=".exe" if ($target eq "Cygwin");
 $exe_ext=".exe" if ($target eq "DJGPP");
@@ -964,7 +946,7 @@ $openssldir=$prefix . "/ssl" if $openssldir eq "";
 $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
 
 
-print "IsMK1MF=$IsMK1MF\n";
+print "IsWindows=$IsWindows\n";
 
 my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 my $cc = $fields[$idx_cc];
@@ -1001,7 +983,7 @@ if ($no_krb5
 	|| !defined($withargs{"krb5-flavor"})
 	|| $withargs{"krb5-flavor"} eq "")
 	{
-	#$cflags="-DOPENSSL_NO_KRB5 $cflags";
+	$cflags="-DOPENSSL_NO_KRB5 $cflags";
 	$options.=" no-krb5" unless $no_krb5;
 	$openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n";
 	}
@@ -1127,7 +1109,7 @@ if (!$no_shared)
 
 if ($threads)
 	{
-	#$cflags=$thread_cflags;
+	$cflags=$thread_cflags;
 	$openssl_thread_defines .= $thread_defines;
 	}
 
@@ -1149,39 +1131,13 @@ if (!$no_shared)
 	{
 	if ($shared_cflag ne "")
 		{
-		$cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
-		}
-	}
-
-if ($no_shared)
-	{
-	#$cflags="-DOPENSSL_NO_DYNAMIC_ENGINE $cflags";
-	$openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
-	}
-else
-	{
-	#$cflags="-DOPENSSL_NO_STATIC_ENGINE $cflags";
-	$openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
-	}
-
-# Compiler fix-ups
-if ($target =~ /icc$/)
-	{
-	my($iccver)=`$cc -V 2>&1`;
-	if ($iccver =~ /Version ([0-9]+)\./)	{ $iccver=$1; }
-	else					{ $iccver=0;  }
-	if ($iccver>=8)
-		{
-		# Eliminate unnecessary dependency from libirc.a. This is
-		# essential for shared library support, as otherwise
-		# apps/openssl can end up in endless loop upon startup...
-		$cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
+		$cflags = "$shared_cflag $cflags";
 		}
 	}
 
 if ($sys_id ne "")
 	{
-	#$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
+	$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
 	$openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
 	}
 
@@ -1196,15 +1152,21 @@ if ($ranlib eq "")
 #$bn_obj="$bn1";
 
 $bn_obj = $bn_asm unless $bn_obj ne "";
-# bn86* is the only one implementing bn_*_part_words
-$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
 
-$des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
+if ($fips)
+	{
+	$des_obj=$sha1_obj="";
+	$openssl_other_defines.="#define OPENSSL_FIPS\n";
+	}
+$des_obj=$des_enc	unless (!$fips && $des_obj =~ /\.o$/);
+my $fips_des_obj='asm/fips-dx86-elf.o';
+$fips_des_obj=$fips_des_enc unless $processor eq '386';
+my $fips_sha1_obj='asm/sx86-elf.o' if $processor eq '386';
 $bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
 $cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
 $rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);
 $rc5_obj=$rc5_enc	unless ($rc5_obj =~ /\.o$/);
-if ($sha1_obj =~ /\.o$/)
+if ($sha1_obj =~ /\.o$/ || $fips_sha1_obj =~ /\.o$/)
 	{
 #	$sha1_obj=$sha1_enc;
 	$cflags.=" -DSHA1_ASM";
@@ -1220,12 +1182,17 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}
 
+if ($debug)
+	{
+	$cflags.=" -g";
+	$cflags=~s/-fomit-frame-pointer//;
+	}
+
 # "Stringify" the C flags string.  This permits it to be made part of a string
 # and works as well on command lines.
 $cflags =~ s/([\\\"])/\\\1/g;
 
 my $version = "unknown";
-my $version_num = "unknown";
 my $major = "unknown";
 my $minor = "unknown";
 my $shlib_version_number = "unknown";
@@ -1237,7 +1204,6 @@ open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
 while (<IN>)
 	{
 	$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
-	$version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
 	$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
 	$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
 	}
@@ -1294,12 +1260,14 @@ while (<IN>)
 	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
 	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
+	s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
 	s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
 	s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
 	s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
 	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
 	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
+	s/^FIPS_SHA1_ASM_OBJ=.*$/FIPS_SHA1_ASM_OBJ= $fips_sha1_obj/;
 	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
 	s/^PROCESSOR=.*/PROCESSOR= $processor/;
 	s/^RANLIB=.*/RANLIB= $ranlib/;
@@ -1527,12 +1495,12 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
 print "BF_PTR used\n" if $bf_ptr == 1; 
 print "BF_PTR2 used\n" if $bf_ptr == 2; 
 
-if($IsMK1MF) {
+if($IsWindows) {
 	open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
 	printf OUT <<EOF;
 #ifndef MK1MF_BUILD
   /* auto-generated by Configure for crypto/cversion.c:
-   * for Unix builds, crypto/Makefile.ssl generates functional definitions;
+   * for Unix builds, crypto/Makefile generates functional definitions;
    * Windows builds (and other mk1mf builds) compile cversion.c with
    * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
   #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
@@ -1540,7 +1508,7 @@ if($IsMK1MF) {
 EOF
 	close(OUT);
 } else {
-	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+	my $make_command = "make PERL=\'$perl\'";
 	my $make_targets = "";
 	$make_targets .= " links" if $symlink;
 	$make_targets .= " depend" if $depflags ne "" && $make_depend;
@@ -1568,68 +1536,6 @@ EOF
 	}
 }
 
-# create the ms/version32.rc file if needed
-if ($IsMK1MF) {
-	my ($v1, $v2, $v3, $v4);
-	if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
-		$v1=hex $1;
-		$v2=hex $2;
-		$v3=hex $3;
-		$v4=hex $4;
-	}
-	open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
-	print OUT <<EOF;
-#include <winver.h>
-
-LANGUAGE 0x09,0x01
-
-1 VERSIONINFO
-  FILEVERSION $v1,$v2,$v3,$v4
-  PRODUCTVERSION $v1,$v2,$v3,$v4
-  FILEFLAGSMASK 0x3fL
-#ifdef _DEBUG
-  FILEFLAGS 0x01L
-#else
-  FILEFLAGS 0x00L
-#endif
-  FILEOS VOS__WINDOWS32
-  FILETYPE VFT_DLL
-  FILESUBTYPE 0x0L
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-	BLOCK "040904b0"
-	BEGIN
-	    // Required:	    
-	    VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
-	    VALUE "FileDescription", "OpenSSL Shared Library\\0"
-	    VALUE "FileVersion", "$version\\0"
-#if defined(CRYPTO)
-	    VALUE "InternalName", "libeay32\\0"
-	    VALUE "OriginalFilename", "libeay32.dll\\0"
-#elif defined(SSL)
-	    VALUE "InternalName", "ssleay32\\0"
-	    VALUE "OriginalFilename", "ssleay32.dll\\0"
-#endif
-	    VALUE "ProductName", "The OpenSSL Toolkit\\0"
-	    VALUE "ProductVersion", "$version\\0"
-	    // Optional:
-	    //VALUE "Comments", "\\0"
-	    VALUE "LegalCopyright", "Copyright © 1998-2002 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
-	    //VALUE "LegalTrademarks", "\\0"
-	    //VALUE "PrivateBuild", "\\0"
-	    //VALUE "SpecialBuild", "\\0"
-	END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x409, 0x4b0
-    END
-END
-EOF
-	close(OUT);
-  }
-  
 print <<EOF;
 
 Configured for $target.

FAQ

@@ -68,7 +68,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7c was released on September 30, 2003.
+OpenSSL 0.9.7d was released on March 17, 2004.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -460,7 +460,7 @@ get the best result from OpenSSL.  A bit more complicated solution is the
 following:
 
 ----- snip:start -----
-  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
+  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile | \
        sed -e 's/ -O[0-9] / -O0 /'`"
   rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
   make
@@ -649,26 +649,26 @@ built OpenSSL with /MD your application must use /MD and cannot use /MDd.
 * How do I read or write a DER encoded buffer using the ASN1 functions?
 
 You have two options. You can either use a memory BIO in conjunction
-with the i2d_*_bio() or d2i_*_bio() functions or you can use the
-i2d_*(), d2i_*() functions directly. Since these are often the
+with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
+i2d_XXX(), d2i_XXX() functions directly. Since these are often the
 cause of grief here are some code fragments using PKCS7 as an example:
 
- unsigned char *buf, *p;
- int len;
+unsigned char *buf, *p;
+int len;
 
- len = i2d_PKCS7(p7, NULL);
- buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
- p = buf;
- i2d_PKCS7(p7, &p);
+len = i2d_PKCS7(p7, NULL);
+buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
+p = buf;
+i2d_PKCS7(p7, &p);
 
 At this point buf contains the len bytes of the DER encoding of
 p7.
 
 The opposite assumes we already have len bytes in buf:
 
- unsigned char *p;
- p = buf;
- p7 = d2i_PKCS7(NULL, &p, len);
+unsigned char *p;
+p = buf;
+p7 = d2i_PKCS7(NULL, &p, len);
 
 At this point p7 contains a valid PKCS7 structure of NULL if an error
 occurred. If an error occurred ERR_print_errors(bio) should give more

INSTALL

@@ -2,10 +2,8 @@
  INSTALLATION ON THE UNIX PLATFORM
  ---------------------------------
 
- [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
-  and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
-  INSTALL.MacOS and INSTALL.NW.
-  
+ [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
+  is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
   This document describes installation on operating systems in the Unix
   family.]
 
@@ -125,7 +123,7 @@
      generic configurations "cc" or "gcc" should usually work on 32 bit
      systems.
 
-     Configure creates the file Makefile.ssl from Makefile.org and
+     Configure creates the file Makefile from Makefile.org and
      defines various macros in crypto/opensslconf.h (generated from
      crypto/opensslconf.h.in).
 
@@ -161,7 +159,7 @@
      the failure that isn't a problem in OpenSSL itself (like a missing
      or malfunctioning bc).  If it is a problem with OpenSSL itself,
      try removing any compiler optimization flags from the CFLAG line
-     in Makefile.ssl and run "make clean; make". Please send a bug
+     in Makefile and run "make clean; make". Please send a bug
      report to <openssl-bugs@openssl.org>, including the output of
      "make report" in order to be added to the request tracker at
      http://www.openssl.org/support/rt2.html.

INSTALL.NW

@@ -1,437 +0,0 @@
-
-INSTALLATION ON THE NETWARE PLATFORM
-------------------------------------
-
-Notes about building OpenSSL for NetWare.
-
-
-BUILD PLATFORM:
----------------
-The build scripts (batch files, perl scripts, etc) have been developed and
-tested on W2K.  The scripts should run fine on other Windows
-platforms (NT, Win9x, WinXP) but they haven't been tested.  They may require 
-some modifications.
-
-
-Supported NetWare Platforms - NetWare 5.x, NetWare 6.x:
-------------------------------------------
-OpenSSL uses the WinSock interfaces introduced in NetWare 5.  Therefore,
-previous versions of NetWare, 4.x and 3.x, are not supported.
-
-On NetWare there are two c-runtime libraries.  There is the legacy CLIB 
-interfaces and the newer LibC interfaces.  Being ANSI-C libraries, the 
-functionality in CLIB and LibC is similar but the LibC interfaces are built 
-using Novell Kernal Services (NKS) which is designed to leverage 
-multi-processor environments.
-
-The NetWare port of OpenSSL can configured to build using CLIB or LibC.  The 
-CLIB build was developed and tested using NetWare 5.0 sp6.0a.  The LibC 
-build was developed and tested using the NetWare 6.0 FCS.  
-
-The necessary LibC functionality ships with NetWare 6.  However, earlier 
-NetWare 5.x versions will require updates in order to run the OpenSSL LibC
-build.
-
-
-REQUIRED TOOLS:
----------------
-Based upon the configuration and build options used, some or all of the
-following tools may be required:
-
-
-* Perl for Win32 - required (http://www.activestate.com/ActivePerl)
-   Used to run the various perl scripts on the build platform.
-
-
-* Perl 5.8.0 for NetWare v3.20 (or later) - required 
-   (http://developer.novell.com) Used to run the test script on NetWare 
-   after building.
-
-
-* Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare - required:
-   Provides command line tools used for building.
-
-   Tools:
-   mwccnlm.exe  - C/C++ Compiler for NetWare
-   mwldnlm.exe  - Linker for NetWare
-   mwasmnlm.exe - x86 assembler for NetWare (if using assembly option)
-
-
-* Assemblers - optional:
-   If you intend to build using the assembly options you will need an
-   assembler.  Work has been completed to support two assemblers, Metrowerks
-   and NASM.  However, during development, a bug was found in the Metrowerks
-   assembler which generates incorrect code.  Until this problem is fixed,
-   the Metrowerks assembler cannot be used.
-
-   mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools.
-         (version 2.2 Built Aug 23, 1999 - not useable due to code
-          generation bug)
-
-   nasmw.exe - Netwide Assembler NASM
-         version 0.98 was used in development and testing
-
-* Make Tool - required:
-   In order to build you will need a make tool.  Two make tools are
-   supported, GNU make (gmake.exe) or Microsoft nmake.exe.
-
-   gmake.exe - GNU make for Windows (version 3.75 used for development)
-         http://www.gnu.org/software/make/make.html
-
-   nmake.exe - Microsoft make (Version 6.00.8168.0 used for development)
-
-
-* Novell Developer Kit (NDK) - required: (http://developer.novell.com)
-
-   CLIB - BUILDS:
-
-      WinSock2 Developer Components for NetWare:
-         For initial development, the October 27, 2000 version was used.
-         However, future versions should also work.
-
-         NOTE:  The WinSock2 components include headers & import files for
-         NetWare, but you will also need the winsock2.h and supporting
-         headers (pshpack4.h, poppack.h, qos.h) delivered in the
-         Microsoft SDK.  Note: The winsock2.h support headers may change
-         with various versions of winsock2.h.  Check the dependencies
-         section on the NDK WinSock2 download page for the latest
-         information on dependencies.
-
-
-      NLM and NetWare libraries for C (including CLIB and XPlat):
-			If you are going to build a CLIB version of OpenSSL, you will
-			need the CLIB headers and imports.  The March, 2001 NDK release or 
-			later is recommended.
-
-         Earlier versions should work but haven't been tested.  In recent
-         versions the import files have been consolidated and function
-         names moved.  This means you may run into link problems
-         (undefined symbols) when using earlier versions.   The functions
-         are available in earlier versions, but you will have to modifiy
-         the make files to include additional import files (see
-         openssl\util\pl\netware.pl).
-
-
-   LIBC - BUILDS:
-   
-      Libraries for C (LibC) - LibC headers and import files
-			If you are going to build a LibC version of OpenSSL, you will
-			need the LibC headers and imports.  The March 14, 2002 NDK release or
-			later is required.  
-         
-         NOTE: The LibC SDK includes the necessary WinSock2 support.  It
-         It is not necessary to download the WinSock2 Developer when building
-         for LibC.
-
-
-BUILDING:
----------
-Before building, you will need to set a few environment variables.  You can
-set them manually or you can modify the "netware\set_env.bat" file.
-
-The set_env.bat file is a template you can use to set up the path
-and environment variables you will need to build.  Modify the
-various lines to point to YOUR tools and run set_env.bat.
-
-	netware\set_env.bat [target]
-	
-      target        - "netware-clib" - CLib NetWare build
-                    - "netware-libc" - LibC NetWare build
-
-If you don't use set_env.bat, you will need to set up the following
-environment variables:
-
-   path - Set path to point to the tools you will use.
-
-   MWCIncludes - The location of the NDK include files.
-         
-			CLIB ex: set MWCIncludes=c:\ndk\nwsdk\include\nlm
-			LibC ex: set MWCIncludes=c:\ndk\libc\include
-
-   PRELUDE - The absolute path of the prelude object to link with.  For
-			a CLIB build it is recommended you use the "nwpre.obj" file shipped
-			with the Metrowerks PDK for NetWare.  For a LibC build you should 
-			use the "libcpre.o" file delivered with the LibC NDK components.
-         
-			CLIB ex: set PRELUDE=c:\codewar\novell support\metrowerks support\
-                               libraries\runtime\nwpre.obj
-										 
-			LibC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
-
-   IMPORTS - The locaton of the NDK import files.
-         
-			CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports
-			LibC ex: set IMPORTS=c:\ndk\libc\imports
-
-
-In order to build, you need to run the Perl scripts to configure the build
-process and generate a make file.  There is a batch file,
-"netware\build.bat", to automate the process.
-
-Build.bat runs the build configuration scripts and generates a make file.
-If an assembly option is specified, it also runs the scripts to generate 
-the assembly code.  Always run build.bat from the "openssl" directory.
-
-   netware\build [target] [debug opts] [assembly opts] [configure opts]
-	
-      target        - "netware-clib" - CLib NetWare build
-                    - "netware-libc" - LibC NetWare build
- 
-      debug opts    - "debug"  - build debug
-
-      assembly opts - "nw-mwasm" - use Metrowerks assembler
-                      "nw-nasm"  - use NASM assembler
-                      "no-asm"   - don't use assembly
-
-      configure opts- all unrecognized arguments are passed to the
-                       perl configure script
-
-   examples:
-	
-		CLIB build, debug, without assembly:
-			netware\build.bat netware-clib debug no-asm
-		
-		LibC build, non-debug, using NASM assembly:
-			netware\build.bat netware-libc nw-nasm
-		
-Running build.bat generates a make file to be processed by your make 
-tool (gmake or nmake):
-
-   CLIB ex: gmake -f netware\nlm_clib.mak 
-   LibC ex: gmake -f netware\nlm_libc.mak 
-
-
-You can also run the build scripts manually if you do not want to use the
-build.bat file.  Run the following scripts in the "\openssl"
-subdirectory (in the order listed below):
-
-   perl configure no-asm [other config opts] [netware-clib|netware-libc]
-      configures no assembly build for specified netware environment
-		(CLIB or LibC).
-
-   perl util\mkfiles.pl >MINFO
-      generates a listing of source files (used by mk1mf)
-
-   perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc >netware\nlm.mak
-      generates the makefile for NetWare
-
-   gmake -f netware\nlm.mak
-      build with the make tool (nmake.exe also works)
-
-NOTE:  If you are building using the assembly option, you must also run the
-various Perl scripts to generate the assembly files.  See build.bat
-for an example of running the various assembly scripts.  You must use the
-"no-asm" option to build without assembly.  The configure and mk1mf scripts
-also have various other options.  See the scripts for more information.
-
-
-The output from the build is placed in the following directories:
-
-   CLIB Debug build:
-      out_nw_clib.dbg     - static libs & test nlm(s)
-      tmp_nw_clib.dbg     - temporary build files
-      outinc_nw_clib      - necessary include files
-
-   CLIB Non-debug build:
-      out_nw_clib         - static libs & test nlm(s)
-      tmp_nw_clib         - temporary build files
-      outinc_nw_clib      - necesary include files
-
-   LibC Debug build:
-      out_nw_libc.dbg     - static libs & test nlm(s)
-      tmp_nw_libc.dbg     - temporary build files
-      outinc_nw_libc      - necessary include files
-
-   LibC Non-debug build:
-      out_nw_libc         - static libs & test nlm(s)
-      tmp_nw_libc         - temporary build files
-      outinc_nw_libc      - necesary include files
-
-
-TESTING:
---------
-The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib,
-rsaglue.lib ) and several test programs.  You should copy the test programs
-to your NetWare server and run the tests.
-
-The batch file "netware\cpy_tests.bat" will copy all the necessary files
-to your server for testing.  In order to run the batch file, you need a
-drive mapped to your target server.  It will create an "OpenSSL" directory
-on the drive and copy the test files to it.  CAUTION: If a directory with the
-name of "OpenSSL" already exists, it will be deleted.
-
-To run cpy_tests.bat:
-
-   netware\cpy_tests [output directory] [NetWare drive]
-
-      output directory - "out_nw_clib.dbg", "out_nw_libc", etc.
-      NetWare drive    - drive letter of mapped drive
-
-      CLIB ex: netware\cpy_tests out_nw_clib m:
-      LibC ex: netware\cpy_tests out_nw_libc m:
-
-
-The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server
-should be used to execute the tests.  Before running the script, make sure
-your SEARCH PATH includes the "OpenSSL" directory.  For example, if you
-copied the files to the "sys:" volume you use the command:
-
-   SEARCH ADD SYS:\OPENSSL
-
-
-To run do_tests.pl type (at the console prompt):
-
-   perl \openssl\do_tests.pl [options]
-
-      options:
-         -p    - pause after executing each test
-
-The do_tests.pl script generates a log file "\openssl\test_out\tests.log"
-which should be reviewed for errors.  Any errors will be denoted by the word
-"ERROR" in the log.
-
-NOTE:  Currently (11/2002), the LibC test nlms report an error while loading
-       when launched from the perl script (do_tests.pl).  The problems are 
-       being addressed by the LibC development team and should be fixed in the
-       next release.  Until the problems are corrected, the LibC test nlms 
-       will have to be executed manually.  
-
-
-DEVELOPING WITH THE OPENSSL SDK:
---------------------------------
-Now that everything is built and tested, you are ready to use the OpenSSL
-libraries in your development.
-
-There is no real installation procedure, just copy the static libs and
-headers to your build location.  The libs (crypto.lib & ssl.lib) are
-located in the appropriate "out_nw_XXXX" directory 
-(out_nw_clib, out_nw_libc, etc).  
-
-The headers are located in the appropriate "outinc_nw_XXX" directory 
-(outinc_nw_clib, outinc_nw_libc).  
-
-One suggestion is to create the following directory 
-structure for the OpenSSL SDK:
-
-   \openssl
-      |- bin
-      |   |- openssl.nlm
-      |   |- (other tests you want)
-      |
-      |- lib
-      |   | - crypto.lib
-      |   | - ssl.lib
-      |
-      |- include
-      |   | - openssl
-      |   |    | - (all the headers in "outinc_nw\openssl")
-
-
-The program "openssl.nlm" can be very useful.  It has dozens of
-options and you may want to keep it handy for debugging, testing, etc.
-
-When building your apps using OpenSSL, define "NETWARE".  It is needed by
-some of the OpenSSL headers.  One way to do this is with a compile option,
-for example "-DNETWARE".
-
-
-
-NOTES:
-------
-
-Resource leaks in Tests
-------------------------
-Some OpenSSL tests do not clean up resources and NetWare reports
-the resource leaks when the tests unload.  If this really bugs you,
-you can stop the messages by setting the developer option off at the console
-prompt (set developer option = off).  Or better yet, fix the tests to
-clean up the resources!
-
-
-Multi-threaded Development
----------------------------
-The NetWare version of OpenSSL is thread-safe however, multi-threaded
-applications must provide the necessary locking function callbacks.  This
-is described in doc\threads.doc.  The file "openssl\crypto\threads\mttest.c"
-is a multi-threaded test program and demonstrates the locking functions.
-
-
-What is openssl2.nlm?
----------------------
-The openssl program has numerous options and can be used for many different
-things.  Many of the options operate in an interactive mode requiring the
-user to enter data.  Because of this, a default screen is created for the
-program.  However, when running the test script it is not desirable to
-have a seperate screen.  Therefore, the build also creates openssl2.nlm.
-Openssl2.nlm is functionally identical but uses the console screen.
-Openssl2 can be used when a non-interactive mode is desired.
-
-NOTE:  There are may other possibilities (command line options, etc)
-which could have been used to address the screen issue.  The openssl2.nlm
-option was chosen because it impacted only the build not the code.
-
-
-Why only static libraries?
---------------------------
-Globals, globals, and more globals.  The OpenSSL code uses many global
-variables that are allocated and initialized when used for the first time.
-
-On NetWare, most applications (at least historically) run in the kernel.
-When running in the kernel, there is one instance of global variables.
-For regular application type NLM(s) this isn't a problem because they are
-the only ones using the globals.  However, for a library NLM (an NLM which
-exposes functions and has no threads of execution), the globals cause
-problems.  Applications could inadvertently step on each other if they
-change some globals.  Even worse, the first application that triggers a
-global to be allocated and initialized has the allocated memory charged to
-itself.  Now when that application unloads, NetWare will clean up all the
-applicaton's memory.  The global pointer variables inside OpenSSL now
-point to freed memory.  An abend waiting to happen!
-
-To work correctly in the kernel, library NLM(s) that use globals need to
-provide a set of globals (instance data) for each application.  Another
-option is to require the library only be loaded in a protected address
-space along with the application using it.
-
-Modifying the OpenSSL code to provide a set of globals (instance data) for
-each application isn't technically difficult, but due to the large number
-globals it would require substantial code changes and it wasn't done.  Hence,
-the build currently only builds static libraries which are then linked
-into each application.
-
-NOTE:  If you are building a library NLM that uses the OpenSSL static
-libraries, you will still have to deal with the global variable issue.
-This is because when you link in the OpenSSL code you bring in all the
-globals.  One possible solution for the global pointer variables is to
-register memory functions with OpenSSL which allocate memory and charge it
-to your library NLM (see the function CRYPTO_set_mem_functions).  However,
-be aware that now all memory allocated by OpenSSL is charged to your NLM.
-
-
-CodeWarrior Tools and W2K
----------------------------
-There have been problems reported with the CodeWarrior Linker
-(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000.  The
-problems cause the link step to fail.  The only work around is to obtain an
-updated linker from Metrowerks.  It is expected Metrowerks will release
-PDK 3.0 (in beta testing at this time - May, 2001) in the near future which
-will fix these problems.
-
-
-Makefile "vclean"
-------------------
-The generated makefile has a "vclean" target which cleans up the build
-directories.  If you have been building successfully and suddenly
-experience problems, use "vclean" (gmake -f netware\nlm.mak vclean) and retry.
-
-
-"Undefined Symbol" Linker errors
---------------------------------
-There have been linker errors reported when doing a CLIB build.  The problems
-occur because some versions of the CLIB SDK import files inadvertently 
-left out some symbols.  One symbol in particular is "_lrotl".  The missing
-functions are actually delivered in the binaries, but they were left out of
-the import files.  The issues should be fixed in the September 2001 release 
-of the NDK.  If you experience the problems you can temporarily
-work around it by manually adding the missing symbols to your version of 
-"clib.imp".  

INSTALL.W32

@@ -46,12 +46,13 @@
  http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
  The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
 
- Firstly you should run Configure:
+ Firstly you should run Configure (to build a FIPS-certified variant of
+ OpenSSL, add the option "fips"):
 
  > perl Configure VC-WIN32
 
  Next you need to build the Makefiles and optionally the assembly language
- files:
+ files (to build a FIPS-certified variant of OpenSSL, add the argument "fips"):
 
  - If you are using MASM then run:
 
@@ -100,10 +101,12 @@
  Borland C++ builder 5
  ---------------------
 
- * Configure for building with Borland Builder:
+ * Configure for building with Borland Builder (to build a FIPS-certified
+   variant of OpenSSL, add the option "fips"):
    > perl Configure BC-32
 
- * Create the appropriate makefile
+ * Create the appropriate makefile (to build a FIPS-certified variant of
+   OpenSSL, add the argument "fips")
    > ms\do_nasm
 
  * Build
@@ -194,6 +197,8 @@
    occur, try
    > ms\mingw32 no-asm
    instead.
+   If you want to build a FIPS-certified variant of OpenSSL, add the argument
+   "fips"
 
    libcrypto.a and libssl.a are the static libraries. To use the DLLs,
    link with libeay32.a and libssl32.a instead.

LICENSE

@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

Makefile.org

@@ -101,6 +101,7 @@ PROCESSOR=
 
 # Set DES_ENC to des_enc.o if you want to use the C version
 #There are 4 x86 assember options.
+FIPS_DES_ENC= des_enc.o fcrypt_b.o
 DES_ENC= asm/dx86-out.o asm/yx86-out.o
 #DES_ENC= des_enc.o fcrypt_b.o          # C
 #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
@@ -153,6 +154,7 @@ MD5_ASM_OBJ= asm/mx86-out.o
 
 # Also need SHA1_ASM defined
 SHA1_ASM_OBJ= asm/sx86-out.o
+FIPS_SHA1_ASM_OBJ= asm/sx86-out.o
 #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
 #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
 #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
@@ -169,26 +171,28 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 KRB5_INCLUDES=
 LIBKRB5=
 
-DIRS=   crypto ssl engines apps test tools
-SHLIBDIRS= crypto ssl
+# When we're prepared to use shared libraries in the programs we link here
+# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
+SHLIB_MARK=
+
+DIRS=   crypto fips ssl $(SHLIB_MARK) sigs apps test tools
+SHLIBDIRS= fips crypto ssl
 
 # dirs in crypto to build
-SDIRS=  \
-	objects \
+SDIRS=  objects \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa dh ecdh dso engine aes \
+	bn ec rsa dsa dh dso engine aes \
 	buffer bio stack lhash rand err \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-	store
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+
+FDIRS=	sha1 rand des aes dsa rsa
 
 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.
 TESTS = alltests
 
-MAKEFILE= Makefile.ssl
-NEWMAKE=  make
-MAKE=     $(NEWMAKE) -f Makefile.ssl
+MAKEFILE= Makefile
 
 MANDIR=$(OPENSSLDIR)/man
 MAN1=1
@@ -201,6 +205,7 @@ ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
+SIGS=	libcrypto.sha1
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_LIBS=
@@ -215,37 +220,39 @@ WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
 
-all: Makefile.ssl build_all openssl.pc
+# When we're prepared to use shared libraries in the programs we link here
+# we might remove 'clean-shared' from the targets to perform at this stage
 
-BUILD_CMD=if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
-	if [ -d "$$dir" ]; then \
-		(cd $$dir && echo "making $$target in $$dir..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' $$target ) || exit 1; \
+all: Makefile sub_all openssl.pc
+
+sigs:	$(SIGS)
+libcrypto.sha1: libcrypto.a
+	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+		$(RANLIB) libcrypto.a; \
+		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.sha1; \
+	fi
+
+sub_all:
+	@for i in $(DIRS); \
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making all in $$i..." && \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
 	else \
-		$(MAKE) $$dir; \
-	fi; fi
+		$(MAKE) $$i; \
+	fi; \
+	done;
 
-sub_all: build_all
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_crypto build_ssl build_engines
-
-build_crypto:
-	@dir=crypto; target=all; $(BUILD_CMD)
-build_ssl:
-	@dir=ssl; target=all; $(BUILD_CMD)
-build_engines:
-	@dir=engines; target=all; $(BUILD_CMD)
-build_apps:
-	@dir=apps; target=all; $(BUILD_CMD)
-build_tests:
-	@dir=test; target=all; $(BUILD_CMD)
-build_tools:
-	@dir=tools; target=all; $(BUILD_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
-	@dir=crypto; target=testapps; $(BUILD_CMD)
+sub_target:
+	@for i in $(DIRS); \
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making $(TARGET) in $$i..." && \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
+	else \
+		$(MAKE) $$i; \
+	fi; \
+	done;
 
 libcrypto$(SHLIB_EXT): libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
@@ -262,7 +269,7 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	fi
 
 clean-shared:
-	@set -e; for i in $(SHLIBDIRS); do \
+	@for i in $(SHLIBDIRS); do \
 		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
 			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
 			for j in $${tmp:-x}; do \
@@ -271,38 +278,328 @@ clean-shared:
 		fi; \
 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then \
-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+			( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
 		fi; \
 	done
 
 link-shared:
-	@ set -e; for i in ${SHLIBDIRS}; do \
-		$(NEWMAKE) -f $(HERE)/Makefile.shared \
-			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
-			symlink.$(SHLIB_TARGET); \
-		libs="$$libs -l$$i"; \
-	done
+	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+		for i in $(SHLIBDIRS); do \
+			prev=lib$$i$(SHLIB_EXT); \
+			for j in $${tmp:-x}; do \
+				( set -x; \
+				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
+				prev=lib$$i$$j; \
+			done; \
+		done; \
+	fi
 
-build-shared: do_$(SHLIB_TARGET) link-shared
+build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
 
-do_$(SHLIB_TARGET):
-	@ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+do_bsd-gcc-shared: do_gnu-shared
+do_linux-shared: do_gnu-shared
+do_gnu-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
-		$(NEWMAKE) -f Makefile.shared \
-			CC="$(CC)" LDFLAGS="$(LDFLAGS)" \
-			SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \
-			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
-			LIBDEPS="$$libs $(EX_LIBS)" \
-			LIBRPATH="$(INSTALLTOP)/lib" \
-			link_a.$(SHLIB_TARGET); \
+	( set -x; ${CC} ${SHARED_LDFLAGS} \
+		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-Wl,-Bsymbolic \
+		-Wl,--whole-archive lib$$i.a \
+		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
 	libs="-l$$i $$libs"; \
 	done
 
-openssl.pc: Makefile.ssl
+DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+
+# For Darwin AKA Mac OS/X (dyld)
+do_darwin-shared: 
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+	libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
+	echo "" ; \
+	done
+
+do_cygwin-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+		-Wl,-Bsymbolic \
+		-Wl,--whole-archive lib$$i.a \
+		-Wl,--out-implib,lib$$i.dll.a \
+		-Wl,--no-whole-archive $$libs ) || exit 1; \
+	libs="-l$$i $$libs"; \
+	done
+
+# This assumes that GNU utilities are *not* used
+do_alpha-osf1-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -o lib$$i.so \
+			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
+# option passed to the linker.
+do_tru64-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -msym -o lib$$i.so \
+			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+# The difference between tru64-shared and tru64-shared-rpath is the
+# -rpath ${INSTALLTOP}/lib passed to the linker.
+do_tru64-shared-rpath:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -msym -o lib$$i.so \
+			-rpath  ${INSTALLTOP}/lib \
+			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+
+# This assumes that GNU utilities are *not* used
+do_solaris-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  MINUSZ='-z '; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+		  set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
+			-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+			$$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# OpenServer 5 native compilers used
+do_svr3-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  find . -name "*.o" -print > allobjs ; \
+		  OBJS= ; export OBJS ; \
+		  for obj in `ar t lib$$i.a` ; do \
+		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
+		  done ; \
+		  set -x; ${CC} ${SHARED_LDFLAGS} \
+			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# UnixWare 7 and OpenUNIX 8 native compilers used
+do_svr5-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  SHARE_FLAG='-G'; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+		  find . -name "*.o" -print > allobjs ; \
+		  OBJS= ; export OBJS ; \
+		  for obj in `ar t lib$$i.a` ; do \
+		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
+		  done ; \
+		  set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
+			${CC} ${SHARED_LDFLAGS} \
+			$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+do_irix-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( WHOLELIB="-all lib$$i.a -notall"; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
+		  set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			$${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+# The object modules are loaded from lib$i.a using the undocumented -Fl
+# option.
+#
+# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
+#          by temporarily specifying "+s"!
+#
+do_hpux-shared:
+	for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+		+vnocompatwarnings \
+		-b -z +s \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-Fl lib$$i.a -ldld -lc ) || exit 1; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	done
+
+# This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+#
+# HP-UX in 64bit mode has "+s" enabled by default; it will search for
+# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
+#
+do_hpux64-shared:
+	for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+		-b -z \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+forceload lib$$i.a -ldl -lc ) || exit 1; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	done
+
+# The following method is said to work on all platforms.  Tests will
+# determine if that's how it's gong to be used.
+# This assumes that for all but GNU systems, GNU utilities are *not* used.
+# ALLSYMSFLAGS would be:
+#  GNU systems: --whole-archive
+#  Tru64 Unix:  -all
+#  Solaris:     -z allextract
+#  Irix:        -all
+#  HP/UX-32bit: -Fl
+#  HP/UX-64bit: +forceload
+#  AIX:		-bnogc
+# SHAREDFLAGS would be:
+#  GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  Tru64 Unix:  -shared \
+#		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
+#  Solaris:     -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  Irix:        -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  HP/UX-32bit: +vnocompatwarnings -b -z +s \
+#		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  AIX:		-G -bE:lib$$i.exp -bM:SRE
+# SHAREDCMD would be:
+#  GNU systems: $(CC)
+#  Tru64 Unix:  $(CC)
+#  Solaris:     $(CC)
+#  Irix:        $(CC)
+#  HP/UX-32bit: /usr/ccs/bin/ld
+#  HP/UX-64bit: /usr/ccs/bin/ld
+#  AIX:		$(CC)
+ALLSYMSFLAG=-bnogc
+SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
+SHAREDCMD=$(CC)
+do_aix-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; \
+	  ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
+	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+	    $(SHAREDCMD) $(SHAREDFLAGS) \
+		-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
+		$$libs ${EX_LIBS} ) ) \
+	|| exit 1; \
+	libs="-l$$i $$libs"; \
+	done
+
+do_reliantunix-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+	( set -x; \
+	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+	    cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
+	    ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+	  ) || exit 1; \
+	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+	) || exit 1; \
+	rm -rf $$tmpdir ; \
+	libs="-l$$i $$libs"; \
+	done
+
+openssl.pc: Makefile
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
 	    echo 'exec_prefix=$${prefix}'; \
 	    echo 'libdir=$${exec_prefix}/lib'; \
@@ -312,11 +609,11 @@ openssl.pc: Makefile.ssl
 	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
 	    echo 'Version: '$(VERSION); \
 	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
 
-Makefile.ssl: Makefile.org
-	@echo "Makefile.ssl is older than Makefile.org."
+Makefile: Makefile.org
+	@echo "Makefile is older than Makefile.org."
 	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
 	@false
 
@@ -325,7 +622,7 @@ libclean:
 
 clean:	libclean
 	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
-	@set -e; for i in $(DIRS) ;\
+	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making clean in $$i..." && \
@@ -336,7 +633,7 @@ clean:	libclean
 	rm -f openssl.pc
 	rm -f speed.* .pure
 	rm -f $(TARFILE)
-	@set -e; for i in $(ONEDIRS) ;\
+	@for i in $(ONEDIRS) ;\
 	do \
 	rm -fr $$i/*; \
 	done
@@ -346,8 +643,8 @@ makefile.one: files
 	sh util/do_ms.sh
 
 files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
-	@set -e; for i in $(DIRS) ;\
+	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making 'files' in $$i..." && \
@@ -356,18 +653,22 @@ files:
 	done;
 
 links:
-	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-	@set -e; target=links; for dir in $(DIRS); do $(BUILD_CMD); done
+	@for i in $(DIRS); do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making links in $$i..." && \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
+	fi; \
+	done;
 
 gentests:
 	@(cd test && echo "generating dummy tests (if needed)..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
 
 dclean:
 	rm -f *.bak
-	@set -e; for i in $(DIRS) ;\
+	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dclean in $$i..." && \
@@ -392,7 +693,7 @@ test:   tests
 
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
 	@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
 	DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
 	SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
@@ -405,7 +706,7 @@ report:
 	@$(PERL) util/selftest.pl
 
 depend:
-	@set -e; for i in $(DIRS) ;\
+	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
@@ -414,7 +715,7 @@ depend:
 	done;
 
 lint:
-	@set -e; for i in $(DIRS) ;\
+	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making lint $$i..." && \
@@ -423,7 +724,7 @@ lint:
 	done;
 
 tags:
-	@set -e; for i in $(DIRS) ;\
+	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making tags $$i..." && \
@@ -433,7 +734,7 @@ tags:
 
 errors:
 	$(PERL) util/mkerr.pl -recurse -write
-	(cd engines; $(MAKE) PERL=$(PERL) errors)
+	(cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
 
 stacks:
 	$(PERL) util/mkstack.pl -write
@@ -495,34 +796,34 @@ install: all install_docs
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/engines \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
-	@set -e; for i in $(EXHEADER) ;\
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+	@for i in $(EXHEADER) ;\
 	do \
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
-	@set -e; for i in $(DIRS) ;\
+	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i; echo "installing $$i..."; \
-		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' install ); \
+		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
 	fi; \
 	done
-	@set -e; for i in $(LIBS) ;\
+	@for i in $(LIBS) ;\
 	do \
 		if [ -f "$$i" ]; then \
 		(       echo installing $$i; \
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			if ! egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 				$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			fi; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi; \
 	done;
-	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
 		for i in $${tmp:-x}; \
 		do \
@@ -533,7 +834,7 @@ install: all install_docs
 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
-					c=`echo $$i | sed 's/^lib/cyg/'`; \
+					c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
@@ -545,7 +846,8 @@ install: all install_docs
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			$(NEWMAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+			set $(MAKE); \
+			$$1 -f $$here/Makefile link-shared ); \
 		if [ "$(INSTALLTOP)" != "/usr" ]; then \
 			echo 'OpenSSL shared libraries have been installed in:'; \
 			echo '  $(INSTALLTOP)'; \
@@ -553,6 +855,15 @@ install: all install_docs
 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
 		fi; \
 	fi
+	@for i in $(SIGS) ;\
+	do \
+		if [ -f "$$i" ]; then \
+		(       echo installing $$i; \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+		fi; \
+	done;
 	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
 
@@ -568,7 +879,7 @@ install_docs:
 	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
 		filecase=-i; \
 	fi; \
-	set -e; for i in doc/apps/*.pod; do \
+	for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
@@ -585,7 +896,7 @@ install_docs:
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
 			 done); \
 	done; \
-	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \

Makefile.shared

@@ -1,786 +0,0 @@
-#
-# Helper makefile to link shared libraries in a portable way.
-# This is much simpler than libtool, and hopefully not too error-prone.
-#
-# The following variables need to be set on the command line to build
-# properly
-
-# CC contains the current compiler.  This one MUST be defined
-CC=cc
-# LDFLAGS contains flags to be used when temporary object files (when building
-# shared libraries) are created, or when an application is linked.
-# SHARED_LDFLAGS contains flags to be used when the shared library is created.
-LDFLAGS=
-SHARED_LDFLAGS=
-
-# LIBNAME contains just the name of the library, without prefix ("lib"
-# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
-# .dll, ...).  This one MUST have a value when using this makefile to
-# build shared libraries.
-# For example, to build libfoo.so, you need to do the following:
-#LIBNAME=foo
-LIBNAME=
-
-# APPNAME contains just the name of the application, without suffix (""
-# on Unix, ".exe" on Windows, ...).  This one MUST have a value when using
-# this makefile to build applications.
-# For example, to build foo, you need to do the following:
-#APPNAME=foo
-APPNAME=
-
-# OBJECTS contains all the object files to link together into the application.
-# This must contain at least one object file.
-#OBJECTS=foo.o
-OBJECTS=
-
-# LIBEXTRAS contains extra modules to link together with the library.
-# For example, if a second library, say libbar.a needs to be linked into
-# libfoo.so, you need to do the following:
-#LIBEXTRAS=libbar.a
-# Note that this MUST be used when using the link_o targets, to hold the
-# names of all object files that go into the target library.
-LIBEXTRAS=
-
-# LIBVERSION contains the current version of the library.
-# For example, to build libfoo.so.1.2, you need to do the following:
-#LIBVERSION=1.2
-LIBVERSION=
-
-# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
-# the library.  They MUST be in decreasing order.
-# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
-# and libfoo.so.1, you need to do the following:
-#LIBCOMPATVERSIONS=1.2 1
-# Note that on systems that use sonames, the last number will appear as
-# part of it.
-# It's also possible, for systems that support it (Tru64, for example),
-# to add extra compatibility info with more precision, by adding a second
-# list of versions, separated from the first with a semicolon, like this:
-#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
-LIBCOMPATVERSIONS=
-
-# LIBDEPS contains all the flags necessary to cover all necessary
-# dependencies to other libraries.
-LIBDEPS=
-
-#------------------------------------------------------------------------------
-# The rest is private to this makefile.
-
-#DEBUG=:
-DEBUG=set -x
-
-top:
-	echo "Trying to use this makefile interactively?  Don't."
-
-CALC_VERSIONS=	\
-	SHLIB_COMPAT=; SHLIB_SOVER=; \
-	if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
-		prev=""; \
-		for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
-			SHLIB_SOVER_NODOT=$$v; \
-			SHLIB_SOVER=.$$v; \
-			if [ -n "$$prev" ]; then \
-				SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
-			fi; \
-			prev=$$v; \
-		done; \
-	fi
-
-LINK_APP=	\
-  ( $(DEBUG);   \
-    LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
-    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS )
-
-LINK_SO=	\
-  ( $(DEBUG);   \
-    nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
-    LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
-    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \
-  $(SYMLINK_SO); ( $(DEBUG); rm -f lib$(LIBNAME).exp )
-SYMLINK_SO=	\
-	if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
-		prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
-		if [ -n "$$SHLIB_COMPAT" ]; then \
-			for x in $$SHLIB_COMPAT; do \
-				( $(DEBUG); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
-				  ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
-				prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
-			done; \
-		fi; \
-		if [ -n "$$SHLIB_SOVER" ]; then \
-			( $(DEBUG); rm -f $$SHLIB$$SHLIB_SUFFIX; \
-			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
-		fi; \
-	fi
-
-LINK_SO_A=	SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
-LINK_SO_O=	SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
-LINK_SO_A_VIA_O=	\
-  SHOBJECTS=lib$(LIBNAME).o; \
-  ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
-  ( $(DEBUG); \
-    ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
-  $(LINK_SO) && rm -f $(LIBNAME).o
-LINK_SO_A_UNPACKED=	\
-  UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
-  (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
-  ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
-  SHOBJECTS=$$UNPACKDIR/*.o; \
-  $(LINK_SO) && rm -rf $$UNPACKDIR
-
-DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
-
-DO_GNU_SO=$(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-Wl,--whole-archive'; \
-	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
-	SHAREDCMD='$(CC)'
-DO_GNU_APP=LDCMD=$(CC);\
-	LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	APPNAME=$(APPNAME)
-
-#This is rather special.  It's a special target with which one can link
-#applications without bothering with any features that have anything to
-#do with shared libraries, for example when linking against static
-#libraries.  It's mostly here to avoid a lot of conditionals everywhere
-#else...
-link_app.:
-	LDCMD=$(CC); \
-	LDFLAGS=""; \
-	LIBDEPS="$(LIBDEPS)"; \
-	APPNAME="$(APPNAME)"; \
-	$(LINK_APP)
-
-link_o.gnu:
-	@ $(DO_GNU_SO); $(LINK_SO_O)
-link_a.gnu:
-	@ $(DO_GNU_SO); $(LINK_SO_A)
-link_app.gnu:
-	@ $(DO_GNU_APP); $(LINK_APP)
-
-# For Darwin AKA Mac OS/X (dyld)
-link_o.darwin:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.dylib; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-all_load'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="-dynamiclib"; \
-	SHAREDCMD='$(CC)'; \
-	if [ -n "$(LIBVERSION)" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
-	fi; \
-	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
-	fi; \
-	$(LINK_SO_O)
-link_a.darwin:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.dylib; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-all_load'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="-dynamiclib"; \
-	SHAREDCMD='$(CC)'; \
-	if [ -n "$(LIBVERSION)" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
-	fi; \
-	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
-	fi; \
-	$(LINK_SO_A)
-link_app.darwin:
-	LDCMD=$(CC);\
-	LDFLAGS=""; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	APPNAME="$(APPNAME)"; \
-	$(LINK_APP)
-
-link_o.cygwin:
-	@ $(CALC_VERSIONS); \
-	INHIBIT_SYMLINKS=yes; \
-	SHLIB=cyg$(LIBNAME); \
-	SHLIB_SUFFIX=.dll; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	SHLIB_SOVER=-$(LIBVERSION); \
-	ALLSYMSFLAGS='-Wl,--whole-archive'; \
-	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
-	SHAREDCMD='${CC}'; \
-	$(LINK_SO_O)
-link_a.cygwin:
-	@ $(CALC_VERSIONS); \
-	INHIBIT_SYMLINKS=yes; \
-	SHLIB=cyg$(LIBNAME); \
-	SHLIB_SUFFIX=.dll; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	SHLIB_SOVER=; \
-	ALLSYMSFLAGS='-Wl,--whole-archive'; \
-	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
-	SHAREDCMD='${CC}'; \
-	$(LINK_SO_A)
-link_app.cygwin:
-	LDCMD=$(CC);\
-	LDFLAGS=""; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	APPNAME="$(APPNAME).exe"
-	$(LINK_APP)
-
-link_o.alpha-osf1:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_O)
-link_a.alpha-osf1:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_A)
-link_app.alpha-osf1:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_APP); \
-	else \
-		LDCMD=$(CC);\
-		LDFLAGS=""; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		APPNAME="$(APPNAME)"
-	fi; \
-	$(LINK_APP)
-
-# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
-# option passed to the linker.
-link_o.tru64:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_O)
-link_a.tru64:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_A)
-link_app.tru64:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_APP); \
-	else \
-		LDCMD=$(CC);\
-		LDFLAGS="-rpath $(LIBRPATH)"; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		APPNAME="$(APPNAME)"; \
-	fi; \
-	$(LINK_APP)
-
-# The difference between tru64-shared and tru64-shared-rpath is the
-# -rpath ${LIBRPATH} passed to the linker.
-link_o.tru64-rpath:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_O)
-link_a.tru64-rpath:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_A)
-link_app.tru64-rpath:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_APP); \
-	else \
-		LDCMD=$(CC);\
-		LDFLAGS="-rpath $(LIBRPATH)"; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		APPNAME="$(APPNAME)"; \
-	fi; \
-	$(LINK_APP)
-
-link_o.solaris:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		MINUSZ='-z '; \
-		(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS="$${MINUSZ}allextract"; \
-		NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
-		SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_O)
-link_a.solaris:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		MINUSZ='-z '; \
-		(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=;\
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS="$${MINUSZ}allextract"; \
-		NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
-		SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_A)
-link_app.solaris:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_APP); \
-	else \
-		LDCMD=$(CC);\
-		LDFLAGS="-R $(LIBRPATH)"; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		APPNAME="$(APPNAME)"; \
-	fi; \
-	$(LINK_APP)
-
-# OpenServer 5 native compilers used
-link_o.svr3:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS=''; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_O)
-link_a.svr3:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS=''; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_A_UNPACKED)
-link_app.svr3:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_APP); \
-	else \
-		LDCMD=$(CC);\
-		LDFLAGS=""; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		APPNAME="$(APPNAME)"; \
-	fi; \
-	$(LINK_APP)
-
-# UnixWare 7 and OpenUNIX 8 native compilers used
-link_o.svr5:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHARE_FLAG='-G'; \
-		(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS=''; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_O)
-link_a.svr5:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHARE_FLAG='-G'; \
-		(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS=''; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_A_UNPACKED)
-link_app.svr5:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_APP); \
-	else \
-		LDCMD=$(CC);\
-		LDFLAGS=""; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		APPNAME="$(APPNAME)"; \
-	fi; \
-	$(LINK_APP)
-
-link_o.irix:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		MINUSWL=""; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
-		ALLSYMSFLAGS="$${MINUSWL}-all"; \
-		NOALLSYMSFLAGS="$${MINUSWL}-notall"; \
-		SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_O)
-link_a.irix:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_SO); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		MINUSWL=""; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
-		ALLSYMSFLAGS="$${MINUSWL}-all"; \
-		NOALLSYMSFLAGS="$${MINUSWL}-notall"; \
-		SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_A)
-link_app.irix:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU_APP); \
-	else \
-		LDCMD=$(CC);\
-		LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		APPNAME="$(APPNAME)"; \
-	fi; \
-	$(LINK_APP)
-
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-# The object modules are loaded from lib$i.a using the undocumented -Fl
-# option.
-#
-# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
-#          by temporarily specifying "+s"!
-#
-link_o.hpux32:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-Fl'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
-	SHAREDCMD='/usr/ccs/bin/ld'; \
-	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_a.hpux32:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-Fl'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
-	SHAREDCMD='/usr/ccs/bin/ld'; \
-	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_app.hpux32:
-	LDCMD=$(CC);\
-	LDFLAGS="-Wl,+b,$(LIBRPATH)"; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	APPNAME="$(APPNAME)"
-	$(LINK_APP)
-
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-#
-# HP-UX in 64bit mode has "+s" enabled by default; it will search for
-# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
-#
-link_o.hpux64:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='+forceload'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
-	SHAREDCMD='/usr/ccs/bin/ld'; \
-	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_a.hpux64:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='+forceload'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
-	SHAREDCMD='/usr/ccs/bin/ld'; \
-	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_app.hpux64:
-	LDCMD=$(CC);\
-	LDFLAGS="-Wl,+b,$(LIBRPATH)"; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	APPNAME="$(APPNAME)"
-	$(LINK_APP)
-
-link_o.aix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-bnogc'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \
-	SHAREDCMD='$(CC)'; \
-	$(LINK_SO_O)
-link_a.aix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-bnogc'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \
-	SHAREDCMD='$(CC)'; \
-	$(LINK_SO_A_VIA_O)
-link_app.aix:
-	LDCMD=$(CC);\
-	LDFLAGS="-blibpath:$(LIBRPATH)"; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	APPNAME="$(APPNAME)"
-	$(LINK_APP)
-
-link_o.reliantunix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS=; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='-G'; \
-	SHAREDCMD='$(CC)'; \
-	$(LINK_SO_O)
-link_a.reliantunix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS=; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='-G'; \
-	SHAREDCMD='$(CC)'; \
-	$(LINK_SO_A_UNPACKED)
-link_app.reliantunix:
-	LDCMD=$(CC);\
-	LDFLAGS=""; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	APPNAME="$(APPNAME)"
-	$(LINK_APP)
-
-# Targets to build symbolic links when needed
-symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
-symlink.aix symlink.reliantunix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	$(SYMLINK_SO)
-symlink.darwin:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.dylib; \
-	$(SYMLINK_SO)
-symlink.hpux32 symlink.hpux64:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	$(SYMLINK_SO)
-# The following lines means those specific architectures do no symlinks
-symlink.cygwin symlib.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
-
-# Compatibility targets
-link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
-link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
-link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
-symlink.bsd-gcc-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
-link_o.darwin-shared: link_o.darwin
-link_a.darwin-shared: link_a.darwin
-link_app.darwin-shared: link_app.darwin
-symlink.darwin-shared: symlink.darwin
-link_o.cygwin-shared: link_o.cygwin
-link_a.cygwin-shared: link_a.cygwin
-link_app.cygwin-shared: link_app.cygwin
-symlink.cygwin-shared: symlink.cygwin
-link_o.alpha-osf1-shared: link_o.alpha-osf1
-link_a.alpha-osf1-shared: link_a.alpha-osf1
-link_app.alpha-osf1-shared: link_app.alpha-osf1
-symlink.alpha-osf1-shared: symlink.alpha-osf1
-link_o.tru64-shared: link_o.tru64
-link_a.tru64-shared: link_a.tru64
-link_app.tru64-shared: link_app.tru64
-symlink.tru64-shared: symlink.tru64
-link_o.tru64-shared-rpath: link_o.tru64-rpath
-link_a.tru64-shared-rpath: link_a.tru64-rpath
-link_app.tru64-shared-rpath: link_app.tru64-rpath
-symlink.tru64-shared-rpath: symlink.tru64-rpath
-link_o.solaris-shared: link_o.solaris
-link_a.solaris-shared: link_a.solaris
-link_app.solaris-shared: link_app.solaris
-symlink.solaris-shared: symlink.solaris
-link_o.svr3-shared: link_o.svr3
-link_a.svr3-shared: link_a.svr3
-link_app.svr3-shared: link_app.svr3
-symlink.svr3-shared: symlink.svr3
-link_o.svr5-shared: link_o.svr5
-link_a.svr5-shared: link_a.svr5
-link_app.svr5-shared: link_app.svr5
-symlink.svr5-shared: symlink.svr5
-link_o.irix-shared: link_o.irix
-link_a.irix-shared: link_a.irix
-link_app.irix-shared: link_app.irix
-symlink.irix-shared: symlink.irix
-link_o.hpux-shared: link_o.hpux32
-link_a.hpux-shared: link_a.hpux32
-link_app.hpux-shared: link_app.hpux32
-symlink.hpux-shared: symlink.hpux32
-link_o.hpux64-shared: link_o.hpux64
-link_a.hpux64-shared: link_a.hpux64
-link_app.hpux64-shared: link_app.hpux64
-symlink.hpux64-shared: symlink.hpux64
-link_o.aix-shared: link_o.aix
-link_a.aix-shared: link_a.aix
-link_app.aix-shared: link_app.aix
-symlink.aix-shared: symlink.aix
-link_o.reliantunix-shared: link_o.reliantunix
-link_a.reliantunix-shared: link_a.reliantunix
-link_app.reliantunix-shared: link_app.reliantunix
-symlink.reliantunix-shared: symlink.reliantunix

NEWS

@@ -5,6 +5,14 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
+
+      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+      o Security: Fix null-pointer assignment in do_change_cipher_spec()
+      o Allow multiple active certificates with same subject in CA index
+      o Multiple X590 verification fixes
+      o Speed up HMAC and other operations
+
   Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
 
       o Security: fix various ASN1 parsing bugs.

Netware/build.bat

@@ -1,204 +0,0 @@
-@echo off
-
-rem ========================================================================
-rem   Batch file to automate building OpenSSL for NetWare.
-rem
-rem   usage:
-rem      build [target] [debug opts] [assembly opts] [configure opts]
-rem
-rem      target        - "netware-clib" - CLib NetWare build
-rem                    - "netware-libc" - LibC NKS NetWare build
-rem 
-rem      debug opts    - "debug"  - build debug
-rem
-rem      assembly opts - "nw-mwasm" - use Metrowerks assembler
-rem      "nw-nasm"  - use NASM assembler
-rem      "no-asm"   - don't use assembly
-rem
-rem      configure opts- all unrecognized arguments are passed to the
-rem                       perl configure script
-rem
-rem   If no arguments are specified the default is to build non-debug with
-rem   no assembly.  NOTE: there is no default BLD_TARGET.
-rem
-
-
-
-rem   No assembly is the default - Uncomment section below to change
-rem   the assembler default
-set ASM_MODE=
-set ASSEMBLER=
-set NO_ASM=no-asm
-
-rem   Uncomment to default to the Metrowerks assembler
-rem set ASM_MODE=nw-mwasm
-rem set ASSEMBLER=Metrowerks
-rem set NO_ASM=
-
-rem   Uncomment to default to the NASM assembler
-rem set ASM_MODE=nw-nasm
-rem set ASSEMBLER=NASM
-rem set NO_ASM=
-
-rem   No default Bld target
-set BLD_TARGET=no_target
-rem set BLD_TARGET=netware-clib
-rem set BLD_TARGET=netware-libc
-
-
-rem   Default to build non-debug
-set DEBUG=
-                                    
-rem   Uncomment to default to debug build
-rem set DEBUG=debug
-
-
-set CONFIG_OPTS=
-set ARG_PROCESSED=NO
-
-
-rem   Process command line args
-:opts
-if "a%1" == "a" goto endopt
-if "%1" == "no-asm"   set NO_ASM=no-asm
-if "%1" == "no-asm"   set ARG_PROCESSED=YES
-if "%1" == "debug"    set DEBUG=debug
-if "%1" == "debug"    set ARG_PROCESSED=YES
-if "%1" == "nw-nasm"  set ASM_MODE=nw-nasm
-if "%1" == "nw-nasm"  set ASSEMBLER=NASM
-if "%1" == "nw-nasm"  set NO_ASM=
-if "%1" == "nw-nasm"  set ARG_PROCESSED=YES
-if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm
-if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks
-if "%1" == "nw-mwasm"  set NO_ASM=
-if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
-if "%1" == "netware-clib" set BLD_TARGET=netware-clib
-if "%1" == "netware-clib" set ARG_PROCESSED=YES
-if "%1" == "netware-libc" set BLD_TARGET=netware-libc
-if "%1" == "netware-libc" set ARG_PROCESSED=YES
-
-rem   If we didn't recognize the argument, consider it an option for config
-if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1
-if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO
-
-shift
-goto opts
-:endopt
-
-rem make sure a valid BLD_TARGET was specified
-if "%BLD_TARGET%" == "no_target" goto no_target
-
-rem build the nlm make file name which includes target and debug info
-set NLM_MAKE=
-if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
-if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
-if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
-if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak
-
-if "%NO_ASM%" == "no-asm" set ASM_MODE=
-if "%NO_ASM%" == "no-asm" set ASSEMBLER=
-if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm
-if "%NO_ASM%" == "no-asm" goto do_config
-
-
-rem ==================================================
-echo Generating x86 for %ASSEMBLER% assembler
-
-echo Bignum
-cd crypto\bn\asm
-perl x86.pl %ASM_MODE% > bn-nw.asm
-cd ..\..\..
-
-echo DES
-cd crypto\des\asm
-perl des-586.pl %ASM_MODE% > d-nw.asm
-cd ..\..\..
-
-echo "crypt(3)"
-
-cd crypto\des\asm
-perl crypt586.pl %ASM_MODE% > y-nw.asm
-cd ..\..\..
-
-echo Blowfish
-
-cd crypto\bf\asm
-perl bf-586.pl %ASM_MODE% > b-nw.asm
-cd ..\..\..
-
-echo CAST5
-cd crypto\cast\asm
-perl cast-586.pl %ASM_MODE% > c-nw.asm
-cd ..\..\..
-
-echo RC4
-cd crypto\rc4\asm
-perl rc4-586.pl %ASM_MODE% > r4-nw.asm
-cd ..\..\..
-
-echo MD5
-cd crypto\md5\asm
-perl md5-586.pl %ASM_MODE% > m5-nw.asm
-cd ..\..\..
-
-echo SHA1
-cd crypto\sha\asm
-perl sha1-586.pl %ASM_MODE% > s1-nw.asm
-cd ..\..\..
-
-echo RIPEMD160
-cd crypto\ripemd\asm
-perl rmd-586.pl %ASM_MODE% > rm-nw.asm
-cd ..\..\..
-
-echo RC5\32
-cd crypto\rc5\asm
-perl rc5-586.pl %ASM_MODE% > r5-nw.asm
-cd ..\..\..
-
-rem ===============================================================
-rem
-:do_config
-
-echo .
-echo configure options: %CONFIG_OPTS% %BLD_TARGET%
-echo .
-perl configure %CONFIG_OPTS% %BLD_TARGET%
-
-perl util\mkfiles.pl >MINFO
-
-echo .
-echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
-echo .
-perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%
-
-echo The makefile "%NLM_MAKE%" has been created use your maketool to
-echo build (ex: gmake -f %NLM_MAKE%)
-goto end
-
-rem ===============================================================
-rem
-:no_target
-echo .
-echo .  No build target specified!!!
-echo .
-echo .  usage: build [target] [debug opts] [assembly opts] [configure opts]
-echo .
-echo .     target        - "netware-clib" - CLib NetWare build
-echo .                   - "netware-libc" - LibC NKS NetWare build
-echo .
-echo .     debug opts    - "debug"  - build debug
-echo .
-echo .     assembly opts - "nw-mwasm" - use Metrowerks assembler
-echo .                     "nw-nasm"  - use NASM assembler
-echo .                     "no-asm"   - don't use assembly
-echo .
-echo .     configure opts- all unrecognized arguments are passed to the
-echo .                      perl configure script
-echo .
-echo .  If no debug or assembly opts are specified the default is to build
-echo .  non-debug without assembly
-echo .
-
-        
-:end        

Netware/cpy_tests.bat

@@ -1,112 +0,0 @@
-@echo off
-
-rem   Batch file to copy OpenSSL stuff to a NetWare server for testing
-
-rem   This batch file will create an "opensssl" directory at the root of the
-rem   specified NetWare drive and copy the required files to run the tests.
-rem   It should be run from inside the "openssl\netware" subdirectory.
-
-rem   Usage:
-rem      cpy_tests.bat <test subdirectory> <NetWare drive>
-rem          <test subdirectory> - out_nw.dbg | out_nw
-rem          <NetWare drive> - any mapped drive letter
-rem
-rem      example ( copy from debug build to m: dirve ):
-rem              cpy_tests.bat out_nw.dbg m:
-rem
-rem      CAUTION:  If a directory named OpenSSL exists on the target drive
-rem                it will be deleted first.
-
-
-if "%1" == "" goto usage
-if "%2" == "" goto usage
-
-rem   Assume running in \openssl directory unless cpy_tests.bat exists then
-rem   it must be the \openssl\netware directory
-set loc=.
-if exist cpy_tests.bat set loc=..
-
-rem   make sure the local build subdirectory specified is valid
-if not exist %loc%\%1\NUL goto invalid_dir
-
-rem   make sure target drive is valid
-if not exist %2\NUL goto invalid_drive
-
-rem   If an OpenSSL directory exists on the target drive, remove it
-if exist %2\openssl\NUL goto remove_openssl
-goto do_copy
-
-:remove_openssl
-echo .
-echo OpenSSL directory exists on %2 - it will be removed!
-pause
-rmdir %2\openssl /s /q
-
-:do_copy
-rem   make an "openssl" directory and others at the root of the NetWare drive
-mkdir %2\openssl
-mkdir %2\openssl\test_out
-mkdir %2\openssl\apps
-mkdir %2\openssl\certs
-mkdir %2\openssl\test
-
-
-rem   copy the test nlms
-copy %loc%\%1\*.nlm %2\openssl\
-
-rem   copy the test perl script
-copy %loc%\netware\do_tests.pl %2\openssl\
-
-rem   copy the certs directory stuff
-xcopy %loc%\certs\*.*         %2\openssl\certs\ /s
-
-rem   copy the test directory stuff
-copy %loc%\test\CAss.cnf      %2\openssl\test\
-copy %loc%\test\Uss.cnf       %2\openssl\test\
-copy %loc%\test\pkcs7.pem     %2\openssl\test\
-copy %loc%\test\pkcs7-1.pem   %2\openssl\test\
-copy %loc%\test\testcrl.pem   %2\openssl\test\
-copy %loc%\test\testp7.pem    %2\openssl\test\
-copy %loc%\test\testreq2.pem  %2\openssl\test\
-copy %loc%\test\testrsa.pem   %2\openssl\test\
-copy %loc%\test\testsid.pem   %2\openssl\test\
-copy %loc%\test\testx509.pem  %2\openssl\test\
-copy %loc%\test\v3-cert1.pem  %2\openssl\test\
-copy %loc%\test\v3-cert2.pem  %2\openssl\test\
-
-rem   copy the apps directory stuff
-copy %loc%\apps\client.pem    %2\openssl\apps\
-copy %loc%\apps\server.pem    %2\openssl\apps\
-copy %loc%\apps\openssl.cnf   %2\openssl\apps\
-
-echo .
-echo Tests copied
-echo Run the test script at the console by typing:
-echo     "Perl \openssl\do_tests.pl"
-echo .
-echo Make sure the Search path includes the OpenSSL subdirectory
-
-goto end
-
-:invalid_dir
-echo.
-echo Invalid build directory specified: %1
-echo.
-goto usage
-
-:invalid_drive
-echo.
-echo Invalid drive: %2
-echo.
-goto usage
-
-:usage
-echo.
-echo usage: cpy_tests.bat [test subdirectory] [NetWare drive]
-echo     [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc. 
-echo     [NetWare drive]     - any mapped drive letter
-echo.
-echo example: cpy_test out_nw_clib.dbg M:
-echo  (copy from clib debug build area to M: drive)
-
-:end

Netware/do_tests.pl

@@ -1,585 +0,0 @@
-# perl script to run OpenSSL tests
-
-
-my $base_path      = "\\openssl";
-
-my $output_path    = "$base_path\\test_out";
-my $cert_path      = "$base_path\\certs";
-my $test_path      = "$base_path\\test";
-my $app_path       = "$base_path\\apps";
-
-my $tmp_cert       = "$output_path\\cert.tmp";
-my $OpenSSL_config = "$app_path\\openssl.cnf";
-my $log_file       = "$output_path\\tests.log";
-
-my $pause = 0;
-
-
-#  process the command line args to see if they wanted us to pause
-#  between executing each command
-foreach $i (@ARGV)
-{
-   if ($i =~ /^-p$/)
-   { $pause=1; }
-}
-
-
-
-main();
-
-
-############################################################################
-sub main()
-{
-   # delete all the output files in the output directory
-   unlink <$output_path\\*.*>;
-
-   # open the main log file 
-   open(OUT, ">$log_file") || die "unable to open $log_file\n";
-
-   
-   algorithm_tests();
-   encryption_tests();
-   pem_tests();
-   verify_tests();
-   ssl_tests();
-   ca_tests();
-
-   close(OUT);
-
-   print("\nCompleted running tests.\n\n");
-   print("Check log file for errors: $log_file\n");
-}
-
-############################################################################
-sub algorithm_tests
-{
-   my $i;
-   my $outFile;
-   my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test,
-                 md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest,
-                 dhtest, exptest );
-
-   print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
-
-   foreach $i (@tests)
-   {
-      $outFile = "$output_path\\$i.out";
-      system("$i > $outFile");
-      log_desc("Test: $i\.nlm:");
-      log_output("", $outFile );
-   }
-}
-
-############################################################################
-sub encryption_tests
-{
-   my $i;
-   my $outFile;
-   my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb",
-                     "des-ofb", "des-ede-ofb", "des-ede3-ofb",
-                     "des-ecb", "des-ede", "des-ede3", "des-cbc",
-                     "des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb",
-                     "idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb",
-                     "rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb",
-                     "bf-ofb", "bf-cbc" );
-
-   my $input = "$base_path\\do_tests.pl";
-   my $cipher = "$output_path\\cipher.out";
-   my $clear = "$output_path\\clear.out";
-
-   print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n");
-
-   foreach $i (@enc_tests)
-   {
-      log_desc("Testing: $i");
-
-      # do encryption
-      $outFile = "$output_path\\enc.out";
-      system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" );
-      log_output("Encrypting: $input --> $cipher", $outFile);
-
-      # do decryption
-      $outFile = "$output_path\\dec.out";
-      system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
-      log_output("Decrypting: $cipher --> $clear", $outFile);
-
-      # compare files
-      $x = compare_files( $input, $clear, 1);
-      if ( $x == 0 )
-      {
-         print( "SUCCESS - files match: $input, $clear\n");
-         print( OUT "SUCCESS - files match: $input, $clear\n");
-      }
-      else
-      {
-         print( "ERROR: files don't match\n");
-         print( OUT "ERROR: files don't match\n");
-      }
-
-      do_wait();
-
-      # Now do the same encryption but use Base64
-
-      # do encryption B64
-      $outFile = "$output_path\\B64enc.out";
-      system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile");
-      log_output("Encrypting(B64): $cipher --> $clear", $outFile);
-
-      # do decryption B64
-      $outFile = "$output_path\\B64dec.out";
-      system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
-      log_output("Decrypting(B64): $cipher --> $clear", $outFile);
-
-      # compare files
-      $x = compare_files( $input, $clear, 1);
-      if ( $x == 0 )
-      {
-         print( "SUCCESS - files match: $input, $clear\n");
-         print( OUT "SUCCESS - files match: $input, $clear\n");
-      }
-      else
-      {
-         print( "ERROR: files don't match\n");
-         print( OUT "ERROR: files don't match\n");
-      }
-
-      do_wait();
-
-   } # end foreach
-
-   # delete the temporary files
-   unlink($cipher);
-   unlink($clear);
-}
-
-
-############################################################################
-sub pem_tests
-{
-   my $i;
-   my $tmp_out;
-   my $outFile = "$output_path\\pem.out";
-
-   my %pem_tests = (
-         "crl"      => "testcrl.pem",
-          "pkcs7"   => "testp7.pem",
-          "req"     => "testreq2.pem",
-          "rsa"     => "testrsa.pem",
-          "x509"    => "testx509.pem",
-          "x509"    => "v3-cert1.pem",
-          "sess_id" => "testsid.pem"  );
-
-
-   print( "\nRUNNING PEM TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "PEM TESTS:\n\n");
-
-   foreach $i (keys(%pem_tests))
-   {
-      log_desc( "Testing: $i");
-
-      my $input = "$test_path\\$pem_tests{$i}";
-
-      $tmp_out = "$output_path\\$pem_tests{$i}";
-
-      if ($i ne "req" )
-      {
-         system("openssl2 $i -in $input -out $tmp_out > $outFile");
-         log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
-      }
-      else
-      {
-         system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile");
-         log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
-      }
-
-      $x = compare_files( $input, $tmp_out);
-      if ( $x == 0 )
-      {
-         print( "SUCCESS - files match: $input, $tmp_out\n");
-         print( OUT "SUCCESS - files match: $input, $tmp_out\n");
-      }
-      else
-      {
-         print( "ERROR: files don't match\n");
-         print( OUT "ERROR: files don't match\n");
-      }
-      do_wait();
-
-   } # end foreach
-}
-
-
-############################################################################
-sub verify_tests
-{
-   my $i;
-   my $outFile = "$output_path\\verify.out";
-
-   my @cert_files = <$cert_path\\*.pem>;
-
-   print( "\nRUNNING VERIFY TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "VERIFY TESTS:\n\n");
-
-   make_tmp_cert_file();
-
-   foreach $i (@cert_files)
-   {
-      system("openssl2 verify -CAfile $tmp_cert $i >$outFile");
-      log_desc("Verifying cert: $i");
-      log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
-   }
-}
-
-
-############################################################################
-sub ssl_tests
-{
-   my $outFile = "$output_path\\ssl_tst.out";
-
-   print( "\nRUNNING SSL TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "SSL TESTS:\n\n");
-
-   make_tmp_cert_file();
-
-   system("ssltest -ssl2 >$outFile");
-   log_desc("Testing sslv2:");
-   log_output("ssltest -ssl2", $outFile);
-
-   system("ssltest -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2 with server authentication:");
-   log_output("ssltest -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2 with client authentication:");
-   log_output("ssltest -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2 with both client and server authentication:");
-   log_output("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -ssl3 >$outFile");
-   log_desc("Testing sslv3:");
-   log_output("ssltest -ssl3", $outFile);
-
-   system("ssltest -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv3 with server authentication:");
-   log_output("ssltest -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv3 with client authentication:");
-   log_output("ssltest -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv3 with both client and server authentication:");
-   log_output("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest >$outFile");
-   log_desc("Testing sslv2/sslv3:");
-   log_output("ssltest", $outFile);
-
-   system("ssltest -server_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2/sslv3 with server authentication:");
-   log_output("ssltest -server_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2/sslv3 with client authentication:");
-   log_output("ssltest -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -server_auth -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2/sslv3 with both client and server authentication:");
-   log_output("ssltest -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -bio_pair -ssl2 >$outFile");
-   log_desc("Testing sslv2 via BIO pair:");
-   log_output("ssltest -bio_pair -ssl2", $outFile);
-
-   system("ssltest -bio_pair -dhe1024dsa -v >$outFile");
-   log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
-   log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
-
-   system("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2 with server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2 with client authentication via BIO pair:");
-   log_output("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -bio_pair -ssl3 >$outFile");
-   log_desc("Testing sslv3 via BIO pair:");
-   log_output("ssltest -bio_pair -ssl3", $outFile);
-
-   system("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv3 with server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv3 with client authentication  via BIO pair:");
-   log_output("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -bio_pair >$outFile");
-   log_desc("Testing sslv2/sslv3 via BIO pair:");
-   log_output("ssltest -bio_pair", $outFile);
-
-   system("ssltest -bio_pair -server_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -server_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -bio_pair -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
-   log_output("ssltest -bio_pair -client_auth -CAfile $tmp_cert", $outFile);
-
-   system("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert >$outFile");
-   log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-}
-
-
-############################################################################
-sub ca_tests
-{
-   my $outFile = "$output_path\\ca_tst.out";
-
-   my($CAkey)     = "$output_path\\keyCA.ss";
-   my($CAcert)    = "$output_path\\certCA.ss";
-   my($CAserial)  = "$output_path\\certCA.srl";
-   my($CAreq)     = "$output_path\\reqCA.ss";
-   my($CAreq2)    = "$output_path\\req2CA.ss";
-
-   my($CAconf)    = "$test_path\\CAss.cnf";
-
-   my($Uconf)     = "$test_path\\Uss.cnf";
-
-   my($Ukey)      = "$output_path\\keyU.ss";
-   my($Ureq)      = "$output_path\\reqU.ss";
-   my($Ucert)     = "$output_path\\certU.ss";
-
-   print( "\nRUNNING CA TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "CA TESTS:\n");
-
-   system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile");
-   log_desc("Make a certificate request using req:");
-   log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
-
-   system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile");
-   log_desc("Convert the certificate request into a self signed certificate using x509:");
-   log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
-
-   system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile");
-   log_desc("Convert a certificate into a certificate request using 'x509':");
-   log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
-
-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile");
-   log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
-
-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile");
-   log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
-
-   system("openssl2 verify -CAfile $CAcert $CAcert >$outFile");
-   log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
-
-   system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile");
-   log_desc("Make another certificate request using req:");
-   log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
-
-   system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile");
-   log_desc("Sign certificate request with the just created CA via x509:");
-   log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
-
-   system("openssl2 verify -CAfile $CAcert $Ucert >$outFile");
-   log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
-
-   system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile");
-   log_desc("Certificate details");
-   log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
-
-   print(OUT "-- \n");
-   print(OUT "The generated CA certificate is $CAcert\n");
-   print(OUT "The generated CA private key is $CAkey\n");
-   print(OUT "The current CA signing serial number is in $CAserial\n");
-
-   print(OUT "The generated user certificate is $Ucert\n");
-   print(OUT "The generated user private key is $Ukey\n");
-   print(OUT "--\n");
-}
-
-############################################################################
-sub log_output( $ $ )
-{
-   my( $desc, $file ) = @_;
-   my($error) = 0;
-   my($key);
-   my($msg);
-
-   if ($desc)
-   {
-      print("$desc\n");
-      print(OUT "$desc\n");
-   }
-
-      # loop waiting for test program to complete
-   while ( stat($file) == 0)
-      { print(". "); sleep(1); }
-
-
-      # copy test output to log file
-   open(IN, "<$file");
-   while (<IN>)
-   { 
-      print(OUT $_); 
-      if ( $_ =~ /ERROR/ )
-      {
-         $error = 1;
-      }
-   }
-      # close and delete the temporary test output file
-   close(IN);
-   unlink($file);
-
-   if ( $error == 0 )
-   {
-      $msg = "Test Succeeded";
-   }
-   else
-   {
-      $msg = "Test Failed";
-   }
-
-   print(OUT "$msg\n");
-
-   if ($pause)
-   {
-      print("$msg - press ENTER to continue...");
-      $key = getc;
-      print("\n");
-   }
-      
-      # Several of the testing scripts run a loop loading the 
-      # same NLM with different options.
-      # On slow NetWare machines there appears to be some delay in the 
-      # OS actually unloading the test nlms and the OS complains about.
-      # the NLM already being loaded.  This additional pause is to 
-      # to help provide a little more time for unloading before trying to 
-      # load again.
-   sleep(1);
-}
-
-
-############################################################################
-sub log_desc( $ )
-{
-   my( $desc ) = @_;
-
-   print("\n");
-   print("$desc\n");
-
-   print(OUT "\n");
-   print(OUT "$desc\n");
-   print(OUT "======================================\n");
-}
-
-############################################################################
-sub compare_files( $ $ $ )
-{
-   my( $file1, $file2, $binary ) = @_;
-   my( $n1, $n2, $b1, $b2 );
-   my($ret) = 1;
-
-   open(IN0, $file1) || die "\nunable to open $file1\n";
-   open(IN1, $file2) || die "\nunable to open $file2\n";
-
-  if ($binary)
-  {
-      binmode IN0;
-      binmode IN1;
-  }
-
-   for (;;)
-   {
-      $n1 = read(IN0, $b1, 512);
-      $n2 = read(IN1, $b2, 512);
-
-      if ($n1 != $n2) {last;}
-      if ($b1 != $b2) {last;}
-
-      if ($n1 == 0)
-      {
-         $ret = 0;
-         last;
-      }
-   }
-   close(IN0);
-   close(IN1);
-   return($ret);
-}
-
-############################################################################
-sub do_wait()
-{
-   my($key);
-
-   if ($pause)
-   {
-      print("Press ENTER to continue...");
-      $key = getc;
-      print("\n");
-   }
-}
-
-
-############################################################################
-sub make_tmp_cert_file()
-{
-   my @cert_files = <$cert_path\\*.pem>;
-
-      # delete the file if it already exists
-   unlink($tmp_cert);
-
-   open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
-
-   print("building temporary cert file\n");
-   
-   # create a temporary cert file that contains all the certs
-   foreach $i (@cert_files)
-   {
-      open( IN_CERT, $i ) || die "\nunable to open $i\n";
-
-      for(;;)
-      {
-         $n = sysread(IN_CERT, $data, 1024);
-
-         if ($n == 0)
-         {
-            close(IN_CERT);
-            last;
-         };
-
-         syswrite(TMP_CERT, $data, $n);
-      }
-   }
-
-   close( TMP_CERT );
-}

Netware/globals.txt

@@ -1,254 +0,0 @@
-An initial review of the OpenSSL code was done to determine how many 
-global variables where present.  The idea was to determine the amount of 
-work required to pull the globals into an instance data structure in 
-order to build a Library NLM for NetWare.  This file contains the results 
-of the review.  Each file is listed along with the globals in the file.  
-The initial review was done very quickly so this list is probably
-not a comprehensive list.
-
-
-cryptlib.c
-===========================================
-
-static STACK *app_locks=NULL;
-
-static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
-
-static void (MS_FAR *locking_callback)(int mode,int type,
-   const char *file,int line)=NULL;
-static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-   int type,const char *file,int line)=NULL;
-static unsigned long (MS_FAR *id_callback)(void)=NULL;
-static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
-   (const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_lock_callback)(int mode,
-   struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
-   const char *file,int line)=NULL;
-
-
-mem.c
-===========================================
-static int allow_customize = 1;      /* we provide flexible functions for */
-static int allow_customize_debug = 1;/* exchanging memory-related functions at
-
-/* may be changed as long as `allow_customize' is set */
-static void *(*malloc_locked_func)(size_t)  = malloc;
-static void (*free_locked_func)(void *)     = free;
-static void *(*malloc_func)(size_t)         = malloc;
-static void *(*realloc_func)(void *, size_t)= realloc;
-static void (*free_func)(void *)            = free;
-
-/* use default functions from mem_dbg.c */
-static void (*malloc_debug_func)(void *,int,const char *,int,int)
-   = CRYPTO_dbg_malloc;
-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
-   = CRYPTO_dbg_realloc;
-static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
-static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
-static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
-
-
-mem_dbg.c
-===========================================
-static int mh_mode=CRYPTO_MEM_CHECK_OFF;
-static unsigned long order = 0; /* number of memory requests */
-static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */
-
-static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */
-static long options =             /* extra information to be recorded */
-static unsigned long disabling_thread = 0;
-
-
-err.c
-===========================================
-static LHASH *error_hash=NULL;
-static LHASH *thread_hash=NULL;
-
-several files have routines with static "init" to track if error strings
-   have been loaded ( may not want seperate error strings for each process )
-   The "init" variable can't be left "global" because the error has is a ptr
-   that is malloc'ed.  The malloc'ed error has is dependant on the "init"
-   vars.
-
-   files:
-      pem_err.c
-      cpt_err.c
-      pk12err.c
-      asn1_err.c
-      bio_err.c
-      bn_err.c
-      buf_err.c
-      comp_err.c
-      conf_err.c
-      cpt_err.c
-      dh_err.c
-      dsa_err.c
-      dso_err.c
-      evp_err.c
-      obj_err.c
-      pkcs7err.c
-      rand_err.c
-      rsa_err.c
-      rsar_err.c
-      ssl_err.c
-      x509_err.c
-      v3err.c
-		err.c
-
-These file have similar "init" globals but they are for other stuff not
-error strings:
-
-		bn_lib.c
-		ecc_enc.c
-		s23_clnt.c
-		s23_meth.c
-		s23_srvr.c
-		s2_clnt.c
-		s2_lib.c
-		s2_meth.c
-		s2_srvr.c
-		s3_clnt.c
-		s3_lib.c
-		s3_srvr.c
-		t1_clnt.c
-		t1_meth.c
-		t1_srvr.c
-
-rand_lib.c
-===========================================
-static RAND_METHOD *rand_meth= &rand_ssleay_meth;
-
-md_rand.c
-===========================================
-static int state_num=0,state_index=0;
-static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
-static unsigned char md[MD_DIGEST_LENGTH];
-static long md_count[2]={0,0};
-static double entropy=0;
-static int initialized=0;
-
-/* This should be set to 1 only when ssleay_rand_add() is called inside
-   an already locked state, so it doesn't try to lock and thereby cause
-   a hang.  And it should always be reset back to 0 before unlocking. */
-static int add_do_not_lock=0;
-
-obj_dat.c
-============================================
-static int new_nid=NUM_NID;
-static LHASH *added=NULL;
-
-b_sock.c
-===========================================
-static unsigned long BIO_ghbn_hits=0L;
-static unsigned long BIO_ghbn_miss=0L;
-static struct ghbn_cache_st
-   {
-   char name[129];
-   struct hostent *ent;
-   unsigned long order;
-   } ghbn_cache[GHBN_NUM];
-
-static int wsa_init_done=0;
-
-
-bio_lib.c
-===========================================
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL;
-static int bio_meth_num=0;
-
-
-bn_lib.c
-========================================
-static int bn_limit_bits=0;
-static int bn_limit_num=8;        /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low=0;
-static int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high=0;
-static int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont=0;
-static int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
-
-conf_lib.c
-========================================
-static CONF_METHOD *default_CONF_method=NULL;
-
-dh_lib.c
-========================================
-static DH_METHOD *default_DH_method;
-static int dh_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
-
-dsa_lib.c
-========================================
-static DSA_METHOD *default_DSA_method;
-static int dsa_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
-
-dso_lib.c
-========================================
-static DSO_METHOD *default_DSO_meth = NULL;
-
-rsa_lib.c
-========================================
-static RSA_METHOD *default_RSA_meth=NULL;
-static int rsa_meth_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
-
-x509_trs.c
-=======================================
-static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
-static STACK_OF(X509_TRUST) *trtable = NULL;
-
-x509_req.c
-=======================================
-static int *ext_nids = ext_nid_list;
-
-o_names.c
-======================================
-static LHASH *names_lh=NULL;
-static STACK_OF(NAME_FUNCS) *name_funcs_stack;
-static int free_type;
-static int names_type_num=OBJ_NAME_TYPE_NUM;
-
-
-th-lock.c - NEED to add support for locking for NetWare
-==============================================
-static long *lock_count;
-(other platform specific globals)
-
-x_x509.c
-==============================================
-static int x509_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
-
-
-evp_pbe.c
-============================================
-static STACK *pbe_algs;
-
-evp_key.c
-============================================
-static char prompt_string[80];
-
-ssl_ciph.c
-============================================
-static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
-
-ssl_lib.c
-=============================================
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
-static int ssl_meth_num=0;
-static int ssl_ctx_meth_num=0;
-
-ssl_sess.c
-=============================================
-static int ssl_session_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
-
-x509_vfy.c
-============================================
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
-static int x509_store_ctx_num=0;
-

Netware/readme.txt

@@ -1,19 +0,0 @@
-
-Contents of the openssl\netware directory
-==========================================
-
-Regular files:
-
-readme.txt     - this file
-do_tests.pl    - perl script used to run the OpenSSL tests on NetWare
-cpy_tests.bat  - batch to to copy test stuff to NetWare server
-build.bat      - batch file to help with builds
-set_env.bat    - batch file to help setup build environments
-globals.txt    - results of initial code review to identify OpenSSL global variables
-
-
-The following files are generated by the various scripts.  They are
-recreated each time and it is okay to delete them.
-
-*.def - command files used by Metrowerks linker
-*.mak - make files generated by mk1mf.pl

Netware/set_env.bat

@@ -1,90 +0,0 @@
-@echo off
-
-rem ========================================================================
-rem   Batch file to assist in setting up the necessary enviroment for
-rem   building OpenSSL for NetWare.
-rem
-rem   usage:
-rem      set_env [target]
-rem
-rem      target      - "netware-clib" - Clib build
-rem                  - "netware-libc" - LibC build
-rem
-rem
-
-if "a%1" == "a" goto usage
-               
-set LIBC_BUILD=
-set CLIB_BUILD=
-
-if "%1" == "netware-clib" set CLIB_BUILD=Y
-if "%1" == "netware-clib" set LIBC_BUILD=
-
-if "%1" == "netware-libc"  set LIBC_BUILD=Y
-if "%1" == "netware-libc"  set CLIB_BUILD=
-
-rem   Location of tools (compiler, linker, etc)
-set TOOLS=d:\i_drive\tools
-
-rem   If Perl for Win32 is not already in your path, add it here
-set PERL_PATH=
-
-rem   Define path to the Metrowerks command line tools
-rem   ( compiler, assembler, linker)
-set METROWERKS_PATH=%TOOLS%\codewar\pdk_21\tools\command line tools
-rem set METROWERKS_PATH=%TOOLS%\codewar\PDK_40\Other Metrowerks Tools\Command Line Tools
-
-rem   If using gnu make define path to utility
-set GNU_MAKE_PATH=%TOOLS%\gnu
-
-rem   If using ms nmake define path to nmake
-set MS_NMAKE_PATH=%TOOLS%\msvc\600\bin
-
-rem   If using NASM assembler define path
-set NASM_PATH=%TOOLS%\nasm
-
-rem   Update path to include tool paths
-set path=%path%;%METROWERKS_PATH%
-if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
-if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
-if not "%NASM_PATH%"     == "" set path=%path%;%NASM_PATH%
-if not "%PERL_PATH%"     == "" set path=%path%;%PERL_PATH%
-
-rem   Set MWCIncludes to location of Novell NDK includes
-if "%LIBC_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\libc\include;%TOOLS%\ndk\libc\include\winsock;.\engines
-if "%CLIB_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\nwsdk\include\nlm;.\engines
-set include=
-
-rem   Set Imports to location of Novell NDK import files
-if "%LIBC_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\libc\imports
-if "%CLIB_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\nwsdk\imports
-
-rem   Set PRELUDE to the absolute path of the prelude object to link with in
-rem   the Metrowerks NetWare PDK - NOTE: for Clib builds "nwpre.obj" is 
-rem   recommended, for LibC NKS builds libcpre.o must be used
-if "%LIBC_BUILD%" == "Y" set PRELUDE=%TOOLS%\ndk\libc\imports\libcpre.o
-if "%CLIB_BUILD%" == "Y" set PRELUDE=%TOOLS%\codewar\pdk_21\novell support\metrowerks support\libraries\runtime\nwpre.obj
-
-
-if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
-if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..." 
-
-if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
-if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..." 
-goto end
-
-:usage
-rem ===============================================================
-echo .
-echo . No target build specified!
-echo .
-echo . usage: set_env [target]
-echo .
-echo .   target      - "netware-clib" - Clib build
-echo .               - "netware-libc" - LibC build
-echo .
-
-
-
-:end
-

PROBLEMS

@@ -12,8 +12,8 @@ along the whole library path before it bothers looking for .a libraries.  This
 means that -L switches won't matter unless OpenSSL is built with shared
 library support.
 
-The workaround may be to change the following lines in apps/Makefile.ssl and
-test/Makefile.ssl:
+The workaround may be to change the following lines in apps/Makefile and
+test/Makefile:
 
   LIBCRYPTO=-L.. -lcrypto
   LIBSSL=-L.. -lssl

README

@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.8-dev XX xxx XXXX
+ OpenSSL 0.9.7d 17 Mar 2004
 
- Copyright (c) 1998-2002 The OpenSSL Project
+ Copyright (c) 1998-2004 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
@@ -154,7 +154,7 @@
     - Stack Traceback (if the application dumps core)
 
  Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/rt2.html) by mail to:
+ (http://www.openssl.org/support/rt2.html) by mail to:
 
     openssl-bugs@openssl.org
 
@@ -185,4 +185,3 @@
  # ./Configure dist; make clean
  # cd ..
  # diff -ur openssl-orig openssl-work > mydiffs.patch
-

STATUS

@@ -1,12 +1,19 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2003/02/28 15:17:45 $
+  ______________                           $Date: 2004/03/23 15:00:59 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7d: Released on March     17th, 2004
+    o  OpenSSL 0.9.7c: Released on September 30th, 2003
+    o  OpenSSL 0.9.7b: Released on April     10th, 2003
     o  OpenSSL 0.9.7a: Released on February  19th, 2003
     o  OpenSSL 0.9.7:  Released on December  31st, 2002
+    o  OpenSSL 0.9.6m: Released on March     17th, 2004
+    o  OpenSSL 0.9.6l: Released on November   4th, 2003
+    o  OpenSSL 0.9.6k: Released on September 30th, 2003
+    o  OpenSSL 0.9.6j: Released on April     10th, 2003
     o  OpenSSL 0.9.6i: Released on February  19th, 2003
     o  OpenSSL 0.9.6h: Released on December   5th, 2002
     o  OpenSSL 0.9.6g: Released on August     9th, 2002
@@ -54,17 +61,9 @@
 	Shared library support for VMS.
 	Kerberos 5 authentication (Heimdal)
 	Constification
-	Compression
-	Attribute Certificate support
-	Certificate Pair support
-	Storage Engines (primarly an LDAP storage engine)
-	Certificate chain validation with full RFC 3280 compatibility
 
   NEEDS PATCH
 
-    o  0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not
-       handle ECCdraft cipher suites correctly.
-
     o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
 
     o  "OpenSSL STATUS" is never up-to-date.

TABLE

@@ -634,7 +634,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
 $bn_obj       = 
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
@@ -659,7 +659,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR
 $bn_obj       = 
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
@@ -1500,34 +1500,9 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
-*** debug-Cygwin
-$cc           = gcc
-$cflags       = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
-$unistd       = 
-$thread_cflag = 
-$sys_id       = CYGWIN32
-$lflags       = 
-$bn_ops       = 
-$bn_obj       = 
-$des_obj      = win32
-$bf_obj       = cygwin-shared
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = .dll
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** debug-ben
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -1552,7 +1527,7 @@ $arflags      =
 
 *** debug-ben-debug
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -1575,6 +1550,31 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
+*** debug-ben-fips-debug
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_FIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
 *** debug-ben-openbsd
 $cc           = gcc
 $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe
@@ -1675,34 +1675,9 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
-*** debug-geoff
-$cc           = gcc
-$cflags       = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DBN_CTX_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -ldl
-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** debug-levitte-linux-elf
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1727,7 +1702,7 @@ $arflags      =
 
 *** debug-levitte-linux-elf-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1752,7 +1727,7 @@ $arflags      =
 
 *** debug-levitte-linux-noasm
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1777,7 +1752,7 @@ $arflags      =
 
 *** debug-levitte-linux-noasm-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2002,16 +1977,16 @@ $arflags      =
 
 *** debug-solaris-sparcv9-gcc
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$sys_id       = ULTRASPARC
+$sys_id       = 
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8plus.o
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
-$md5_obj      = asm/md5-sparcv8plus.o
+$md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -2027,7 +2002,7 @@ $arflags      =
 
 *** debug-steve
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2043,7 +2018,7 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
-$shared_target= linux-shared
+$shared_target= 
 $shared_cflag = 
 $shared_ldflag = 
 $shared_extension = 
@@ -2060,7 +2035,7 @@ $lflags       = -rdynamic -ldl
 $bn_ops       = SIXTY_FOUR_BIT
 $bn_obj       = 
 $des_obj      = dlfcn
-$bf_obj       = linux-shared
+$bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
@@ -2077,21 +2052,21 @@ $arflags      =
 
 *** debug-ulf
 $cc           = gcc
-$cflags       = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
 $unistd       = 
-$thread_cflag = 
-$sys_id       = CYGWIN32
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
 $lflags       = 
-$bn_ops       = 
-$bn_obj       = 
-$des_obj      = win32
-$bf_obj       = cygwin-shared
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = .dll
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
@@ -2350,31 +2325,6 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
-*** hpux-ia64-gcc
-$cc           = gcc
-$cflags       = -O3 -DB_ENDIAN -D_ILP32
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
-$bn_obj       = asm/ia64.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= hpux-shared
-$shared_cflag = -fpic
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** hpux-m68k-gcc
 $cc           = gcc
 $cflags       = -DB_ENDIAN -DBN_DIV2W -O3
@@ -2525,31 +2475,6 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
-*** hpux-parisc2-gcc
-$cc           = gcc
-$cflags       = -march=2.0 -O3 -DB_ENDIAN
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -Wl,+s -ldld
-$bn_ops       = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1
-$bn_obj       = asm/pa-risc2.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dl
-$shared_target= hpux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = 
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** hpux10-brokencc
 $cc           = cc
 $cflags       = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z
@@ -2675,15 +2600,15 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
-*** hpux64-ia64-gcc
-$cc           = gcc
-$cflags       = -mlp64 -O3 -DB_ENDIAN
+*** hpux64-parisc-cc
+$cc           = cc
+$cflags       = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
-$bn_obj       = asm/ia64.o
+$bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -2693,10 +2618,10 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
-$shared_target= hpux-shared
-$shared_cflag = -fpic
+$shared_target= hpux64-shared
+$shared_cflag = +Z
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -2752,7 +2677,7 @@ $arflags      =
 
 *** hpux64-parisc2-gcc
 $cc           = gcc
-$cflags       = -O3 -DB_ENDIAN
+$cflags       = -O3 -DB_ENDIAN -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -3125,31 +3050,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
-*** linux-ia32-icc
-$cc           = icc
-$cflags       = -DL_ENDIAN -DTERMIO -O2
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -ldl
-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
-$bf_obj       = asm/bx86-elf.o
-$md5_obj      = asm/mx86-elf.o
-$sha1_obj     = asm/sx86-elf.o
-$cast_obj     = asm/cx86-elf.o
-$rc4_obj      = asm/rx86-elf.o
-$rmd160_obj   = asm/rm86-elf.o
-$rc5_obj      = asm/r586-elf.o
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -KPIC
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** linux-ia64
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
@@ -3484,7 +3384,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8.o
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
@@ -3509,7 +3409,7 @@ $sys_id       = ULTRASPARC
 $lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8plus.o
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = asm/md5-sparcv8plus.o
 $sha1_obj     = 
@@ -3559,7 +3459,7 @@ $sys_id       = ULTRASPARC
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = 
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = asm/md5-sparcv9.o
 $sha1_obj     = 
@@ -3625,56 +3525,6 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
-*** netware-clib
-$cc           = mwccnlm
-$cflags       = 
-$unistd       = 
-$thread_cflag = 
-$sys_id       = 
-$lflags       = RC4_INDEX MD2_INT
-$bn_ops       = 
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
-*** netware-libc
-$cc           = mwccnlm
-$cflags       = 
-$unistd       = 
-$thread_cflag = 
-$sys_id       = 
-$lflags       = BN_LLONG RC4_INDEX MD2_INT
-$bn_ops       = 
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** newsos4-gcc
 $cc           = gcc
 $cflags       = -O -DB_ENDIAN
@@ -4009,7 +3859,7 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8.o
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
@@ -4034,7 +3884,7 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8.o
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
@@ -4059,7 +3909,7 @@ $sys_id       = ULTRASPARC
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8plus.o
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = asm/md5-sparcv8plus.o
 $sha1_obj     = 
@@ -4084,7 +3934,7 @@ $sys_id       = ULTRASPARC
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8plus.o
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = asm/md5-sparcv8plus.o
 $sha1_obj     = 
@@ -4109,7 +3959,7 @@ $sys_id       = ULTRASPARC
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8plus-gcc27.o
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = asm/md5-sparcv8plus-gcc27.o
 $sha1_obj     = 
@@ -4184,7 +4034,7 @@ $sys_id       = ULTRASPARC
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $bn_obj       = 
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = asm/md5-sparcv9.o
 $sha1_obj     = 
@@ -4209,7 +4059,32 @@ $sys_id       = ULTRASPARC
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $bn_obj       = 
-$des_obj      = asm/des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = -m64 -shared
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris64-sparcv9-gcc31
+$cc           = gcc
+$cflags       = -mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
 $bf_obj       = 
 $md5_obj      = asm/md5-sparcv9.o
 $sha1_obj     = 

VMS/mkshared.com

@@ -285,7 +285,6 @@ $       if alg_entry .eqs. "" then goto loop2
 $       if alg_entry .nes. ","
 $       then
 $         if alg_entry .eqs. "KRB5" then goto loop ! Special for now
-$	  if alg_entry .eqs. "STATIC_ENGINE" then goto loop ! Special for now
 $         if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
 $	  goto loop2
 $       endif

VMS/tcpip_shr_decc.opt

@@ -0,0 +1 @@
+sys$share:tcpip$ipc_shr.exe/share

apps/CA.pl.in

@@ -37,8 +37,7 @@
 # demoCA ... where everything is stored
 
 $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
-$DAYS="-days 365";	# 1 year
-$CADAYS="-days 1095";	# 3 years
+$DAYS="-days 365";
 $REQ="openssl req $SSLEAY_CONFIG";
 $CA="openssl ca $SSLEAY_CONFIG";
 $VERIFY="openssl verify";
@@ -47,7 +46,6 @@ $PKCS12="openssl pkcs12";
 
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";
-$CAREQ="careq.pem";
 $CACERT="cacert.pem";
 
 $DIRMODE = 0777;
@@ -84,9 +82,6 @@ foreach (@ARGV) {
 		mkdir "${CATOP}/crl", $DIRMODE ;
 		mkdir "${CATOP}/newcerts", $DIRMODE;
 		mkdir "${CATOP}/private", $DIRMODE;
-		open OUT, ">${CATOP}/serial";
-		print OUT "01\n";
-		close OUT;
 		open OUT, ">${CATOP}/index.txt";
 		close OUT;
 	    }
@@ -103,14 +98,15 @@ foreach (@ARGV) {
 		    $RET=$?;
 		} else {
 		    print "Making CA certificate ...\n";
-		    system ("$REQ -new -keyout " .
-			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
-		    system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " . 
-			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
-			"-infiles ${CATOP}/$CAREQ ");
+		    system ("$REQ -new -x509 -keyout " .
+			"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
 		    $RET=$?;
 		}
 	    }
+	    if (! -f "${CATOP}/serial" ) {
+		system ("$X509 -in ${CATOP}/$CACERT -noout "
+			. "-next_serial -out ${CATOP}/serial");
+	    }
 	} elsif (/^-pkcs12$/) {
 	    my $cname = $ARGV[1];
 	    $cname = "My Certificate" unless defined $cname;

apps/CA.sh

@@ -30,8 +30,7 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
-DAYS="-days 365"	# 1 year
-CADAYS="-days 1095"	# 3 years
+DAYS="-days 365"
 REQ="openssl req $SSLEAY_CONFIG"
 CA="openssl ca $SSLEAY_CONFIG"
 VERIFY="openssl verify"
@@ -39,7 +38,6 @@ X509="openssl x509"
 
 CATOP=./demoCA
 CAKEY=./cakey.pem
-CAREQ=./careq.pem
 CACERT=./cacert.pem
 
 for i
@@ -72,7 +70,7 @@ case $i in
 	mkdir ${CATOP}/crl 
 	mkdir ${CATOP}/newcerts
 	mkdir ${CATOP}/private
-	echo "00" > ${CATOP}/serial
+	echo "01" > ${CATOP}/serial
 	touch ${CATOP}/index.txt
     fi
     if [ ! -f ${CATOP}/private/$CAKEY ]; then
@@ -85,11 +83,8 @@ case $i in
 	    RET=$?
 	else
 	    echo "Making CA certificate ..."
-	    $REQ -new -keyout ${CATOP}/private/$CAKEY \
-			   -out ${CATOP}/$CAREQ
-	    $CA -out ${CATOP}/$CACERT $CADAYS -batch \
-			   -keyfile ${CATOP}/private/$CAKEY -selfsign \
-			   -infiles ${CATOP}/$CAREQ 
+	    $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
+			   -out ${CATOP}/$CACERT $DAYS
 	    RET=$?
 	fi
     fi

apps/Makefile.ssl

@@ -1,998 +0,0 @@
-#
-#  apps/Makefile.ssl
-#
-
-DIR=		apps
-TOP=		..
-CC=		cc
-INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)
-CFLAG=		-g -static
-INSTALL_PREFIX=
-INSTALLTOP=	/usr/local/ssl
-OPENSSLDIR=	/usr/local/ssl
-NEWMAKE=	make
-MAKE=		$(NEWMAKE) -f Makefile.ssl
-MAKEDEPPROG=	makedepend
-MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=	Makefile.ssl
-PERL=		perl
-RM=		rm -f
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-PEX_LIBS=
-EX_LIBS= 
-EXE_EXT= 
-
-SHLIB_TARGET=
-
-CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile makeapps.com install.com
-
-DLIBCRYPTO=../libcrypto.a
-DLIBSSL=../libssl.a
-LIBCRYPTO=-L.. -lcrypto
-LIBSSL=-L.. -lssl
-
-PROGRAM= openssl
-
-SCRIPTS=CA.sh CA.pl der_chop
-
-EXE= $(PROGRAM)$(EXE_EXT)
-
-E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
-	ca crl rsa rsautl dsa dsaparam ec ecparam \
-	x509 genrsa gendsa s_server s_client speed \
-	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
-	pkcs8 spkac smime rand engine ocsp
-
-PROGS= $(PROGRAM).c
-
-A_OBJ=apps.o
-A_SRC=apps.c
-S_OBJ=	s_cb.o s_socket.o
-S_SRC=	s_cb.c s_socket.c
-RAND_OBJ=app_rand.o
-RAND_SRC=app_rand.c
-
-E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
-	ca.o pkcs7.o crl2p7.o crl.o \
-	rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
-	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
-	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o
-
-E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
-	pkcs7.c crl2p7.c crl.c \
-	rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
-	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
-	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
-	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c
-
-SRC=$(E_SRC)
-
-EXHEADER=
-HEADER=	apps.h progs.h s_apps.h \
-	testdsa.h testrsa.h \
-	$(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	@(cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all:	exe
-
-exe:	$(PROGRAM)
-
-req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
-	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-		shlib_target="$(SHLIB_TARGET)"; \
-	fi; \
-	$(NEWMAKE) -f $(TOP)/Makefile.shared \
-		APPNAME=req LDFLAGS="$(CFLAG)" \
-		OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
-		LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
-		LIBRPATH=$(INSTALLTOP)/lib \
-		link_app.$${shlib_target}
-
-sreq.o: req.c 
-	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-install:
-	@set -e; for i in $(EXE); \
-	do  \
-	(echo installing $$i; \
-	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
-	 done;
-	@set -e; for i in $(SCRIPTS); \
-	do  \
-	(echo installing $$i; \
-	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
-	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
-	 mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
-	 done
-	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
-	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
-	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
-	rm -f req
-
-$(DLIBSSL):
-	(cd ..; $(MAKE) DIRS=ssl all)
-
-$(DLIBCRYPTO):
-	(cd ..; $(MAKE) DIRS=crypto all)
-
-$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
-	$(RM) $(PROGRAM)
-	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-		shlib_target="$(SHLIB_TARGET)"; \
-	fi; \
-	if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \
-	  LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \
-	else \
-	  LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
-	fi; \
-	$(NEWMAKE) -f $(TOP)/Makefile.shared \
-		APPNAME=$(PROGRAM) LDFLAGS="$(CFLAG)" \
-		OBJECTS="$(PROGRAM).o $(E_OBJ)" \
-		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
-		LIBRPATH=$(INSTALLTOP)/lib \
-		link_app.$${shlib_target}
-	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
-		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
-		LIBPATH="`pwd`:$$LIBPATH"; \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
-		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
-		$(PERL) tools/c_rehash certs)
-
-progs.h: progs.pl
-	$(PERL) progs.pl $(E_EXE) >progs.h
-	$(RM) $(PROGRAM).o
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-app_rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-app_rand.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-app_rand.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h
-app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-app_rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-app_rand.o: ../include/openssl/stack.h ../include/openssl/store.h
-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-app_rand.o: ../include/openssl/ui.h ../include/openssl/x509.h
-app_rand.o: ../include/openssl/x509_vfy.h app_rand.c apps.h
-apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-apps.o: ../include/openssl/engine.h ../include/openssl/err.h
-apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
-apps.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-apps.o: ../include/openssl/x509v3.h apps.c apps.h
-asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-asn1pars.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-asn1pars.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
-asn1pars.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-asn1pars.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-asn1pars.o: ../include/openssl/stack.h ../include/openssl/store.h
-asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-asn1pars.o: ../include/openssl/ui.h ../include/openssl/x509.h
-asn1pars.o: ../include/openssl/x509_vfy.h apps.h asn1pars.c
-ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ca.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ca.o: ../include/openssl/engine.h ../include/openssl/err.h
-ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ca.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ca.o: ../include/openssl/x509v3.h apps.h ca.c
-ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ciphers.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-ciphers.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ciphers.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
-ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ciphers.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ciphers.o: ../include/openssl/stack.h ../include/openssl/store.h
-ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-ciphers.o: ciphers.c
-crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-crl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-crl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-crl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-crl.o: ../include/openssl/engine.h ../include/openssl/err.h
-crl.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-crl.o: ../include/openssl/stack.h ../include/openssl/store.h
-crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl.o: ../include/openssl/ui.h ../include/openssl/x509.h
-crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
-crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-crl2p7.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-crl2p7.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
-crl2p7.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl2p7.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-crl2p7.o: ../include/openssl/stack.h ../include/openssl/store.h
-crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl2p7.o: ../include/openssl/ui.h ../include/openssl/x509.h
-crl2p7.o: ../include/openssl/x509_vfy.h apps.h crl2p7.c
-dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dgst.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-dgst.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
-dgst.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dgst.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dgst.o: ../include/openssl/stack.h ../include/openssl/store.h
-dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dgst.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
-dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-dh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-dh.o: ../include/openssl/engine.h ../include/openssl/err.h
-dh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dh.o: ../include/openssl/stack.h ../include/openssl/store.h
-dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dh.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dh.o: ../include/openssl/x509_vfy.h apps.h dh.c
-dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-dsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-dsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dsa.o: ../include/openssl/stack.h ../include/openssl/store.h
-dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dsa.o: ../include/openssl/x509_vfy.h apps.h dsa.c
-dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
-dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c
-ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ec.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ec.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ec.o: ../include/openssl/engine.h ../include/openssl/err.h
-ec.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ec.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ec.o: ../include/openssl/stack.h ../include/openssl/store.h
-ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-ec.o: ../include/openssl/ui.h ../include/openssl/x509.h
-ec.o: ../include/openssl/x509_vfy.h apps.h ec.c
-ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ecparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ecparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ecparam.o: ../include/openssl/stack.h ../include/openssl/store.h
-ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-ecparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
-ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c
-enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-enc.o: ../include/openssl/engine.h ../include/openssl/err.h
-enc.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enc.o: ../include/openssl/stack.h ../include/openssl/store.h
-enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-enc.o: ../include/openssl/ui.h ../include/openssl/x509.h
-enc.o: ../include/openssl/x509_vfy.h apps.h enc.c
-engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
-engine.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-engine.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-engine.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-engine.o: ../include/openssl/err.h ../include/openssl/evp.h
-engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-engine.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-engine.o: ../include/openssl/stack.h ../include/openssl/store.h
-engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-engine.o: engine.c
-errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
-errstr.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-errstr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-errstr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
-errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-errstr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-errstr.o: ../include/openssl/stack.h ../include/openssl/store.h
-errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-errstr.o: errstr.c
-gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
-gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
-gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c
-gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-gendsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-gendsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-gendsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendsa.o: ../include/openssl/stack.h ../include/openssl/store.h
-gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-gendsa.o: ../include/openssl/x509_vfy.h apps.h gendsa.c
-genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
-genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c
-nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-nseq.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-nseq.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
-nseq.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-nseq.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-nseq.o: ../include/openssl/stack.h ../include/openssl/store.h
-nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-nseq.o: ../include/openssl/ui.h ../include/openssl/x509.h
-nseq.o: ../include/openssl/x509_vfy.h apps.h nseq.c
-ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ocsp.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-ocsp.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ocsp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ocsp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
-ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ocsp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ocsp.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-ocsp.o: ../include/openssl/ui.h ../include/openssl/x509.h
-ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
-openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
-openssl.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-openssl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-openssl.o: ../include/openssl/stack.h ../include/openssl/store.h
-openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-openssl.o: openssl.c progs.h s_apps.h
-passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-passwd.o: ../include/openssl/des.h ../include/openssl/des_old.h
-passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-passwd.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-passwd.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
-passwd.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
-passwd.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c
-pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-pkcs12.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
-pkcs12.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs12.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-pkcs12.o: pkcs12.c
-pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-pkcs7.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
-pkcs7.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-pkcs7.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs7.o: ../include/openssl/stack.h ../include/openssl/store.h
-pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkcs7.o: ../include/openssl/ui.h ../include/openssl/x509.h
-pkcs7.o: ../include/openssl/x509_vfy.h apps.h pkcs7.c
-pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-pkcs8.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
-pkcs8.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs8.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs8.c
-rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-rand.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-rand.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-rand.o: ../include/openssl/engine.h ../include/openssl/err.h
-rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/store.h
-rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rand.o: ../include/openssl/ui.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509_vfy.h apps.h rand.c
-req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/asn1.h
-req.o: ../include/openssl/bio.h ../include/openssl/bn.h
-req.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-req.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-req.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-req.o: ../include/openssl/err.h ../include/openssl/evp.h
-req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
-req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-req.o: ../include/openssl/x509v3.h apps.h req.c
-rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-rsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rsa.o: ../include/openssl/stack.h ../include/openssl/store.h
-rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-rsa.o: ../include/openssl/x509_vfy.h apps.h rsa.c
-rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsautl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-rsautl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-rsautl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
-rsautl.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-rsautl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rsautl.o: ../include/openssl/stack.h ../include/openssl/store.h
-rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rsautl.o: ../include/openssl/ui.h ../include/openssl/x509.h
-rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c
-s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_cb.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_cb.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s_cb.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_cb.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_cb.o: ../include/openssl/stack.h ../include/openssl/store.h
-s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
-s_cb.o: s_cb.c
-s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_client.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_client.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s_client.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_client.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_client.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_client.o: ../include/openssl/stack.h ../include/openssl/store.h
-s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_client.o: s_apps.h s_client.c
-s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_server.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s_server.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
-s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_server.o: s_apps.h s_server.c
-s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_socket.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_socket.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_socket.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_socket.o: ../include/openssl/stack.h ../include/openssl/store.h
-s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_socket.o: s_apps.h s_socket.c
-s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_time.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_time.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s_time.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_time.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_time.o: ../include/openssl/stack.h ../include/openssl/store.h
-s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_time.o: s_apps.h s_time.c
-sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
-sess_id.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-sess_id.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-sess_id.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
-sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-sess_id.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-sess_id.o: ../include/openssl/stack.h ../include/openssl/store.h
-sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-sess_id.o: sess_id.c
-smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-smime.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-smime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-smime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-smime.o: ../include/openssl/engine.h ../include/openssl/err.h
-smime.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-smime.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-smime.o: ../include/openssl/stack.h ../include/openssl/store.h
-smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-smime.o: ../include/openssl/ui.h ../include/openssl/x509.h
-smime.o: ../include/openssl/x509_vfy.h apps.h smime.c
-speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
-speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
-speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-speed.o: ../include/openssl/err.h ../include/openssl/evp.h
-speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
-speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
-speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
-speed.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h
-spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-spkac.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-spkac.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-spkac.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
-spkac.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-spkac.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-spkac.o: ../include/openssl/stack.h ../include/openssl/store.h
-spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-spkac.o: ../include/openssl/ui.h ../include/openssl/x509.h
-spkac.o: ../include/openssl/x509_vfy.h apps.h spkac.c
-verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-verify.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-verify.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-verify.o: ../include/openssl/engine.h ../include/openssl/err.h
-verify.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-verify.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-verify.o: ../include/openssl/stack.h ../include/openssl/store.h
-verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-verify.o: ../include/openssl/ui.h ../include/openssl/x509.h
-verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-verify.o: verify.c
-version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-version.o: ../include/openssl/crypto.h ../include/openssl/des.h
-version.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-version.o: ../include/openssl/err.h ../include/openssl/evp.h
-version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
-version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-version.o: ../include/openssl/rc4.h ../include/openssl/rsa.h
-version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-version.o: ../include/openssl/stack.h ../include/openssl/store.h
-version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-version.o: version.c
-x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-x509.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-x509.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-x509.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-x509.o: ../include/openssl/engine.h ../include/openssl/err.h
-x509.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-x509.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-x509.o: ../include/openssl/stack.h ../include/openssl/store.h
-x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-x509.o: ../include/openssl/ui.h ../include/openssl/x509.h
-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c

apps/apps.c

@@ -250,7 +250,7 @@ int str2fmt(char *s)
 		return(FORMAT_UNDEF);
 	}
 
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
 void program_name(char *in, char *out, int size)
 	{
 	int i,n;
@@ -269,23 +269,12 @@ void program_name(char *in, char *out, int size)
 	if (p == NULL)
 		p=in;
 	n=strlen(p);
-
-#if defined(OPENSSL_SYS_NETWARE)
-   /* strip off trailing .nlm if present. */
-   if ((n > 4) && (p[n-4] == '.') &&
-      ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
-      ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
-      ((p[n-1] == 'm') || (p[n-1] == 'M')))
-      n-=4;
-#else
 	/* strip off trailing .exe if present. */
 	if ((n > 4) && (p[n-4] == '.') &&
 		((p[n-3] == 'e') || (p[n-3] == 'E')) &&
 		((p[n-2] == 'x') || (p[n-2] == 'X')) &&
 		((p[n-1] == 'e') || (p[n-1] == 'E')))
 		n-=4;
-#endif
-
 	if (n > size-1)
 		n=size-1;
 
@@ -341,6 +330,22 @@ void program_name(char *in, char *out, int size)
 #endif
 #endif
 
+#ifdef OPENSSL_SYS_VMS
+int VMS_strcasecmp(const char *str1, const char *str2)
+	{
+	while (*str1 && *str2)
+		{
+		int res = toupper(*str1) - toupper(*str2);
+		if (res) return res < 0 ? -1 : 1;
+		}
+	if (*str1)
+		return 1;
+	if (*str2)
+		return -1;
+	return 0;
+	}
+#endif
+
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
@@ -720,7 +725,7 @@ X509 *load_cert(BIO *err, const char *file, int format,
 		x=d2i_X509_bio(cert,NULL);
 	else if (format == FORMAT_NETSCAPE)
 		{
-		const unsigned char *p,*op;
+		unsigned char *p,*op;
 		int size=0,i;
 
 		/* We sort of have to do it this way because it is sort of nice
@@ -1433,12 +1438,9 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
 			}
 		else
 			{
-			ASN1_INTEGER_set(ai,1);
 			ret=BN_new();
-			if (ret == NULL)
+			if (ret == NULL || !rand_serial(ret, ai))
 				BIO_printf(bio_err, "Out of memory\n");
-			else
-				BN_one(ret);
 			}
 		}
 	else
@@ -1600,6 +1602,33 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
 	return 0;
 	}
 
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
+	{
+	BIGNUM *btmp;
+	int ret = 0;
+	if (b)
+		btmp = b;
+	else
+		btmp = BN_new();
+
+	if (!btmp)
+		return 0;
+
+	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+		goto error;
+	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
+		goto error;
+
+	ret = 1;
+	
+	error:
+
+	if (!b)
+		BN_free(btmp);
+	
+	return ret;
+	}
+
 CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
 	{
 	CA_DB *retdb = NULL;
@@ -1668,10 +1697,23 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
 		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
 		if (p)
 			{
-#ifdef RL_DEBUG
 			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
-#endif
-			retdb->attributes.unique_subject = parse_yesno(p,1);
+			switch(*p)
+				{
+			case 'f': /* false */
+			case 'F': /* FALSE */
+			case 'n': /* no */
+			case 'N': /* NO */
+				retdb->attributes.unique_subject = 0;
+				break;
+			case 't': /* true */
+			case 'T': /* TRUE */
+			case 'y': /* yes */
+			case 'Y': /* YES */
+			default:
+				retdb->attributes.unique_subject = 1;
+				break;
+				}
 			}
 		}
 
@@ -1911,171 +1953,6 @@ void free_index(CA_DB *db)
 		}
 	}
 
-int parse_yesno(char *str, int def)
-	{
-	int ret = def;
-	if (str)
-		{
-		switch (*str)
-			{
-		case 'f': /* false */
-		case 'F': /* FALSE */
-		case 'n': /* no */
-		case 'N': /* NO */
-		case '0': /* 0 */
-			ret = 0;
-			break;
-		case 't': /* true */
-		case 'T': /* TRUE */
-		case 'y': /* yes */
-		case 'Y': /* YES */
-		case '1': /* 1 */
-			ret = 0;
-			break;
-		default:
-			ret = def;
-			break;
-			}
-		}
-	return ret;
-	}
-
-/*
- * subject is expected to be in the format /type0=value0/type1=value1/type2=...
- * where characters may be escaped by \
- */
-X509_NAME *parse_name(char *subject, long chtype, int multirdn)
-	{
-	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
-	char *buf = OPENSSL_malloc(buflen);
-	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
-	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
-	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
-	int *mval = OPENSSL_malloc (max_ne * sizeof (int));
-
-	char *sp = subject, *bp = buf;
-	int i, ne_num = 0;
-
-	X509_NAME *n = NULL;
-	int nid;
-
-	if (!buf || !ne_types || !ne_values)
-		{
-		BIO_printf(bio_err, "malloc error\n");
-		goto error;
-		}	
-
-	if (*subject != '/')
-		{
-		BIO_printf(bio_err, "Subject does not start with '/'.\n");
-		goto error;
-		}
-	sp++; /* skip leading / */
-
-	/* no multivalued RDN by default */
-	mval[ne_num] = 0;
-
-	while (*sp)
-		{
-		/* collect type */
-		ne_types[ne_num] = bp;
-		while (*sp)
-			{
-			if (*sp == '\\') /* is there anything to escape in the type...? */
-				{
-				if (*++sp)
-					*bp++ = *sp++;
-				else	
-					{
-					BIO_printf(bio_err, "escape character at end of string\n");
-					goto error;
-					}
-				}	
-			else if (*sp == '=')
-				{
-				sp++;
-				*bp++ = '\0';
-				break;
-				}
-			else
-				*bp++ = *sp++;
-			}
-		if (!*sp)
-			{
-			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
-			goto error;
-			}
-		ne_values[ne_num] = bp;
-		while (*sp)
-			{
-			if (*sp == '\\')
-				{
-				if (*++sp)
-					*bp++ = *sp++;
-				else
-					{
-					BIO_printf(bio_err, "escape character at end of string\n");
-					goto error;
-					}
-				}
-			else if (*sp == '/')
-				{
-				sp++;
-				/* no multivalued RDN by default */
-				mval[ne_num+1] = 0;
-				break;
-				}
-			else if (*sp == '+' && multirdn)
-				{
-				/* a not escaped + signals a mutlivalued RDN */
-				sp++;
-				mval[ne_num+1] = -1;
-				break;
-				}
-			else
-				*bp++ = *sp++;
-			}
-		*bp++ = '\0';
-		ne_num++;
-		}	
-
-	if (!(n = X509_NAME_new()))
-		goto error;
-
-	for (i = 0; i < ne_num; i++)
-		{
-		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
-			{
-			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
-			continue;
-			}
-
-		if (!*ne_values[i])
-			{
-			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
-			continue;
-			}
-
-		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
-			goto error;
-		}
-
-	OPENSSL_free(ne_values);
-	OPENSSL_free(ne_types);
-	OPENSSL_free(buf);
-	return n;
-
-error:
-	X509_NAME_free(n);
-	if (ne_values)
-		OPENSSL_free(ne_values);
-	if (ne_types)
-		OPENSSL_free(ne_types);
-	if (buf)
-		OPENSSL_free(buf);
-	return NULL;
-}
-
 /* This code MUST COME AFTER anything that uses rename() */
 #ifdef OPENSSL_SYS_WIN32
 int WIN32_rename(char *from, char *to)

apps/apps.h

@@ -162,9 +162,7 @@ extern BIO *bio_err;
 
 #endif
 
-#ifndef OPENSSL_SYS_NETWARE
 #include <signal.h>
-#endif
 
 #ifdef SIGPIPE
 #define do_pipe_sig()	signal(SIGPIPE,SIG_IGN)
@@ -309,15 +307,15 @@ typedef struct ca_db_st
 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
 int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
 CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
 int index_index(CA_DB *db);
 int save_index(char *dbfile, char *suffix, CA_DB *db);
 int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
 void free_index(CA_DB *db);
 int index_name_cmp(const char **a, const char **b);
-int parse_yesno(char *str, int def);
 
-X509_NAME *parse_name(char *str, long chtype, int multirdn);
+X509_NAME *do_subject(char *str, long chtype);
 
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
@@ -338,4 +336,6 @@ X509_NAME *parse_name(char *str, long chtype, int multirdn);
 
 #define APP_PASS_LEN	1024
 
+#define SERIAL_RAND_BITS	64
+
 #endif

apps/asn1pars.c

@@ -82,8 +82,6 @@
 
 int MAIN(int, char **);
 
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
-
 int MAIN(int argc, char **argv)
 	{
 	int i,badops=0,offset=0,ret=1,j;
@@ -92,9 +90,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
 	int informat,indent=0, noout = 0, dump = 0;
 	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
-	char *genstr=NULL, *genconf=NULL;
 	unsigned char *tmpbuf;
-	const unsigned char *ctmpbuf;
 	BUF_MEM *buf=NULL;
 	STACK *osk=NULL;
 	ASN1_TYPE *at=NULL;
@@ -171,16 +167,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			sk_push(osk,*(++argv));
 			}
-		else if (strcmp(*argv,"-genstr") == 0)
-			{
-			if (--argc < 1) goto bad;
-			genstr= *(++argv);
-			}
-		else if (strcmp(*argv,"-genconf") == 0)
-			{
-			if (--argc < 1) goto bad;
-			genconf= *(++argv);
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -209,8 +195,6 @@ bad:
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
-		BIO_printf(bio_err," -genstr str   string to generate ASN1 structure from\n");
-		BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
 		goto end;
 		}
 
@@ -264,19 +248,6 @@ bad:
 	if ((buf=BUF_MEM_new()) == NULL) goto end;
 	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
 
-	if (genstr || genconf)
-		{
-		num = do_generate(bio_err, genstr, genconf, buf);
-		if (num < 0)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-	else
-		{
-
 	if (informat == FORMAT_PEM)
 		{
 		BIO *tmp;
@@ -297,7 +268,6 @@ bad:
 		if (i <= 0) break;
 		num+=i;
 		}
-		}
 	str=buf->data;
 
 	/* If any structs to parse go through in sequence */
@@ -318,8 +288,7 @@ bad:
 			tmpbuf+=j;
 			tmplen-=j;
 			atmp = at;
-			ctmpbuf = tmpbuf;
-			at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
+			at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
 			ASN1_TYPE_free(atmp);
 			if(!at)
 				{
@@ -374,61 +343,3 @@ end:
 	OPENSSL_EXIT(ret);
 	}
 
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
-	{
-	CONF *cnf = NULL;
-	int len;
-	long errline;
-	unsigned char *p;
-	ASN1_TYPE *atyp = NULL;
-
-	if (genconf)
-		{
-		cnf = NCONF_new(NULL);
-		if (!NCONF_load(cnf, genconf, &errline))
-			goto conferr;
-		if (!genstr)
-			genstr = NCONF_get_string(cnf, "default", "asn1");
-		if (!genstr)
-			{
-			BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
-			goto err;
-			}
-		}
-
-	atyp = ASN1_generate_nconf(genstr, cnf);
-	NCONF_free(cnf);
-
-	if (!atyp)
-		return -1;
-
-	len = i2d_ASN1_TYPE(atyp, NULL);
-
-	if (len <= 0)
-		goto err;
-
-	if (!BUF_MEM_grow(buf,len))
-		goto err;
-
-	p=(unsigned char *)buf->data;
-
-	i2d_ASN1_TYPE(atyp, &p);
-
-	ASN1_TYPE_free(atyp);
-	return len;
-
-	conferr:
-
-	if (errline > 0)
-		BIO_printf(bio, "Error on line %ld of config file '%s'\n",
-							errline, genconf);
-	else
-		BIO_printf(bio, "Error loading config file '%s'\n", genconf);
-
-	err:
-	NCONF_free(cnf);
-	ASN1_TYPE_free(atyp);
-
-	return -1;
-
-	}

apps/ca.c

@@ -83,7 +83,7 @@
 #    else
 #      include <unixlib.h>
 #    endif
-#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
+#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
 #    include <sys/file.h>
 #  endif
 #endif
@@ -131,7 +131,6 @@
 #define ENV_NAMEOPT		"name_opt"
 #define ENV_CERTOPT		"cert_opt"
 #define ENV_EXTCOPY		"copy_extensions"
-#define ENV_UNIQUE_SUBJECT	"unique_subject"
 
 #define ENV_DATABASE		"database"
 
@@ -161,7 +160,6 @@ static char *ca_usage[]={
 " -keyform arg    - private key file format (PEM or ENGINE)\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
 " -cert file      - The CA certificate\n",
-" -selfsign       - sign a certificate with the key associated with it\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
 " -out file       - Where to put the output file(s)\n",
 " -outdir dir     - Where to put output certificates\n",
@@ -174,7 +172,6 @@ static char *ca_usage[]={
 " -msie_hack      - msie modifications to handle all those universal strings\n",
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -subj arg       - Use arg instead of request's subject\n",
-" -multivalue-rdn - enable support for multivalued RDNs\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -extfile file   - Configuration file with X509v3 extentions to add\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
@@ -195,31 +192,31 @@ extern int EF_ALIGNMENT;
 static void lookup_fail(char *name,char *tag);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
-		   BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate,
+		   BIGNUM *serial, char *subj, int email_dn, char *startdate,
 		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,
 		   int verbose, unsigned long certopt, unsigned long nameopt,
-		   int default_op, int ext_copy, int selfsign);
+		   int default_op, int ext_copy);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			CA_DB *db, BIGNUM *serial, char *subj, int multirdn, int email_dn,
+			CA_DB *db, BIGNUM *serial, char *subj, int email_dn,
 			char *startdate, char *enddate, long days, int batch,
 			char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
 			unsigned long nameopt, int default_op, int ext_copy,
 			ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			 CA_DB *db, BIGNUM *serial,char *subj, int multirdn, int email_dn,
+			 CA_DB *db, BIGNUM *serial,char *subj, int email_dn,
 			 char *startdate, char *enddate, long days, char *ext_sect,
 			 CONF *conf, int verbose, unsigned long certopt, 
 			 unsigned long nameopt, int default_op, int ext_copy);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, int multirdn,
+	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,
 	int email_dn, char *startdate, char *enddate, long days, int batch,
        	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
 	unsigned long certopt, unsigned long nameopt, int default_op,
-	int ext_copy, int selfsign);
+	int ext_copy);
 static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
 static int get_certificate_status(const char *ser_status, CA_DB *db);
 static int do_updatedb(CA_DB *db);
@@ -241,6 +238,7 @@ int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
+	int create_ser = 0;
 	int free_key = 0;
 	int total=0;
 	int total_done=0;
@@ -274,7 +272,6 @@ int MAIN(int argc, char **argv)
 	char *extensions=NULL;
 	char *extfile=NULL;
 	char *subj=NULL;
-	int multirdn = 0;
 	char *tmp_email_dn=NULL;
 	char *crl_ext=NULL;
 	int rev_type = REV_NONE;
@@ -289,8 +286,7 @@ int MAIN(int argc, char **argv)
 	unsigned long nameopt = 0, certopt = 0;
 	int default_op = 1;
 	int ext_copy = EXT_COPY_NONE;
-	int selfsign = 0;
-	X509 *x509=NULL, *x509p = NULL;
+	X509 *x509=NULL;
 	X509 *x=NULL;
 	BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
 	char *dbfile=NULL;
@@ -354,8 +350,6 @@ EF_ALIGNMENT=0;
 			subj= *(++argv);
 			/* preserve=1; */
 			}
-		else if (strcmp(*argv,"-multivalue-rdn") == 0)
-			multirdn=1;
 		else if (strcmp(*argv,"-startdate") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -406,8 +400,6 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			certfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-selfsign") == 0)
-			selfsign=1;
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -642,16 +634,33 @@ bad:
 	app_RAND_load_file(randfile, bio_err, 0);
 
 	db_attr.unique_subject = 1;
-	p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
+	p = NCONF_get_string(conf, section, "unique_subject");
 	if (p)
 		{
 #ifdef RL_DEBUG
 		BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
 #endif
-		db_attr.unique_subject = parse_yesno(p,1);
+		switch(*p)
+			{
+		case 'f': /* false */
+		case 'F': /* FALSE */
+		case 'n': /* no */
+		case 'N': /* NO */
+			db_attr.unique_subject = 0;
+			break;
+		case 't': /* true */
+		case 'T': /* TRUE */
+		case 'y': /* yes */
+		case 'Y': /* YES */
+		default:
+			db_attr.unique_subject = 1;
+			break;
+			}
 		}
-#ifdef RL_DEBUG
 	else
+		ERR_clear_error();
+#ifdef RL_DEBUG
+	if (!p)
 		BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
 #endif
 #ifdef RL_DEBUG
@@ -690,7 +699,7 @@ bad:
 	}
 
 	/*****************************************************************/
-	/* we definitely need a private key, so let's get it */
+	/* we definitely need a public key, so let's get it */
 
 	if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
 		section,ENV_PRIVATE_KEY)) == NULL))
@@ -718,10 +727,7 @@ bad:
 
 	/*****************************************************************/
 	/* we need a certificate */
-	if (!selfsign || spkac_file || ss_cert_file || gencrl)
-		{
-		if ((certfile == NULL)
-			&& ((certfile=NCONF_get_string(conf,
+	if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
 		section,ENV_CERTIFICATE)) == NULL))
 		{
 		lookup_fail(section,ENV_CERTIFICATE);
@@ -737,8 +743,6 @@ bad:
 		BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
 		goto err;
 		}
-		}
-	if (!selfsign) x509p = x509;
 
 	f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
 	if (f == NULL)
@@ -1095,7 +1099,7 @@ bad:
 			goto err;
 			}
 
-		if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
+		if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
 			{
 			BIO_printf(bio_err,"error while loading serial number\n");
 			goto err;
@@ -1127,7 +1131,7 @@ bad:
 			{
 			total++;
 			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
-				serial,subj,multirdn,email_dn,startdate,enddate,days,extensions,
+				serial,subj,email_dn,startdate,enddate,days,extensions,
 				conf,verbose,certopt,nameopt,default_op,ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
@@ -1151,7 +1155,7 @@ bad:
 			{
 			total++;
 			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
-				db,serial,subj,multirdn,email_dn,startdate,enddate,days,batch,
+				db,serial,subj,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
 				default_op, ext_copy, e);
 			if (j < 0) goto err;
@@ -1170,10 +1174,10 @@ bad:
 		if (infile != NULL)
 			{
 			total++;
-			j=certify(&x,infile,pkey,x509p,dgst,attribs,db,
-				serial,subj,multirdn,email_dn,startdate,enddate,days,batch,
+			j=certify(&x,infile,pkey,x509,dgst,attribs,db,
+				serial,subj,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
-				default_op, ext_copy, selfsign);
+				default_op, ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -1190,10 +1194,10 @@ bad:
 		for (i=0; i<argc; i++)
 			{
 			total++;
-			j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,
-				serial,subj,multirdn,email_dn,startdate,enddate,days,batch,
+			j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
+				serial,subj,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
-				default_op, ext_copy, selfsign);
+				default_op, ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -1405,11 +1409,6 @@ bad:
 			if (pkey->type == EVP_PKEY_DSA) 
 				dgst=EVP_dss1();
 			else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey->type == EVP_PKEY_EC)
-				dgst=EVP_ecdsa();
-			else
 #endif
 				dgst=EVP_md5();
 			}
@@ -1499,7 +1498,7 @@ err:
 	BN_free(serial);
 	free_index(db);
 	EVP_PKEY_free(pkey);
-	if (x509) X509_free(x509);
+	X509_free(x509);
 	X509_CRL_free(crl);
 	NCONF_free(conf);
 	OBJ_cleanup();
@@ -1514,10 +1513,10 @@ static void lookup_fail(char *name, char *tag)
 
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate,
+	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
-	     int ext_copy, int selfsign)
+	     int ext_copy)
 	{
 	X509_REQ *req=NULL;
 	BIO *in=NULL;
@@ -1542,12 +1541,6 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 
 	BIO_printf(bio_err,"Check that the request matches the signature\n");
 
-	if (selfsign && !X509_REQ_check_private_key(req,pkey))
-		{
-		BIO_printf(bio_err,"Certificate request and CA private key do not match\n");
-		ok=0;
-		goto err;
-		}
 	if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
 		{
 		BIO_printf(bio_err,"error unpacking public key\n");
@@ -1570,9 +1563,9 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	else
 		BIO_printf(bio_err,"Signature ok\n");
 
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, multirdn, email_dn,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn,
 		startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
-		certopt, nameopt, default_op, ext_copy, selfsign);
+		certopt, nameopt, default_op, ext_copy);
 
 err:
 	if (req != NULL) X509_REQ_free(req);
@@ -1582,7 +1575,7 @@ err:
 
 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate,
+	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
 	     int ext_copy, ENGINE *e)
@@ -1624,9 +1617,9 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
 		goto err;
 
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate,
 		days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
-		ext_copy, 0);
+		ext_copy);
 
 err:
 	if (rreq != NULL) X509_REQ_free(rreq);
@@ -1636,11 +1629,10 @@ err:
 
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	     STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
-	     int multirdn,
 	     int email_dn, char *startdate, char *enddate, long days, int batch,
 	     int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
-	     int ext_copy, int selfsign)
+	     int ext_copy)
 	{
 	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
 	ASN1_UTCTIME *tm,*tmptm;
@@ -1669,7 +1661,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 
 	if (subj)
 		{
-		X509_NAME *n = parse_name(subj, MBSTRING_ASC, multirdn);
+		X509_NAME *n = do_subject(subj, MBSTRING_ASC);
 
 		if (!n)
 			{
@@ -1744,9 +1736,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 		}
 
 	/* take a copy of the issuer name before we mess with it. */
-	if (selfsign)
-		CAname=X509_NAME_dup(name);
-	else
 	CAname=X509_NAME_dup(x509->cert_info->subject);
 	if (CAname == NULL) goto err;
 	str=str2=NULL;
@@ -1959,16 +1948,8 @@ again2:
 
 	if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
 		goto err;
-	if (selfsign)
-		{
-		if (!X509_set_issuer_name(ret,subject))
-			goto err;
-		}
-	else
-		{
 	if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
 		goto err;
-		}
 
 	if (strcmp(startdate,"today") == 0)
 		X509_gmtime_adj(X509_get_notBefore(ret),0);
@@ -2003,9 +1984,6 @@ again2:
 		ci->extensions = NULL;
 
 		/* Initialize the context structure */
-		if (selfsign)
-			X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);
-		else
 		X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
 
 		if (extconf)
@@ -2073,7 +2051,7 @@ again2:
 
 	BIO_printf(bio_err,"Certificate is to be certified until ");
 	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
-	if (days) BIO_printf(bio_err," (%ld days)",days);
+	if (days) BIO_printf(bio_err," (%d days)",days);
 	BIO_printf(bio_err, "\n");
 
 	if (!batch)
@@ -2100,16 +2078,6 @@ again2:
 		EVP_PKEY_copy_parameters(pktmp,pkey);
 	EVP_PKEY_free(pktmp);
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	if (pkey->type == EVP_PKEY_EC)
-		dgst = EVP_ecdsa();
-	pktmp = X509_get_pubkey(ret);
-	if (EVP_PKEY_missing_parameters(pktmp) &&
-		!EVP_PKEY_missing_parameters(pkey))
-		EVP_PKEY_copy_parameters(pktmp, pkey);
-	EVP_PKEY_free(pktmp);
-#endif
-
 
 	if (!X509_sign(ret,pkey,dgst))
 		goto err;
@@ -2206,7 +2174,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate,
+	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
 	     unsigned long nameopt, int default_op, int ext_copy)
 	{
@@ -2347,9 +2315,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 
 	X509_REQ_set_pubkey(req,pktmp);
 	EVP_PKEY_free(pktmp);
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate,
 		   days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
-			ext_copy, 0);
+			ext_copy);
 err:
 	if (req != NULL) X509_REQ_free(req);
 	if (parms != NULL) CONF_free(parms);
@@ -2836,6 +2804,129 @@ int make_revoked(X509_REVOKED *rev, char *str)
 	return ret;
 	}
 
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *do_subject(char *subject, long chtype)
+	{
+	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
+	char *buf = OPENSSL_malloc(buflen);
+	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
+	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
+
+	char *sp = subject, *bp = buf;
+	int i, ne_num = 0;
+
+	X509_NAME *n = NULL;
+	int nid;
+
+	if (!buf || !ne_types || !ne_values)
+	{
+		BIO_printf(bio_err, "malloc error\n");
+		goto error;
+	}
+
+	if (*subject != '/')
+	{
+		BIO_printf(bio_err, "Subject does not start with '/'.\n");
+		goto error;
+	}
+	sp++; /* skip leading / */
+
+	while (*sp)
+		{
+		/* collect type */
+		ne_types[ne_num] = bp;
+		while (*sp)
+			{
+			if (*sp == '\\') /* is there anything to escape in the type...? */
+				{
+				if (*++sp)
+					*bp++ = *sp++;
+				else
+					{
+					BIO_printf(bio_err, "escape character at end of string\n");
+					goto error;
+					}
+				}
+			else if (*sp == '=')
+				{
+				sp++;
+				*bp++ = '\0';
+				break;
+				}
+			else
+				*bp++ = *sp++;
+			}
+		if (!*sp)
+			{
+			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
+			goto error;
+			}
+		ne_values[ne_num] = bp;
+		while (*sp)
+			{
+			if (*sp == '\\')
+				{
+				if (*++sp)
+					*bp++ = *sp++;
+				else
+					{
+					BIO_printf(bio_err, "escape character at end of string\n");
+					goto error;
+					}
+				}
+			else if (*sp == '/')
+				{
+				sp++;
+				break;
+				}
+			else
+				*bp++ = *sp++;
+			}
+		*bp++ = '\0';
+		ne_num++;
+		}
+
+	if (!(n = X509_NAME_new()))
+		goto error;
+
+	for (i = 0; i < ne_num; i++)
+		{
+		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
+			{
+			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
+			continue;
+			}
+
+		if (!*ne_values[i])
+			{
+			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
+			continue;
+			}
+
+		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0))
+			goto error;
+		}
+
+	OPENSSL_free(ne_values);
+	OPENSSL_free(ne_types);
+	OPENSSL_free(buf);
+	return n;
+
+error:
+	X509_NAME_free(n);
+	if (ne_values)
+		OPENSSL_free(ne_values);
+	if (ne_types)
+		OPENSSL_free(ne_types);
+	if (buf)
+		OPENSSL_free(buf);
+	return NULL;
+}
+
 int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
 	{
 	char buf[25],*pbuf, *p;
@@ -2880,8 +2971,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
 	char *tmp = NULL;
 	char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
 	int reason_code = -1;
-	int ret = 0;
-	unsigned int i;
+	int i, ret = 0;
 	ASN1_OBJECT *hold = NULL;
 	ASN1_GENERALIZEDTIME *comp_time = NULL;
 	tmp = BUF_strdup(str);

apps/dgst.c

@@ -66,6 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/hmac.h>
 
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -73,9 +74,11 @@
 #undef PROG
 #define PROG	dgst_main
 
+static HMAC_CTX hmac_ctx;
+
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file);
+	  const char *file,BIO *bmd,const char *hmac_key);
 
 int MAIN(int, char **);
 
@@ -103,6 +106,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
+	char *hmac_key=NULL;
 
 	apps_startup();
 
@@ -181,6 +185,12 @@ int MAIN(int argc, char **argv)
 			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
+		else if (!strcmp(*argv,"-hmac"))
+			{
+			if (--argc < 1)
+				break;
+			hmac_key=*++argv;
+			}
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			md=m;
 		else
@@ -319,8 +329,6 @@ int MAIN(int argc, char **argv)
 		}
 	}
 
-
-
 	/* we use md as a filter, reading from 'in' */
 	BIO_set_md(bmd,md);
 	inp=BIO_push(bmd,in);
@@ -329,7 +337,7 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
-			  siglen,"","(stdin)");
+			  siglen,"","(stdin)",bmd,hmac_key);
 		}
 	else
 		{
@@ -347,14 +355,15 @@ int MAIN(int argc, char **argv)
 				}
 			if(!out_bin)
 				{
-				size_t len = strlen(name)+strlen(argv[i])+5;
+				size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
 				tmp=tofree=OPENSSL_malloc(len);
-				BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
+				BIO_snprintf(tmp,len,"%s%s(%s)= ",
+							 hmac_key ? "HMAC-" : "",name,argv[i]);
 				}
 			else
 				tmp="";
 			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
-				siglen,tmp,argv[i]);
+				siglen,tmp,argv[i],bmd,hmac_key);
 			if(r)
 			    err=r;
 			if(tofree)
@@ -379,11 +388,21 @@ end:
 
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file)
+	  const char *file,BIO *bmd,const char *hmac_key)
 	{
-	int len;
+	unsigned int len;
 	int i;
+	EVP_MD_CTX *md_ctx;
 
+	if (hmac_key)
+		{
+		EVP_MD *md;
+
+		BIO_get_md(bmd,&md);
+		HMAC_Init(&hmac_ctx,hmac_key,strlen(hmac_key),md);
+		BIO_get_md_ctx(bmd,&md_ctx);
+		BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
+		}
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
@@ -426,6 +445,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			return 1;
 			}
 		}
+	else if(hmac_key)
+		{
+		HMAC_Final(&hmac_ctx,buf,&len);
+		HMAC_CTX_cleanup(&hmac_ctx);
+		}
 	else
 		len=BIO_gets(bp,(char *)buf,BUFSIZE);
 
@@ -433,7 +457,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	else 
 		{
 		BIO_write(out,title,strlen(title));
-		for (i=0; i<len; i++)
+		for (i=0; (unsigned int)i<len; i++)
 			{
 			if (sep && (i != 0))
 				BIO_printf(out, ":");
@@ -441,6 +465,10 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			}
 		BIO_printf(out, "\n");
 		}
+	if (hmac_key)
+		{
+		BIO_set_md_ctx(bmd,md_ctx);
+		}
 	return 0;
 	}
 

apps/dhparam.c

@@ -142,7 +142,7 @@
  * -C
  */
 
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
+static void MS_CALLBACK dh_cb(int p, int n, void *arg);
 
 int MAIN(int, char **);
 
@@ -294,8 +294,6 @@ bad:
 
 	if(num) {
 
-		BN_GENCB cb;
-		BN_GENCB_set(&cb, dh_cb, bio_err);
 		if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
 			{
 			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
@@ -307,13 +305,12 @@ bad:
 #ifndef OPENSSL_NO_DSA
 		if (dsaparam)
 			{
-			DSA *dsa = DSA_new();
+			DSA *dsa;
 			
 			BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-			if(!dsa || !DSA_generate_parameters_ex(dsa, num,
-						NULL, 0, NULL, NULL, &cb))
+			dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
+			if (dsa == NULL)
 				{
-				if(dsa) DSA_free(dsa);
 				ERR_print_errors(bio_err);
 				goto end;
 				}
@@ -329,12 +326,12 @@ bad:
 		else
 #endif
 			{
-			dh = DH_new();
 			BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
 			BIO_printf(bio_err,"This is going to take a long time\n");
-			if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
+			dh=DH_generate_parameters(num,g,dh_cb,bio_err);
+			
+			if (dh == NULL)
 				{
-				if(dh) DH_free(dh);
 				ERR_print_errors(bio_err);
 				goto end;
 				}
@@ -537,7 +534,7 @@ end:
 	}
 
 /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
+static void MS_CALLBACK dh_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -545,12 +542,11 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
+	BIO_write((BIO *)arg,&c,1);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
-	return 1;
 	}
 
 #endif

apps/dsaparam.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #ifndef OPENSSL_NO_DSA
 #include <assert.h>
 #include <stdio.h>
@@ -88,23 +82,9 @@
  * -C
  * -noout
  * -genkey
- *  #ifdef GENCB_TEST
- * -timebomb n  - interrupt keygen after <n> seconds
- *  #endif
  */
 
-#ifdef GENCB_TEST
-
-static int stop_keygen_flag = 0;
-
-static void timebomb_sigalarm(int foo)
-	{
-	stop_keygen_flag = 1;
-	}
-
-#endif
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
 
 int MAIN(int, char **);
 
@@ -123,9 +103,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
-#ifdef GENCB_TEST
-	int timebomb=0;
-#endif
 
 	apps_startup();
 
@@ -172,13 +149,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			engine = *(++argv);
 			}
-#endif
-#ifdef GENCB_TEST
-		else if(strcmp(*argv, "-timebomb") == 0)
-			{
-			if (--argc < 1) goto bad;
-			timebomb = atoi(*(++argv));
-			}
 #endif
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
@@ -229,9 +199,6 @@ bad:
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#endif
-#ifdef GENCB_TEST
-		BIO_printf(bio_err," -timebomb n   interrupt keygen after <n> seconds\n");
 #endif
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
@@ -290,47 +257,10 @@ bad:
 
 	if (numbits > 0)
 		{
-		BN_GENCB cb;
-		BN_GENCB_set(&cb, dsa_cb, bio_err);
 		assert(need_rand);
-		dsa = DSA_new();
-		if(!dsa)
-			{
-			BIO_printf(bio_err,"Error allocating DSA object\n");
-			goto end;
-			}
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
-#ifdef GENCB_TEST
-		if(timebomb > 0)
-	{
-		struct sigaction act;
-		act.sa_handler = timebomb_sigalarm;
-		act.sa_flags = 0;
-		BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
-				timebomb);
-		if(sigaction(SIGALRM, &act, NULL) != 0)
-			{
-			BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
-			goto end;
-			}
-		alarm(timebomb);
-	}
-#endif
-	        if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
-			{
-#ifdef GENCB_TEST
-			if(stop_keygen_flag)
-				{
-				BIO_printf(bio_err,"DSA key generation time-stopped\n");
-				/* This is an asked-for behaviour! */
-				ret = 0;
-				goto end;
-				}
-#endif
-			BIO_printf(bio_err,"Error, DSA key generation failed\n");
-			goto end;
-			}
+	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
 		}
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
@@ -455,7 +385,7 @@ end:
 	OPENSSL_EXIT(ret);
 	}
 
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -463,15 +393,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
+	BIO_write(arg,&c,1);
+	(void)BIO_flush(arg);
 #ifdef LINT
 	p=n;
 #endif
-#ifdef GENCB_TEST
-	if(stop_keygen_flag)
-		return 0;
-#endif
-	return 1;
 	}
 #endif

apps/ec.c

@@ -1,395 +0,0 @@
-/* apps/ec.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef OPENSSL_NO_EC
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	ec_main
-
-/* -inform arg    - input format - default PEM (one of DER, NET or PEM)
- * -outform arg   - output format - default PEM
- * -in arg        - input file - default stdin
- * -out arg       - output file - default stdout
- * -des           - encrypt output if PEM format with DES in cbc mode
- * -text          - print a text version
- * -param_out     - print the elliptic curve parameters
- * -conv_form arg - specifies the point encoding form
- * -param_enc arg - specifies the parameter encoding
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-	ENGINE 	*e = NULL;
-	int 	ret = 1;
-	EC_KEY 	*eckey = NULL;
-	int 	i, badops = 0;
-	const EVP_CIPHER *enc = NULL;
-	BIO 	*in = NULL, *out = NULL;
-	int 	informat, outformat, text=0, noout=0;
-	int  	pubin = 0, pubout = 0, param_out = 0;
-	char 	*infile, *outfile, *prog, *engine;
-	char 	*passargin = NULL, *passargout = NULL;
-	char 	*passin = NULL, *passout = NULL;
-	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
-	int	new_form = 0;
-	int	asn1_flag = OPENSSL_EC_NAMED_CURVE;
-	int 	new_asn1_flag = 0;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	engine = NULL;
-	infile = NULL;
-	outfile = NULL;
-	informat = FORMAT_PEM;
-	outformat = FORMAT_PEM;
-
-	prog = argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-		else if (strcmp(*argv, "-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-		else if (strcmp(*argv, "-noout") == 0)
-			noout = 1;
-		else if (strcmp(*argv, "-text") == 0)
-			text = 1;
-		else if (strcmp(*argv, "-conv_form") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_form = 1;
-			if (strcmp(*argv, "compressed") == 0)
-				form = POINT_CONVERSION_COMPRESSED;
-			else if (strcmp(*argv, "uncompressed") == 0)
-				form = POINT_CONVERSION_UNCOMPRESSED;
-			else if (strcmp(*argv, "hybrid") == 0)
-				form = POINT_CONVERSION_HYBRID;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-param_enc") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_asn1_flag = 1;
-			if (strcmp(*argv, "named_curve") == 0)
-				asn1_flag = OPENSSL_EC_NAMED_CURVE;
-			else if (strcmp(*argv, "explicit") == 0)
-				asn1_flag = 0;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-param_out") == 0)
-			param_out = 1;
-		else if (strcmp(*argv, "-pubin") == 0)
-			pubin=1;
-		else if (strcmp(*argv, "-pubout") == 0)
-			pubout=1;
-		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
-			{
-			BIO_printf(bio_err, "unknown option %s\n", *argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, " -inform arg     input format - "
-				"DER or PEM\n");
-		BIO_printf(bio_err, " -outform arg    output format - "
-				"DER or PEM\n");
-		BIO_printf(bio_err, " -in arg         input file\n");
-		BIO_printf(bio_err, " -passin arg     input file pass "
-				"phrase source\n");
-		BIO_printf(bio_err, " -out arg        output file\n");
-		BIO_printf(bio_err, " -passout arg    output file pass "
-				"phrase source\n");
-		BIO_printf(bio_err, " -engine e       use engine e, "
-				"possibly a hardware device.\n");
-		BIO_printf(bio_err, " -des            encrypt PEM output, "
-				"instead of 'des' every other \n"
-				"                 cipher "
-				"supported by OpenSSL can be used\n");
-		BIO_printf(bio_err, " -text           print the key\n");
-		BIO_printf(bio_err, " -noout          don't print key out\n");
-		BIO_printf(bio_err, " -param_out      print the elliptic "
-				"curve parameters\n");
-		BIO_printf(bio_err, " -conv_form arg  specifies the "
-				"point conversion form \n");
-		BIO_printf(bio_err, "                 possible values:"
-				" compressed\n");
-		BIO_printf(bio_err, "                                 "
-				" uncompressed (default)\n");
-		BIO_printf(bio_err, "                                  "
-				" hybrid\n");
-		BIO_printf(bio_err, " -param_enc arg  specifies the way"
-				" the ec parameters are encoded\n");
-		BIO_printf(bio_err, "                 in the asn1 der "
-				"encoding\n");
-		BIO_printf(bio_err, "                 possilbe values:"
-				" named_curve (default)\n");
-		BIO_printf(bio_err,"                                  "
-				"explicit\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-        e = setup_engine(bio_err, engine, 0);
-
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
-		{
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-		}
-
-	in = BIO_new(BIO_s_file());
-	out = BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in, stdin, BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in, infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-
-	BIO_printf(bio_err, "read EC key\n");
-	if (informat == FORMAT_ASN1) 
-		{
-		if (pubin) 
-			eckey = d2i_EC_PUBKEY_bio(in, NULL);
-		else 
-			eckey = d2i_ECPrivateKey_bio(in, NULL);
-		} 
-	else if (informat == FORMAT_PEM) 
-		{
-		if (pubin) 
-			eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, 
-				NULL);
-		else 
-			eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
-				passin);
-		} 
-	else
-		{
-		BIO_printf(bio_err, "bad input format specified for key\n");
-		goto end;
-		}
-	if (eckey == NULL)
-		{
-		BIO_printf(bio_err,"unable to load Key\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out, outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if (new_form)
-		{
-		EC_GROUP_set_point_conversion_form(eckey->group, form);
-		eckey->conv_form = form;
-		}
-
-	if (new_asn1_flag)
-		EC_GROUP_set_asn1_flag(eckey->group, asn1_flag);
-
-	if (text) 
-		if (!EC_KEY_print(out, eckey, 0))
-			{
-			perror(outfile);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-	if (noout) 
-		goto end;
-
-	BIO_printf(bio_err, "writing EC key\n");
-	if (outformat == FORMAT_ASN1) 
-		{
-		if (param_out)
-			i = i2d_ECPKParameters_bio(out, eckey->group);
-		else if (pubin || pubout) 
-			i = i2d_EC_PUBKEY_bio(out, eckey);
-		else 
-			i = i2d_ECPrivateKey_bio(out, eckey);
-		} 
-	else if (outformat == FORMAT_PEM) 
-		{
-		if (param_out)
-			i = PEM_write_bio_ECPKParameters(out, eckey->group);
-		else if (pubin || pubout)
-			i = PEM_write_bio_EC_PUBKEY(out, eckey);
-		else 
-			i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
-						NULL, 0, NULL, passout);
-		} 
-	else 
-		{
-		BIO_printf(bio_err, "bad output format specified for "
-			"outfile\n");
-		goto end;
-		}
-
-	if (!i)
-		{
-		BIO_printf(bio_err, "unable to write private key\n");
-		ERR_print_errors(bio_err);
-		}
-	else
-		ret=0;
-end:
-	if (in)
-		BIO_free(in);
-	if (out)
-		BIO_free_all(out);
-	if (eckey)
-		EC_KEY_free(eckey);
-	if (passin)
-		OPENSSL_free(passin);
-	if (passout)
-		OPENSSL_free(passout);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-}
-#endif

apps/ecparam.c

@@ -1,724 +0,0 @@
-/* apps/ecparam.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-#ifndef OPENSSL_NO_EC
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	ecparam_main
-
-/* -inform arg      - input format - default PEM (DER or PEM)
- * -outform arg     - output format - default PEM
- * -in  arg         - input file  - default stdin
- * -out arg         - output file - default stdout
- * -noout           - do not print the ec parameter
- * -text            - print the ec parameters in text form
- * -check           - validate the ec parameters
- * -C               - print a 'C' function creating the parameters
- * -name arg        - use the ec parameters with 'short name' name
- * -list_curves     - prints a list of all currently available curve 'short names'
- * -conv_form arg   - specifies the point conversion form 
- *                  - possible values: compressed
- *                                     uncompressed (default)
- *                                     hybrid
- * -param_enc arg   - specifies the way the ec parameters are encoded
- *                    in the asn1 der encoding
- *                    possible values: named_curve (default)
- *                                     explicit
- * -no_seed         - if 'explicit' parameters are choosen do not use the seed
- * -genkey          - generate ec key
- * -rand file       - files to use for random number input
- * -engine e        - use engine e, possibly a hardware device
- */
-
-
-static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	EC_GROUP *group = NULL;
-	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; 
-	int 	new_form = 0;
-	int 	asn1_flag = OPENSSL_EC_NAMED_CURVE;
-	int 	new_asn1_flag = 0;
-	char 	*curve_name = NULL, *inrand = NULL;
-	int	list_curves = 0, no_seed = 0, check = 0,
-		badops = 0, text = 0, i, need_rand = 0, genkey = 0;
-	char	*infile = NULL, *outfile = NULL, *prog;
-	BIO 	*in = NULL, *out = NULL;
-	int 	informat, outformat, noout = 0, C = 0, ret = 1;
-	ENGINE	*e = NULL;
-	char	*engine = NULL;
-
-	BIGNUM	*ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
-		*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
-	unsigned char *buffer = NULL;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-text") == 0)
-			text = 1;
-		else if (strcmp(*argv,"-C") == 0)
-			C = 1;
-		else if (strcmp(*argv,"-check") == 0)
-			check = 1;
-		else if (strcmp (*argv, "-name") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			curve_name = *(++argv);
-			}
-		else if (strcmp(*argv, "-list_curves") == 0)
-			list_curves = 1;
-		else if (strcmp(*argv, "-conv_form") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_form = 1;
-			if (strcmp(*argv, "compressed") == 0)
-				form = POINT_CONVERSION_COMPRESSED;
-			else if (strcmp(*argv, "uncompressed") == 0)
-				form = POINT_CONVERSION_UNCOMPRESSED;
-			else if (strcmp(*argv, "hybrid") == 0)
-				form = POINT_CONVERSION_HYBRID;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-param_enc") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_asn1_flag = 1;
-			if (strcmp(*argv, "named_curve") == 0)
-				asn1_flag = OPENSSL_EC_NAMED_CURVE;
-			else if (strcmp(*argv, "explicit") == 0)
-				asn1_flag = 0;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-no_seed") == 0)
-			no_seed = 1;
-		else if (strcmp(*argv, "-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-genkey") == 0)
-			{
-			genkey=1;
-			need_rand=1;
-			}
-		else if (strcmp(*argv, "-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			need_rand=1;
-			}
-		else if(strcmp(*argv, "-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine = *(++argv);
-			}	
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, " -inform arg       input format - "
-				"default PEM (DER or PEM)\n");
-		BIO_printf(bio_err, " -outform arg      output format - "
-				"default PEM\n");
-		BIO_printf(bio_err, " -in  arg          input file  - "
-				"default stdin\n");
-		BIO_printf(bio_err, " -out arg          output file - "
-				"default stdout\n");
-		BIO_printf(bio_err, " -noout            do not print the "
-				"ec parameter\n");
-		BIO_printf(bio_err, " -text             print the ec "
-				"parameters in text form\n");
-		BIO_printf(bio_err, " -check            validate the ec "
-				"parameters\n");
-		BIO_printf(bio_err, " -C                print a 'C' "
-				"function creating the parameters\n");
-		BIO_printf(bio_err, " -name arg         use the "
-				"ec parameters with 'short name' name\n");
-		BIO_printf(bio_err, " -list_curves      prints a list of "
-				"all currently available curve 'short names'\n");
-		BIO_printf(bio_err, " -conv_form arg    specifies the "
-				"point conversion form \n");
-		BIO_printf(bio_err, "                   possible values:"
-				" compressed\n");
-		BIO_printf(bio_err, "                                   "
-				" uncompressed (default)\n");
-		BIO_printf(bio_err, "                                   "
-				" hybrid\n");
-		BIO_printf(bio_err, " -param_enc arg    specifies the way"
-				" the ec parameters are encoded\n");
-		BIO_printf(bio_err, "                   in the asn1 der "
-				"encoding\n");
-		BIO_printf(bio_err, "                   possible values:"
-				" named_curve (default)\n");
-		BIO_printf(bio_err, "                                   "
-				" explicit\n");
-		BIO_printf(bio_err, " -no_seed          if 'explicit'"
-				" parameters are choosen do not"
-				" use the seed\n");
-		BIO_printf(bio_err, " -genkey           generate ec"
-				" key\n");
-		BIO_printf(bio_err, " -rand file        files to use for"
-				" random number input\n");
-		BIO_printf(bio_err, " -engine e         use engine e, "
-				"possibly a hardware device\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	e = setup_engine(bio_err, engine, 0);
-
-	if (list_curves)
-		{
-		EC_builtin_curve *curves = NULL;
-		size_t crv_len = 0;
-		size_t n = 0;
-
-		crv_len = EC_get_builtin_curves(NULL, 0);
-
-		curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
-
-		if (curves == NULL)
-			goto end;
-
-		if (!EC_get_builtin_curves(curves, crv_len))
-			{
-			OPENSSL_free(curves);
-			goto end;
-			}
-
-		
-		for (n = 0; n < crv_len; n++)
-			{
-			const char *comment;
-			const char *sname;
-			comment = curves[n].comment;
-			sname   = OBJ_nid2sn(curves[n].nid);
-			if (comment == NULL)
-				comment = "CURVE DESCRIPTION NOT AVAILABLE";
-			if (sname == NULL)
-				sname = "";
-
-			BIO_printf(out, "  %-10s: ", sname);
-			BIO_printf(out, "%s\n", comment);
-			} 
-
-		OPENSSL_free(curves);
-		ret = 0;
-		goto end;
-		}
-
-	if (curve_name != NULL)
-		{
-		int nid;
-
-		/* workaround for the SECG curve names secp192r1
-		 * and secp256r1 (which are the same as the curves
-		 * prime192v1 and prime256v1 defined in X9.62)
-		 */
-		if (!strcmp(curve_name, "secp192r1"))
-			{
-			BIO_printf(bio_err, "using curve name prime192v1 "
-				"instead of secp192r1\n");
-			nid = NID_X9_62_prime192v1;
-			}
-		else if (!strcmp(curve_name, "secp256r1"))
-			{
-			BIO_printf(bio_err, "using curve name prime256v1 "
-				"instead of secp256r1\n");
-			nid = NID_X9_62_prime256v1;
-			}
-		else
-			nid = OBJ_sn2nid(curve_name);
-	
-		if (nid == 0)
-			{
-			BIO_printf(bio_err, "unknown curve name (%s)\n", 
-				curve_name);
-			goto end;
-			}
-
-		group = EC_GROUP_new_by_nid(nid);
-		if (group == NULL)
-			{
-			BIO_printf(bio_err, "unable to create curve (%s)\n", 
-				curve_name);
-			goto end;
-			}
-		EC_GROUP_set_asn1_flag(group, asn1_flag);
-		EC_GROUP_set_point_conversion_form(group, form);
-		}
-	else if (informat == FORMAT_ASN1)
-		{
-		group = d2i_ECPKParameters_bio(in, NULL);
-		}
-	else if (informat == FORMAT_PEM)
-		{
-		group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
-		}
-	else
-		{
-		BIO_printf(bio_err, "bad input format specified\n");
-		goto end;
-		}
-
-	if (group == NULL)
-		{
-		BIO_printf(bio_err, 
-			"unable to load elliptic curve parameters\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (new_form)
-		EC_GROUP_set_point_conversion_form(group, form);
-
-	if (new_asn1_flag)
-		EC_GROUP_set_asn1_flag(group, asn1_flag);
-
-	if (no_seed)
-		{
-		EC_GROUP_set_seed(group, NULL, 0);
-		}
-
-	if (text)
-		{
-		if (!ECPKParameters_print(out, group, 0))
-			goto end;
-		}
-
-	if (check)
-		{
-		if (group == NULL)
-			BIO_printf(bio_err, "no elliptic curve parameters\n");
-		BIO_printf(bio_err, "checking elliptic curve parameters: ");
-		if (!EC_GROUP_check(group, NULL))
-			{
-			BIO_printf(bio_err, "failed\n");
-			ERR_print_errors(bio_err);
-			}
-		else
-			BIO_printf(bio_err, "ok\n");
-			
-		}
-
-	if (C)
-		{
-		size_t	buf_len = 0, tmp_len = 0;
-		const EC_POINT *point;
-		int	is_prime, len = 0;
-		const EC_METHOD *meth = EC_GROUP_method_of(group);
-
-		if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
-		    (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
-		    (ec_order = BN_new()) == NULL || 
-		    (ec_cofactor = BN_new()) == NULL )
-			{
-			perror("OPENSSL_malloc");
-			goto end;
-			}
-
-		is_prime = (EC_METHOD_get_field_type(meth) == 
-			NID_X9_62_prime_field);
-
-		if (is_prime)
-			{
-			if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
-				ec_b, NULL))
-				goto end;
-			}
-		else
-			{
-			/* TODO */
-			goto end;
-			}
-
-		if ((point = EC_GROUP_get0_generator(group)) == NULL)
-			goto end;
-		if (!EC_POINT_point2bn(group, point, 
-			EC_GROUP_get_point_conversion_form(group), ec_gen, 
-			NULL))
-			goto end;
-		if (!EC_GROUP_get_order(group, ec_order, NULL))
-			goto end;
-		if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
-			goto end;
-
-		if (!ec_p || !ec_a || !ec_b || !ec_gen || 
-			!ec_order || !ec_cofactor)
-			goto end;
-
-		len = BN_num_bits(ec_order);
-
-		if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
-			buf_len = tmp_len;
-
-		buffer = (unsigned char *)OPENSSL_malloc(buf_len);
-
-		if (buffer == NULL)
-			{
-			perror("OPENSSL_malloc");
-			goto end;
-			}
-
-		ecparam_print_var(out, ec_p, "ec_p", len, buffer);
-		ecparam_print_var(out, ec_a, "ec_a", len, buffer);
-		ecparam_print_var(out, ec_b, "ec_b", len, buffer);
-		ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
-		ecparam_print_var(out, ec_order, "ec_order", len, buffer);
-		ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, 
-			buffer);
-
-		BIO_printf(out, "\n\n");
-
-		BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
-		BIO_printf(out, "\tint ok=0;\n");
-		BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
-		BIO_printf(out, "\tEC_POINT *point = NULL;\n");
-		BIO_printf(out, "\tBIGNUM   *tmp_1 = NULL, *tmp_2 = NULL, "
-				"*tmp_3 = NULL;\n\n");
-		BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
-				"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
-				"goto err;\n", len, len);
-		BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
-				"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
-				"goto err;\n", len, len);
-		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
-				"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
-				"goto err;\n", len, len);
-		if (is_prime)
-			{
-			BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
-				"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
-				"\n\t\tgoto err;\n\n");
-			}
-		else
-			{
-			/* TODO */
-			goto end;
-			}
-		BIO_printf(out, "\t/* build generator */\n");
-		BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
-				"sizeof(ec_gen_%d), tmp_1)) == NULL)"
-				"\n\t\tgoto err;\n", len, len);
-		BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
-				"NULL, NULL);\n");
-		BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
-		BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
-				"sizeof(ec_order_%d), tmp_2)) == NULL)"
-				"\n\t\tgoto err;\n", len, len);
-		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
-				"sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
-				"\n\t\tgoto err;\n", len, len);
-		BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
-				" tmp_2, tmp_3))\n\t\tgoto err;\n");
-		BIO_printf(out, "\n\tok=1;\n");
-		BIO_printf(out, "err:\n");
-		BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
-		BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
-		BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
-		BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
-		BIO_printf(out, "\tif (!ok)\n");
-		BIO_printf(out, "\t\t{\n");
-		BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
-		BIO_printf(out, "\t\tgroup = NULL;\n");
-		BIO_printf(out, "\t\t}\n");
-		BIO_printf(out, "\treturn(group);\n\t}\n");
-	}
-
-	if (!noout)
-		{
-		if (outformat == FORMAT_ASN1)
-			i = i2d_ECPKParameters_bio(out, group);
-		else if (outformat == FORMAT_PEM)
-			i = PEM_write_bio_ECPKParameters(out, group);
-		else	
-			{
-			BIO_printf(bio_err,"bad output format specified for"
-				" outfile\n");
-			goto end;
-			}
-		if (!i)
-			{
-			BIO_printf(bio_err, "unable to write elliptic "
-				"curve parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-	
-	if (need_rand)
-		{
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-		}
-
-	if (genkey)
-		{
-		EC_KEY *eckey = EC_KEY_new();
-
-		if (eckey == NULL)
-			goto end;
-
-		assert(need_rand);
-
-		eckey->group = group;
-		
-		if (!EC_KEY_generate_key(eckey))
-			{
-			eckey->group = NULL;
-			EC_KEY_free(eckey);
-			goto end;
-			}
-		if (outformat == FORMAT_ASN1)
-			i = i2d_ECPrivateKey_bio(out, eckey);
-		else if (outformat == FORMAT_PEM)
-			i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
-				NULL, 0, NULL, NULL);
-		else	
-			{
-			BIO_printf(bio_err, "bad output format specified "
-				"for outfile\n");
-			eckey->group = NULL;
-			EC_KEY_free(eckey);
-			goto end;
-			}
-		eckey->group = NULL;
-		EC_KEY_free(eckey);
-		}
-
-	if (need_rand)
-		app_RAND_write_file(NULL, bio_err);
-
-	ret=0;
-end:
-	if (ec_p)
-		BN_free(ec_p);
-	if (ec_a)
-		BN_free(ec_a);
-	if (ec_b)
-		BN_free(ec_b);
-	if (ec_gen)
-		BN_free(ec_gen);
-	if (ec_order)
-		BN_free(ec_order);
-	if (ec_cofactor)
-		BN_free(ec_cofactor);
-	if (buffer)
-		OPENSSL_free(buffer);
-	if (in != NULL)
-		BIO_free(in);
-	if (out != NULL)
-		BIO_free_all(out);
-	if (group != NULL)
-		EC_GROUP_free(group);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-}
-
-static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
-	int len, unsigned char *buffer)
-	{
-	BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
-	if (BN_is_zero(in))
-		BIO_printf(out, "\n\t0x00");
-	else 
-		{
-		int i, l;
-
-		l = BN_bn2bin(in, buffer);
-		for (i=0; i<l-1; i++)
-			{
-			if ((i%12) == 0) 
-				BIO_printf(out, "\n\t");
-			BIO_printf(out, "0x%02X,", buffer[i]);
-			}
-		if ((i%12) == 0) 
-			BIO_printf(out, "\n\t");
-		BIO_printf(out, "0x%02X", buffer[i]);
-		}
-	BIO_printf(out, "\n\t};\n\n");
-	return 1;
-	}
-#endif

apps/enc.c

@@ -534,7 +534,7 @@ bad:
 			if (!nosalt)
 				{
 				printf("salt=");
-				for (i=0; i<(int)sizeof(salt); i++)
+				for (i=0; i<sizeof salt; i++)
 					printf("%02X",salt[i]);
 				printf("\n");
 				}

apps/engine.c

@@ -79,8 +79,7 @@ static char *engine_usage[]={
 "               -vvv will also add the input flags for each command\n",
 "               -vvvv will also show internal input flags\n",
 " -c          - for each engine, also list the capabilities\n",
-" -t[t]       - for each engine, check that they are really available\n",
-"               -tt will display error trace for unavailable engines\n",
+" -t          - for each engine, check that they are really available\n",
 " -pre <cmd>  - runs command 'cmd' against the ENGINE before any attempts\n",
 "               to load it (if -t is used)\n",
 " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
@@ -345,7 +344,7 @@ int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
 	char **pp;
-	int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
+	int verbose=0, list_cap=0, test_avail=0;
 	ENGINE *e;
 	STACK *engines = sk_new_null();
 	STACK *pre_cmds = sk_new_null();
@@ -383,14 +382,8 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-c") == 0)
 			list_cap=1;
-		else if (strncmp(*argv,"-t",2) == 0)
-			{
+		else if (strcmp(*argv,"-t") == 0)
 			test_avail=1;
-			if(strspn(*argv + 1, "t") < strlen(*argv + 1))
-				goto skip_arg_loop;
-			if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
-				goto skip_arg_loop;
-			}
 		else if (strcmp(*argv,"-pre") == 0)
 			{
 			argc--; argv++;
@@ -505,7 +498,6 @@ skip_digests:
 				else
 					{
 					BIO_printf(bio_out, "[ unavailable ]\n");
-					if(test_avail_noise)
 					ERR_print_errors_fp(stdout);
 					ERR_clear_error();
 					}
@@ -520,7 +512,6 @@ skip_digests:
 
 	ret=0;
 end:
-
 	ERR_print_errors(bio_err);
 	sk_pop_free(engines, identity);
 	sk_pop_free(pre_cmds, identity);

apps/gendh.c

@@ -57,12 +57,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <string.h>
@@ -81,13 +75,12 @@
 #undef PROG
 #define PROG gendh_main
 
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
+static void MS_CALLBACK dh_cb(int p, int n, void *arg);
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	BN_GENCB cb;
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
@@ -103,7 +96,6 @@ int MAIN(int argc, char **argv)
 
 	apps_startup();
 
-	BN_GENCB_set(&cb, dh_cb, bio_err);
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@@ -201,9 +193,9 @@ bad:
 
 	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
+	dh=DH_generate_parameters(num,g,dh_cb,bio_err);
 		
-	if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
-		goto end;
+	if (dh == NULL) goto end;
 
 	app_RAND_write_file(NULL, bio_err);
 
@@ -219,7 +211,7 @@ end:
 	OPENSSL_EXIT(ret);
 	}
 
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
+static void MS_CALLBACK dh_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -227,11 +219,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
+	BIO_write((BIO *)arg,&c,1);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
-	return 1;
 	}
 #endif

apps/genrsa.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <string.h>
@@ -81,13 +75,12 @@
 #undef PROG
 #define PROG genrsa_main
 
-static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);
+static void MS_CALLBACK genrsa_cb(int p, int n, void *arg);
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	BN_GENCB cb;
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
@@ -106,7 +99,6 @@ int MAIN(int argc, char **argv)
 	BIO *out=NULL;
 
 	apps_startup();
-	BN_GENCB_set(&cb, genrsa_cb, bio_err);
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
@@ -241,9 +233,7 @@ bad:
 
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-
-	if(((rsa = RSA_new()) == NULL) || !RSA_generate_key_ex(rsa, num, f4, &cb))
-		goto err;
+	rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
 		
 	app_RAND_write_file(NULL, bio_err);
 
@@ -281,7 +271,7 @@ err:
 	OPENSSL_EXIT(ret);
 	}
 
-static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
+static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -289,12 +279,11 @@ static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
+	BIO_write((BIO *)arg,&c,1);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
-	return 1;
 	}
 #else /* !OPENSSL_NO_RSA */
 

apps/makeapps.com

@@ -139,13 +139,13 @@ $! Define The Application Files.
 $!
 $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "CA;PKCS7;CRL2P7;CRL;"+-
-	      "RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+-
+	      "RSA;RSAUTL;DSA;DSAPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
 	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
-	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,EC.OBJ,ECPARAM.OBJ,-
+	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
 	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ
@@ -679,7 +679,7 @@ $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
            "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -711,7 +711,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -743,7 +743,7 @@ $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
 $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!

apps/ocsp.c

@@ -784,7 +784,7 @@ int MAIN(int argc, char **argv)
 
 	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
 		{
-		BIO_printf(out, "Responder Error: %s (%d)\n",
+		BIO_printf(out, "Responder Error: %s (%ld)\n",
 				OCSP_response_status_str(i), i);
 		if (ignore_err)
 			goto redo_accept;
@@ -850,7 +850,7 @@ int MAIN(int argc, char **argv)
 
 		if(i <= 0)
 			{
-			BIO_printf(bio_err, "Response Verify Failure\n");
+			BIO_printf(bio_err, "Response Verify Failure\n", i);
 			ERR_print_errors(bio_err);
 			}
 		else

apps/openssl.c

@@ -129,6 +129,7 @@
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
+#include <openssl/fips.h>
 
 /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
  * base prototypes (we cast each variable inside the function to the required
@@ -231,6 +232,24 @@ int main(int Argc, char *Argv[])
 	arg.data=NULL;
 	arg.count=0;
 
+#ifdef OPENSSL_FIPS
+	if(getenv("OPENSSL_FIPS")) {
+#if defined(_WIN32)
+		char filename[MAX_PATH] = "";
+		GetModuleFileName( NULL, filename, MAX_PATH) ;
+		p = filename;
+#else
+		p = Argv[0];
+#endif
+		if (!FIPS_mode_set(1,p)) {
+		ERR_load_crypto_strings();
+		ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+		exit(1);
+			}
+		if (getenv("OPENSSL_FIPS_MD5"))
+			FIPS_allow_md5(1);
+		}
+#endif
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

apps/openssl.cnf

@@ -44,7 +44,7 @@ new_certs_dir	= $dir/newcerts		# default place for new certs.
 
 certificate	= $dir/cacert.pem 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
-crlnumber	= $dir/crlnumber	# the current crl number
+#crlnumber	= $dir/crlnumber	# the current crl number
 					# must be commented out to leave a V1 CRL
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key

apps/passwd.c

@@ -312,8 +312,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
 	unsigned char buf[MD5_DIGEST_LENGTH];
 	char *salt_out;
-	int n;
-	unsigned int i;
+	int n, i;
 	EVP_MD_CTX md,md2;
 	size_t passwd_len, salt_len;
 

apps/pkcs12.c

@@ -2,10 +2,10 @@
 #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
 
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
+ * project 1999.
  */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -166,14 +166,10 @@ int MAIN(int argc, char **argv)
 					 maciter = PKCS12_DEFAULT_ITER;
 		else if (!strcmp (*args, "-nomaciter"))
 					 maciter = 1;
-		else if (!strcmp (*args, "-nomac"))
-					 maciter = -1;
 		else if (!strcmp (*args, "-nodes")) enc=NULL;
 		else if (!strcmp (*args, "-certpbe")) {
 			if (args[1]) {
 				args++;
-				if (!strcmp(*args, "NONE"))
-					cert_pbe = -1;
 				cert_pbe=OBJ_txt2nid(*args);
 				if(cert_pbe == NID_undef) {
 					BIO_printf(bio_err,
@@ -184,9 +180,6 @@ int MAIN(int argc, char **argv)
 		} else if (!strcmp (*args, "-keypbe")) {
 			if (args[1]) {
 				args++;
-				if (!strcmp(*args, "NONE"))
-					key_pbe = -1;
-				else
 				key_pbe=OBJ_txt2nid(*args);
 				if(key_pbe == NID_undef) {
 					BIO_printf(bio_err,
@@ -372,6 +365,24 @@ int MAIN(int argc, char **argv)
 	    goto end;
    }
 
+#if 0
+   if (certfile) {
+    	if(!(certsin = BIO_new_file(certfile, "r"))) {
+	    BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);
+	    perror (certfile);
+	    goto end;
+	}
+    }
+
+    if (keyname) {
+    	if(!(inkey = BIO_new_file(keyname, "r"))) {
+	    BIO_printf(bio_err, "Can't key certificate file %s\n", keyname);
+	    perror (keyname);
+	    goto end;
+	}
+     }
+#endif
+
 #ifdef CRYPTO_MDEBUG
     CRYPTO_pop_info();
     CRYPTO_push_info("write files");
@@ -408,29 +419,25 @@ int MAIN(int argc, char **argv)
 
     if (export_cert) {
 	EVP_PKEY *key = NULL;
-	X509 *ucert = NULL, *x = NULL;
+	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+	STACK_OF(PKCS7) *safes = NULL;
+	PKCS12_SAFEBAG *bag = NULL;
+	PKCS8_PRIV_KEY_INFO *p8 = NULL;
+	PKCS7 *authsafe = NULL;
+	X509 *ucert = NULL;
 	STACK_OF(X509) *certs=NULL;
-	unsigned char *catmp = NULL;
+	char *catmp = NULL;
 	int i;
-
-	if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
-		{	
-		BIO_printf(bio_err, "Nothing to do!\n");
-		goto export_end;
-		}
-
-	if (options & NOCERTS)
-		chain = 0;
+	unsigned char keyid[EVP_MAX_MD_SIZE];
+	unsigned int keyidlen = 0;
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_push_info("process -export_cert");
 	CRYPTO_push_info("reading private key");
 #endif
-	if (!(options & NOKEYS))
-		{
-		key = load_key(bio_err, keyname ? keyname : infile,
-				FORMAT_PEM, 1, passin, e, "private key");
-		if (!key)
+	key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1,
+		passin, e, "private key");
+	if (!key) {
 		goto export_end;
 	}
 
@@ -440,37 +447,9 @@ int MAIN(int argc, char **argv)
 #endif
 
 	/* Load in all certs in input file */
-	if(!(options & NOCERTS))
-		{
-		certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
-							"certificates");
-		if (!certs)
+	if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+		"certificates"))) {
 		goto export_end;
-
-		if (key)
-			{
-			/* Look for matching private key */
-			for(i = 0; i < sk_X509_num(certs); i++)
-				{
-				x = sk_X509_value(certs, i);
-				if(X509_check_private_key(x, key))
-					{
-					ucert = x;
-					/* Zero keyid and alias */
-					X509_keyid_set1(ucert, NULL, 0);
-					X509_alias_set1(ucert, NULL, 0);
-					/* Remove from list */
-					sk_X509_delete(certs, i);
-					break;
-					}
-				}
-			if (!ucert)
-				{
-				BIO_printf(bio_err, "No certificate matches private key\n");
-				goto export_end;
-				}
-			}
-
 	}
 
 #ifdef CRYPTO_MDEBUG
@@ -478,17 +457,17 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("reading certs from input 2");
 #endif
 
-	/* Add any more certificates asked for */
-	if(certfile)
-		{
-		STACK_OF(X509) *morecerts=NULL;
-		if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
-					    NULL, e,
-					    "certificates from certfile")))
+	for(i = 0; i < sk_X509_num(certs); i++) {
+		ucert = sk_X509_value(certs, i);
+		if(X509_check_private_key(ucert, key)) {
+			X509_digest(ucert, EVP_sha1(), keyid, &keyidlen);
+			break;
+		}
+	}
+	if(!keyidlen) {
+		ucert = NULL;
+		BIO_printf(bio_err, "No certificate matches private key\n");
 		goto export_end;
-		while(sk_X509_num(morecerts) > 0)
-			sk_X509_push(certs, sk_X509_shift(morecerts));
-		sk_X509_free(morecerts);
 	}
 	
 #ifdef CRYPTO_MDEBUG
@@ -496,6 +475,22 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("reading certs from certfile");
 #endif
 
+	bags = sk_PKCS12_SAFEBAG_new_null ();
+
+	/* Add any more certificates asked for */
+	if (certfile) {
+		STACK_OF(X509) *morecerts=NULL;
+		if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+					    NULL, e,
+					    "certificates from certfile"))) {
+			goto export_end;
+		}
+		while(sk_X509_num(morecerts) > 0) {
+			sk_X509_push(certs, sk_X509_shift(morecerts));
+		}
+		sk_X509_free(morecerts);
+ 	}
+
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("building chain");
@@ -531,51 +526,100 @@ int MAIN(int argc, char **argv)
 		}			
     	}
 
-	/* Add any CA names */
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("building bags");
+#endif
 
-	for (i = 0; i < sk_num(canames); i++)
-		{
-		catmp = (unsigned char *)sk_value(canames, i);
-		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
+	/* We now have loads of certificates: include them all */
+	for(i = 0; i < sk_X509_num(certs); i++) {
+		X509 *cert = NULL;
+		cert = sk_X509_value(certs, i);
+		bag = PKCS12_x5092certbag(cert);
+		/* If it matches private key set id */
+		if(cert == ucert) {
+			if(name) PKCS12_add_friendlyname(bag, name, -1);
+			PKCS12_add_localkeyid(bag, keyid, keyidlen);
+		} else if((catmp = sk_shift(canames))) 
+				PKCS12_add_friendlyname(bag, catmp, -1);
+		sk_PKCS12_SAFEBAG_push(bags, bag);
 	}
-		
+	sk_X509_pop_free(certs, X509_free);
+	certs = NULL;
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
-	CRYPTO_push_info("reading password");
+	CRYPTO_push_info("encrypting bags");
 #endif
 
 	if(!noprompt &&
-		EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
-		{
+		EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
 	    BIO_printf (bio_err, "Can't read Password\n");
 	    goto export_end;
         }
 	if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+	/* Turn certbags into encrypted authsafe */
+	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
+								 iter, bags);
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	bags = NULL;
 
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("creating PKCS#12 structure");
-#endif
-
-	p12 = PKCS12_create(cpass, name, key, ucert, certs,
-				key_pbe, cert_pbe, iter, -1, keytype);
-
-	if (!p12)
-		{
+	if (!authsafe) {
 		ERR_print_errors (bio_err);
 		goto export_end;
 	}
 
-	if (maciter != -1)
-		PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
+	safes = sk_PKCS7_new_null ();
+	sk_PKCS7_push (safes, authsafe);
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("building shrouded key bag");
+#endif
+
+	/* Make a shrouded key bag */
+	p8 = EVP_PKEY2PKCS8 (key);
+	if(keytype) PKCS8_add_keyusage(p8, keytype);
+	bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
+	PKCS8_PRIV_KEY_INFO_free(p8);
+	p8 = NULL;
+        if (name) PKCS12_add_friendlyname (bag, name, -1);
+	if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1);
+	PKCS12_add_localkeyid (bag, keyid, keyidlen);
+	bags = sk_PKCS12_SAFEBAG_new_null();
+	sk_PKCS12_SAFEBAG_push (bags, bag);
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("encrypting shrouded key bag");
+#endif
+
+	/* Turn it into unencrypted safe bag */
+	authsafe = PKCS12_pack_p7data (bags);
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	bags = NULL;
+	sk_PKCS7_push (safes, authsafe);
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("building pkcs12");
+#endif
+
+	p12 = PKCS12_init(NID_pkcs7_data);
+
+	PKCS12_pack_authsafes(p12, safes);
+
+	sk_PKCS7_pop_free(safes, PKCS7_free);
+	safes = NULL;
+
+	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("writing pkcs12");
 #endif
 
-	i2d_PKCS12_bio(out, p12);
+	i2d_PKCS12_bio (out, p12);
 
 	ret = 0;
 
@@ -588,7 +632,8 @@ int MAIN(int argc, char **argv)
 
 	if (key) EVP_PKEY_free(key);
 	if (certs) sk_X509_pop_free(certs, X509_free);
-	if (ucert) X509_free(ucert);
+	if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
+	if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@@ -811,12 +856,11 @@ err:
 int alg_print (BIO *x, X509_ALGOR *alg)
 {
 	PBEPARAM *pbe;
-	const unsigned char *p;
+	unsigned char *p;
 	p = alg->parameter->value.sequence->data;
 	pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
-	BIO_printf (bio_err, "%s, Iteration %ld\n", 
-		OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
-		ASN1_INTEGER_get(pbe->iter));
+	BIO_printf (bio_err, "%s, Iteration %d\n", 
+	OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter));
 	PBEPARAM_free (pbe);
 	return 0;
 }

apps/pkcs8.c

@@ -232,14 +232,11 @@ int MAIN(int argc, char **argv)
 		pkey = load_key(bio_err, infile, informat, 1,
 			passin, e, "key");
 		if (!pkey) {
-			BIO_free_all(out);
 			return (1);
 		}
 		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
 			BIO_printf(bio_err, "Error converting key\n");
 			ERR_print_errors(bio_err);
-			EVP_PKEY_free(pkey);
-			BIO_free_all(out);
 			return (1);
 		}
 		if(nocrypt) {
@@ -249,9 +246,6 @@ int MAIN(int argc, char **argv)
 				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
 			else {
 				BIO_printf(bio_err, "Bad format specified for key\n");
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				EVP_PKEY_free(pkey);
-				BIO_free_all(out);
 				return (1);
 			}
 		} else {
@@ -259,22 +253,14 @@ int MAIN(int argc, char **argv)
 			else {
 				p8pass = pass;
 				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
-				{
-					PKCS8_PRIV_KEY_INFO_free(p8inf);
-					EVP_PKEY_free(pkey);
-					BIO_free_all(out);
 					return (1);
 			}
-			}
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
 					p8pass, strlen(p8pass),
 					NULL, 0, iter, p8inf))) {
 				BIO_printf(bio_err, "Error encrypting key\n");
 				ERR_print_errors(bio_err);
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				EVP_PKEY_free(pkey);
-				BIO_free_all(out);
 				return (1);
 			}
 			app_RAND_write_file(NULL, bio_err);
@@ -284,9 +270,6 @@ int MAIN(int argc, char **argv)
 				i2d_PKCS8_bio(out, p8);
 			else {
 				BIO_printf(bio_err, "Bad format specified for key\n");
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				EVP_PKEY_free(pkey);
-				BIO_free_all(out);
 				return (1);
 			}
 			X509_SIG_free(p8);

apps/progs.h

@@ -17,8 +17,6 @@ extern int rsa_main(int argc,char *argv[]);
 extern int rsautl_main(int argc,char *argv[]);
 extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
-extern int ec_main(int argc,char *argv[]);
-extern int ecparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
 extern int genrsa_main(int argc,char *argv[]);
 extern int gendsa_main(int argc,char *argv[]);
@@ -82,12 +80,6 @@ FUNCTION functions[] = {
 #endif
 #ifndef OPENSSL_NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
-#endif
-#ifndef OPENSSL_NO_EC
-	{FUNC_TYPE_GENERAL,"ec",ec_main},
-#endif
-#ifndef OPENSSL_NO_EC
-	{FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
 #ifndef OPENSSL_NO_RSA

apps/progs.pl

@@ -33,8 +33,6 @@ foreach (@ARGV)
 		{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
 		{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))
-		{ print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}
 	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
 		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^pkcs12$/))

apps/rand.c

@@ -205,7 +205,7 @@ int MAIN(int argc, char **argv)
 		int chunk;
 
 		chunk = num;
-		if (chunk > (int)sizeof(buf))
+		if (chunk > sizeof buf)
 			chunk = sizeof buf;
 		r = RAND_bytes(buf, chunk);
 		if (r <= 0)

apps/req.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
@@ -119,10 +113,9 @@
  *		  require.  This format is wrong
  */
 
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn,
-		int attribs,unsigned long chtype);
-static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
-		int multirdn);
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs,
+		unsigned long chtype);
+static int build_subject(X509_REQ *req, char *subj, unsigned long chtype);
 static int prompt_info(X509_REQ *req,
 		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
 		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
@@ -134,9 +127,9 @@ static int add_attribute_object(X509_REQ *req, char *text,
 				char *def, char *value, int nid, int n_min,
 				int n_max, unsigned long chtype);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
-	int nid,int n_min,int n_max, unsigned long chtype, int mval);
+	int nid,int n_min,int n_max, unsigned long chtype);
 #ifndef OPENSSL_NO_RSA
-static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
+static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
 static int req_check_len(int len,int n_min,int n_max);
 static int check_end(char *str, char *end);
@@ -149,7 +142,6 @@ static int batch=0;
 #define TYPE_RSA	1
 #define TYPE_DSA	2
 #define TYPE_DH		3
-#define TYPE_EC		4
 
 int MAIN(int, char **);
 
@@ -158,9 +150,6 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 #ifndef OPENSSL_NO_DSA
 	DSA *dsa_params=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	EC_KEY *ec_params = NULL;
 #endif
 	unsigned long nmflag = 0, reqflag = 0;
 	int ex=1,x509=0,days=30;
@@ -186,7 +175,6 @@ int MAIN(int argc, char **argv)
 	char *passin = NULL, *passout = NULL;
 	char *p;
 	char *subj = NULL;
-	int multirdn = 0;
 	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 	unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
@@ -334,56 +322,8 @@ int MAIN(int argc, char **argv)
 						}
 					}
 				BIO_free(in);
-				in=NULL;
 				newkey=BN_num_bits(dsa_params->p);
-				}
-			else 
-#endif
-#ifndef OPENSSL_NO_ECDSA
-				if (strncmp("ec:",p,3) == 0)
-				{
-				X509 *xtmp=NULL;
-				EVP_PKEY *dtmp;
-
-				pkey_type=TYPE_EC;
-				p+=3;
-				if ((in=BIO_new_file(p,"r")) == NULL)
-					{
-					perror(p);
-					goto end;
-					}
-				if ((ec_params = EC_KEY_new()) == NULL)
-					goto end;
-				if ((ec_params->group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL)) == NULL)
-					{
-					if (ec_params)
-						EC_KEY_free(ec_params);
-					ERR_clear_error();
-					(void)BIO_reset(in);
-					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
-						{	
-						BIO_printf(bio_err,"unable to load EC parameters from file\n");
-						goto end;
-						}
-
-					if ((dtmp=X509_get_pubkey(xtmp))==NULL)
-						goto end;
-					if (dtmp->type == EVP_PKEY_EC)
-						ec_params = ECParameters_dup(dtmp->pkey.eckey);
-					EVP_PKEY_free(dtmp);
-					X509_free(xtmp);
-					if (ec_params == NULL)
-						{
-						BIO_printf(bio_err,"Certificate does not contain EC parameters\n");
-						goto end;
-						}
-					}
-
-				BIO_free(in);
 				in=NULL;
-				
-				newkey = EC_GROUP_get_degree(ec_params->group);
-
 				}
 			else 
 #endif
@@ -395,9 +335,7 @@ int MAIN(int argc, char **argv)
 				}
 			else
 #endif
-				{
-				goto bad;
-				}
+				pkey_type=TYPE_RSA;
 
 			newreq=1;
 			}
@@ -442,8 +380,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			subj= *(++argv);
 			}
-		else if (strcmp(*argv,"-multivalue-rdn") == 0)
-			multirdn=1;
 		else if (strcmp(*argv,"-days") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -509,13 +445,9 @@ bad:
 		BIO_printf(bio_err,"                the random number generator\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-#ifndef OPENSSL_NO_ECDSA
-		BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
-#endif
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
 		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
-		BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
 		BIO_printf(bio_err," -new           new request.\n");
 		BIO_printf(bio_err," -batch         do not ask anything during request generation\n");
 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
@@ -705,8 +637,7 @@ bad:
 			   message */
 			goto end;
 			}
-		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || 
-			EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
+		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
 			{
 			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 			if (randfile == NULL)
@@ -717,7 +648,6 @@ bad:
 
 	if (newreq && (pkey == NULL))
 		{
-		BN_GENCB cb;
 		char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 		if (randfile == NULL)
 			ERR_clear_error();
@@ -731,30 +661,25 @@ bad:
 				newkey=DEFAULT_KEY_LENGTH;
 			}
 
-		if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
+		if (newkey < MIN_KEY_LENGTH)
 			{
 			BIO_printf(bio_err,"private key length is too short,\n");
-			BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
+			BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey);
 			goto end;
 			}
-		BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
-			newkey,(pkey_type == TYPE_RSA)?"RSA":
-			(pkey_type == TYPE_DSA)?"DSA":"EC");
+		BIO_printf(bio_err,"Generating a %d bit %s private key\n",
+			newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA");
 
 		if ((pkey=EVP_PKEY_new()) == NULL) goto end;
 
 #ifndef OPENSSL_NO_RSA
-		BN_GENCB_set(&cb, req_cb, bio_err);
 		if (pkey_type == TYPE_RSA)
 			{
-			RSA *rsa = RSA_new();
-			if(!rsa || !RSA_generate_key_ex(rsa, newkey, 0x10001, &cb) ||
-					!EVP_PKEY_assign_RSA(pkey, rsa))
-				{
-				if(rsa) RSA_free(rsa);
+			if (!EVP_PKEY_assign_RSA(pkey,
+				RSA_generate_key(newkey,0x10001,
+					req_cb,bio_err)))
 				goto end;
 			}
-			}
 		else
 #endif
 #ifndef OPENSSL_NO_DSA
@@ -765,15 +690,6 @@ bad:
 			dsa_params=NULL;
 			}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey_type == TYPE_EC)
-			{
-			if (!EC_KEY_generate_key(ec_params)) goto end;
-			if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params)) 
-				goto end;
-			ec_params = NULL;
-			}
-#endif
 
 		app_RAND_write_file(randfile, bio_err);
 
@@ -879,10 +795,6 @@ loop:
 #ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_EC)
-			digest=EVP_ecdsa();
 #endif
 		if (req == NULL)
 			{
@@ -892,7 +804,7 @@ loop:
 				goto end;
 				}
 
-			i=make_REQ(req,pkey,subj,multirdn,!x509, chtype);
+			i=make_REQ(req,pkey,subj,!x509, chtype);
 			subj=NULL; /* done processing '-subj' option */
 			if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
 				{
@@ -919,7 +831,9 @@ loop:
 				}
 			else
 				{
-				if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
+				if (!rand_serial(NULL,
+					X509_get_serialNumber(x509ss)))
+						goto end;
 				}
 
 			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
@@ -985,7 +899,7 @@ loop:
 			print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
 			}
 
-		if (build_subject(req, subj, chtype, multirdn) == 0)
+		if (build_subject(req, subj, chtype) == 0)
 			{
 			BIO_printf(bio_err, "ERROR: cannot modify subject\n");
 			ex=1;
@@ -1168,16 +1082,13 @@ end:
 	OBJ_cleanup();
 #ifndef OPENSSL_NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	if (ec_params != NULL) EC_KEY_free(ec_params);
 #endif
 	apps_shutdown();
 	OPENSSL_EXIT(ex);
 	}
 
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
-			int attribs, unsigned long chtype)
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs,
+			unsigned long chtype)
 	{
 	int ret=0,i;
 	char no_prompt = 0;
@@ -1227,7 +1138,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
 	else 
 		{
 		if (subj)
-			i = build_subject(req, subj, chtype, multirdn);
+			i = build_subject(req, subj, chtype);
 		else
 			i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
 		}
@@ -1244,11 +1155,11 @@ err:
  * subject is expected to be in the format /type0=value0/type1=value1/type2=...
  * where characters may be escaped by \
  */
-static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn)
+static int build_subject(X509_REQ *req, char *subject, unsigned long chtype)
 	{
 	X509_NAME *n;
 
-	if (!(n = parse_name(subject, chtype, multirdn)))
+	if (!(n = do_subject(subject, chtype)))
 		return 0;
 
 	if (!X509_REQ_set_subject_name(req, n))
@@ -1269,7 +1180,7 @@ static int prompt_info(X509_REQ *req,
 	int i;
 	char *p,*q;
 	char buf[100];
-	int nid, mval;
+	int nid;
 	long n_min,n_max;
 	char *type,*def,*value;
 	CONF_VALUE *v;
@@ -1312,17 +1223,10 @@ start:		for (;;)
 					if(*p) type = p;
 					break;
 				}
-			if (*type == '+')
-				{
-				mval = -1;
-				type++;
-				}
-			else
-				mval = 0;
 			/* If OBJ not recognised ignore it */
 			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
 			if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
-				>= (int)sizeof(buf))
+				>= sizeof buf)
 			   {
 			   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
 			   return 0;
@@ -1356,7 +1260,7 @@ start:		for (;;)
 				}
 
 			if (!add_DN_object(subj,v->value,def,value,nid,
-				n_min,n_max, chtype, mval))
+				n_min,n_max, chtype))
 				return 0;
 			}
 		if (X509_NAME_entry_count(subj) == 0)
@@ -1387,7 +1291,7 @@ start2:			for (;;)
 					goto start2;
 
 				if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
-					>= (int)sizeof(buf))
+					>= sizeof buf)
 				   {
 				   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
 				   return 0;
@@ -1446,7 +1350,6 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 
 	for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
 		{
-		int mval;
 		v=sk_CONF_VALUE_value(dn_sk,i);
 		p=q=NULL;
 		type=v->name;
@@ -1463,19 +1366,8 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 				if(*p) type = p;
 				break;
 			}
-#ifndef CHARSET_EBCDIC
-		if (*p == '+')
-#else
-		if (*p == os_toascii['+'])
-#endif
-			{
-			p++;
-			mval = -1;
-			}
-		else
-			mval = 0;
 		if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
-				(unsigned char *) v->value,-1,-1,mval)) return 0;
+				(unsigned char *) v->value,-1,-1,0)) return 0;
 
 		}
 
@@ -1498,7 +1390,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 
 
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
-	     int nid, int n_min, int n_max, unsigned long chtype, int mval)
+	     int nid, int n_min, int n_max, unsigned long chtype)
 	{
 	int i,ret=0;
 	MS_STATIC char buf[1024];
@@ -1547,7 +1439,7 @@ start:
 #endif
 	if(!req_check_len(i, n_min, n_max)) goto start;
 	if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
-				(unsigned char *) buf, -1,-1,mval)) goto err;
+				(unsigned char *) buf, -1,-1,0)) goto err;
 	ret=1;
 err:
 	return(ret);
@@ -1618,7 +1510,7 @@ err:
 	}
 
 #ifndef OPENSSL_NO_RSA
-static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)
+static void MS_CALLBACK req_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -1626,12 +1518,11 @@ static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
+	BIO_write((BIO *)arg,&c,1);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
-	return 1;
 	}
 #endif
 

apps/s_apps.h

@@ -108,9 +108,8 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
-#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
+
 #include <sys/types.h>
-#endif
 #include <openssl/opensslconf.h>
 
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)

apps/s_cb.c

@@ -239,15 +239,15 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
 
 	if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
 		{
-		BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n",
- 			(void *)bio,argp,argi,ret,ret);
+		BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n",
+			bio,argp,argi,ret,ret);
 		BIO_dump(out,argp,(int)ret);
 		return(ret);
 		}
 	else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
 		{
-		BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n",
-			(void *)bio,argp,argi,ret,ret);
+		BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n",
+			bio,argp,argi,ret,ret);
 		BIO_dump(out,argp,(int)ret);
 		}
 	return(ret);

apps/s_client.c

@@ -256,7 +256,7 @@ int MAIN(int argc, char **argv)
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
 #endif
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
 	struct timeval tv;
 #endif
 
@@ -640,7 +640,7 @@ re_start:
 
 		if (!ssl_pending)
 			{
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
 			if (tty_on)
 				{
 				if (read_tty)  FD_SET(fileno(stdin),&readfds);
@@ -770,7 +770,7 @@ re_start:
 				goto shut;
 				}
 			}
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
 		/* Assume Windows/DOS can always write */
 		else if (!ssl_pending && write_tty)
 #else
@@ -857,8 +857,6 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 #else
 		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
 #endif
-#elif defined (OPENSSL_SYS_NETWARE)
-        else if (_kbhit())
 #else
 		else if (FD_ISSET(fileno(stdin),&readfds))
 #endif
@@ -946,7 +944,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	SSL_CIPHER *c;
 	X509_NAME *xn;
 	int j,i;
-	const COMP_METHOD *comp, *expansion;
 
 	if (full)
 		{
@@ -1049,12 +1046,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 							 EVP_PKEY_bits(pktmp));
 		EVP_PKEY_free(pktmp);
 	}
-	comp=SSL_get_current_compression(s);
-	expansion=SSL_get_current_expansion(s);
-	BIO_printf(bio,"Compression: %s\n",
-		comp ? SSL_COMP_get_name(comp) : "NONE");
-	BIO_printf(bio,"Expansion: %s\n",
-		expansion ? SSL_COMP_get_name(expansion) : "NONE");
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)

apps/s_server.c

@@ -108,33 +108,18 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
 
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-
+#include <sys/types.h>
 #include <sys/stat.h>
 #include <openssl/e_os2.h>
 #ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 
-#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
-#include <sys/types.h>
-#endif
-
 /* With IPv6, it looks like Digital has mixed up the proper order of
    recursive header file inclusion, resulting in the compiler complaining
    that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
@@ -183,7 +168,6 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
 static DH *load_dh_param(char *dhfile);
 static DH *get_dh512(void);
 #endif
-
 #ifdef MONOLITH
 static void s_server_init(void);
 #endif
@@ -222,7 +206,6 @@ static DH *get_dh512(void)
 	}
 #endif
 
-
 /* static int load_CA(SSL_CTX *ctx, char *file);*/
 
 #undef BUFSIZZ
@@ -304,11 +287,6 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");
 	BIO_printf(bio_err," -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
 	BIO_printf(bio_err,"                 or a default set of parameters is used\n");
-#ifndef OPENSSL_NO_ECDH
-	BIO_printf(bio_err," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
-	                   "                 Use \"openssl ecparam -list_curves\" for all names\n" \
-	                   "                 (default is sect163r2).\n");
-#endif
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
@@ -332,9 +310,6 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
 #ifndef OPENSSL_NO_DH
 	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
-	BIO_printf(bio_err," -no_ecdhe     - Disable ephemeral ECDH\n");
 #endif
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
@@ -511,11 +486,10 @@ int MAIN(int argc, char *argv[])
 	char *CApath=NULL,*CAfile=NULL;
 	char *context = NULL;
 	char *dhfile = NULL;
-	char *named_curve = NULL;
 	int badop=0,bugs=0;
 	int ret=1;
 	int off=0;
-	int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
+	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
 #ifndef OPENSSL_NO_ENGINE
@@ -598,13 +572,6 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			dhfile = *(++argv);
 			}
-#ifndef OPENSSL_NO_ECDH		
-		else if	(strcmp(*argv,"-named_curve") == 0)
-			{
-			if (--argc < 1) goto bad;
-			named_curve = *(++argv);
-			}
-#endif
 		else if	(strcmp(*argv,"-dcert") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -673,8 +640,6 @@ int MAIN(int argc, char *argv[])
 			{ no_tmp_rsa=1; }
 		else if	(strcmp(*argv,"-no_dhe") == 0)
 			{ no_dhe=1; }
-		else if	(strcmp(*argv,"-no_ecdhe") == 0)
-			{ no_ecdhe=1; }
 		else if	(strcmp(*argv,"-www") == 0)
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
@@ -761,7 +726,7 @@ bad:
 			}
 		}
 
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
 	if (nocert)
 #endif
 		{
@@ -850,59 +815,6 @@ bad:
 		}
 #endif
 	
-#ifndef OPENSSL_NO_ECDH
-	if (!no_ecdhe)
-		{
-		EC_KEY *ecdh=NULL;
-
-		ecdh = EC_KEY_new();
-		if (ecdh == NULL)
-			{
-			BIO_printf(bio_err,"Could not create ECDH struct.\n");
-			goto end;
-			}
-
-		if (named_curve)
-			{
-			int nid = OBJ_sn2nid(named_curve);
-
-			if (nid == 0)
-				{
-				BIO_printf(bio_err, "unknown curve name (%s)\n", 
-					named_curve);
-				goto end;
-				}
-
-			ecdh->group = EC_GROUP_new_by_nid(nid);
-			if (ecdh->group == NULL)
-				{
-				BIO_printf(bio_err, "unable to create curve (%s)\n", 
-					named_curve);
-				goto end;
-				}
-			}
-
-		if (ecdh->group != NULL)
-			{
-			BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
-			}
-		else
-			{
-			BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
-			ecdh->group=EC_GROUP_new_by_nid(NID_sect163r2);
-			if (ecdh->group == NULL) 
-				{
-				BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
-				goto end;
-				}
-			}
-		(void)BIO_flush(bio_s_out);
-
-		SSL_CTX_set_tmp_ecdh(ctx,ecdh);
-		EC_KEY_free(ecdh);
-		}
-#endif
-	
 	if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
 		goto end;
 	if (s_dcert_file != NULL)
@@ -971,23 +883,23 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
 	{
 	BIO_printf(bio,"%4ld items in the session cache\n",
 		SSL_CTX_sess_number(ssl_ctx));
-	BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
+	BIO_printf(bio,"%4d client connects (SSL_connect())\n",
 		SSL_CTX_sess_connect(ssl_ctx));
-	BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
+	BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n",
 		SSL_CTX_sess_connect_renegotiate(ssl_ctx));
-	BIO_printf(bio,"%4ld client connects that finished\n",
+	BIO_printf(bio,"%4d client connects that finished\n",
 		SSL_CTX_sess_connect_good(ssl_ctx));
-	BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
+	BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
 		SSL_CTX_sess_accept(ssl_ctx));
-	BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
+	BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n",
 		SSL_CTX_sess_accept_renegotiate(ssl_ctx));
-	BIO_printf(bio,"%4ld server accepts that finished\n",
+	BIO_printf(bio,"%4d server accepts that finished\n",
 		SSL_CTX_sess_accept_good(ssl_ctx));
-	BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
-	BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
-	BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
-	BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
-	BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
+	BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
+	BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
+	BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
+	BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
+	BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
 		SSL_CTX_sess_cache_full(ssl_ctx),
 		SSL_CTX_sess_get_cache_size(ssl_ctx));
 	}
@@ -1001,7 +913,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	unsigned long l;
 	SSL *con=NULL;
 	BIO *sbio;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
 	struct timeval tv;
 #endif
 
@@ -1075,7 +987,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		if (!read_from_sslcon)
 			{
 			FD_ZERO(&readfds);
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
 			FD_SET(fileno(stdin),&readfds);
 #endif
 			FD_SET(s,&readfds);
@@ -1085,7 +997,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 			 * the compiler: if you do have a cast then you can either
 			 * go for (int *) or (void *).
 			 */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
                         /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
 			 * on sockets. As a workaround we timeout the select every
 			 * second and check for any keypress. In a proper Windows
@@ -1505,9 +1417,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			else
 				{
 				BIO_printf(bio_s_out,"read R BLOCK\n");
-#if defined(OPENSSL_SYS_NETWARE)
-            delay(1000);
-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
 				sleep(1);
 #endif
 				continue;
@@ -1791,12 +1701,7 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
 			(void)BIO_flush(bio_err);
 			}
-		if(((rsa_tmp = RSA_new()) == NULL) || !RSA_generate_key_ex(
-					rsa_tmp, keylength,RSA_F4,NULL))
-			{
-			if(rsa_tmp) RSA_free(rsa_tmp);
-			rsa_tmp = NULL;
-			}
+		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
 		if (!s_quiet)
 			{
 			BIO_printf(bio_err,"\n");

apps/s_socket.c

@@ -62,6 +62,8 @@
 #include <errno.h>
 #include <signal.h>
 
+#include <openssl/e_os2.h>
+
 /* With IPv6, it looks like Digital has mixed up the proper order of
    recursive header file inclusion, resulting in the compiler complaining
    that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
@@ -79,16 +81,8 @@ typedef unsigned int u_int;
 #include "s_apps.h"
 #include <openssl/ssl.h>
 
-#ifdef FLAT_INC
-#include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
-
-#ifndef OPENSSL_NO_SOCK
-
 static struct hostent *GetHostByName(char *name);
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
+#ifdef OPENSSL_SYS_WINDOWS
 static void ssl_sock_cleanup(void);
 #endif
 static int ssl_sock_init(void);
@@ -104,10 +98,6 @@ static int host_ip(char *str, unsigned char ip[4]);
 #define SOCKET_PROTOCOL	IPPROTO_TCP
 #endif
 
-#ifdef OPENSSL_SYS_NETWARE
-static int wsa_init_done=0;
-#endif
-
 #ifdef OPENSSL_SYS_WINDOWS
 static struct WSAData wsa_state;
 static int wsa_init_done=0;
@@ -156,15 +146,6 @@ static void ssl_sock_cleanup(void)
 		WSACleanup();
 		}
 	}
-#elif defined(OPENSSL_SYS_NETWARE)
-static void sock_cleanup(void)
-    {
-    if (wsa_init_done)
-        {
-        wsa_init_done=0;
-		WSACleanup();
-		}
-	}
 #endif
 
 static int ssl_sock_init(void)
@@ -200,27 +181,6 @@ static int ssl_sock_init(void)
 		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
 #endif /* OPENSSL_SYS_WIN16 */
 		}
-#elif defined(OPENSSL_SYS_NETWARE)
-   WORD wVerReq;
-   WSADATA wsaData;
-   int err;
-
-   if (!wsa_init_done)
-      {
-   
-# ifdef SIGINT
-      signal(SIGINT,(void (*)(int))sock_cleanup);
-# endif
-
-      wsa_init_done=1;
-      wVerReq = MAKEWORD( 2, 0 );
-      err = WSAStartup(wVerReq,&wsaData);
-      if (err != 0)
-         {
-         BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);
-         return(0);
-         }
-      }
 #endif /* OPENSSL_SYS_WINDOWS */
 	return(1);
 	}
@@ -382,7 +342,7 @@ redoit:
 	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
+#ifdef OPENSSL_SYS_WINDOWS
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
@@ -593,5 +553,3 @@ static struct hostent *GetHostByName(char *name)
 		return(ret);
 		}
 	}
-
-#endif

apps/s_time.c

@@ -85,7 +85,7 @@
 #include OPENSSL_UNISTD
 #endif
 
-#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
 #define TIMES
 #endif
 
@@ -105,7 +105,7 @@
 #undef TIMES
 #endif
 
-#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
+#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS)
 #include <sys/timeb.h>
 #endif
 
@@ -384,20 +384,6 @@ static double tm_Time_F(int s)
 		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
 		return((ret == 0.0)?1e-6:ret);
 	}
-#elif defined(OPENSSL_SYS_NETWARE)
-    static clock_t tstart,tend;
-
-    if (s == START)
-    {
-        tstart=clock();
-        return(0);
-    }
-    else
-    {
-        tend=clock();
-        ret=(double)((double)(tend)-(double)(tstart));
-        return((ret < 0.001)?0.001:ret);
-    }
 #elif defined(OPENSSL_SYS_VXWORKS)
         {
 	static unsigned long tick_start, tick_end;

apps/smime.c

@@ -1,9 +1,9 @@
 /* smime.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
+ * project 1999.
  */
 /* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -482,14 +482,8 @@ int MAIN(int argc, char **argv)
 	if(operation == SMIME_ENCRYPT) {
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
 	} else if(operation == SMIME_SIGN) {
-		/* If detached data and SMIME output enable partial
-		 * signing.
-		 */
-		if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
-			flags |= PKCS7_STREAM;
 		p7 = PKCS7_sign(signer, key, other, in, flags);
-		/* Don't need to rewind for partial signing */
-		if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) {
+		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
 		  BIO_printf(bio_err, "Can't rewind input file\n");
 		  goto end;
 		}

apps/speed.c

@@ -55,19 +55,6 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The ECDH and ECDSA speed test software is originally written by 
- * Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
 
 /* most of this code has been pilfered from my libdes speed.c program */
 
@@ -77,8 +64,6 @@
 #define SECONDS		3	
 #define RSA_SECONDS	10
 #define DSA_SECONDS	10
-#define ECDSA_SECONDS   10
-#define ECDH_SECONDS    10
 
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
@@ -88,7 +73,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-
+#include <signal.h>
 #include <string.h>
 #include <math.h>
 #include "apps.h"
@@ -104,10 +89,6 @@
 #include OPENSSL_UNISTD
 #endif
 
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
 #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
 # define USE_TOD
 #elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
@@ -117,12 +98,6 @@
 # define TIMEB
 #endif
 
-#if defined(OPENSSL_SYS_NETWARE)
-#undef TIMES
-#undef TIMEB
-#include <time.h>
-#endif
-
 #ifndef _IRIX
 # include <time.h>
 #endif
@@ -147,7 +122,7 @@
 #include <sys/timeb.h>
 #endif
 
-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS)
 #error "It seems neither struct tms nor struct timeb is supported in this platform!"
 #endif
 
@@ -211,28 +186,12 @@
 #ifndef OPENSSL_NO_DSA
 #include "./testdsa.h"
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-
-/*
- * The following "HZ" timing stuff should be sync'd up with the code in
- * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think
- * this code is more up to date than libcrypto's so there may be features to
- * migrate over first. This is used in two places further down AFAICS. 
- * The point is that nothing in openssl actually *uses* that tmdiff stuff, so
- * either speed.c should be using it or it should go because it's obviously not
- * useful enough. Anyone want to do a janitorial job on this?
- */
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 # if defined(_SC_CLK_TCK) \
      && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
-#  define HZ sysconf(_SC_CLK_TCK)
+#  define HZ ((double)sysconf(_SC_CLK_TCK))
 # else
 #  ifndef CLK_TCK
 #   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
@@ -246,7 +205,7 @@
 # endif
 #endif
 
-#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE)
+#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2)
 # define HAVE_FORK 1
 #endif
 
@@ -270,10 +229,6 @@ static int do_multi(int multi);
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
-
-#define EC_NUM       16
-#define MAX_ECDH_SIZE 256
-
 static const char *names[ALGOR_NUM]={
   "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
   "des cbc","des ede3","idea cbc",
@@ -283,9 +238,6 @@ static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
 static double rsa_results[RSA_NUM][2];
 static double dsa_results[DSA_NUM][2];
-static double ecdsa_results[EC_NUM][2];
-static double ecdh_results[EC_NUM][1];
-
 
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
@@ -308,32 +260,6 @@ static SIGRETTYPE sig_done(int sig)
 #define START	0
 #define STOP	1
 
-#if defined(OPENSSL_SYS_NETWARE)
-
-   /* for NetWare the best we can do is use clock() which returns the
-    * time, in hundredths of a second, since the NLM began executing
-   */
-static double Time_F(int s)
-	{
-	double ret;
-
-   static clock_t tstart,tend;
-
-   if (s == START)
-   {
-      tstart=clock();
-      return(0);
-   }
-   else
-   {
-      tend=clock();
-      ret=(double)((double)(tend)-(double)(tstart));
-      return((ret < 0.001)?0.001:ret);
-   }
-   }
-
-#else
-
 static double Time_F(int s)
 	{
 	double ret;
@@ -395,8 +321,7 @@ static double Time_F(int s)
 		else
 			{
 			times(&tend);
-			ret = HZ;
-			ret=(double)(tend.tms_utime-tstart.tms_utime) / ret;
+			ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
 			return((ret < 1e-3)?1e-3:ret);
 			}
 		}
@@ -442,21 +367,6 @@ static double Time_F(int s)
 # endif
 #endif
 	}
-#endif /* if defined(OPENSSL_SYS_NETWARE) */
-
-
-static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen)
-	{
-#ifndef OPENSSL_NO_SHA
-	if (outlen != SHA_DIGEST_LENGTH)
-		return NULL;
-	return SHA1(in, inlen, out);
-#else
-	return NULL;
-#endif
-	}
-
 
 int MAIN(int, char **);
 
@@ -572,24 +482,6 @@ int MAIN(int argc, char **argv)
 #define	R_RSA_1024	1
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
-
-#define R_EC_P160    0
-#define R_EC_P192    1	
-#define R_EC_P224    2
-#define R_EC_P256    3
-#define R_EC_P384    4
-#define R_EC_P521    5
-#define R_EC_K163    6
-#define R_EC_K233    7
-#define R_EC_K283    8
-#define R_EC_K409    9
-#define R_EC_K571    10
-#define R_EC_B163    11
-#define R_EC_B233    12
-#define R_EC_B283    13
-#define R_EC_B409    14
-#define R_EC_B571    15
-
 #ifndef OPENSSL_NO_RSA
 	RSA *rsa_key[RSA_NUM];
 	long rsa_c[RSA_NUM][2];
@@ -605,83 +497,8 @@ int MAIN(int argc, char **argv)
 	long dsa_c[DSA_NUM][2];
 	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
 #endif
-#ifndef OPENSSL_NO_EC
-	/* We only test over the following curves as they are representative, 
-	 * To add tests over more curves, simply add the curve NID
-	 * and curve name to the following arrays and increase the 
-	 * EC_NUM value accordingly. 
-	 */
-	static unsigned int test_curves[EC_NUM] = 
-	{	
-	/* Prime Curves */
-	NID_secp160r1,
-	NID_X9_62_prime192v1,
-	NID_secp224r1,
-	NID_X9_62_prime256v1,
-	NID_secp384r1,
-	NID_secp521r1,
-	/* Binary Curves */
-	NID_sect163k1,
-	NID_sect233k1,
-	NID_sect283k1,
-	NID_sect409k1,
-	NID_sect571k1,
-	NID_sect163r2,
-	NID_sect233r1,
-	NID_sect283r1,
-	NID_sect409r1,
-	NID_sect571r1
-	}; 
-	static char * test_curves_names[EC_NUM] = 
-	{
-	/* Prime Curves */
-	"secp160r1",
-	"nistp192",
-	"nistp224",
-	"nistp256",
-	"nistp384",
-	"nistp521",
-	/* Binary Curves */
-	"nistk163",
-	"nistk233",
-	"nistk283",
-	"nistk409",
-	"nistk571",
-	"nistb163",
-	"nistb233",
-	"nistb283",
-	"nistb409",
-	"nistb571"
-	};
-	static int test_curves_bits[EC_NUM] =
-        {
-        160, 192, 224, 256, 384, 521,
-        163, 233, 283, 409, 571,
-        163, 233, 283, 409, 571
-        };
-
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-        unsigned char ecdsasig[256];
-        unsigned int ecdsasiglen;
-        EC_KEY *ecdsa[EC_NUM];
-        long ecdsa_c[EC_NUM][2];
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-        EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
-        unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
-        int secret_size_a, secret_size_b;
-        int ecdh_checks = 0;
-        int secret_idx = 0;
-        long ecdh_c[EC_NUM][2];
-#endif
-
 	int rsa_doit[RSA_NUM];
 	int dsa_doit[DSA_NUM];
-	int ecdsa_doit[EC_NUM];
-        int ecdh_doit[EC_NUM];
 	int doit[ALGOR_NUM];
 	int pr_header=0;
 	const EVP_CIPHER *evp_cipher=NULL;
@@ -700,17 +517,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_DSA
 	memset(dsa_key,0,sizeof(dsa_key));
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	for (i=0; i<EC_NUM; i++)
-		{
-		ecdh_a[i] = NULL;
-		ecdh_b[i] = NULL;
-		}
-#endif
-
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
@@ -749,15 +555,6 @@ int MAIN(int argc, char **argv)
 		rsa_doit[i]=0;
 	for (i=0; i<DSA_NUM; i++)
 		dsa_doit[i]=0;
-#ifndef OPENSSL_NO_ECDSA
-	for (i=0; i<EC_NUM; i++)
-		ecdsa_doit[i]=0;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	for (i=0; i<EC_NUM; i++)
-		ecdh_doit[i]=0;
-#endif
-
 	
 	j=0;
 	argc--;
@@ -979,52 +776,6 @@ int MAIN(int argc, char **argv)
 			dsa_doit[R_DSA_2048]=1;
 			}
 		else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		     if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
-		else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
-		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
-		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
-		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
-		else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
-		else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
-		else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
-		else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
-		else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
-		else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
-		else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
-		else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
-		else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
-		else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
-		else if (strcmp(*argv,"ecdsa") == 0)
-			{
-			for (i=0; i < EC_NUM; i++)
-				ecdsa_doit[i]=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_ECDH
-		     if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
-		else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
-		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
-		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
-		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
-		else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
-		else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
-		else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
-		else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
-		else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
-		else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
-		else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
-		else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
-		else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
-		else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
-		else if (strcmp(*argv,"ecdh") == 0)
-			{
-			for (i=0; i < EC_NUM; i++)
-				ecdh_doit[i]=1;
-			}
-		else
 #endif
 			{
 			BIO_printf(bio_err,"Error: bad option or value\n");
@@ -1091,18 +842,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_DSA
 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
 #endif
-#ifndef OPENSSL_NO_ECDSA
-			BIO_printf(bio_err,"ecdsap160 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
-			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
-			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
-			BIO_printf(bio_err,"ecdsa\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
-			BIO_printf(bio_err,"ecdhp160  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
-			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
-			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
-			BIO_printf(bio_err,"ecdh\n");
-#endif
 
 #ifndef OPENSSL_NO_IDEA
 			BIO_printf(bio_err,"idea     ");
@@ -1340,114 +1079,6 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 
-#ifndef OPENSSL_NO_ECDSA
-	ecdsa_c[R_EC_P160][0]=count/1000;
-	ecdsa_c[R_EC_P160][1]=count/1000/2;
-	for (i=R_EC_P224; i<=R_EC_P521; i++)
-		{
-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-			ecdsa_doit[i]=0;
-		else
-			{
-			if (ecdsa_c[i] == 0)
-				{
-				ecdsa_c[i][0]=1;
-				ecdsa_c[i][1]=1;
-				}
-			}
-		}
-	ecdsa_c[R_EC_K163][0]=count/1000;
-	ecdsa_c[R_EC_K163][1]=count/1000/2;
-	for (i=R_EC_K233; i<=R_EC_K571; i++)
-		{
-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-			ecdsa_doit[i]=0;
-		else
-			{
-			if (ecdsa_c[i] == 0)
-				{
-				ecdsa_c[i][0]=1;
-				ecdsa_c[i][1]=1;
-				}
-			}
-		}
-	ecdsa_c[R_EC_B163][0]=count/1000;
-	ecdsa_c[R_EC_B163][1]=count/1000/2;
-	for (i=R_EC_B233; i<=R_EC_B571; i++)
-		{
-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-			ecdsa_doit[i]=0;
-		else
-			{
-			if (ecdsa_c[i] == 0)
-				{
-				ecdsa_c[i][0]=1;
-				ecdsa_c[i][1]=1;
-				}
-			}
-		}
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	ecdh_c[R_EC_P160][0]=count/1000;
-	ecdh_c[R_EC_P160][1]=count/1000;
-	for (i=R_EC_P224; i<=R_EC_P521; i++)
-		{
-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-			ecdh_doit[i]=0;
-		else
-			{
-			if (ecdh_c[i] == 0)
-				{
-				ecdh_c[i][0]=1;
-				ecdh_c[i][1]=1;
-				}
-			}
-		}
-	ecdh_c[R_EC_K163][0]=count/1000;
-	ecdh_c[R_EC_K163][1]=count/1000;
-	for (i=R_EC_K233; i<=R_EC_K571; i++)
-		{
-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-			ecdh_doit[i]=0;
-		else
-			{
-			if (ecdh_c[i] == 0)
-				{
-				ecdh_c[i][0]=1;
-				ecdh_c[i][1]=1;
-				}
-			}
-		}
-	ecdh_c[R_EC_B163][0]=count/1000;
-	ecdh_c[R_EC_B163][1]=count/1000;
-	for (i=R_EC_B233; i<=R_EC_B571; i++)
-		{
-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-			ecdh_doit[i]=0;
-		else
-			{
-			if (ecdh_c[i] == 0)
-				{
-				ecdh_c[i][0]=1;
-				ecdh_c[i][1]=1;
-				}
-			}
-		}
-#endif
-
 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
 #else
@@ -1973,239 +1604,6 @@ int MAIN(int argc, char **argv)
 		}
 	if (rnd_fake) RAND_cleanup();
 #endif
-
-#ifndef OPENSSL_NO_ECDSA
-	if (RAND_status() != 1) 
-		{
-		RAND_seed(rnd_seed, sizeof rnd_seed);
-		rnd_fake = 1;
-		}
-	for (j=0; j<EC_NUM; j++) 
-		{
-		int ret;
-
-		if (!ecdsa_doit[j]) continue; /* Ignore Curve */ 
-		ecdsa[j] = EC_KEY_new();
-		if (ecdsa[j] == NULL) 
-			{
-			BIO_printf(bio_err,"ECDSA failure.\n");
-			ERR_print_errors(bio_err);
-			rsa_count=1;
-			} 
-		else 
-			{
-			ecdsa[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
-			/* Could not obtain group information */
-			if (ecdsa[j]->group == NULL) 
-				{
-				BIO_printf(bio_err,"ECDSA failure.Could not obtain group information\n");
-				ERR_print_errors(bio_err);
-				rsa_count=1;
-				} 
-			else 
-				{
-#if 1
-				EC_GROUP_precompute_mult(ecdsa[j]->group, NULL);
-#endif
-				/* Perform ECDSA signature test */
-				EC_KEY_generate_key(ecdsa[j]);
-				ret = ECDSA_sign(0, buf, 20, ecdsasig, 
-					&ecdsasiglen, ecdsa[j]);
-				if (ret == 0) 
-					{
-					BIO_printf(bio_err,"ECDSA sign failure.  No ECDSA sign will be done.\n");
-					ERR_print_errors(bio_err);
-					rsa_count=1;
-					} 
-				else 
-					{
-					pkey_print_message("sign","ecdsa",
-						ecdsa_c[j][0], 
-						test_curves_bits[j],
-						ECDSA_SECONDS);
-
-					Time_F(START);
-					for (count=0,run=1; COND(ecdsa_c[j][0]);
-						count++) 
-						{
-						ret=ECDSA_sign(0, buf, 20, 
-							ecdsasig, &ecdsasiglen,
-							ecdsa[j]);
-						if (ret == 0) 
-							{
-							BIO_printf(bio_err, "ECDSA sign failure\n");
-							ERR_print_errors(bio_err);
-							count=1;
-							break;
-							}
-						}
-						d=Time_F(STOP);
-
-						BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
-						"%ld %d bit ECDSA signs in %.2fs \n", 
-						count, test_curves_bits[j], d);
-						ecdsa_results[j][0]=d/(double)count;
-						rsa_count=count;
-					}
-
-				/* Perform ECDSA verification test */
-				ret=ECDSA_verify(0, buf, 20, ecdsasig, 
-					ecdsasiglen, ecdsa[j]);
-				if (ret != 1) 
-					{
-					BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");
-					ERR_print_errors(bio_err);
-					ecdsa_doit[j] = 0;
-					} 
-				else 
-					{
-					pkey_print_message("verify","ecdsa",
-					ecdsa_c[j][1],
-					test_curves_bits[j],
-					ECDSA_SECONDS);
-					Time_F(START);
-					for (count=0,run=1; COND(ecdsa_c[j][1]); count++) 
-						{
-						ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
-						if (ret != 1) 
-							{
-							BIO_printf(bio_err, "ECDSA verify failure\n");
-							ERR_print_errors(bio_err);
-							count=1;
-							break;
-							}
-						}
-						d=Time_F(STOP);
-						BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
-							: "%ld %d bit ECDSA verify in %.2fs\n",
-						count, test_curves_bits[j], d);
-						ecdsa_results[j][1]=d/(double)count;
-					}
-
-				if (rsa_count <= 1) 
-					{
-					/* if longer than 10s, don't do any more */
-					for (j++; j<EC_NUM; j++)
-					ecdsa_doit[j]=0;
-					}
-				}
-			}
-		}
-	if (rnd_fake) RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	if (RAND_status() != 1)
-		{
-		RAND_seed(rnd_seed, sizeof rnd_seed);
-		rnd_fake = 1;
-		}
-	for (j=0; j<EC_NUM; j++)
-		{
-		if (!ecdh_doit[j]) continue;
-		ecdh_a[j] = EC_KEY_new();
-		ecdh_b[j] = EC_KEY_new();
-		if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
-			{
-			BIO_printf(bio_err,"ECDH failure.\n");
-			ERR_print_errors(bio_err);
-			rsa_count=1;
-			}
-		else
-			{
-			ecdh_a[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
-			if (ecdh_a[j]->group == NULL)
-				{
-				BIO_printf(bio_err,"ECDH failure.\n");
-				ERR_print_errors(bio_err);
-				rsa_count=1;
-				}
-			else
-				{
-				ecdh_b[j]->group = EC_GROUP_dup(ecdh_a[j]->group);
-
-				/* generate two ECDH key pairs */
-				if (!EC_KEY_generate_key(ecdh_a[j]) ||
-					!EC_KEY_generate_key(ecdh_b[j]))
-					{
-					BIO_printf(bio_err,"ECDH key generation failure.\n");
-					ERR_print_errors(bio_err);
-					rsa_count=1;		
-					}
-				else
-					{
-					/* If field size is not more than 24 octets, then use SHA-1 hash of result;
-					 * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
-					 */
-					int field_size, outlen;
-					void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen);
-					field_size = EC_GROUP_get_degree(ecdh_a[j]->group);
-					if (field_size <= 24 * 8)
-						{
-						outlen = KDF1_SHA1_len;
-						kdf = KDF1_SHA1;
-						}
-					else
-						{
-						outlen = (field_size+7)/8;
-						kdf = NULL;
-						}
-					secret_size_a = ECDH_compute_key(secret_a, outlen,
-						ecdh_b[j]->pub_key,
-						ecdh_a[j], kdf);
-					secret_size_b = ECDH_compute_key(secret_b, outlen,
-						ecdh_a[j]->pub_key,
-						ecdh_b[j], kdf);
-					if (secret_size_a != secret_size_b) 
-						ecdh_checks = 0;
-					else
-						ecdh_checks = 1;
-
-					for (secret_idx = 0; 
-					    (secret_idx < secret_size_a)
-						&& (ecdh_checks == 1);
-					    secret_idx++)
-						{
-						if (secret_a[secret_idx] != secret_b[secret_idx])
-						ecdh_checks = 0;
-						}
-
-					if (ecdh_checks == 0)
-						{
-						BIO_printf(bio_err,"ECDH computations don't match.\n");
-						ERR_print_errors(bio_err);
-						rsa_count=1;		
-						}
-
-					pkey_print_message("","ecdh",
-					ecdh_c[j][0], 
-					test_curves_bits[j],
-					ECDH_SECONDS);
-					Time_F(START);
-					for (count=0,run=1; COND(ecdh_c[j][0]); count++)
-						{
-						ECDH_compute_key(secret_a, outlen,
-						ecdh_b[j]->pub_key,
-						ecdh_a[j], kdf);
-						}
-					d=Time_F(STOP);
-					BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
-					count, test_curves_bits[j], d);
-					ecdh_results[j][0]=d/(double)count;
-					rsa_count=count;
-					}
-				}
-			}
-
-		if (rsa_count <= 1)
-			{
-			/* if longer than 10s, don't do any more */
-			for (j++; j<EC_NUM; j++)
-			ecdh_doit[j]=0;
-			}
-		}
-	if (rnd_fake) RAND_cleanup();
-#endif
 #ifdef HAVE_FORK
 show_res:
 #endif
@@ -2246,10 +1644,7 @@ show_res:
 #endif
 #ifdef HZ
 #define as_string(s) (#s)
-		{
-		double dbl = HZ;
-		printf("HZ=%g", dbl);
-		}
+		printf("HZ=%g", (double)HZ);
 # ifdef _SC_CLK_TCK
 		printf(" [sysconf value]");
 # endif
@@ -2334,57 +1729,7 @@ show_res:
 				1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	j=1;
-	for (k=0; k<EC_NUM; k++)
-		{
-		if (!ecdsa_doit[k]) continue;
-		if (j && !mr)
-			{
-			printf("%30ssign    verify    sign/s verify/s\n"," ");
-			j=0;
-			}
-
-		if (mr)
-			fprintf(stdout,"+F4:%u:%u:%f:%f\n", 
-				k, test_curves_bits[k],
-				ecdsa_results[k][0],ecdsa_results[k][1]);
-		else
-			fprintf(stdout,
-				"%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", 
-				test_curves_bits[k],
-				test_curves_names[k],
-				ecdsa_results[k][0],ecdsa_results[k][1], 
-				1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);
-		}
-#endif
-
-
-#ifndef OPENSSL_NO_ECDH
-	j=1;
-	for (k=0; k<EC_NUM; k++)
-		{
-		if (!ecdh_doit[k]) continue;
-		if (j && !mr)
-			{
-			printf("%30sop      op/s\n"," ");
-			j=0;
-			}
-		if (mr)
-			fprintf(stdout,"+F5:%u:%u:%f:%f\n",
-				k, test_curves_bits[k],
-				ecdh_results[k][0], 1.0/ecdh_results[k][0]);
-
-		else
-			fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",
-				test_curves_bits[k],
-				test_curves_names[k],
-				ecdh_results[k][0], 1.0/ecdh_results[k][0]);
-		}
-#endif
-
 	mret=0;
-
 end:
 	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
@@ -2399,22 +1744,6 @@ end:
 		if (dsa_key[i] != NULL)
 			DSA_free(dsa_key[i]);
 #endif
-
-#ifndef OPENSSL_NO_ECDSA
-	for (i=0; i<EC_NUM; i++)
-		if (ecdsa[i] != NULL)
-			EC_KEY_free(ecdsa[i]);
-#endif
-#ifndef OPENSSL_NO_ECDH
-	for (i=0; i<EC_NUM; i++)
-	{
-		if (ecdh_a[i] != NULL)
-			EC_KEY_free(ecdh_a[i]);
-		if (ecdh_b[i] != NULL)
-			EC_KEY_free(ecdh_b[i]);
-	}
-#endif
-
 	apps_shutdown();
 	OPENSSL_EXIT(mret);
 	}
@@ -2456,8 +1785,8 @@ static void pkey_print_message(char *str, char *str2, long num, int bits,
 
 static void print_result(int alg,int run_no,int count,double time_used)
 	{
-	BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
-		   : "%d %s's in %.2fs\n",count,names[alg],time_used);
+	BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n"
+		   : "%ld %s's in %.2fs\n",count,names[alg],time_used);
 	results[alg][run_no]=((double)count)/time_used*lengths[run_no];
 	}
 
@@ -2616,49 +1945,6 @@ static int do_multi(int multi)
 				else
 					dsa_results[k][1]=d;
 				}
-#ifndef OPENSSL_NO_ECDSA
-			else if(!strncmp(buf,"+F4:",4))
-				{
-				int k;
-				double d;
-				
-				p=buf+4;
-				k=atoi(sstrsep(&p,sep));
-				sstrsep(&p,sep);
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);
-				else
-					ecdsa_results[k][0]=d;
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);
-				else
-					ecdsa_results[k][1]=d;
-				}
-#endif 
-
-#ifndef OPENSSL_NO_ECDH
-			else if(!strncmp(buf,"+F5:",4))
-				{
-				int k;
-				double d;
-				
-				p=buf+4;
-				k=atoi(sstrsep(&p,sep));
-				sstrsep(&p,sep);
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);
-				else
-					ecdh_results[k][0]=d;
-
-				}
-#endif
-
 			else if(!strncmp(buf,"+H:",3))
 				{
 				}

apps/version.c

@@ -172,19 +172,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 
-	if (version)
-		{
-		if (SSLeay() == SSLEAY_VERSION_NUMBER)
-			{
-			printf("%s\n",SSLeay_version(SSLEAY_VERSION));
-			}
-		else
-			{
-			printf("%s (Library: %s)\n",
-				OPENSSL_VERSION_TEXT,
-				SSLeay_version(SSLEAY_VERSION));
-			}
-		}
+	if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION));
 	if (date)    printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
 	if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
 	if (options) 

apps/x509.c

@@ -92,9 +92,7 @@ static char *x509_usage[]={
 " -out arg        - output file - default stdout\n",
 " -passin arg     - private key password source\n",
 " -serial         - print serial number value\n",
-" -subject_hash   - print subject hash value\n",
-" -issuer_hash    - print issuer hash value\n",
-" -hash           - synonym for -subject_hash\n",
+" -hash           - print hash value\n",
 " -subject        - print subject DN\n",
 " -issuer         - print issuer DN\n",
 " -email          - print email address(es)\n",
@@ -169,8 +167,8 @@ int MAIN(int argc, char **argv)
 	char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
-	int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
-	int subject_hash=0,issuer_hash=0,ocspid=0;
+	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+	int next_serial=0,ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
@@ -373,6 +371,8 @@ int MAIN(int argc, char **argv)
 			email= ++num;
 		else if (strcmp(*argv,"-serial") == 0)
 			serial= ++num;
+		else if (strcmp(*argv,"-next_serial") == 0)
+			next_serial= ++num;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus= ++num;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -381,11 +381,8 @@ int MAIN(int argc, char **argv)
 			x509req= ++num;
 		else if (strcmp(*argv,"-text") == 0)
 			text= ++num;
-		else if (strcmp(*argv,"-hash") == 0
-			|| strcmp(*argv,"-subject_hash") == 0)
-			subject_hash= ++num;
-		else if (strcmp(*argv,"-issuer_hash") == 0)
-			issuer_hash= ++num;
+		else if (strcmp(*argv,"-hash") == 0)
+			hash= ++num;
 		else if (strcmp(*argv,"-subject") == 0)
 			subject= ++num;
 		else if (strcmp(*argv,"-issuer") == 0)
@@ -622,7 +619,7 @@ bad:
 		if (xca == NULL) goto end;
 		}
 
-	if (!noout || text)
+	if (!noout || text || next_serial)
 		{
 		OBJ_create("2.99999.3",
 			"SET.ex3","SET x509v3 extension 3");
@@ -696,6 +693,24 @@ bad:
 				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
 				BIO_printf(STDout,"\n");
 				}
+			else if (next_serial == i)
+				{
+				BIGNUM *bnser;
+				ASN1_INTEGER *ser;
+				ser = X509_get_serialNumber(x);
+				bnser = ASN1_INTEGER_to_BN(ser, NULL);
+				if (!bnser)
+					goto end;
+				if (!BN_add_word(bnser, 1))
+					goto end;
+				ser = BN_to_ASN1_INTEGER(bnser, NULL);
+				if (!ser)
+					goto end;
+				BN_free(bnser);
+				i2a_ASN1_INTEGER(out, ser);
+				ASN1_INTEGER_free(ser);
+				BIO_puts(out, "\n");
+				}
 			else if (email == i) 
 				{
 				int j;
@@ -712,14 +727,10 @@ bad:
 				if (alstr) BIO_printf(STDout,"%s\n", alstr);
 				else BIO_puts(STDout,"<No Alias>\n");
 				}
-			else if (subject_hash == i)
+			else if (hash == i)
 				{
 				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
 				}
-			else if (issuer_hash == i)
-				{
-				BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
-				}
 			else if (pprint == i)
 				{
 				X509_PURPOSE *ptmp;
@@ -881,10 +892,6 @@ bad:
 		                if (Upkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (Upkey->type == EVP_PKEY_EC)
-					digest=EVP_ecdsa();
-#endif
 
 				assert(need_rand);
 				if (!sign(x,Upkey,days,clrext,digest,
@@ -905,10 +912,6 @@ bad:
 		                if (CApkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (CApkey->type == EVP_PKEY_EC)
-					digest = EVP_ecdsa();
-#endif
 				
 				assert(need_rand);
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
@@ -940,10 +943,6 @@ bad:
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (pk->type == EVP_PKEY_EC)
-					digest=EVP_ecdsa();
-#endif
 
 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
@@ -1068,6 +1067,13 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create
 		}
 	else
 		BUF_strlcpy(buf,serialfile,len);
+	serial=BN_new();
+	bs=ASN1_INTEGER_new();
+	if ((serial == NULL) || (bs == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
 
 	serial = load_serial(buf, create, NULL);
 	if (serial == NULL) goto end;

config

@@ -81,7 +81,7 @@ if [ "x$XREL" != "x" ]; then
 		esac
 		;;
 	    4.2)
-		echo "whatever-whatever-unixware1"; exit 0
+		echo "i386-whatever-unixware1"; exit 0
 		;;
 	    5)
 		case "x${VERSION}" in
@@ -683,8 +683,15 @@ EOF
   RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
   *-siemens-sysv4) OUT="SINIX" ;;
   *-hpux1*)
-	if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then
+	if [ $CC = "gcc" ];
+	then
+	  if [ $GCC_BITS = "64" ]; then
 	    OUT="hpux64-parisc2-gcc"
+	  else
+	    OUT="hpux-parisc-gcc"
+	  fi
+	else
+	  OUT="hpux-parisc-$CC"
 	fi
 	KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
 	KERNEL_BITS=${KERNEL_BITS:-32}
@@ -701,7 +708,9 @@ EOF
 	     fi
 	     OUT="hpux64-ia64-cc"
 	elif [ $CPU_VERSION -ge 532 ]; then	# PA-RISC 2.x CPU
-	     OUT=${OUT:-"hpux-parisc2-${CC}"}
+	     if [ "$CC" = "cc" ]; then
+		OUT="hpux-parisc2-cc" # can't we have hpux-parisc2-gcc?
+	     fi
 	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
 		echo "WARNING! If you wish to build 64-bit library then you have to"
 		echo "         invoke './Configure hpux64-parisc2-cc' *manually*."
@@ -711,9 +720,9 @@ EOF
 		fi
 	     fi
 	elif [ $CPU_VERSION -ge 528 ]; then	# PA-RISC 1.1+ CPU
-	     OUT="hpux-parisc-${CC}
+	     :
 	elif [ $CPU_VERSION -ge 523 ]; then	# PA-RISC 1.0 CPU
-	     OUT="hpux-parisc-${CC}
+	     :
 	else					# Motorola(?) CPU
 	     OUT="hpux-$CC"
 	fi

crypto/Makefile

@@ -11,10 +11,9 @@ CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
-MAKE=           make -f Makefile.ssl
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile.ssl
+MAKEFILE=       Makefile
 RM=             rm -f
 AR=		ar r
 
@@ -26,13 +25,11 @@ CFLAGS= $(INCLUDE) $(CFLAG)
 
 LIBS=
 
-SDIRS=	objects \
-	md2 md4 md5 sha mdc2 hmac ripemd \
+SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa ecdh dh dso engine aes \
-	buffer bio stack lhash rand err \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-	store
+	bn ec rsa dsa dh dso engine aes \
+	buffer bio stack lhash rand err objects \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
 
 GENERAL=Makefile README crypto-lib.com install.com
 
@@ -54,9 +51,9 @@ top:
 
 all: shared
 
-buildinf.h: ../Makefile.ssl
+buildinf.h: ../Makefile
 	( echo "#ifndef MK1MF_BUILD"; \
-	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
+	echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
 	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
 	echo '  #define PLATFORM "$(PLATFORM)"'; \
 	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
@@ -65,8 +62,7 @@ buildinf.h: ../Makefile.ssl
 testapps:
 	if echo ${SDIRS} | fgrep ' des '; \
 	then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi
-	if echo ${SDIRS} | fgrep ' pkcs7 '; \
-	then cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps; fi
+	cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
 
 subdirs:
 	@for i in $(SDIRS) ;\
@@ -76,7 +72,7 @@ subdirs:
 	done;
 
 files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i && echo "making 'files' in crypto/$$i..." && \
@@ -84,11 +80,9 @@ files:
 	done;
 
 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
 	@for i in $(SDIRS); do \
 	(cd $$i && echo "making links in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \

crypto/aes/Makefile

@@ -11,10 +11,9 @@ CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
-MAKE=		make -f Makefile.ssl
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=	Makefile.ssl
+MAKEFILE=	Makefile
 AR=		ar r
 
 # CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
@@ -49,10 +48,9 @@ lib:	$(LIBOBJ)
 $(LIBOBJ): $(LIBSRC)
 
 files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 
 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -91,7 +89,8 @@ aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
 aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
 aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+aes_core.o: aes_core.c aes_locl.h
 aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
 aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h

crypto/aes/aes.h

@@ -52,8 +52,6 @@
 #ifndef HEADER_AES_H
 #define HEADER_AES_H
 
-#include <openssl/opensslconf.h>
-
 #ifdef OPENSSL_NO_AES
 #error AES is disabled.
 #endif

crypto/aes/aes_core.c

@@ -37,8 +37,11 @@
 
 #include <stdlib.h>
 #include <openssl/aes.h>
+#include <openssl/fips.h>
 #include "aes_locl.h"
 
+#ifndef OPENSSL_FIPS
+
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
@@ -1255,3 +1258,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 	PUTU32(out + 12, s3);
 }
 
+#endif /* ndef OPENSSL_FIPS */

crypto/aes/aes_ctr.c

@@ -59,7 +59,7 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code
+/* NOTE: CTR mode is big-endian.  The rest of the AES code
  * is endian-neutral. */
 
 /* increment counter (128-bit int) by 1 */
@@ -67,36 +67,61 @@ static void AES_ctr128_inc(unsigned char *counter) {
 	unsigned long c;
 
 	/* Grab bottom dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  0);
+	c++;
+	PUTU32(counter +  0, c);
+#else
 	c = GETU32(counter + 12);
 	c++;
 	PUTU32(counter + 12, c);
+#endif
 
 	/* if no overflow, we're done */
 	if (c)
 		return;
 
 	/* Grab 1st dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  4);
+	c++;
+	PUTU32(counter +  4, c);
+#else
 	c = GETU32(counter +  8);
 	c++;
 	PUTU32(counter +  8, c);
+#endif
 
 	/* if no overflow, we're done */
 	if (c)
 		return;
 
 	/* Grab 2nd dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  8);
+	c++;
+	PUTU32(counter +  8, c);
+#else
 	c = GETU32(counter +  4);
 	c++;
 	PUTU32(counter +  4, c);
+#endif
 
 	/* if no overflow, we're done */
 	if (c)
 		return;
 
 	/* Grab top dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter + 12);
+	c++;
+	PUTU32(counter + 12, c);
+#else
 	c = GETU32(counter +  0);
 	c++;
 	PUTU32(counter +  0, c);
+#endif
+
 }
 
 /* The input encrypted as though 128bit counter mode is being

crypto/asn1/Makefile.ssl

@@ -1,945 +0,0 @@
-#
-# SSLeay/crypto/asn1/Makefile
-#
-
-DIR=	asn1
-TOP=	../..
-CC=	cc
-INCLUDES= -I.. -I$(TOP) -I../../include
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKE=		make -f Makefile.ssl
-MAKEDEPPROG=	makedepend
-MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=	Makefile.ssl
-AR=		ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile README
-TEST=
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
-	a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
-	a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
-	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
-	x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
-	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
-	t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
-	tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
-	f_int.c f_string.c n_pkey.c \
-	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
-	asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
-	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
-LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
-	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
-	a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
-	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
-	x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
-	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
-	t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
-	tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
-	f_int.o f_string.o n_pkey.o \
-	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
-	asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
-	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=  asn1.h asn1_mac.h asn1t.h
-HEADER=	$(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-test:	test.c
-	cc -g -I../../include -c test.c
-	cc -g -I../../include -o test test.o -L../.. -lcrypto
-
-pk:	pk.c
-	cc -g -I../../include -c pk.c
-	cc -g -I../../include -o pk pk.o -L../.. -lcrypto
-
-all:	lib
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
-	@touch lib
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
-	@for i in $(EXHEADER) ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
-a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
-a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
-a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bool.o: ../cryptlib.h a_bool.c
-a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
-a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c
-a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
-a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_d2i_fp.o: ../../include/openssl/opensslconf.h
-a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
-a_digest.o: ../../e_os.h ../../include/openssl/asn1.h
-a_digest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-a_digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_digest.o: ../cryptlib.h a_digest.c
-a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_dup.o: ../cryptlib.h a_dup.c
-a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_enum.o: ../cryptlib.h a_enum.c
-a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
-a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c
-a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
-a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_hdr.o: ../cryptlib.h a_hdr.c
-a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
-a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
-a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_int.o: ../cryptlib.h a_int.c
-a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
-a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c
-a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_meth.o: ../cryptlib.h a_meth.c
-a_object.o: ../../e_os.h ../../include/openssl/asn1.h
-a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
-a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
-a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c
-a_print.o: ../../e_os.h ../../include/openssl/asn1.h
-a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c
-a_set.o: ../../e_os.h ../../include/openssl/asn1.h
-a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_set.o: ../cryptlib.h a_set.c
-a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-a_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-a_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c
-a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
-a_strex.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-a_strex.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_strex.o: ../cryptlib.h a_strex.c charmap.h
-a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
-a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
-a_time.o: ../../e_os.h ../../include/openssl/asn1.h
-a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_time.o: ../cryptlib.h ../o_time.h a_time.c
-a_type.o: ../../e_os.h ../../include/openssl/asn1.h
-a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_type.o: ../cryptlib.h a_type.c
-a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
-a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c
-a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_utf8.o: ../cryptlib.h a_utf8.c
-a_verify.o: ../../e_os.h ../../include/openssl/asn1.h
-a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_verify.o: ../cryptlib.h a_verify.c
-asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
-asn1_gen.o: ../../e_os.h ../../include/openssl/asn1.h
-asn1_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-asn1_gen.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-asn1_gen.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-asn1_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-asn1_gen.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-asn1_gen.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-asn1_gen.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-asn1_gen.o: ../../include/openssl/opensslconf.h
-asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-asn1_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-asn1_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn1_gen.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-asn1_gen.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_gen.c
-asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-asn1_lib.o: ../../include/openssl/opensslconf.h
-asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
-asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
-asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
-asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
-asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-asn_moid.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-asn_moid.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
-asn_moid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-asn_moid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-asn_moid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-asn_moid.o: ../cryptlib.h asn_moid.c
-asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
-asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
-d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-d2i_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-d2i_pr.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-d2i_pr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c
-d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-d2i_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-d2i_pu.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-d2i_pu.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c
-evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-evp_asn1.o: ../../include/openssl/opensslconf.h
-evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
-f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_enum.o: ../cryptlib.h f_enum.c
-f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_int.o: ../cryptlib.h f_int.c
-f_string.o: ../../e_os.h ../../include/openssl/asn1.h
-f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
-i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-i2d_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-i2d_pr.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-i2d_pr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c
-i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-i2d_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-i2d_pu.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-i2d_pu.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c
-n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
-n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
-n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-n_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-n_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-n_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-n_pkey.o: ../cryptlib.h n_pkey.c
-nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-nsseq.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-nsseq.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-nsseq.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-nsseq.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-nsseq.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-nsseq.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c
-p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
-p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p5_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p5_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../cryptlib.h p5_pbe.c
-p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
-p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p5_pbev2.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p5_pbev2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p5_pbev2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p5_pbev2.o: ../../include/openssl/opensslconf.h
-p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c
-p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
-p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p8_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p8_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p8_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c
-t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
-t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-t_bitst.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_bitst.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-t_bitst.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../cryptlib.h t_bitst.c
-t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_crl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c
-t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_pkey.o: ../cryptlib.h t_pkey.c
-t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-t_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c
-t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-t_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-t_spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c
-t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-t_x509.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c
-t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
-t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-t_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-t_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-t_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_x509a.o: ../cryptlib.h t_x509a.c
-tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
-tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tasn_enc.o: ../../include/openssl/opensslconf.h
-tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c
-tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tasn_fre.o: ../../include/openssl/opensslconf.h
-tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
-tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tasn_new.o: ../../include/openssl/opensslconf.h
-tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
-tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-tasn_typ.o: ../../include/openssl/opensslconf.h
-tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
-tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tasn_utl.o: ../../include/openssl/opensslconf.h
-tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
-x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-x_algor.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x_algor.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-x_algor.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-x_algor.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
-x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
-x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_attrib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_attrib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_attrib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_attrib.o: ../../include/openssl/opensslconf.h
-x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_attrib.o: ../cryptlib.h x_attrib.c
-x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
-x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-x_bignum.o: ../../include/openssl/opensslconf.h
-x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
-x_crl.o: ../../e_os.h ../../include/openssl/asn1.h
-x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
-x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-x_exten.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x_exten.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-x_exten.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-x_exten.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
-x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_info.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c
-x_long.o: ../../e_os.h ../../include/openssl/asn1.h
-x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_long.o: ../cryptlib.h x_long.c
-x_name.o: ../../e_os.h ../../include/openssl/asn1.h
-x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_name.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_name.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
-x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
-x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-x_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
-x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
-x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_pubkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_pubkey.o: ../../include/openssl/opensslconf.h
-x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_pubkey.o: ../cryptlib.h x_pubkey.c
-x_req.o: ../../e_os.h ../../include/openssl/asn1.h
-x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_req.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
-x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
-x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_sig.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_sig.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_sig.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
-x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
-x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
-x_val.o: ../../e_os.h ../../include/openssl/asn1.h
-x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_val.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_val.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_val.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_val.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_val.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
-x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
-x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-x_x509.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-x_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
-x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
-x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c

crypto/asn1/a_bitstr.c

@@ -113,12 +113,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	return(ret);
 	}
 
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
-	const unsigned char **pp, long len)
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
+	     long len)
 	{
 	ASN1_BIT_STRING *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
+	unsigned char *p,*s;
 	int i;
 
 	if (len < 1)

crypto/asn1/a_bool.c

@@ -75,10 +75,10 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
 	return(r);
 	}
 
-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
+int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length)
 	{
 	int ret= -1;
-	const unsigned char *p;
+	unsigned char *p;
 	long len;
 	int inf,tag,xclass;
 	int i=0;

crypto/asn1/a_bytes.c

@@ -60,15 +60,14 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
 /* type is a 'bitmap' of acceptable string types.
  */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
 	     long length, int type)
 	{
 	ASN1_STRING *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
+	unsigned char *p,*s;
 	long len;
 	int inf,tag,xclass;
 	int i=0;
@@ -154,12 +153,11 @@ int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
 	return(r);
 	}
 
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
-	     long length, int Ptag, int Pclass)
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
+	     int Ptag, int Pclass)
 	{
 	ASN1_STRING *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
+	unsigned char *p,*s;
 	long len;
 	int inf,tag,xclass;
 	int i=0;
@@ -187,7 +185,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
 
 	if (inf & V_ASN1_CONSTRUCTED)
 		{
-		ASN1_const_CTX c;
+		ASN1_CTX c;
 
 		c.pp=pp;
 		c.p=p;
@@ -249,7 +247,7 @@ err:
  * them into the one structure that is then returned */
 /* There have been a few bug fixes for this function from
  * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
 	{
 	ASN1_STRING *os=NULL;
 	BUF_MEM b;
@@ -270,7 +268,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
 		{
 		if (c->inf & 1)
 			{
-			c->eos=ASN1_const_check_infinite_end(&c->p,
+			c->eos=ASN1_check_infinite_end(&c->p,
 				(long)(c->max-c->p));
 			if (c->eos) break;
 			}
@@ -298,7 +296,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
 		num+=os->length;
 		}
 
-	if (!asn1_const_Finish(c)) goto err;
+	if (!asn1_Finish(c)) goto err;
 
 	a->length=num;
 	if (a->data != NULL) OPENSSL_free(a->data);

crypto/asn1/a_d2i_fp.c

@@ -107,14 +107,14 @@ err:
 void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
 	{
 	BUF_MEM *b = NULL;
-	const unsigned char *p;
+	unsigned char *p;
 	void *ret=NULL;
 	int len;
 
 	len = asn1_d2i_read_bio(in, &b);
 	if(len < 0) goto err;
 
-	p=(const unsigned char *)b->data;
+	p=(unsigned char *)b->data;
 	ret=ASN1_item_d2i(x,&p,len, it);
 err:
 	if (b != NULL) BUF_MEM_free(b);
@@ -146,7 +146,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 	unsigned char *p;
 	int i;
 	int ret=-1;
-	ASN1_const_CTX c;
+	ASN1_CTX c;
 	int want=HEADER_SIZE;
 	int eos=0;
 #if defined(__GNUC__) && defined(__ia64)

crypto/asn1/a_dup.c

@@ -91,8 +91,7 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 
 void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
 	{
-	unsigned char *b = NULL;
-	const unsigned char *p;
+	unsigned char *b = NULL, *p;
 	long i;
 	void *ret;
 

crypto/asn1/a_enum.c

@@ -67,13 +67,12 @@
 
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
 	{
-	int j,k;
-	unsigned int i;
+	int i,j,k;
 	unsigned char buf[sizeof(long)+1];
 	long d;
 
 	a->type=V_ASN1_ENUMERATED;
-	if (a->length < (int)(sizeof(long)+1))
+	if (a->length < (sizeof(long)+1))
 		{
 		if (a->data != NULL)
 			OPENSSL_free(a->data);
@@ -117,7 +116,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 	else if (i != V_ASN1_ENUMERATED)
 		return -1;
 	
-	if (a->length > (int)sizeof(long))
+	if (a->length > sizeof(long))
 		{
 		/* hmm... a bit ugly */
 		return(0xffffffffL);
@@ -148,7 +147,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
 		goto err;
 		}
-	if(BN_get_sign(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
+	if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED;
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
@@ -176,6 +175,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
 
 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_sign(ret,1);
+	else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1;
 	return(ret);
 	}

crypto/asn1/a_gentm.c

@@ -115,7 +115,7 @@ err:
 
 #endif
 
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
 	{
 	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[9]={99, 99,12,31,23,59,59,12,59};
@@ -181,7 +181,7 @@ err:
 	return(0);
 	}
 
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
 	{
 	ASN1_GENERALIZEDTIME t;
 

crypto/asn1/a_hdr.c

@@ -76,7 +76,7 @@ int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
 	M_ASN1_I2D_finish();
 	}
 
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp,
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, unsigned char **pp,
 	     long length)
 	{
 	M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);

crypto/asn1/a_int.c

@@ -155,12 +155,11 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 
 /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
 
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
 	     long len)
 	{
 	ASN1_INTEGER *ret=NULL;
-	const unsigned char *p, *pend;
-	unsigned char *to,*s;
+	unsigned char *p,*to,*s, *pend;
 	int i;
 
 	if ((a == NULL) || ((*a) == NULL))
@@ -248,12 +247,11 @@ err:
  * with its MSB set as negative (it doesn't add a padding zero).
  */
 
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
 	     long length)
 	{
 	ASN1_INTEGER *ret=NULL;
-	const unsigned char *p;
-	unsigned char *to,*s;
+	unsigned char *p,*to,*s;
 	long len;
 	int inf,tag,xclass;
 	int i;
@@ -315,13 +313,12 @@ err:
 
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
 	{
-	int j,k;
-	unsigned int i;
+	int i,j,k;
 	unsigned char buf[sizeof(long)+1];
 	long d;
 
 	a->type=V_ASN1_INTEGER;
-	if (a->length < (int)(sizeof(long)+1))
+	if (a->length < (sizeof(long)+1))
 		{
 		if (a->data != NULL)
 			OPENSSL_free(a->data);
@@ -365,7 +362,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 	else if (i != V_ASN1_INTEGER)
 		return -1;
 	
-	if (a->length > (int)sizeof(long))
+	if (a->length > sizeof(long))
 		{
 		/* hmm... a bit ugly */
 		return(0xffffffffL);
@@ -396,8 +393,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
 		goto err;
 		}
-	if (BN_get_sign(bn))
-		ret->type = V_ASN1_NEG_INTEGER;
+	if(bn->neg) ret->type = V_ASN1_NEG_INTEGER;
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
@@ -430,8 +426,7 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
 
 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_INTEGER)
-		BN_set_sign(ret, 1);
+	else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1;
 	return(ret);
 	}
 

crypto/asn1/a_object.c

@@ -184,15 +184,15 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 	if ((a == NULL) || (a->data == NULL))
 		return(BIO_write(bp,"NULL",4));
 	i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
-	if (i > (int)sizeof(buf)) i=sizeof buf;
+	if (i > sizeof buf) i=sizeof buf;
 	BIO_write(bp,buf,i);
 	return(i);
 	}
 
-ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
 	     long length)
 {
-	const unsigned char *p;
+	unsigned char *p;
 	long len;
 	int tag,xclass;
 	int inf,i;
@@ -219,11 +219,11 @@ err:
 		ASN1_OBJECT_free(ret);
 	return(NULL);
 }
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
 	     long len)
 	{
 	ASN1_OBJECT *ret=NULL;
-	const unsigned char *p;
+	unsigned char *p;
 	int i;
 
 	/* only the ASN1_OBJECTs from the 'table' will have values

crypto/asn1/a_octet.c

@@ -66,6 +66,6 @@ ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
 int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
 { return M_ASN1_OCTET_STRING_cmp(a, b); }
 
-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
 { return M_ASN1_OCTET_STRING_set(x, d, len); }
 

crypto/asn1/a_set.c

@@ -153,10 +153,10 @@ SetBlob
         return(r);
         }
 
-STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
 	     char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class)
 	{
-	ASN1_const_CTX c;
+	ASN1_CTX c;
 	STACK *ret=NULL;
 
 	if ((a == NULL) || ((*a) == NULL))

crypto/asn1/a_sign.c

@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -229,11 +229,10 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 		else
 			a=algor2;
 		if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1 ||
-			type->pkey_type == NID_ecdsa_with_SHA1)
+                if (type->pkey_type == NID_dsaWithSHA1)
 			{
-			/* special case: RFC 3279 tells us to omit 'parameters'
-			 * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
+			/* special case: RFC 2459 tells us to omit 'parameters'
+			 * with id-dsa-with-sha1 */
 			ASN1_TYPE_free(a->parameter);
 			a->parameter = NULL;
 			}

crypto/asn1/a_time.c

@@ -114,7 +114,7 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	return ASN1_GENERALIZEDTIME_set(s,t);
 	}
 
-int ASN1_TIME_check(ASN1_TIME *t)
+int ASN1_TIME_check(const ASN1_TIME *t)
 	{
 	if (t->type == V_ASN1_GENERALIZEDTIME)
 		return ASN1_GENERALIZEDTIME_check(t);
@@ -124,7 +124,8 @@ int ASN1_TIME_check(ASN1_TIME *t)
 	}
 
 /* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+						   ASN1_GENERALIZEDTIME **out)
 	{
 	ASN1_GENERALIZEDTIME *ret;
 	char *str;

crypto/asn1/a_utctm.c

@@ -112,7 +112,7 @@ err:
 
 #endif
 
-int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[8]={99,12,31,23,59,59,12,59};
@@ -162,7 +162,7 @@ err:
 	return(0);
 	}
 
-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
 	{
 	ASN1_UTCTIME t;
 

crypto/asn1/asn1.h

@@ -60,10 +60,10 @@
 #define HEADER_ASN1_H
 
 #include <time.h>
-#include <openssl/e_os2.h>
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
+#include <openssl/e_os2.h>
 #include <openssl/bn.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
@@ -160,10 +160,6 @@ struct X509_algor_st;
 #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
 #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
 
-/* We MUST make sure that, except for constness, asn1_ctx_st and
-   asn1_const_ctx are exactly the same.  Fortunately, as soon as
-   the old ASN1 parsing macros are gone, we can throw this away
-   as well... */
 typedef struct asn1_ctx_st
 	{
 	unsigned char *p;/* work char pointer */
@@ -179,21 +175,6 @@ typedef struct asn1_ctx_st
 	int line;	/* used in error processing */
 	} ASN1_CTX;
 
-typedef struct asn1_const_ctx_st
-	{
-	const unsigned char *p;/* work char pointer */
-	int eos;	/* end of sequence read for indefinite encoding */
-	int error;	/* error code to use when returning an error */
-	int inf;	/* constructed if 0x20, indefinite is 0x21 */
-	int tag;	/* tag from last 'get object' */
-	int xclass;	/* class from last 'get object' */
-	long slen;	/* length of last 'get object' */
-	const unsigned char *max; /* largest value of p allowed */
-	const unsigned char *q;/* temporary variable */
-	const unsigned char **pp;/* variable */
-	int line;	/* used in error processing */
-	} ASN1_const_CTX;
-
 /* These are used internally in the ASN1_OBJECT to keep track of
  * whether the names and data need to be free()ed */
 #define ASN1_OBJECT_FLAG_DYNAMIC	 0x01	/* internal use */
@@ -210,11 +191,6 @@ typedef struct asn1_object_st
 	} ASN1_OBJECT;
 
 #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
-/* This indicates that the ASN1_STRING is not a real value but just a place
- * holder for the location where indefinite length constructed data should
- * be inserted in the memory buffer 
- */
-#define ASN1_STRING_FLAG_NDEF 0x010 
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
 	{
@@ -283,19 +259,18 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
 
 #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
 
-#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
-
 #define DECLARE_ASN1_FUNCTIONS_name(type, name) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+	type *name##_new(void); \
+	void name##_free(type *a); \
 	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
 
 #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+	type *name##_new(void); \
+	void name##_free(type *a); \
 	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
 
 #define	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
-	type *d2i_##name(type **a, const unsigned char **in, long len); \
+	type *d2i_##name(type **a, unsigned char **in, long len); \
 	int i2d_##name(type *a, unsigned char **out); \
 	DECLARE_ASN1_ITEM(itname)
 
@@ -304,16 +279,10 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
 	int i2d_##name(const type *a, unsigned char **out); \
 	DECLARE_ASN1_ITEM(name)
 
-#define	DECLARE_ASN1_NDEF_FUNCTION(name) \
-	int i2d_##name##_NDEF(name *a, unsigned char **out);
-
 #define DECLARE_ASN1_FUNCTIONS_const(name) \
 	name *name##_new(void); \
 	void name##_free(name *a);
 
-#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-	type *name##_new(void); \
-	void name##_free(type *a);
 
 /* The following macros and typedefs allow an ASN1_ITEM
  * to be embedded in a structure and referenced. Since
@@ -731,9 +700,9 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 ASN1_OBJECT *	ASN1_OBJECT_new(void );
 void		ASN1_OBJECT_free(ASN1_OBJECT *a);
 int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
-ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
+ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);
-ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
+ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);
 
 DECLARE_ASN1_ITEM(ASN1_OBJECT)
@@ -756,7 +725,7 @@ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
 int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp,
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
 			long length);
 int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
 			int length );
@@ -772,35 +741,35 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
 				BIT_STRING_BITNAME *tbl);
 
 int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
-int 		d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length);
+int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
 int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
 			long length);
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
 			long length);
 ASN1_INTEGER *	ASN1_INTEGER_dup(ASN1_INTEGER *x);
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
 
-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 #if 0
 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
 #endif
 
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
 
 DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
 ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
 int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
-int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
+int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
 DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
@@ -823,15 +792,13 @@ DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
 
-DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
-
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_check(const ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 
 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
 			int (*func)(), int ex_tag, int ex_class, int is_set);
-STACK *		d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
 			char *(*func)(), void (*free_func)(void *),
 			int ex_tag, int ex_class);
 
@@ -865,25 +832,22 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
 int ASN1_PRINTABLE_type(unsigned char *s, int max);
 
 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
 	long length, int Ptag, int Pclass);
 unsigned long ASN1_tag2bit(int tag);
 /* type is one or more of the B_ASN1_ values. */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp,
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
 		long length,int type);
 
 /* PARSING */
 int asn1_Finish(ASN1_CTX *c);
-int asn1_const_Finish(ASN1_const_CTX *c);
 
 /* SPECIALS */
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
 	int *pclass, long omax);
 int ASN1_check_infinite_end(unsigned char **p,long len);
-int ASN1_const_check_infinite_end(const unsigned char **p,long len);
 void ASN1_put_object(unsigned char **pp, int constructed, int length,
 	int tag, int xclass);
-int ASN1_put_eoc(unsigned char **pp);
 int ASN1_object_size(int constructed, int length, int tag);
 
 /* Used to implement other functions */
@@ -911,14 +875,14 @@ int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
 int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
 int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
 int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
-int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
-int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
+int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
+int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
 #endif
 const char *ASN1_tag2str(int tag);
 
 /* Used to load and write netscape format cert/key */
 int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length);
 ASN1_HEADER *ASN1_HEADER_new(void );
 void ASN1_HEADER_free(ASN1_HEADER *a);
 
@@ -939,7 +903,7 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
 	unsigned char *data, int max_len);
 
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len, char *(*d2i)(),
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 						 void (*free_func)(void *) ); 
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
 			     int *len );
@@ -968,15 +932,11 @@ void ASN1_STRING_TABLE_cleanup(void);
 /* Old API compatible functions */
 ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);
+ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
 int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 
 void ASN1_add_oid_module(void);
 
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-	
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -990,8 +950,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_A2I_ASN1_ENUMERATED			 101
 #define ASN1_F_A2I_ASN1_INTEGER				 102
 #define ASN1_F_A2I_ASN1_STRING				 103
-#define ASN1_F_APPEND_TAG				 176
-#define ASN1_F_ASN1_CB					 177
 #define ASN1_F_ASN1_CHECK_TLEN				 104
 #define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105
 #define ASN1_F_ASN1_COLLECT				 106
@@ -1002,7 +960,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_DUP					 111
 #define ASN1_F_ASN1_ENUMERATED_SET			 112
 #define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
-#define ASN1_F_ASN1_GENERATE_V3				 178
 #define ASN1_F_ASN1_GET_OBJECT				 114
 #define ASN1_F_ASN1_HEADER_NEW				 115
 #define ASN1_F_ASN1_I2D_BIO				 116
@@ -1018,7 +975,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_SEQ_PACK				 126
 #define ASN1_F_ASN1_SEQ_UNPACK				 127
 #define ASN1_F_ASN1_SIGN				 128
-#define ASN1_F_ASN1_STR2TYPE				 179
 #define ASN1_F_ASN1_STRING_TABLE_ADD			 129
 #define ASN1_F_ASN1_STRING_TYPE_NEW			 130
 #define ASN1_F_ASN1_TEMPLATE_D2I			 131
@@ -1029,7 +985,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
 #define ASN1_F_ASN1_UNPACK_STRING			 136
 #define ASN1_F_ASN1_VERIFY				 137
-#define ASN1_F_BITSTR_CB				 180
 #define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
 #define ASN1_F_BN_TO_ASN1_INTEGER			 139
 #define ASN1_F_COLLECT_DATA				 140
@@ -1054,14 +1009,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509_PKEY				 159
 #define ASN1_F_I2D_ASN1_TIME				 160
 #define ASN1_F_I2D_DSA_PUBKEY				 161
-#define ASN1_F_I2D_EC_PUBKEY				 181
 #define ASN1_F_I2D_NETSCAPE_RSA				 162
 #define ASN1_F_I2D_PRIVATEKEY				 163
 #define ASN1_F_I2D_PUBLICKEY				 164
 #define ASN1_F_I2D_RSA_PUBKEY				 165
 #define ASN1_F_LONG_C2I					 166
 #define ASN1_F_OID_MODULE_INIT				 174
-#define ASN1_F_PARSE_TAGGING				 182
 #define ASN1_F_PKCS5_PBE2_SET				 167
 #define ASN1_F_X509_CINF_NEW				 168
 #define ASN1_F_X509_CRL_ADD0_REVOKED			 169
@@ -1084,7 +1037,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_DATA_IS_WRONG				 109
 #define ASN1_R_DECODE_ERROR				 110
 #define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_DEPTH_EXCEEDED				 174
 #define ASN1_R_ENCODE_ERROR				 112
 #define ASN1_R_ERROR_GETTING_TIME			 173
 #define ASN1_R_ERROR_LOADING_SECTION			 172
@@ -1099,57 +1051,38 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_FIELD_MISSING				 121
 #define ASN1_R_FIRST_NUM_TOO_LARGE			 122
 #define ASN1_R_HEADER_TOO_LONG				 123
-#define ASN1_R_ILLEGAL_BITSTRING_FORMAT			 175
-#define ASN1_R_ILLEGAL_BOOLEAN				 176
 #define ASN1_R_ILLEGAL_CHARACTERS			 124
-#define ASN1_R_ILLEGAL_FORMAT				 177
-#define ASN1_R_ILLEGAL_HEX				 178
-#define ASN1_R_ILLEGAL_IMPLICIT_TAG			 179
-#define ASN1_R_ILLEGAL_INTEGER				 180
-#define ASN1_R_ILLEGAL_NESTED_TAGGING			 181
 #define ASN1_R_ILLEGAL_NULL				 125
-#define ASN1_R_ILLEGAL_NULL_VALUE			 182
-#define ASN1_R_ILLEGAL_OBJECT				 183
 #define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126
 #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170
 #define ASN1_R_ILLEGAL_TAGGED_ANY			 127
-#define ASN1_R_ILLEGAL_TIME_VALUE			 184
-#define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 185
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
 #define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
 #define ASN1_R_INVALID_DIGIT				 130
-#define ASN1_R_INVALID_MODIFIER				 186
-#define ASN1_R_INVALID_NUMBER				 187
 #define ASN1_R_INVALID_SEPARATOR			 131
 #define ASN1_R_INVALID_TIME_FORMAT			 132
 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
 #define ASN1_R_INVALID_UTF8STRING			 134
 #define ASN1_R_IV_TOO_LARGE				 135
 #define ASN1_R_LENGTH_ERROR				 136
-#define ASN1_R_LIST_ERROR				 188
 #define ASN1_R_MISSING_EOC				 137
 #define ASN1_R_MISSING_SECOND_NUMBER			 138
-#define ASN1_R_MISSING_VALUE				 189
 #define ASN1_R_MSTRING_NOT_UNIVERSAL			 139
 #define ASN1_R_MSTRING_WRONG_TAG			 140
 #define ASN1_R_NON_HEX_CHARACTERS			 141
-#define ASN1_R_NOT_ASCII_FORMAT				 190
 #define ASN1_R_NOT_ENOUGH_DATA				 142
 #define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143
 #define ASN1_R_NULL_IS_WRONG_LENGTH			 144
-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT			 191
 #define ASN1_R_ODD_NUMBER_OF_CHARS			 145
 #define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146
 #define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147
 #define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148
 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149
-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG		 192
 #define ASN1_R_SHORT_LINE				 150
 #define ASN1_R_STRING_TOO_LONG				 151
 #define ASN1_R_STRING_TOO_SHORT				 152
 #define ASN1_R_TAG_VALUE_TOO_HIGH			 153
 #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
-#define ASN1_R_TIME_NOT_ASCII_FORMAT			 193
 #define ASN1_R_TOO_LONG					 155
 #define ASN1_R_TYPE_NOT_CONSTRUCTED			 156
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
@@ -1159,13 +1092,10 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163
-#define ASN1_R_UNKNOWN_TAG				 194
-#define ASN1_R_UNKOWN_FORMAT				 195
 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164
 #define ASN1_R_UNSUPPORTED_CIPHER			 165
 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
-#define ASN1_R_UNSUPPORTED_TYPE				 196
 #define ASN1_R_WRONG_TAG				 168
 #define ASN1_R_WRONG_TYPE				 169
 

crypto/asn1/asn1_err.c

@@ -70,8 +70,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_APPEND_TAG,0),	"APPEND_TAG"},
-{ERR_PACK(0,ASN1_F_ASN1_CB,0),	"ASN1_CB"},
 {ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),	"ASN1_CHECK_TLEN"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),	"ASN1_COLLECT"},
@@ -82,7 +80,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),	"ASN1_ENUMERATED_set"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),	"ASN1_ENUMERATED_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_GENERATE_V3,0),	"ASN1_generate_v3"},
 {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
 {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
@@ -98,7 +95,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
-{ERR_PACK(0,ASN1_F_ASN1_STR2TYPE,0),	"ASN1_STR2TYPE"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_add"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
@@ -109,7 +105,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_verify"},
-{ERR_PACK(0,ASN1_F_BITSTR_CB,0),	"BITSTR_CB"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_COLLECT_DATA,0),	"COLLECT_DATA"},
@@ -134,14 +129,12 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
 {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"I2D_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),	"i2d_DSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_EC_PUBKEY,0),	"i2d_EC_PUBKEY"},
 {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
 {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},
 {ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0),	"i2d_RSA_PUBKEY"},
 {ERR_PACK(0,ASN1_F_LONG_C2I,0),	"LONG_C2I"},
 {ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0),	"OID_MODULE_INIT"},
-{ERR_PACK(0,ASN1_F_PARSE_TAGGING,0),	"PARSE_TAGGING"},
 {ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),	"PKCS5_pbe2_set"},
 {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_NEW"},
 {ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0),	"X509_CRL_add0_revoked"},
@@ -167,7 +160,6 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
 {ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
-{ASN1_R_DEPTH_EXCEEDED                   ,"depth exceeded"},
 {ASN1_R_ENCODE_ERROR                     ,"encode error"},
 {ASN1_R_ERROR_GETTING_TIME               ,"error getting time"},
 {ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
@@ -182,57 +174,38 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_FIELD_MISSING                    ,"field missing"},
 {ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
 {ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
-{ASN1_R_ILLEGAL_BITSTRING_FORMAT         ,"illegal bitstring format"},
-{ASN1_R_ILLEGAL_BOOLEAN                  ,"illegal boolean"},
 {ASN1_R_ILLEGAL_CHARACTERS               ,"illegal characters"},
-{ASN1_R_ILLEGAL_FORMAT                   ,"illegal format"},
-{ASN1_R_ILLEGAL_HEX                      ,"illegal hex"},
-{ASN1_R_ILLEGAL_IMPLICIT_TAG             ,"illegal implicit tag"},
-{ASN1_R_ILLEGAL_INTEGER                  ,"illegal integer"},
-{ASN1_R_ILLEGAL_NESTED_TAGGING           ,"illegal nested tagging"},
 {ASN1_R_ILLEGAL_NULL                     ,"illegal null"},
-{ASN1_R_ILLEGAL_NULL_VALUE               ,"illegal null value"},
-{ASN1_R_ILLEGAL_OBJECT                   ,"illegal object"},
 {ASN1_R_ILLEGAL_OPTIONAL_ANY             ,"illegal optional any"},
 {ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
 {ASN1_R_ILLEGAL_TAGGED_ANY               ,"illegal tagged any"},
-{ASN1_R_ILLEGAL_TIME_VALUE               ,"illegal time value"},
-{ASN1_R_INTEGER_NOT_ASCII_FORMAT         ,"integer not ascii format"},
 {ASN1_R_INTEGER_TOO_LARGE_FOR_LONG       ,"integer too large for long"},
 {ASN1_R_INVALID_BMPSTRING_LENGTH         ,"invalid bmpstring length"},
 {ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
-{ASN1_R_INVALID_MODIFIER                 ,"invalid modifier"},
-{ASN1_R_INVALID_NUMBER                   ,"invalid number"},
 {ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
 {ASN1_R_INVALID_TIME_FORMAT              ,"invalid time format"},
 {ASN1_R_INVALID_UNIVERSALSTRING_LENGTH   ,"invalid universalstring length"},
 {ASN1_R_INVALID_UTF8STRING               ,"invalid utf8string"},
 {ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
 {ASN1_R_LENGTH_ERROR                     ,"length error"},
-{ASN1_R_LIST_ERROR                       ,"list error"},
 {ASN1_R_MISSING_EOC                      ,"missing eoc"},
 {ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
-{ASN1_R_MISSING_VALUE                    ,"missing value"},
 {ASN1_R_MSTRING_NOT_UNIVERSAL            ,"mstring not universal"},
 {ASN1_R_MSTRING_WRONG_TAG                ,"mstring wrong tag"},
 {ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
-{ASN1_R_NOT_ASCII_FORMAT                 ,"not ascii format"},
 {ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
 {ASN1_R_NO_MATCHING_CHOICE_TYPE          ,"no matching choice type"},
 {ASN1_R_NULL_IS_WRONG_LENGTH             ,"null is wrong length"},
-{ASN1_R_OBJECT_NOT_ASCII_FORMAT          ,"object not ascii format"},
 {ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
 {ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
 {ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
 {ASN1_R_SEQUENCE_LENGTH_MISMATCH         ,"sequence length mismatch"},
 {ASN1_R_SEQUENCE_NOT_CONSTRUCTED         ,"sequence not constructed"},
-{ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG     ,"sequence or set needs config"},
 {ASN1_R_SHORT_LINE                       ,"short line"},
 {ASN1_R_STRING_TOO_LONG                  ,"string too long"},
 {ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
 {ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
 {ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
-{ASN1_R_TIME_NOT_ASCII_FORMAT            ,"time not ascii format"},
 {ASN1_R_TOO_LONG                         ,"too long"},
 {ASN1_R_TYPE_NOT_CONSTRUCTED             ,"type not constructed"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
@@ -242,13 +215,10 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
 {ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
 {ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
-{ASN1_R_UNKNOWN_TAG                      ,"unknown tag"},
-{ASN1_R_UNKOWN_FORMAT                    ,"unkown format"},
 {ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE  ,"unsupported any defined by type"},
 {ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
 {ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
 {ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
-{ASN1_R_UNSUPPORTED_TYPE                 ,"unsupported type"},
 {ASN1_R_WRONG_TAG                        ,"wrong tag"},
 {ASN1_R_WRONG_TYPE                       ,"wrong type"},
 {0,NULL}

crypto/asn1/asn1_gen.c

@@ -1,844 +0,0 @@
-/* asn1_gen.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2002.
- */
-/* ====================================================================
- * Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/x509v3.h>
-
-#define ASN1_GEN_FLAG		0x10000
-#define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)
-#define ASN1_GEN_FLAG_EXP	(ASN1_GEN_FLAG|2)
-#define ASN1_GEN_FLAG_TAG	(ASN1_GEN_FLAG|3)
-#define ASN1_GEN_FLAG_BITWRAP	(ASN1_GEN_FLAG|4)
-#define ASN1_GEN_FLAG_OCTWRAP	(ASN1_GEN_FLAG|5)
-#define ASN1_GEN_FLAG_SEQWRAP	(ASN1_GEN_FLAG|6)
-#define ASN1_GEN_FLAG_SETWRAP	(ASN1_GEN_FLAG|7)
-#define ASN1_GEN_FLAG_FORMAT	(ASN1_GEN_FLAG|8)
-
-#define ASN1_GEN_STR(str,val)	{str, sizeof(str) - 1, val}
-
-#define ASN1_FLAG_EXP_MAX	20
-
-/* Input formats */
-
-/* ASCII: default */
-#define ASN1_GEN_FORMAT_ASCII	1
-/* UTF8 */
-#define ASN1_GEN_FORMAT_UTF8	2
-/* Hex */
-#define ASN1_GEN_FORMAT_HEX	3
-/* List of bits */
-#define ASN1_GEN_FORMAT_BITLIST	4
-
-
-struct tag_name_st
-	{
-	char *strnam;
-	int len;
-	int tag;
-	};
-
-typedef struct
-	{
-	int exp_tag;
-	int exp_class;
-	int exp_constructed;
-	int exp_pad;
-	long exp_len;
-	} tag_exp_type;
-
-typedef struct
-	{
-	int imp_tag;
-	int imp_class;
-	int utype;
-	int format;
-	const char *str;
-	tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
-	int exp_count;
-	} tag_exp_arg;
-
-static int bitstr_cb(const char *elem, int len, void *bitstr);
-static int asn1_cb(const char *elem, int len, void *bitstr);
-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
-static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
-static int asn1_str2tag(const char *tagstr, int len);
-
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
-	{
-	X509V3_CTX cnf;
-
-	if (!nconf)
-		return ASN1_generate_v3(str, NULL);
-
-	X509V3_set_nconf(&cnf, nconf);
-	return ASN1_generate_v3(str, &cnf);
-	}
-
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
-	{
-	ASN1_TYPE *ret;
-	tag_exp_arg asn1_tags;
-	tag_exp_type *etmp;
-
-	int i, len;
-
-	unsigned char *orig_der = NULL, *new_der = NULL;
-	const unsigned char *cpy_start;
-	unsigned char *p;
-	const unsigned char *cp;
-	int cpy_len;
-	long hdr_len;
-	int hdr_constructed = 0, hdr_tag, hdr_class;
-	int r;
-
-	asn1_tags.imp_tag = -1;
-	asn1_tags.imp_class = -1;
-	asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
-	asn1_tags.exp_count = 0;
-	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
-		return NULL;
-
-	if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
-		{
-		if (!cnf)
-			{
-			ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
-			return NULL;
-			}
-		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
-		}
-	else
-		ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
-
-	if (!ret)
-		return NULL;
-
-	/* If no tagging return base type */
-	if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
-		return ret;
-
-	/* Generate the encoding */
-	cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
-	ASN1_TYPE_free(ret);
-	ret = NULL;
-	/* Set point to start copying for modified encoding */
-	cpy_start = orig_der;
-
-	/* Do we need IMPLICIT tagging? */
-	if (asn1_tags.imp_tag != -1)
-		{
-		/* If IMPLICIT we will replace the underlying tag */
-		/* Skip existing tag+len */
-		r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
-		if (r & 0x80)
-			goto err;
-		/* Update copy length */
-		cpy_len -= cpy_start - orig_der;
-		/* For IMPLICIT tagging the length should match the
-		 * original length and constructed flag should be
-		 * consistent.
-		 */
-		if (r & 0x1)
-			{
-			/* Indefinite length constructed */
-			hdr_constructed = 2;
-			hdr_len = 0;
-			}
-		else
-			/* Just retain constructed flag */
-			hdr_constructed = r & V_ASN1_CONSTRUCTED;
-		/* Work out new length with IMPLICIT tag: ignore constructed
-		 * because it will mess up if indefinite length
-		 */
-		len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
-		}
-	else
-		len = cpy_len;
-
-	/* Work out length in any EXPLICIT, starting from end */
-
-	for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
-		{
-		/* Content length: number of content octets + any padding */
-		len += etmp->exp_pad;
-		etmp->exp_len = len;
-		/* Total object length: length including new header */
-		len = ASN1_object_size(0, len, etmp->exp_tag);
-		}
-
-	/* Allocate buffer for new encoding */
-
-	new_der = OPENSSL_malloc(len);
-
-	/* Generate tagged encoding */
-
-	p = new_der;
-
-	/* Output explicit tags first */
-
-	for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
-		{
-		ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
-					etmp->exp_tag, etmp->exp_class);
-		if (etmp->exp_pad)
-			*p++ = 0;
-		}
-
-	/* If IMPLICIT, output tag */
-
-	if (asn1_tags.imp_tag != -1)
-		ASN1_put_object(&p, hdr_constructed, hdr_len,
-					asn1_tags.imp_tag, asn1_tags.imp_class);
-
-	/* Copy across original encoding */
-	memcpy(p, cpy_start, cpy_len);
-
-	cp = new_der;
-
-	/* Obtain new ASN1_TYPE structure */
-	ret = d2i_ASN1_TYPE(NULL, &cp, len);
-
-	err:
-	if (orig_der)
-		OPENSSL_free(orig_der);
-	if (new_der)
-		OPENSSL_free(new_der);
-
-	return ret;
-
-	}
-
-static int asn1_cb(const char *elem, int len, void *bitstr)
-	{
-	tag_exp_arg *arg = bitstr;
-	int i;
-	int utype;
-	int vlen = 0;
-	const char *p, *vstart = NULL;
-
-	int tmp_tag, tmp_class;
-
-	for(i = 0, p = elem; i < len; p++, i++)
-		{
-		/* Look for the ':' in name value pairs */
-		if (*p == ':')
-			{
-			vstart = p + 1;
-			vlen = len - (vstart - elem);
-			len = p - elem;
-			break;
-			}
-		}
-
-	utype = asn1_str2tag(elem, len);
-
-	if (utype == -1)
-		{
-		ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
-		ERR_add_error_data(2, "tag=", elem);
-		return -1;
-		}
-
-	/* If this is not a modifier mark end of string and exit */
-	if (!(utype & ASN1_GEN_FLAG))
-		{
-		arg->utype = utype;
-		arg->str = vstart;
-		/* If no value and not end of string, error */
-		if (!vstart && elem[len])
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
-			return -1;
-			}
-		return 0;
-		}
-
-	switch(utype)
-		{
-
-		case ASN1_GEN_FLAG_IMP:
-		/* Check for illegal multiple IMPLICIT tagging */
-		if (arg->imp_tag != -1)
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
-			return -1;
-			}
-		if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_EXP:
-
-		if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
-			return -1;
-		if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_SEQWRAP:
-		if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_SETWRAP:
-		if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_BITWRAP:
-		if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_OCTWRAP:
-		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_FORMAT:
-		if (!strncmp(vstart, "ASCII", 5))
-			arg->format = ASN1_GEN_FORMAT_ASCII;
-		else if (!strncmp(vstart, "UTF8", 4))
-			arg->format = ASN1_GEN_FORMAT_UTF8;
-		else if (!strncmp(vstart, "HEX", 3))
-			arg->format = ASN1_GEN_FORMAT_HEX;
-		else if (!strncmp(vstart, "BITLIST", 3))
-			arg->format = ASN1_GEN_FORMAT_BITLIST;
-		else
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
-			return -1;
-			}
-		break;
-
-		}
-
-	return 1;
-
-	}
-
-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
-	{
-	char erch[2];
-	long tag_num;
-	char *eptr;
-	if (!vstart)
-		return 0;
-	tag_num = strtoul(vstart, &eptr, 10);
-	/* Check we haven't gone past max length: should be impossible */
-	if (eptr && *eptr && (eptr > vstart + vlen))
-		return 0;
-	if (tag_num < 0)
-		{
-		ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
-		return 0;
-		}
-	*ptag = tag_num;
-	/* If we have non numeric characters, parse them */
-	if (eptr)
-		vlen -= eptr - vstart;
-	else 
-		vlen = 0;
-	if (vlen)
-		{
-		switch (*eptr)
-			{
-
-			case 'U':
-			*pclass = V_ASN1_UNIVERSAL;
-			break;
-
-			case 'A':
-			*pclass = V_ASN1_APPLICATION;
-			break;
-
-			case 'P':
-			*pclass = V_ASN1_PRIVATE;
-			break;
-
-			case 'C':
-			*pclass = V_ASN1_CONTEXT_SPECIFIC;
-			break;
-
-			default:
-			erch[0] = *eptr;
-			erch[1] = 0;
-			ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
-			ERR_add_error_data(2, "Char=", erch);
-			return 0;
-			break;
-
-			}
-		}
-	else
-		*pclass = V_ASN1_CONTEXT_SPECIFIC;
-
-	return 1;
-
-	}
-
-/* Handle multiple types: SET and SEQUENCE */
-
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
-	{
-	ASN1_TYPE *ret = NULL, *typ = NULL;
-	STACK_OF(ASN1_TYPE) *sk = NULL;
-	STACK_OF(CONF_VALUE) *sect = NULL;
-	unsigned char *der = NULL, *p;
-	int derlen;
-	int i, is_set;
-	sk = sk_ASN1_TYPE_new_null();
-	if (section)
-		{
-		if (!cnf)
-			goto bad;
-		sect = X509V3_get_section(cnf, (char *)section);
-		if (!sect)
-			goto bad;
-		for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
-			{
-			typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
-			if (!typ)
-				goto bad;
-			sk_ASN1_TYPE_push(sk, typ);
-			typ = NULL;
-			}
-		}
-
-	/* Now we has a STACK of the components, convert to the correct form */
-
-	if (utype == V_ASN1_SET)
-		is_set = 1;
-	else
-		is_set = 0;
-
-
-	derlen = i2d_ASN1_SET((STACK *)sk, NULL, i2d_ASN1_TYPE, utype, V_ASN1_UNIVERSAL, is_set);
-	der = OPENSSL_malloc(derlen);
-	p = der;
-	i2d_ASN1_SET((STACK *)sk, &p, i2d_ASN1_TYPE, utype, V_ASN1_UNIVERSAL, is_set);
-
-	if (!(ret = ASN1_TYPE_new()))
-		goto bad;
-
-	if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
-		goto bad;
-
-	ret->type = utype;
-
-	ret->value.asn1_string->data = der;
-	ret->value.asn1_string->length = derlen;
-
-	der = NULL;
-
-	bad:
-
-	if (der)
-		OPENSSL_free(der);
-
-	if (sk)
-		sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
-	if (typ)
-		ASN1_TYPE_free(typ);
-	if (sect)
-		X509V3_section_free(cnf, sect);
-
-	return ret;
-	}
-
-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
-	{
-	tag_exp_type *exp_tmp;
-	/* Can only have IMPLICIT if permitted */
-	if ((arg->imp_tag != -1) && !imp_ok)
-		{
-		ASN1err(ASN1_F_APPEND_TAG, ASN1_R_ILLEGAL_IMPLICIT_TAG);
-		return 0;
-		}
-
-	if (arg->exp_count == ASN1_FLAG_EXP_MAX)
-		{
-		ASN1err(ASN1_F_APPEND_TAG, ASN1_R_DEPTH_EXCEEDED);
-		return 0;
-		}
-
-	exp_tmp = &arg->exp_list[arg->exp_count++];
-
-	/* If IMPLICIT set tag to implicit value then
-	 * reset implicit tag since it has been used.
-	 */
-	if (arg->imp_tag != -1)
-		{
-		exp_tmp->exp_tag = arg->imp_tag;
-		exp_tmp->exp_class = arg->imp_class;
-		arg->imp_tag = -1;
-		arg->imp_class = -1;
-		}
-	else
-		{
-		exp_tmp->exp_tag = exp_tag;
-		exp_tmp->exp_class = exp_class;
-		}
-	exp_tmp->exp_constructed = exp_constructed;
-	exp_tmp->exp_pad = exp_pad;
-
-	return 1;
-	}
-
-
-static int asn1_str2tag(const char *tagstr, int len)
-	{
-	unsigned int i;
-	static struct tag_name_st *tntmp, tnst [] = {
-		ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
-		ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
-		ASN1_GEN_STR("NULL", V_ASN1_NULL),
-		ASN1_GEN_STR("INT", V_ASN1_INTEGER),
-		ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
-		ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
-		ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
-		ASN1_GEN_STR("OID", V_ASN1_OBJECT),
-		ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
-		ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
-		ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
-		ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
-		ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
-		ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
-		ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
-		ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
-		ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
-		ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
-		ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
-		ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
-		ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
-		ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
-		ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
-		ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
-		ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
-		ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
-		ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
-		ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
-		ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
-		ASN1_GEN_STR("T61", V_ASN1_T61STRING),
-		ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
-		ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
-		ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
-		ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
-
-		/* Special cases */
-		ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
-		ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
-		ASN1_GEN_STR("SET", V_ASN1_SET),
-		/* type modifiers */
-		/* Explicit tag */
-		ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
-		ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
-		/* Implicit tag */
-		ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
-		ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
-		/* OCTET STRING wrapper */
-		ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
-		/* SEQUENCE wrapper */
-		ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
-		/* SET wrapper */
-		ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
-		/* BIT STRING wrapper */
-		ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
-		ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
-		ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
-	};
-
-	if (len == -1)
-		len = strlen(tagstr);
-	
-	tntmp = tnst;	
-	for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
-		{
-		if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
-			return tntmp->tag;
-		}
-	
-	return -1;
-	}
-
-static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
-	{
-	ASN1_TYPE *atmp = NULL;
-
-	CONF_VALUE vtmp;
-
-	unsigned char *rdata;
-	long rdlen;
-
-	int no_unused = 1;
-
-	if (!(atmp = ASN1_TYPE_new()))
-		{
-		ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	if (!str)
-		str = "";
-
-	switch(utype)
-		{
-
-		case V_ASN1_NULL:
-		if (str && *str)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
-			goto bad_form;
-			}
-		break;
-		
-		case V_ASN1_BOOLEAN:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		vtmp.value = (char *)str;
-		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_INTEGER:
-		case V_ASN1_ENUMERATED:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_OBJECT:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.asn1_string = ASN1_STRING_new()))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		atmp->value.asn1_string->type = utype;
-		if (!ASN1_TIME_check(atmp->value.asn1_string))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
-			goto bad_str;
-			}
-
-		break;
-
-		case V_ASN1_BMPSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_UTF8STRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_GENERALSTRING:
-
-		if (format == ASN1_GEN_FORMAT_ASCII)
-			format = MBSTRING_ASC;
-		else if (format == ASN1_GEN_FORMAT_UTF8)
-			format = MBSTRING_UTF8;
-		else
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
-			goto bad_form;
-			}
-
-
-		if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
-						-1, format, ASN1_tag2bit(utype)) <= 0)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		
-
-		break;
-
-		case V_ASN1_BIT_STRING:
-
-		case V_ASN1_OCTET_STRING:
-
-		if (!(atmp->value.asn1_string = ASN1_STRING_new()))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_form;
-			}
-
-		if (format == ASN1_GEN_FORMAT_HEX)
-			{
-
-			if (!(rdata = string_to_hex((char *)str, &rdlen)))
-				{
-				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
-				goto bad_str;
-				}
-
-			atmp->value.asn1_string->data = rdata;
-			atmp->value.asn1_string->length = rdlen;
-			atmp->value.asn1_string->type = utype;
-
-			}
-		else if (format == ASN1_GEN_FORMAT_ASCII)
-			ASN1_STRING_set(atmp->value.asn1_string, str, -1);
-		else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
-			{
-			if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
-				{
-				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
-				goto bad_str;
-				}
-			no_unused = 0;
-			
-			}
-		else 
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
-			goto bad_form;
-			}
-
-		if ((utype == V_ASN1_BIT_STRING) && no_unused)
-			{
-			atmp->value.asn1_string->flags
-				&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        		atmp->value.asn1_string->flags
-				|= ASN1_STRING_FLAG_BITS_LEFT;
-			}
-
-
-		break;
-
-		default:
-		ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
-		goto bad_str;
-		break;
-		}
-
-
-	atmp->type = utype;
-	return atmp;
-
-
-	bad_str:
-	ERR_add_error_data(2, "string=", str);
-	bad_form:
-
-	ASN1_TYPE_free(atmp);
-	return NULL;
-
-	}
-
-static int bitstr_cb(const char *elem, int len, void *bitstr)
-	{
-	long bitnum;
-	char *eptr;
-	if (!elem)
-		return 0;
-	bitnum = strtoul(elem, &eptr, 10);
-	if (eptr && *eptr && (eptr != elem + len))
-		return 0;
-	if (bitnum < 0)
-		{
-		ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
-		return 0;
-		}
-	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
-		{
-		ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	return 1;
-	}
-

crypto/asn1/asn1_lib.c

@@ -62,11 +62,11 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
 
-static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max);
+static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);
 const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT;
 
-static int _asn1_check_infinite_end(const unsigned char **p, long len)
+int ASN1_check_infinite_end(unsigned char **p, long len)
 	{
 	/* If there is 0 or 1 byte left, the length check should pick
 	 * things up */
@@ -80,23 +80,13 @@ static int _asn1_check_infinite_end(const unsigned char **p, long len)
 	return(0);
 	}
 
-int ASN1_check_infinite_end(unsigned char **p, long len)
-	{
-	return _asn1_check_infinite_end((const unsigned char **)p, len);
-	}
 
-int ASN1_const_check_infinite_end(const unsigned char **p, long len)
-	{
-	return _asn1_check_infinite_end(p, len);
-	}
-
-
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
-	int *pclass, long omax)
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
+	     long omax)
 	{
 	int i,ret;
 	long l;
-	const unsigned char *p= *pp;
+	unsigned char *p= *pp;
 	int tag,xclass,inf;
 	long max=omax;
 
@@ -151,11 +141,11 @@ err:
 	return(0x80);
 	}
 
-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
+static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 	{
-	const unsigned char *p= *pp;
+	unsigned char *p= *pp;
 	unsigned long ret=0;
-	unsigned int i;
+	int i;
 
 	if (max-- < 1) return(0);
 	if (*p == 0x80)
@@ -215,22 +205,13 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
 			}
 		p += ttag;
 		}
-	if (constructed == 2)
-		*(p++)=0x80;
+	if ((constructed == 2) && (length == 0))
+		*(p++)=0x80; /* der_put_length would output 0 instead */
 	else
 		asn1_put_length(&p,length);
 	*pp=p;
 	}
 
-int ASN1_put_eoc(unsigned char **pp)
-	{
-	unsigned char *p = *pp;
-	*p++ = 0;
-	*p++ = 0;
-	*pp = p;
-	return 2;
-	}
-
 static void asn1_put_length(unsigned char **pp, int length)
 	{
 	unsigned char *p= *pp;
@@ -268,8 +249,8 @@ int ASN1_object_size(int constructed, int length, int tag)
 			ret++;
 			}
 		}
-	if (constructed == 2)
-		return ret + 3;
+	if ((length == 0) && (constructed == 2))
+		ret+=2;
 	ret++;
 	if (length > 127)
 		{
@@ -282,11 +263,11 @@ int ASN1_object_size(int constructed, int length, int tag)
 	return(ret);
 	}
 
-static int _asn1_Finish(ASN1_const_CTX *c)
+int asn1_Finish(ASN1_CTX *c)
 	{
 	if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
 		{
-		if (!ASN1_const_check_infinite_end(&c->p,c->slen))
+		if (!ASN1_check_infinite_end(&c->p,c->slen))
 			{
 			c->error=ERR_R_MISSING_ASN1_EOS;
 			return(0);
@@ -301,19 +282,9 @@ static int _asn1_Finish(ASN1_const_CTX *c)
 	return(1);
 	}
 
-int asn1_Finish(ASN1_CTX *c)
+int asn1_GetSequence(ASN1_CTX *c, long *length)
 	{
-	return _asn1_Finish((ASN1_const_CTX *)c);
-	}
-
-int asn1_const_Finish(ASN1_const_CTX *c)
-	{
-	return _asn1_Finish(c);
-	}
-
-int asn1_GetSequence(ASN1_const_CTX *c, long *length)
-	{
-	const unsigned char *q;
+	unsigned char *q;
 
 	q=c->p;
 	c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
@@ -439,7 +410,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
 		return(i);
 	}
 
-void asn1_add_error(const unsigned char *address, int offset)
+void asn1_add_error(unsigned char *address, int offset)
 	{
 	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 

crypto/asn1/asn1_mac.h

@@ -73,11 +73,11 @@ extern "C" {
 	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
 
 #define M_ASN1_D2I_vars(a,type,func) \
-	ASN1_const_CTX c; \
+	ASN1_CTX c; \
 	type ret=NULL; \
 	\
-	c.pp=(const unsigned char **)pp; \
-	c.q= *(const unsigned char **)pp; \
+	c.pp=(unsigned char **)pp; \
+	c.q= *(unsigned char **)pp; \
 	c.error=ERR_R_NESTED_ASN1_ERROR; \
 	if ((a == NULL) || ((*a) == NULL)) \
 		{ if ((ret=(type)func()) == NULL) \
@@ -85,13 +85,13 @@ extern "C" {
 	else	ret=(*a);
 
 #define M_ASN1_D2I_Init() \
-	c.p= *(const unsigned char **)pp; \
+	c.p= *(unsigned char **)pp; \
 	c.max=(length == 0)?0:(c.p+length);
 
 #define M_ASN1_D2I_Finish_2(a) \
-	if (!asn1_const_Finish(&c)) \
+	if (!asn1_Finish(&c)) \
 		{ c.line=__LINE__; goto err; } \
-	*(const unsigned char **)pp=c.p; \
+	*(unsigned char **)pp=c.p; \
 	if (a != NULL) (*a)=ret; \
 	return(ret);
 
@@ -99,7 +99,7 @@ extern "C" {
 	M_ASN1_D2I_Finish_2(a); \
 err:\
 	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
+	asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)
 
@@ -123,7 +123,7 @@ err:\
 
 #define M_ASN1_D2I_end_sequence() \
 	(((c.inf&1) == 0)?(c.slen <= 0): \
-		(c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
+		(c.eos=ASN1_check_infinite_end(&c.p,c.slen)))
 
 /* Don't use this with d2i_ASN1_BOOLEAN() */
 #define M_ASN1_D2I_get(b,func) \
@@ -278,7 +278,7 @@ err:\
 			{ c.line=__LINE__; goto err; } \
 		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
 			Tlen = c.slen - (c.p - c.q); \
-			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
+			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
 				{ c.error=ERR_R_MISSING_ASN1_EOS; \
 				c.line=__LINE__; goto err; } \
 		}\
@@ -353,12 +353,8 @@ err:\
 		return(NULL)
 
 
-/* BIG UGLY WARNING!  This is so damn ugly I wanna puke.  Unfortunately,
-   some macros that use ASN1_const_CTX still insist on writing in the input
-   stream.  ARGH!  ARGH!  ARGH!  Let's get rid of this macro package.
-   Please?						-- Richard Levitte */
-#define M_ASN1_next		(*((unsigned char *)(c.p)))
-#define M_ASN1_next_prev	(*((unsigned char *)(c.q)))
+#define M_ASN1_next		(*c.p)
+#define M_ASN1_next_prev	(*c.q)
 
 /*************************************************/
 
@@ -555,8 +551,8 @@ err:\
 #define M_ASN1_I2D_finish()	*pp=p; \
 				return(r);
 
-int asn1_GetSequence(ASN1_const_CTX *c, long *length);
-void asn1_add_error(const unsigned char *address,int offset);
+int asn1_GetSequence(ASN1_CTX *c, long *length);
+void asn1_add_error(unsigned char *address,int offset);
 #ifdef  __cplusplus
 }
 #endif

crypto/asn1/asn1_par.c

@@ -64,7 +64,7 @@
 
 static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
 	int indent);
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
 	int offset, int depth, int indent, int dump);
 static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
 	     int indent)
@@ -103,20 +103,20 @@ err:
 	return(0);
 	}
 
-int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
+int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
 	{
 	return(asn1_parse2(bp,&pp,len,0,0,indent,0));
 	}
 
-int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)
+int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
 	{
 	return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
 	}
 
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
 	     int depth, int indent, int dump)
 	{
-	const unsigned char *p,*ep,*tot,*op,*opp;
+	unsigned char *p,*ep,*tot,*op,*opp;
 	long len;
 	int tag,xclass,ret=0;
 	int nl,hl,j,r;
@@ -256,11 +256,9 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
 
 				opp=op;
 				os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
-				if (os != NULL && os->length > 0)
+				if (os != NULL)
 					{
-					opp = os->data;
-					/* testing whether the octet string is
-					 * printable */
+					opp=os->data;
 					for (i=0; i<os->length; i++)
 						{
 						if ((	(opp[i] < ' ') &&
@@ -273,8 +271,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
 							break;
 							}
 						}
-					if (printable)
-					/* printable string */
+					if (printable && (os->length > 0))
 						{
 						if (BIO_write(bp,":",1) <= 0)
 							goto end;
@@ -282,21 +279,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
 							os->length) <= 0)
 							goto end;
 						}
-					else if (!dump)
-					/* not printable => print octet string
-					 * as hex dump */
-						{
-						if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)
-							goto end;
-						for (i=0; i<os->length; i++)
-							{
-							if (BIO_printf(bp,"%02X"
-								, opp[i]) <= 0)
-								goto end;
-							}
-						}
-					else
-					/* print the normal dump */
+					if (!printable && (os->length > 0)
+						&& dump)
 						{
 						if (!nl) 
 							{
@@ -304,15 +288,11 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
 								goto end;
 							}
 						if (BIO_dump_indent(bp,(char *)opp,
-							((dump == -1 || dump > 
-							os->length)?os->length:dump),
+							((dump == -1 || dump > os->length)?os->length:dump),
 							dump_indent) <= 0)
 							goto end;
 						nl=1;
 						}
-					}
-				if (os != NULL)
-					{
 					M_ASN1_OCTET_STRING_free(os);
 					os=NULL;
 					}

crypto/asn1/asn1t.h

@@ -112,7 +112,7 @@ extern "C" {
 /* Macros to aid ASN1 template writing */
 
 #define ASN1_ITEM_TEMPLATE(tname) \
-	static const ASN1_TEMPLATE tname##_item_tt 
+	const static ASN1_TEMPLATE tname##_item_tt 
 
 #define ASN1_ITEM_TEMPLATE_END(tname) \
 	;\
@@ -150,7 +150,7 @@ extern "C" {
  */
 
 #define ASN1_SEQUENCE(tname) \
-	static const ASN1_TEMPLATE tname##_seq_tt[] 
+	const static ASN1_TEMPLATE tname##_seq_tt[] 
 
 #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
 
@@ -166,37 +166,22 @@ extern "C" {
 		#stname \
 	ASN1_ITEM_end(tname)
 
-#define ASN1_NDEF_SEQUENCE(tname) \
-	ASN1_SEQUENCE(tname)
-
 #define ASN1_SEQUENCE_cb(tname, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
 	ASN1_SEQUENCE(tname)
 
 #define ASN1_BROKEN_SEQUENCE(tname) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
 	ASN1_SEQUENCE(tname)
 
 #define ASN1_SEQUENCE_ref(tname, cb, lck) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
 	ASN1_SEQUENCE(tname)
 
 #define ASN1_SEQUENCE_enc(tname, enc, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
 	ASN1_SEQUENCE(tname)
 
-#define ASN1_NDEF_SEQUENCE_END(tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_NDEF_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		NULL,\
-		sizeof(tname),\
-		#tname \
-	ASN1_ITEM_end(tname)
-
 #define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
 
 #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
@@ -239,10 +224,10 @@ extern "C" {
  */
 
 #define ASN1_CHOICE(tname) \
-	static const ASN1_TEMPLATE tname##_ch_tt[] 
+	const static ASN1_TEMPLATE tname##_ch_tt[] 
 
 #define ASN1_CHOICE_cb(tname, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
 	ASN1_CHOICE(tname)
 
 #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
@@ -368,20 +353,16 @@ extern "C" {
 #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
 			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
 
-/* EXPLICIT OPTIONAL using indefinite length constructed form */
-#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
-
 /* Macros for the ASN1_ADB structure */
 
 #define ASN1_ADB(name) \
-	static const ASN1_ADB_TABLE name##_adbtbl[] 
+	const static ASN1_ADB_TABLE name##_adbtbl[] 
 
 #ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
 
 #define ASN1_ADB_END(name, flags, field, app_table, def, none) \
 	;\
-	static const ASN1_ADB name##_adb = {\
+	const static ASN1_ADB name##_adb = {\
 		flags,\
 		offsetof(name, field),\
 		app_table,\
@@ -395,9 +376,9 @@ extern "C" {
 
 #define ASN1_ADB_END(name, flags, field, app_table, def, none) \
 	;\
-	static const ASN1_ITEM *name##_adb(void) \
+	const static ASN1_ITEM *name##_adb(void) \
 	{ \
-	static const ASN1_ADB internal_adb = \
+	const static ASN1_ADB internal_adb = \
 		{\
 		flags,\
 		offsetof(name, field),\
@@ -416,7 +397,7 @@ extern "C" {
 #define ADB_ENTRY(val, template) {val, template}
 
 #define ASN1_ADB_TEMPLATE(name) \
-	static const ASN1_TEMPLATE name##_tt 
+	const static ASN1_TEMPLATE name##_tt 
 
 /* This is the ASN1 template structure that defines
  * a wrapper round the actual type. It determines the
@@ -537,13 +518,6 @@ struct ASN1_ADB_TABLE_st {
 
 #define ASN1_TFLG_COMBINE	(0x1<<10)
 
-/* This flag when present in a SEQUENCE OF, SET OF
- * or EXPLICIT causes indefinite length constructed
- * encoding to be used if required.
- */
-
-#define ASN1_TFLG_NDEF		(0x1<<11)
-
 /* This is the actual ASN1 item itself */
 
 struct ASN1_ITEM_st {
@@ -596,10 +570,6 @@ const char *sname;		/* Structure name */
  * has a special meaning, it is used as a mask
  * of acceptable types using the B_ASN1 constants.
  *
- * NDEF_SEQUENCE is the same as SEQUENCE except
- * that it will use indefinite length constructed
- * encoding if requested.
- *
  */
 
 #define ASN1_ITYPE_PRIMITIVE	0x0
@@ -614,8 +584,6 @@ const char *sname;		/* Structure name */
 
 #define ASN1_ITYPE_MSTRING	0x5
 
-#define ASN1_ITYPE_NDEF_SEQUENCE	0x6
-
 /* Cache for ASN1 tag and length, so we
  * don't keep re-reading it for things
  * like CHOICE
@@ -634,10 +602,10 @@ struct ASN1_TLC_st{
 
 typedef ASN1_VALUE * ASN1_new_func(void);
 typedef void ASN1_free_func(ASN1_VALUE *a);
-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
+typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length);
 typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
 
-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
 					int tag, int aclass, char opt, ASN1_TLC *ctx);
 
 typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
@@ -645,7 +613,7 @@ typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
 typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
 typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
 
 typedef struct ASN1_COMPAT_FUNCS_st {
 	ASN1_new_func *asn1_new;
@@ -775,9 +743,6 @@ typedef struct ASN1_AUX_st {
 #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
 			IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
 
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
-		IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
-
 #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
 	stname *fname##_new(void) \
 	{ \
@@ -793,7 +758,7 @@ typedef struct ASN1_AUX_st {
 	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
 
 #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
-	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+	stname *d2i_##fname(stname **a, unsigned char **in, long len) \
 	{ \
 		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
 	} \
@@ -802,19 +767,13 @@ typedef struct ASN1_AUX_st {
 		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
 	} 
 
-#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
-	int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
-	{ \
-		return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
-	} 
-
 /* This includes evil casts to remove const: they will go away when full
  * ASN1 constification is done.
  */
 #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
 	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
 	{ \
-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\
 	} \
 	int i2d_##fname(const stname *a, unsigned char **out) \
 	{ \
@@ -839,6 +798,7 @@ typedef struct ASN1_AUX_st {
 DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
 DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
 DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_ANY)
 DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
 DECLARE_ASN1_ITEM(CBIGNUM)
 DECLARE_ASN1_ITEM(BIGNUM)
@@ -855,8 +815,8 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
 int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
 void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt);
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
 				int tag, int aclass, char opt, ASN1_TLC *ctx);
 
 int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
@@ -864,7 +824,7 @@ int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLAT
 void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
 int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
 
 int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
 int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
@@ -878,7 +838,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
 void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
 void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it);
 
 #ifdef  __cplusplus
 }

crypto/asn1/asn_moid.c

@@ -3,7 +3,7 @@
  * project 2001.
  */
 /* ====================================================================
- * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -57,7 +57,6 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 #include <openssl/conf.h>
@@ -66,8 +65,6 @@
 
 /* Simple ASN1 OID module: add all objects in a given section */
 
-static int do_create(char *value, char *name);
-
 static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
 	{
 	int i;
@@ -83,7 +80,7 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
 	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
 		{
 		oval = sk_CONF_VALUE_value(sktmp, i);
-		if(!do_create(oval->value, oval->name))
+		if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef)
 			{
 			ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
 			return 0;
@@ -101,60 +98,3 @@ void ASN1_add_oid_module(void)
 	{
 	CONF_module_add("oid_section", oid_module_init, oid_module_finish);
 	}
-
-/* Create an OID based on a name value pair. Accept two formats.
- * shortname = 1.2.3.4
- * shortname = some long name, 1.2.3.4
- */
-
-
-static int do_create(char *value, char *name)
-	{
-	int nid;
-	ASN1_OBJECT *oid;
-	char *ln, *ostr, *p, *lntmp;
-	p = strrchr(value, ',');
-	if (!p)
-		{
-		ln = name;
-		ostr = value;
-		}
-	else
-		{
-		ln = NULL;
-		ostr = p + 1;
-		if (!*ostr)
-			return 0;
-		while(isspace((unsigned char)*ostr)) ostr++;
-		}
-
-	nid = OBJ_create(ostr, name, ln);
-
-	if (nid == NID_undef)
-		return 0;
-
-	if (p)
-		{
-		ln = value;
-		while(isspace((unsigned char)*ln)) ln++;
-		p--;
-		while(isspace((unsigned char)*p))
-			{
-			if (p == ln)
-				return 0;
-			p--;
-			}
-		p++;
-		lntmp = OPENSSL_malloc((p - ln) + 1);
-		if (lntmp == NULL)
-			return 0;
-		memcpy(lntmp, ln, p - ln);
-		lntmp[p - ln + 1] = 0;
-		oid = OBJ_nid2obj(nid);
-		oid->ln = lntmp;
-		}
-
-	return 1;
-	}
-		
-		

crypto/asn1/asn_pack.c

@@ -66,11 +66,11 @@
 
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
 
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len, char *(*d2i)(),
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 	     void (*free_func)(void *))
 {
     STACK *sk;
-    const unsigned char *pbuf;
+    unsigned char *pbuf;
     pbuf =  buf;
     if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
 					V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
@@ -181,7 +181,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
 {
-	const unsigned char *p;
+	unsigned char *p;
 	void *ret;
 
 	p = oct->data;

crypto/asn1/d2i_pr.c

@@ -68,11 +68,8 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 
-EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
 	{
 	EVP_PKEY *ret;
@@ -110,16 +107,6 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
 			goto err;
 			}
 		break;
-#endif
-#ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		if ((ret->pkey.eckey = d2i_ECPrivateKey(NULL, 
-			(const unsigned char **)pp, length)) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
 #endif
 	default:
 		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
@@ -135,11 +122,11 @@ err:
 
 /* This works like d2i_PrivateKey() except it automatically works out the type */
 
-EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
 	     long length)
 {
 	STACK_OF(ASN1_TYPE) *inkey;
-	const unsigned char *p;
+	unsigned char *p;
 	int keytype;
 	p = *pp;
 	/* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
@@ -151,10 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
 	/* Since we only need to discern "traditional format" RSA and DSA
 	 * keys we can just count the elements.
          */
-	if(sk_ASN1_TYPE_num(inkey) == 6) 
-		keytype = EVP_PKEY_DSA;
-	else if (sk_ASN1_TYPE_num(inkey) == 4)
-		keytype = EVP_PKEY_EC;
+	if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA;
 	else keytype = EVP_PKEY_RSA;
 	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
 	return d2i_PrivateKey(keytype, a, pp, length);

crypto/asn1/d2i_pu.c

@@ -68,11 +68,8 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 
-EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
 	{
 	EVP_PKEY *ret;
@@ -103,23 +100,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
 #endif
 #ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
-		if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
-			(const unsigned char **)pp,length)) /* TMP UGLY CAST */
+		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
-#endif
-#ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		if (!o2i_ECPublicKey(&(ret->pkey.eckey),
-				     (const unsigned char **)pp, length))
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-	break;
 #endif
 	default:
 		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);

crypto/asn1/evp_asn1.c

@@ -137,9 +137,9 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
 	int ret= -1,n;
 	ASN1_INTEGER *ai=NULL;
 	ASN1_OCTET_STRING *os=NULL;
-	const unsigned char *p;
+	unsigned char *p;
 	long length;
-	ASN1_const_CTX c;
+	ASN1_CTX c;
 
 	if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
 		{

crypto/asn1/i2d_pr.c

@@ -67,9 +67,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 	{
@@ -86,12 +83,6 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
 		}
 #endif
-#ifndef OPENSSL_NO_EC
-	if (a->type == EVP_PKEY_EC)
-		{
-		return(i2d_ECPrivateKey(a->pkey.eckey, pp));
-		}
-#endif
 
 	ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
 	return(-1);

crypto/asn1/i2d_pu.c

@@ -67,9 +67,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 
 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 	{
@@ -82,10 +79,6 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 #ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
-#endif
-#ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		return(i2o_ECPublicKey(a->pkey.eckey, pp));
 #endif
 	default:
 		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

crypto/asn1/n_pkey.c

@@ -56,9 +56,9 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/asn1t.h>

crypto/asn1/t_crl.c

@@ -121,7 +121,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 		r = sk_X509_REVOKED_value(rev, i);
 		BIO_printf(out,"    Serial Number: ");
 		i2a_ASN1_INTEGER(out,r->serialNumber);
-		BIO_printf(out,"\n        Revocation Date: ");
+		BIO_printf(out,"\n        Revocation Date: ","");
 		ASN1_TIME_print(out,r->revocationDate);
 		BIO_printf(out,"\n");
 		X509V3_extensions_print(out, "CRL entry extensions",