Changes for release

time involving VxWorks on MIPS

CHANGES

@@ -2,372 +2,163 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7 and 0.9.8  [xx XXX xxxx]
+ Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]
 
-  *) Change the "progress" mechanism used in key-generation and
-     primality testing to functions that take a new BN_GENCB pointer in
-     place of callback/argument pairs. The new API functions have "_ex"
-     postfixes and the older functions are reimplemented as wrappers for
-     the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
-     declarations of the old functions to help (graceful) attempts to
-     migrate to the new functions. Also, the new key-generation API
-     functions operate on a caller-supplied key-structure and return
-     success/failure rather than returning a key or NULL - this is to
-     help make "keygen" another member function of RSA_METHOD etc.
+  *) Fix various bugs revealed by running the NISCC test suite:
 
-     Example for using the new callback interface:
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     
+     Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
 
-          int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
-          void *my_arg = ...;
-          BN_GENCB my_cb;
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
 
-          BN_GENCB_set(&my_cb, my_callback, my_arg);
+     [Steve Henson]
 
-          return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
-          /* For the meaning of a, b in calls to my_callback(), see the
-           * documentation of the function that calls the callback.
-           * cb will point to my_cb; my_arg can be retrieved as cb->arg.
-           * my_callback should return 1 if it wants BN_is_prime_ex()
-           * to continue, or 0 to stop.
-           */
+  *) New -ignore_err option in ocsp application to stop the server
+     exiting on the first error in a request.
+     [Steve Henson]
 
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+  *) Change AES_cbc_encrypt() so it outputs exact multiple of
+     blocks during encryption.
+     [Richard Levitte]
+
+  *) Various fixes to base64 BIO and non blocking I/O. On write 
+     flushes were not handled properly if the BIO retried. On read
+     data was not being buffered properly and had various logic bugs.
+     This also affects blocking I/O when the data being decoded is a
+     certain size.
+     [Steve Henson]
+
+  *) Various S/MIME bugfixes and compatibility changes:
+     output correct application/pkcs7 MIME type if
+     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+     of files as .eml work). Correctly handle very long lines in MIME
+     parser.
+     [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+  *) Fixed a typo bug that would cause ENGINE_set_default() to set an
+     ENGINE as defaults for all supported algorithms irrespective of
+     the 'flags' parameter. 'flags' is now honoured, so applications
+     should make sure they are passing it correctly.
      [Geoff Thorpe]
 
-  *) Change the ZLIB compression method to be stateful, and make it
-     available to TLS with the number defined in 
-     draft-ietf-tls-compression-04.txt.
+  *) Target "mingw" now allows native Windows code to be generated in
+     the Cygwin environment as well as with the MinGW compiler.
+     [Ulf Moeller] 
+
+ Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]
+
+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+     via timing by performing a MAC computation even if incorrrect
+     block cipher padding has been found.  This is a countermeasure
+     against active attacks where the attacker has to distinguish
+     between bad padding and a MAC verification error. (CAN-2003-0078)
+
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]
+
+  *) Make the no-err option work as intended.  The intention with no-err
+     is not to have the whole error stack handling routines removed from
+     libcrypto, it's only intended to remove all the function name and
+     reason texts, thereby removing some of the footprint that may not
+     be interesting if those errors aren't displayed anyway.
+
+     NOTE: it's still possible for any application or module to have it's
+     own set of error texts inserted.  The routines are there, just not
+     used by default when no-err is given.
      [Richard Levitte]
 
-  *) Add the ASN.1 structures and functions for CertificatePair, which
-     is defined as follows (according to X.509_4thEditionDraftV6.pdf):
+  *) Add support for FreeBSD on IA64.
+     [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454]
 
-     CertificatePair ::= SEQUENCE {
-        forward		[0]	Certificate OPTIONAL,
-        reverse		[1]	Certificate OPTIONAL,
-        -- at least one of the pair shall be present -- }
+  *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
+     Kerberos function mit_des_cbc_cksum().  Before this change,
+     the value returned by DES_cbc_cksum() was like the one from
+     mit_des_cbc_cksum(), except the bytes were swapped.
+     [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
 
-     Also implement the PEM functions to read and write certificate
-     pairs, and defined the PEM tag as "CERTIFICATE PAIR".
+  *) Allow an application to disable the automatic SSL chain building.
+     Before this a rather primitive chain build was always performed in
+     ssl3_output_cert_chain(): an application had no way to send the 
+     correct chain if the automatic operation produced an incorrect result.
 
-     This needed to be defined, mostly for the sake of the LDAP
-     attribute crossCertificatePair, but may prove useful elsewhere as
-     well.
-     [Richard Levitte]
+     Now the chain builder is disabled if either:
 
-  *) Make it possible to inhibit symlinking of shared libraries in
-     Makefile.shared, for Cygwin's sake.
-     [Richard Levitte]
+     1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
 
-  *) Extend the BIGNUM API by creating new macros that behave like
-     functions
+     2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
 
-          void BN_set_sign(BIGNUM *a, int neg);
-          int BN_get_sign(const BIGNUM *a);
-
-     and avoid the need to access 'a->neg' directly in applications.
-     [Nils Larsch  <nla@trustcenter.de>]
-
-  *) Implement fast modular reduction for pseudo-Mersenne primes
-     used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
-     EC_GROUP_new_curve_GFp() will now automatically use this
-     if applicable.
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add new lock type (CRYPTO_LOCK_BN).
-     [Bodo Moeller]
-
-  *) Change the ENGINE framework to automatically load engines
-     dynamically from specific directories unless they could be
-     found to already be built in or loaded.  Move all the
-     current engines except for the cryptodev one to a new
-     directory engines/.
-     The engines in engines/ are built as shared libraries if
-     the "shared" options was given to ./Configure or ./config.
-     Otherwise, they are inserted in libcrypto.a.
-     /usr/local/ssl/engines is the default directory for dynamic
-     engines, but that can be overriden at configure time through
-     the usual use of --prefix and/or --openssldir, and at run
-     time with the environment variable OPENSSL_ENGINES.
-     [Geoff Thorpe and Richard Levitte]
-
-  *) Add Makefile.shared, a helper makefile to build shared
-     libraries.  Addapt Makefile.org.
-     [Richard Levitte]
-
-  *) Add version info to Win32 DLLs.
-     [Peter 'Luna' Runestig" <peter@runestig.com>]
-
-  *) Add new 'medium level' PKCS#12 API. Certificates and keys
-     can be added using this API to created arbitrary PKCS#12
-     files while avoiding the low level API.
-
-     New options to PKCS12_create(), key or cert can be NULL and
-     will then be omitted from the output file. The encryption
-     algorithm NIDs can be set to -1 for no encryption, the mac
-     iteration count can be set to 0 to omit the mac.
-
-     Enhance pkcs12 utility by making the -nokeys and -nocerts
-     options work when creating a PKCS#12 file. New option -nomac
-     to omit the mac, NONE can be set for an encryption algorithm.
-     New code is modified to use the enhanced PKCS12_create()
-     instead of the low level API.
+     The reasoning behind this is that an application would not want the
+     auto chain building to take place if extra chain certificates are
+     present and it might also want a means of sending no additional
+     certificates (for example the chain has two certificates and the
+     root is omitted).
      [Steve Henson]
 
-  *) Extend ASN1 encoder to support indefinite length constructed
-     encoding. This can output sequences tags and octet strings in
-     this form. Modify pk7_asn1.c to support indefinite length
-     encoding. This is experimental and needs additional code to
-     be useful, such as an ASN1 bio and some enhanced streaming
-     PKCS#7 code.
+  *) Add the possibility to build without the ENGINE framework.
+     [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
 
-     Extend template encode functionality so that tagging is passed
-     down to the template encoder.
+  *) Under Win32 gmtime() can return NULL: check return value in
+     OPENSSL_gmtime(). Add error code for case where gmtime() fails.
      [Steve Henson]
 
-  *) Let 'openssl req' fail if an argument to '-newkey' is not
-     recognized instead of using RSA as a default.
-     [Bodo Moeller]
+  *) DSA routines: under certain error conditions uninitialized BN objects
+     could be freed. Solution: make sure initialization is performed early
+     enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
+     Nils Larsch <nla@trustcenter.de> via PR#459)
+     [Lutz Jaenicke]
 
-  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
-     As these are not official, they are not included in "ALL";
-     the "ECCdraft" ciphersuite group alias can be used to select them.
-     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
-
-  *) Add ECDH engine support.
-     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
-
-  *) Add ECDH in new directory crypto/ecdh/.
-TODO: more general interface (return  x  coordinate, not its hash)
-TODO: bug: pad  x  with leading zeros if necessary
-     [Douglas Stebila (Sun Microsystems Laboratories)]
-
-  *) Let BN_rand_range() abort with an error after 100 iterations
-     without success (which indicates a broken PRNG).
-     [Bodo Moeller]
-
-  *) Change BN_mod_sqrt() so that it verifies that the input value
-     is really the square of the return value.  (Previously,
-     BN_mod_sqrt would show GIGO behaviour.)
-     [Bodo Moeller]
-
-  *) Add named elliptic curves over binary fields from X9.62, SECG,
-     and WAP/WTLS; add OIDs that were still missing.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Extend the EC library for elliptic curves over binary fields
-     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
-     New EC_METHOD:
-
-          EC_GF2m_simple_method
-
-     New API functions:
-
-          EC_GROUP_new_curve_GF2m
-          EC_GROUP_set_curve_GF2m
-          EC_GROUP_get_curve_GF2m
-          EC_POINT_set_affine_coordinates_GF2m
-          EC_POINT_get_affine_coordinates_GF2m
-          EC_POINT_set_compressed_coordinates_GF2m
-
-     Point compression for binary fields is disabled by default for
-     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
-     enable it).
-
-     As binary polynomials are represented as BIGNUMs, various members
-     of the EC_GROUP and EC_POINT data structures can be shared
-     between the implementations for prime fields and binary fields;
-     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
-     are essentially identical to their ..._GFp counterparts.
-     (For simplicity, the '..._GFp' prefix has been dropped from
-     various internal method names.)
-
-     An internal 'field_div' method (similar to 'field_mul' and
-     'field_sqr') has been added; this is used only for binary fields.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
-     through methods ('mul', 'precompute_mult').
-
-     The generic implementations (now internally called 'ec_wNAF_mul'
-     and 'ec_wNAF_precomputed_mult') remain the default if these
-     methods are undefined.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) New function EC_GROUP_get_degree, which is defined through
-     EC_METHOD.  For curves over prime fields, this returns the bit
-     length of the modulus.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) New functions EC_GROUP_dup, EC_POINT_dup.
-     (These simply call ..._new  and ..._copy).
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
-     Polynomials are represented as BIGNUMs (where the sign bit is not
-     used) in the following functions [macros]:  
-
-          BN_GF2m_add
-          BN_GF2m_sub             [= BN_GF2m_add]
-          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
-          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
-          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
-          BN_GF2m_mod_inv
-          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
-          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
-          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
-          BN_GF2m_cmp             [= BN_ucmp]
-
-     (Note that only the 'mod' functions are actually for fields GF(2^m).
-     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
-
-     For some functions, an the irreducible polynomial defining a
-     field can be given as an 'unsigned int[]' with strictly
-     decreasing elements giving the indices of those bits that are set;
-     i.e., p[] represents the polynomial
-          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
-     where
-          p[0] > p[1] > ... > p[k] = 0.
-     This applies to the following functions:
-
-          BN_GF2m_mod_arr
-          BN_GF2m_mod_mul_arr
-          BN_GF2m_mod_sqr_arr
-          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
-          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
-          BN_GF2m_mod_exp_arr
-          BN_GF2m_mod_sqrt_arr
-          BN_GF2m_mod_solve_quad_arr
-          BN_GF2m_poly2arr
-          BN_GF2m_arr2poly
-
-     Conversion can be performed by the following functions:
-
-          BN_GF2m_poly2arr
-          BN_GF2m_arr2poly
-
-     bntest.c has additional tests for binary polynomial arithmetic.
-
-     Two implementations for BN_GF2m_mod_div() are available.
-     The default algorithm simply uses BN_GF2m_mod_inv() and
-     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
-     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
-     copyright notice in crypto/bn/bn_gf2m.c before enabling it).
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Add new error code 'ERR_R_DISABLED' that can be used when some
-     functionality is disabled at compile-time.
-     [Douglas Stebila <douglas.stebila@sun.com>]
-
-  *) Change default behaviour of 'openssl asn1parse' so that more
-     information is visible when viewing, e.g., a certificate:
-
-     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
-     mode the content of non-printable OCTET STRINGs is output in a
-     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
-     avoid the appearance of a printable string.
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
-     functions
-          EC_GROUP_set_asn1_flag()
-          EC_GROUP_get_asn1_flag()
-          EC_GROUP_set_point_conversion_form()
-          EC_GROUP_get_point_conversion_form()
-     These control ASN1 encoding details:
-     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
-       has been set to OPENSSL_EC_NAMED_CURVE.
-     - Points are encoded in uncompressed form by default; options for
-       asn1_for are as for point2oct, namely
-          POINT_CONVERSION_COMPRESSED
-          POINT_CONVERSION_UNCOMPRESSED
-          POINT_CONVERSION_HYBRID
-
-     Also add 'seed' and 'seed_len' members to EC_GROUP with access
-     functions
-          EC_GROUP_set_seed()
-          EC_GROUP_get0_seed()
-          EC_GROUP_get_seed_len()
-     This is used only for ASN1 purposes (so far).
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add 'field_type' member to EC_METHOD, which holds the NID
-     of the appropriate field type OID.  The new function
-     EC_METHOD_get_field_type() returns this value.
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add functions 
-          EC_POINT_point2bn()
-          EC_POINT_bn2point()
-          EC_POINT_point2hex()
-          EC_POINT_hex2point()
-     providing useful interfaces to EC_POINT_point2oct() and
-     EC_POINT_oct2point().
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Change internals of the EC library so that the functions
-          EC_GROUP_set_generator()
-          EC_GROUP_get_generator()
-          EC_GROUP_get_order()
-          EC_GROUP_get_cofactor()
-     are implemented directly in crypto/ec/ec_lib.c and not dispatched
-     to methods, which would lead to unnecessary code duplication when
-     adding different types of curves.
-     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
-
-  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
-     arithmetic, and such that modified wNAFs are generated
-     (which avoid length expansion in many cases).
-     [Bodo Moeller]
-
-  *) Add a function EC_GROUP_check_discriminant() (defined via
-     EC_METHOD) that verifies that the curve discriminant is non-zero.
-
-     Add a function EC_GROUP_check() that makes some sanity tests
-     on a EC_GROUP, its generator and order.  This includes
-     EC_GROUP_check_discriminant().
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add ECDSA in new directory crypto/ecdsa/.
-
-     Add applications 'openssl ecparam' and 'openssl ecdsa'
-     (these are based on 'openssl dsaparam' and 'openssl dsa').
-
-     ECDSA support is also included in various other files across the
-     library.  Most notably,
-     - 'openssl req' now has a '-newkey ecdsa:file' option;
-     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
-     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
-       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
-       them suitable for ECDSA where domain parameters must be
-       extracted before the specific public key;
-     - ECDSA engine support has been added.
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Include some named elliptic curves, and add OIDs from X9.62,
-     SECG, and WAP/WTLS.  Each curve can be obtained from the new
-     function
-          EC_GROUP_new_by_nid(),
-     and the list of available named curves can be obtained with
-          EC_get_builtin_curves().
-     Also add a 'curve_name' member to EC_GROUP objects, which can be
-     accessed via
-         EC_GROUP_set_nid()
-         EC_GROUP_get_nid()
-     [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
- 
- Changes between 0.9.7 and 0.9.7a  [XX xxx 2003]
+  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
+     checked on reconnect on the client side, therefore session resumption
+     could still fail with a "ssl session id is different" error. This
+     behaviour is masked when SSL_OP_ALL is used due to
+     SSL_OP_MICROSOFT_SESS_ID_BUG being set.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     followup to PR #377.
+     [Lutz Jaenicke]
 
   *) IA-32 assembler support enhancements: unified ELF targets, support
      for SCO/Caldera platforms, fix for Cygwin shared build.
@@ -380,6 +171,9 @@ TODO: bug: pad  x  with leading zeros if necessary
 
  Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
 
+  [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
+  OpenSSL 0.9.7.]
+
   *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
      code (06) was taken as the first octet of the session ID and the last
      octet was ignored consequently. As a result SSLv2 client side session
@@ -2053,6 +1847,11 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      be reduced modulo  m.
      [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
 
+#if 0
+     The following entry accidentily appeared in the CHANGES file
+     distributed with OpenSSL 0.9.7.  The modifications described in
+     it do *not* apply to OpenSSL 0.9.7.
+
   *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
      was actually never needed) and in BN_mul().  The removal in BN_mul()
      required a small change in bn_mul_part_recursive() and the addition
@@ -2061,6 +1860,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      bn_sub_words() and bn_add_words() except they take arrays with
      differing sizes.
      [Richard Levitte]
+#endif
 
   *) In 'openssl passwd', verify passwords read from the terminal
      unless the '-salt' option is used (which usually means that
@@ -2192,6 +1992,69 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
+ Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+ Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+ Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
+
+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+     via timing by performing a MAC computation even if incorrrect
+     block cipher padding has been found.  This is a countermeasure
+     against active attacks where the attacker has to distinguish
+     between bad padding and a MAC verification error. (CAN-2003-0078)
+
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]
+
  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
 
   *) New function OPENSSL_cleanse(), which is used to cleanse a section of

Configure

@@ -10,7 +10,7 @@ use strict;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -38,6 +38,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 # --test-sanity Make a number of sanity checks on the data in this file.
 #               This is a debugging tool for OpenSSL developers.
 #
+# no-engine     do not compile in any engine code.
 # no-hw-xxx     do not compile support for specific crypto hardware.
 #               Generic OpenSSL-style methods relating to this support
 #               are always compiled but return NULL if the hardware
@@ -167,13 +168,14 @@ my %table=(
 
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:asm/des_enc-sparc.o fcrypt_b.o::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 ####
 "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -186,9 +188,9 @@ my %table=(
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:asm/des_enc-sparc.o fcrypt_b.o::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
 "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -197,12 +199,12 @@ my %table=(
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:asm/des_enc-sparc.o fcrypt_b.o::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # Sunos configs, assuming sparc for the gcc one.
 ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::",
@@ -217,7 +219,7 @@ my %table=(
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
 "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # N64 ABI builds.
 "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -259,7 +261,7 @@ my %table=(
 # Submitted by <ross.alexander@uk.neceur.com>
 "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
-# HP/UX IA-64 targets
+# IA-64 targets
 "hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
 # with debugging of the following config.
@@ -269,12 +271,12 @@ my %table=(
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # Isn't the line below meaningless? HP-UX cc optimizes for host by default.
 # hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
@@ -372,7 +374,6 @@ my %table=(
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-pentium",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ppro",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -382,19 +383,21 @@ my %table=(
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
-"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc",   "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
 "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -402,7 +405,7 @@ my %table=(
 "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
 
 # QNX 4
 "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
@@ -424,7 +427,7 @@ my %table=(
 # compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
 # patiently assisted to debug most of it.
 #
-# UnixWare 2.0x fails destest with -O.
+# UnixWare 2.0x fails destest with -O
 "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -433,16 +436,16 @@ my %table=(
 "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
-"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic",
-"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC",
+"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 
 # IBM's AIX.
 "aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::",
 "aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
-"aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64",
+"aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
 
 #
 # Cray T90 and similar (SDSC)
@@ -501,13 +504,11 @@ my %table=(
 "VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # Borland C++ 4.5
-"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
+"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32",
 "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
-# Mingw32
-# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
-# and its library files in util/pl/*)
-"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+# MinGW
+"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll",
 
 # UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
@@ -533,8 +534,8 @@ my %table=(
 "OpenBSD-m88k",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-mips",		"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-powerpc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::asm/des_enc-sparc.o fcrypt_b.o::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::asm/des_enc-sparc.o fcrypt_b.o::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-vax",		"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-hppa",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
@@ -559,6 +560,8 @@ my %table=(
 "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
 "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
 "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:",
 
 ##### Compaq Non-Stop Kernel (Tandem)
 "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
@@ -649,6 +652,7 @@ my $openssl_thread_defines;
 my $openssl_sys_defines="";
 my $openssl_other_defines;
 my $libs;
+my $libkrb5="";
 my $target;
 my $options;
 my $symlink;
@@ -689,6 +693,11 @@ PROCESS_ARGS:
 			$flags .= "-DOPENSSL_NO_ASM ";
 			$openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
 			}
+		elsif (/^no-err$/)
+		 	{
+			$flags .= "-DOPENSSL_NO_ERR ";
+			$openssl_other_defines .= "#define OPENSSL_NO_ERR\n";
+			}
 		elsif (/^no-hw-(.+)$/)
 			{
 			my $hw=$1;
@@ -752,27 +761,6 @@ PROCESS_ARGS:
 				$depflags .= "-DOPENSSL_NO_MDC2 ";
 				$openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
 				}
-			if ($algo eq "EC")
-				{
-				push @skip, "ecdsa";
-				push @skip, "ecdh";
-				$options .= " no-ecdsa";
-				$options .= " no-ecdh";
-				$flags .= "-DOPENSSL_NO_ECDSA ";
-				$flags .= "-DOPENSSL_NO_ECDH ";
-				$depflags .= "-DOPENSSL_NO_ECDSA ";
-				$depflags .= "-DOPENSSL_NO_ECDH ";
-				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDSA\n";
-				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDH\n";
-				}
-			if ($algo eq "SHA" || $algo eq "SHA1")
-				{
-				push @skip, "ecdsa";
-				$options .= " no-ecdsa";
-				$flags .= "-DOPENSSL_NO_ECDSA ";
-				$depflags .= "-DOPENSSL_NO_ECDSA ";
-				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDSA\n";
-				}
 			if ($algo eq "MD5")
 				{
 				$no_md5 = 1;
@@ -1036,8 +1024,6 @@ else
 	$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
 		if $withargs{"krb5-include"} eq "" &&
 		   $withargs{"krb5-dir"} ne "";
-
-	$libs.=$withargs{"krb5-lib"}." " if $withargs{"krb5-lib"} ne "";
 	}
 
 # The DSO code currently always implements all functions so that no
@@ -1130,21 +1116,10 @@ if (!$no_shared)
 	{
 	if ($shared_cflag ne "")
 		{
-		$cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
+		$cflags = "$shared_cflag $cflags";
 		}
 	}
 
-if ($no_shared)
-	{
-	$cflags="-DOPENSSL_NO_DYNAMIC_ENGINE $cflags";
-	$openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
-	}
-else
-	{
-	$cflags="-DOPENSSL_NO_STATIC_ENGINE $cflags";
-	$openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
-	}
-
 if ($sys_id ne "")
 	{
 	$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
@@ -1162,8 +1137,6 @@ if ($ranlib eq "")
 #$bn_obj="$bn1";
 
 $bn_obj = $bn_asm unless $bn_obj ne "";
-# bn86* is the only one implementing bn_*_part_words
-$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
 
 $des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
 $bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
@@ -1191,7 +1164,6 @@ if ($rmd160_obj =~ /\.o$/)
 $cflags =~ s/([\\\"])/\\\1/g;
 
 my $version = "unknown";
-my $version_num = "unknown";
 my $major = "unknown";
 my $minor = "unknown";
 my $shlib_version_number = "unknown";
@@ -1203,7 +1175,6 @@ open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
 while (<IN>)
 	{
 	$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
-	$version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
 	$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
 	$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
 	}
@@ -1272,6 +1243,7 @@ while (<IN>)
 	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
 	s/^PERL=.*/PERL= $perl/;
 	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
+	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1533,68 +1505,6 @@ EOF
 	}
 }
 
-# create the ms/version32.rc file if needed
-if ($IsWindows) {
-	my ($v1, $v2, $v3, $v4);
-	if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
-		$v1=hex $1;
-		$v2=hex $2;
-		$v3=hex $3;
-		$v4=hex $4;
-	}
-	open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
-	print OUT <<EOF;
-#include <winver.h>
-
-LANGUAGE 0x09,0x01
-
-1 VERSIONINFO
-  FILEVERSION $v1,$v2,$v3,$v4
-  PRODUCTVERSION $v1,$v2,$v3,$v4
-  FILEFLAGSMASK 0x3fL
-#ifdef _DEBUG
-  FILEFLAGS 0x01L
-#else
-  FILEFLAGS 0x00L
-#endif
-  FILEOS VOS__WINDOWS32
-  FILETYPE VFT_DLL
-  FILESUBTYPE 0x0L
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-	BLOCK "040904b0"
-	BEGIN
-	    // Required:	    
-	    VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
-	    VALUE "FileDescription", "OpenSSL Shared Library\\0"
-	    VALUE "FileVersion", "$version\\0"
-#if defined(CRYPTO)
-	    VALUE "InternalName", "libeay32\\0"
-	    VALUE "OriginalFilename", "libeay32.dll\\0"
-#elif defined(SSL)
-	    VALUE "InternalName", "ssleay32\\0"
-	    VALUE "OriginalFilename", "ssleay32.dll\\0"
-#endif
-	    VALUE "ProductName", "The OpenSSL Toolkit\\0"
-	    VALUE "ProductVersion", "$version\\0"
-	    // Optional:
-	    //VALUE "Comments", "\\0"
-	    VALUE "LegalCopyright", "Copyright © 1998-2002 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
-	    //VALUE "LegalTrademarks", "\\0"
-	    //VALUE "PrivateBuild", "\\0"
-	    //VALUE "SpecialBuild", "\\0"
-	END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x409, 0x4b0
-    END
-END
-EOF
-	close(OUT);
-  }
-  
 print <<EOF;
 
 Configured for $target.

FAQ

@@ -68,7 +68,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7 was released on December 31, 2002.
+OpenSSL 0.9.7c was released on September 30, 2003.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -189,18 +189,30 @@ for permission to use their software with OpenSSL.
 
 Cryptographic software needs a source of unpredictable data to work
 correctly.  Many open source operating systems provide a "randomness
-device" that serves this purpose.  On other systems, applications have
-to call the RAND_add() or RAND_seed() function with appropriate data
-before generating keys or performing public key encryption.
-(These functions initialize the pseudo-random number generator, PRNG.)
+device" (/dev/urandom or /dev/random) that serves this purpose.
+All OpenSSL versions try to use /dev/urandom by default; starting with
+version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
+available.
 
-Some broken applications do not do this.  As of version 0.9.5, the
-OpenSSL functions that need randomness report an error if the random
-number generator has not been seeded with at least 128 bits of
-randomness.  If this error occurs, please contact the author of the
-application you are using.  It is likely that it never worked
-correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
-to perform potentially insecure encryption.
+On other systems, applications have to call the RAND_add() or
+RAND_seed() function with appropriate data before generating keys or
+performing public key encryption. (These functions initialize the
+pseudo-random number generator, PRNG.)  Some broken applications do
+not do this.  As of version 0.9.5, the OpenSSL functions that need
+randomness report an error if the random number generator has not been
+seeded with at least 128 bits of randomness.  If this error occurs and
+is not discussed in the documentation of the application you are
+using, please contact the author of that application; it is likely
+that it never worked correctly.  OpenSSL 0.9.5 and later make the
+error visible by refusing to perform potentially insecure encryption.
+
+If you are using Solaris 8, you can add /dev/urandom and /dev/random
+devices by installing patch 112438 (Sparc) or 112439 (x86), which are
+available via the Patchfinder at <URL: http://sunsolve.sun.com>
+(Solaris 9 includes these devices by default). For /dev/random support
+for earlier Solaris versions, see Sun's statement at
+<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
+(the SUNWski package is available in patch 105710).
 
 On systems without /dev/urandom and /dev/random, it is a good idea to
 use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
@@ -233,18 +245,6 @@ OpenSSL command line tools. Applications using the OpenSSL library
 provide their own configuration options to specify the entropy source,
 please check out the documentation coming the with application.
 
-For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
-installing the SUNski package from Sun patch 105710-01 (Sparc) which
-adds a /dev/random device and make sure it gets used, usually through
-$RANDFILE.  There are probably similar patches for the other Solaris
-versions.  An official statement from Sun with respect to /dev/random
-support can be found at
-  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
-However, be warned that /dev/random is usually a blocking device, which
-may have some effects on OpenSSL.
-A third party /dev/random solution for Solaris is available at
-  http://www.cosy.sbg.ac.at/~andi/
-
 
 * Why do I get an "unable to write 'random state'" error message?
 
@@ -490,10 +490,13 @@ and then redo the compilation.  What you should really do is make sure
 Sometimes, you may get reports from VC++ command line (cl) that it
 can't find standard include files like stdio.h and other weirdnesses.
 One possible cause is that the environment isn't correctly set up.
-To solve that problem, one should run VCVARS32.BAT which is found in
-the 'bin' subdirectory of the VC++ installation directory (somewhere
-under 'Program Files').  This needs to be done prior to running NMAKE,
-and the changes are only valid for the current DOS session.
+To solve that problem for VC++ versions up to 6, one should run
+VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
+installation directory (somewhere under 'Program Files').  For VC++
+version 7 (and up?), which is also called VS.NET, the file is called
+VSVARS32.BAT instead.
+This needs to be done prior to running NMAKE, and the changes are only
+valid for the current DOS session.
 
 
 * What is special about OpenSSL on Redhat?
@@ -729,6 +732,7 @@ The general answer is to check the config.log file generated when running
 the OpenSSH configure script. It should contain the detailed information
 on why the OpenSSL library was not detected or considered incompatible.
 
+
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 
 Yes; make sure to read the SSL_get_error(3) manual page!

INSTALL

@@ -321,7 +321,8 @@
 	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
 	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
 		mkdir -p `dirname $F`
-		ln -s $OPENSSL_SOURCE/$F $F
+		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
+		echo $F '->' $OPENSSL_SOURCE/$F
 	done
 	make -f Makefile.org clean
 

INSTALL.W32

@@ -10,13 +10,20 @@
 
  You need Perl for Win32.  Unless you will build on Cygwin, you will need
  ActiveState Perl, available from http://www.activestate.com/ActivePerl.
- For Cygwin users, there's more info in the Cygwin section.
 
  and one of the following C compilers:
 
   * Visual C++
   * Borland C
-  * GNU C (Mingw32 or Cygwin)
+  * GNU C (Cygwin or MinGW)
+
+ If you are compiling from a tarball or a CVS snapshot then the Win32 files
+ may well be not up to date. This may mean that some "tweaking" is required to
+ get it all to work. See the trouble shooting section later on for if (when?)
+ it goes wrong.
+
+ Visual C++
+ ----------
 
  If you want to compile in the assembly language routines with Visual C++ then
  you will need an assembler. This is worth doing because it will result in
@@ -26,26 +33,19 @@
   * Microsoft MASM (aka "ml")
   * Free Netwide Assembler NASM.
 
- MASM was at one point distributed with VC++. It is now distributed with some
- Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If
- you do not have either of these DDKs then you can just download the binaries
- for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and
- XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both
- DDKs can be downloaded from the Microsoft developers site www.msdn.com.
+ MASM is distributed with most versions of VC++. For the versions where it is
+ not included in VC++, it is also distributed with some Microsoft DDKs, for
+ example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have
+ either of these DDKs then you can just download the binaries for the Windows
+ 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to
+ ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be
+ downloaded from the Microsoft developers site www.msdn.com.
 
  NASM is freely available. Version 0.98 was used during testing: other versions
  may also work. It is available from many places, see for example:
  http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
  The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
 
- If you are compiling from a tarball or a CVS snapshot then the Win32 files
- may well be not up to date. This may mean that some "tweaking" is required to
- get it all to work. See the trouble shooting section later on for if (when?)
- it goes wrong.
-
- Visual C++
- ----------
-
  Firstly you should run Configure:
 
  > perl Configure VC-WIN32
@@ -119,18 +119,72 @@
  * Run make:
    > make -f bcb.mak
 
- GNU C (Mingw32)
- ---------------
+ GNU C (Cygwin)
+ --------------
 
- To build OpenSSL, you need the Mingw32 package and GNU make.
+ Cygwin provides a bash shell and GNU tools environment running
+ on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP.
+ Consequently, a make of OpenSSL with Cygwin is closer to a GNU
+ bash environment such as Linux than to other the other Win32
+ makes.
+
+ Cygwin implements a Posix/Unix runtime system (cygwin1.dll).
+ It is also possible to create Win32 binaries that only use the
+ Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
+ MinGW. MinGW can be used in the Cygwin development environment
+ or in a standalone setup as described in the following section.
+
+ To build OpenSSL using Cygwin:
+
+ * Install Cygwin (see http://cygwin.com/)
+
+ * Install Perl and ensure it is in the path. Both Cygwin perl
+   (5.6.1-2 or newer) and ActivePerl work.
+
+ * Run the Cygwin bash shell
+
+ * $ tar zxvf openssl-x.x.x.tar.gz
+   $ cd openssl-x.x.x
+
+   To build the Cygwin version of OpenSSL:
+
+   $ ./config
+   [...]
+   $ make
+   [...]
+   $ make test
+   $ make install
+
+   This will create a default install in /usr/local/ssl.
+
+   To build the MinGW version (native Windows) in Cygwin:
+
+   $ ./Configure mingw
+   [...]
+   $ make
+   [...]
+   $ make test
+   $ make install
+
+ Cygwin Notes:
+
+ "make test" and normal file operations may fail in directories
+ mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
+ stripping of carriage returns. To avoid this ensure that a binary
+ mount is used, e.g. mount -b c:\somewhere /home.
+
+ "bc" is not provided in older Cygwin distribution.  This causes a
+ non-fatal error in "make test" but is otherwise harmless.  If
+ desired and needed, GNU bc can be built with Cygwin without change.
+
+ GNU C (MinGW)
+ -------------
 
  * Compiler installation:
 
-   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
-   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. Extract it
-   to a directory such as C:\gcc-2.95.2 and add c:\gcc-2.95.2\bin to
-   the PATH environment variable in "System Properties"; or edit and
-   run C:\gcc-2.95.2\mingw32.bat to set the PATH.
+   MinGW is available from http://www.mingw.org. Run the installer and
+   set the MinGW bin directory to the PATH in "System Properties" or
+   autoexec.bat.
 
  * Compile OpenSSL:
 
@@ -152,49 +206,6 @@
    > cd out
    > ..\ms\test
 
- GNU C (Cygwin)
- --------------
-
- Cygwin provides a bash shell and GNU tools environment running
- on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP.
- Consequently, a make of OpenSSL with Cygwin is closer to a GNU
- bash environment such as Linux than to other W32 makes which are
- based on a single makefile approach. Cygwin implements Posix/Unix
- calls through cygwin1.dll, and is contrasted to Mingw32 which links
- dynamically to msvcrt.dll or crtdll.dll.
-
- To build OpenSSL using Cygwin:
-
- * Install Cygwin (see http://cygwin.com/)
-
- * Install Perl and ensure it is in the path (recent Cygwin perl 
-   (version 5.6.1-2 of the latter has been reported to work) or
-   ActivePerl)
-
- * Run the Cygwin bash shell
-
- * $ tar zxvf openssl-x.x.x.tar.gz
-   $ cd openssl-x.x.x
-   $ ./config
-   [...]
-   $ make
-   [...]
-   $ make test
-   $ make install
-
- This will create a default install in /usr/local/ssl.
-
- Cygwin Notes:
-
- "make test" and normal file operations may fail in directories
- mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
- stripping of carriage returns. To avoid this ensure that a binary
- mount is used, e.g. mount -b c:\somewhere /home.
-
- "bc" is not provided in older Cygwin distribution.  This causes a
- non-fatal error in "make test" but is otherwise harmless.  If
- desired and needed, GNU bc can be built with Cygwin without change.
-
 
  Installation
  ------------
@@ -214,7 +225,7 @@
 	$ md c:\openssl\lib
 	$ md c:\openssl\include
 	$ md c:\openssl\include\openssl
-	$ copy /b inc32\*               c:\openssl\include\openssl
+	$ copy /b inc32\openssl\*       c:\openssl\include\openssl
 	$ copy /b out32dll\ssleay32.lib c:\openssl\lib
 	$ copy /b out32dll\libeay32.lib c:\openssl\lib
 	$ copy /b out32dll\ssleay32.dll c:\openssl\bin

LICENSE

@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

Makefile.org

@@ -78,7 +78,7 @@ MAKEDEPPROG=makedepend
 # gcc, then the driver will automatically translate it to -xarch=v8plus
 # and pass it down to assembler.
 AS=$(CC) -c
-ASFLAGS=$(CFLAG)
+ASFLAG=$(CFLAG)
 
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -167,15 +167,20 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 
 # KRB5 stuff
 KRB5_INCLUDES=
+LIBKRB5=
 
-DIRS=   crypto ssl engines apps test tools
+# When we're prepared to use shared libraries in the programs we link here
+# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
+SHLIB_MARK=
+
+DIRS=   crypto ssl $(SHLIB_MARK) apps test tools
 SHLIBDIRS= crypto ssl
 
 # dirs in crypto to build
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa dh ecdh dso engine aes \
+	bn ec rsa dsa dh dso engine aes \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
 
@@ -184,12 +189,12 @@ SDIRS=  \
 TESTS = alltests
 
 MAKEFILE= Makefile.ssl
-NEWMAKE=  make
-MAKE=     $(NEWMAKE) -f Makefile.ssl
+MAKE=     make -f Makefile.ssl
 
 MANDIR=$(OPENSSLDIR)/man
 MAN1=1
 MAN3=3
+MANSUFFIX=
 SHELL=/bin/sh
 
 TOP=    .
@@ -211,33 +216,21 @@ WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
 
-all: Makefile.ssl build_all openssl.pc
+# When we're prepared to use shared libraries in the programs we link here
+# we might remove 'clean-shared' from the targets to perform at this stage
 
-BUILD_CMD=if echo " $(DIRS) " | grep " $$i " >/dev/null 2>/dev/null; then \
+all: Makefile.ssl sub_all openssl.pc
+
+sub_all:
+	@for i in $(DIRS); \
+	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
-	fi; fi
-
-sub_all: build_all
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_crypto build_ssl build_engines
-
-build_crypto:
-	@i=crypto; $(BUILD_CMD)
-build_ssl:
-	@i=ssl; $(BUILD_CMD)
-build_engines:
-	@i=engines; $(BUILD_CMD)
-build_apps:
-	@i=apps; $(BUILD_CMD)
-build_tests:
-	@i=test; $(BUILD_CMD)
-build_tools:
-	@i=tools; $(BUILD_CMD)
+	fi; \
+	done;
 
 libcrypto$(SHLIB_EXT): libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
@@ -263,31 +256,323 @@ clean-shared:
 		fi; \
 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then \
-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+			( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
 		fi; \
 	done
 
 link-shared:
-	@ for i in ${SHLIBDIRS}; do \
-		$(NEWMAKE) -f $(HERE)/Makefile.shared \
-			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
-			symlink.$(SHLIB_TARGET); \
-		libs="$$libs -l$$i"; \
+	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+		for i in $(SHLIBDIRS); do \
+			prev=lib$$i$(SHLIB_EXT); \
+			for j in $${tmp:-x}; do \
+				( set -x; \
+				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
+				prev=lib$$i$$j; \
+			done; \
+		done; \
+	fi
+
+build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
+
+do_bsd-gcc-shared: do_gnu-shared
+do_linux-shared: do_gnu-shared
+do_gnu-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; ${CC} ${SHARED_LDFLAGS} \
+		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-Wl,-Bsymbolic \
+		-Wl,--whole-archive lib$$i.a \
+		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+	libs="-l$$i $$libs"; \
 	done
 
-build-shared: do_$(SHLIB_TARGET) link-shared
+DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
 
-do_$(SHLIB_TARGET):
-	@ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		$(NEWMAKE) -f Makefile.shared \
-			CC="$(CC)" LDFLAGS="$(LDFLAGS)" \
-			SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \
-			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
-			LIBDEPS="$$libs $(EX_LIBS)" \
-			link_a.$(SHLIB_TARGET); \
-		libs="$$libs -l$$i"; \
+# For Darwin AKA Mac OS/X (dyld)
+do_darwin-shared: 
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+	libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
+	echo "" ; \
+	done
+
+do_cygwin-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+		-Wl,-Bsymbolic \
+		-Wl,--whole-archive lib$$i.a \
+		-Wl,--out-implib,lib$$i.dll.a \
+		-Wl,--no-whole-archive $$libs ) || exit 1; \
+	libs="-l$$i $$libs"; \
+	done
+
+# This assumes that GNU utilities are *not* used
+do_alpha-osf1-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -o lib$$i.so \
+			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
+# option passed to the linker.
+do_tru64-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -msym -o lib$$i.so \
+			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+# The difference between tru64-shared and tru64-shared-rpath is the
+# -rpath ${INSTALLTOP}/lib passed to the linker.
+do_tru64-shared-rpath:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -msym -o lib$$i.so \
+			-rpath  ${INSTALLTOP}/lib \
+			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+
+# This assumes that GNU utilities are *not* used
+do_solaris-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  MINUSZ='-z '; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+		  set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
+			-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+			$$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# OpenServer 5 native compilers used
+do_svr3-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  find . -name "*.o" -print > allobjs ; \
+		  OBJS= ; export OBJS ; \
+		  for obj in `ar t lib$$i.a` ; do \
+		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
+		  done ; \
+		  set -x; ${CC} ${SHARED_LDFLAGS} \
+			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# UnixWare 7 and OpenUNIX 8 native compilers used
+do_svr5-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  SHARE_FLAG='-G'; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+		  find . -name "*.o" -print > allobjs ; \
+		  OBJS= ; export OBJS ; \
+		  for obj in `ar t lib$$i.a` ; do \
+		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
+		  done ; \
+		  set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
+			${CC} ${SHARED_LDFLAGS} \
+			$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+do_irix-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+		libs="-l$$i $$libs"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+# The object modules are loaded from lib$i.a using the undocumented -Fl
+# option.
+#
+# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
+#          by temporarily specifying "+s"!
+#
+do_hpux-shared:
+	for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+ 		+vnocompatwarnings \
+		-b -z +s \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-Fl lib$$i.a -ldld -lc ) || exit 1; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	done
+
+# This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+#
+# HP-UX in 64bit mode has "+s" enabled by default; it will search for
+# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
+#
+do_hpux64-shared:
+	for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+ 		-b -z \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+forceload lib$$i.a -ldl -lc ) || exit 1; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	done
+
+# The following method is said to work on all platforms.  Tests will
+# determine if that's how it's gong to be used.
+# This assumes that for all but GNU systems, GNU utilities are *not* used.
+# ALLSYMSFLAGS would be:
+#  GNU systems: --whole-archive
+#  Tru64 Unix:  -all
+#  Solaris:     -z allextract
+#  Irix:        -all
+#  HP/UX-32bit: -Fl
+#  HP/UX-64bit: +forceload
+#  AIX:		-bnogc
+# SHAREDFLAGS would be:
+#  GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  Tru64 Unix:  -shared \
+#		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
+#  Solaris:     -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  Irix:        -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  HP/UX-32bit: +vnocompatwarnings -b -z +s \
+#		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  AIX:		-G -bE:lib$$i.exp -bM:SRE
+# SHAREDCMD would be:
+#  GNU systems: $(CC)
+#  Tru64 Unix:  $(CC)
+#  Solaris:     $(CC)
+#  Irix:        $(CC)
+#  HP/UX-32bit: /usr/ccs/bin/ld
+#  HP/UX-64bit: /usr/ccs/bin/ld
+#  AIX:		$(CC)
+ALLSYMSFLAG=-bnogc
+SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
+SHAREDCMD=$(CC)
+do_aix-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	( set -x; \
+	  ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
+	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+	    $(SHAREDCMD) $(SHAREDFLAGS) \
+		-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
+		$$libs ${EX_LIBS} ) ) \
+	|| exit 1; \
+	libs="-l$$i $$libs"; \
+	done
+
+do_reliantunix-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+		libs="$(LIBKRB5) $$libs"; \
+	fi; \
+	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+	( set -x; \
+	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+	    cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
+	    ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+	  ) || exit 1; \
+	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+	) || exit 1; \
+	rm -rf $$tmpdir ; \
+	libs="-l$$i $$libs"; \
 	done
 
 openssl.pc: Makefile.ssl
@@ -300,7 +585,7 @@ openssl.pc: Makefile.ssl
 	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
 	    echo 'Version: '$(VERSION); \
 	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
 
 Makefile.ssl: Makefile.org
@@ -309,10 +594,10 @@ Makefile.ssl: Makefile.org
 	@false
 
 libclean:
-	rm -f *.so *.so.* engines/*.so *.a */lib */*/lib
+	rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
 
-clean:
-	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
+clean:	libclean
+	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
 	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
@@ -322,7 +607,7 @@ clean:
 	fi; \
 	done;
 	rm -f openssl.pc
-	rm -f *.a *.o speed.* *.map *.so .pure core
+	rm -f speed.* .pure
 	rm -f $(TARFILE)
 	@for i in $(ONEDIRS) ;\
 	do \
@@ -372,7 +657,10 @@ rehash: rehash.time
 rehash.time: certs
 	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
 		export OPENSSL OPENSSL_DEBUG_MEMORY; \
-		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
+		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
+		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
+		LIBPATH="`pwd`:$$LIBPATH"; \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		$(PERL) tools/c_rehash certs)
@@ -383,10 +671,13 @@ test:   tests
 tests: rehash
 	@(cd test && echo "testing..." && \
 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
-	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
-		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
-		apps/openssl version -a
+	@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
+	DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
+	SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
+	LIBPATH="`pwd`:$$LIBPATH"; \
+	if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+	export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+	apps/openssl version -a
 
 report:
 	@$(PERL) util/selftest.pl
@@ -420,7 +711,7 @@ tags:
 
 errors:
 	$(PERL) util/mkerr.pl -recurse -write
-	(cd engines; $(MAKE) PERL=$(PERL) errors)
+	(cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
 
 stacks:
 	$(PERL) util/mkstack.pl -write
@@ -482,7 +773,6 @@ install: all install_docs
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/engines \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
@@ -496,7 +786,7 @@ install: all install_docs
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i; echo "installing $$i..."; \
-		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' install ); \
+		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
 	fi; \
 	done
 	@for i in $(LIBS) ;\
@@ -520,7 +810,7 @@ install: all install_docs
 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
-					c=`echo $$i | sed 's/^lib/cyg/'`; \
+					c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
@@ -532,7 +822,8 @@ install: all install_docs
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			$(NEWMAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+			set $(MAKE); \
+			$$1 -f $$here/Makefile link-shared ); \
 		if [ "$(INSTALLTOP)" != "/usr" ]; then \
 			echo 'OpenSSL shared libraries have been installed in:'; \
 			echo '  $(INSTALLTOP)'; \
@@ -541,6 +832,7 @@ install: all install_docs
 		fi; \
 	fi
 	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 
 install_docs:
 	@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -557,33 +849,33 @@ install_docs:
 	for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
-		echo "installing man$$sec/$$fn.$$sec"; \
+		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
 		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
 			grep -v $$filecase "^$$fn\$$" | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
-				$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
+				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
 			 done); \
 	done; \
 	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
-		echo "installing man$$sec/$$fn.$$sec"; \
+		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
 		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
 			grep -v $$filecase "^$$fn\$$" | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
-				$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
+				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
 			 done); \
 	done
 

Makefile.shared

@@ -1,587 +0,0 @@
-#
-# Helper makefile to link shared libraries in a portable way.
-# This is much simpler than libtool, and hopefully not too error-prone.
-#
-# The following variables need to be set on the command line to build
-# properly
-
-# CC contains the current compiler.  This one MUST be defined
-CC=cc
-# LDFLAGS contains flags to be used when the temporary object file is
-# created.  SHARED_LDFLAGS contains flags to be used when the shared
-# library is created.
-LDFLAGS=
-SHARED_LDFLAGS=
-
-# LIBNAME contains just the name of thhe library, without prefix ("lib"
-# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
-# .dll, ...).  This one MUST have a value when using this makefile.
-# For example, to build libfoo.so, you need to do the following:
-#LIBNAME=foo
-LIBNAME=
-
-# LIBEXTRAS contains extra modules to link together with the library.
-# For example, if a second library, say libbar.a needs to be linked into
-# libfoo.so, you need to do the following:
-#LIBEXTRAS=libbar.a
-# Note that this MUST be used when using the link_o targets, to hold the
-# names of all object files that go into the target library.
-LIBEXTRAS=
-
-# LIBVERSION contains the current version of the library.
-# For example, to build libfoo.so.1.2, you need to do the following:
-#LIBVERSION=1.2
-LIBVERSION=
-
-# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
-# the library.  They MUST be in decreasing order.
-# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
-# and libfoo.so.1, you need to do the following:
-#LIBCOMPATVERSIONS=1.2 1
-# Note that on systems that use sonames, the last number will appear as
-# part of it.
-# It's also possible, for systems that support it (Tru64, for example),
-# to add extra compatibility info with more precision, by adding a second
-# list of versions, separated from the first with a semicolon, like this:
-#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
-LIBCOMPATVERSIONS=
-
-# LIBDEPS contains all the flags necessary to cover all necessary
-# dependencies to other libraries.
-LIBDEPS=
-
-#------------------------------------------------------------------------------
-# The rest is private to this makefile.
-
-#DEBUG=:
-DEBUG=set -x
-
-top:
-	echo "Trying to use this makefile interactively?  Don't."
-
-CALC_VERSIONS=	\
-	SHLIB_COMPAT=; SHLIB_SOVER=; \
-	if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
-		prev=""; \
-		for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
-			SHLIB_SOVER_NODOT=$$v; \
-			SHLIB_SOVER=.$$v; \
-			if [ -n "$$prev" ]; then \
-				SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
-			fi; \
-			prev=$$v; \
-		done; \
-	fi
-
-LINK_SO=	\
-  ( $(DEBUG); \
-    nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
-    $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \
-  $(SYMLINK_SO); ( $(DEBUG); rm -f lib$(LIBNAME).exp )
-SYMLINK_SO=	\
-	if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
-		prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
-		if [ -n "$$SHLIB_COMPAT" ]; then \
-			for x in $$SHLIB_COMPAT; do \
-				( $(DEBUG); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
-				  ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
-				prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
-			done; \
-		fi; \
-		if [ -n "$$SHLIB_SOVER" ]; then \
-			( $(DEBUG); rm -f $$SHLIB$$SHLIB_SUFFIX; \
-			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
-		fi; \
-	fi
-
-LINK_SO_A=	SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
-LINK_SO_O=	SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
-LINK_SO_A_VIA_O=	\
-  SHOBJECTS=lib$(LIBNAME).o; \
-  ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
-  ( $(DEBUG); \
-    ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
-  $(LINK_SO) && rm -f $(LIBNAME).o
-LINK_SO_A_UNPACKED=	\
-  UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
-  (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && cp $(LIBEXTRAS) $$UNPACKDIR && \
-  SHOBJECTS=$$UNPACKDIR/*.o; \
-  $(LINK_SO) && rm -rf $$UNPACKDIR
-
-DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
-
-DO_GNU=$(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-Wl,--whole-archive'; \
-	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-	SHAREDCMD='$(CC)'
-
-link_o.gnu:
-	@ $(DO_GNU); $(LINK_SO_O)
-link_a.gnu:
-	@ $(DO_GNU); $(LINK_SO_A)
-
-# For Darwin AKA Mac OS/X (dyld)
-link_o.darwin:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.dylib; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-all_load'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="-dynamiclib"; \
-	SHAREDCMD='$(CC)'; \
-	if [ -n "$(LIBVERSION)" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
-	fi; \
-	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
-	fi; \
-	$(LINK_SO_O)
-link_a.darwin:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.dylib; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-all_load'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="-dynamiclib"; \
-	SHAREDCMD='$(CC)'; \
-	if [ -n "$(LIBVERSION)" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
-	fi; \
-	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
-		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
-	fi; \
-	$(LINK_SO_A)
-
-link_o.cygwin:
-	@ $(CALC_VERSIONS); \
-	INHIBIT_SYMLINKS=yes; \
-	SHLIB=cyg$(LIBNAME); \
-	SHLIB_SUFFIX=.dll; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	SHLIB_SOVER=-$(LIBVERSION); \
-	ALLSYMSFLAGS='-Wl,--whole-archive'; \
-	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
-	SHAREDCMD='${CC}'; \
-	$(LINK_SO_O)
-link_a.cygwin:
-	@ $(CALC_VERSIONS); \
-	INHIBIT_SYMLINKS=yes; \
-	SHLIB=cyg$(LIBNAME); \
-	SHLIB_SUFFIX=.dll; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	SHLIB_SOVER=; \
-	ALLSYMSFLAGS='-Wl,--whole-archive'; \
-	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
-	SHAREDCMD='${CC}'; \
-	$(LINK_SO_A)
-
-link_o.alpha-osf1:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_O)
-link_a.alpha-osf1:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_A)
-
-# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
-# option passed to the linker.
-link_o.tru64:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared -msym"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_O)
-link_a.tru64:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared -msym"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_A)
-
-# The difference between tru64-shared and tru64-shared-rpath is the
-# -rpath ${LIBRPATH} passed to the linker.
-link_o.tru64-rpath:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_O)
-link_a.tru64-rpath:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
-		else \
-			SHLIB_HIST="$(LIBVERSION)"; \
-		fi; \
-		SHLIB_SOVER=; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
-		SHAREDCMD='$(CC)'; \
-		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
-		fi; \
-	fi; \
-	$(LINK_SO_A)
-
-link_o.solaris:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		$(CALC_VERSIONS); \
-		MINUSZ='-z '; \
-		(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS="$${MINUSZ}allextract"; \
-		NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
-		SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_O)
-link_a.solaris:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		$(CALC_VERSIONS); \
-		MINUSZ='-z '; \
-		(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=;\
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS="$${MINUSZ}allextract"; \
-		NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
-		SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_A)
-
-# OpenServer 5 native compilers used
-# UnixWare 7 and OpenUNIX 8 native compilers used
-link_o.svr3:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS='-z allextract'; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_O)
-link_a.svr3:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS='-z allextract'; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_A_UNPACKED)
-
-link_o.irix:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_O)
-link_a.irix:
-	@ if ${DETECT_GNU_LD}; then \
-		$(DO_GNU); \
-	else \
-		$(CALC_VERSIONS); \
-		SHLIB=lib$(LIBNAME).so; \
-		SHLIB_SUFFIX=; \
-		LIBDEPS="$(LIBDEPS) -lc"; \
-		ALLSYMSFLAGS='-all'; \
-		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-		SHAREDCMD='$(CC)'; \
-	fi; \
-	$(LINK_SO_A)
-
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-# The object modules are loaded from lib$i.a using the undocumented -Fl
-# option.
-#
-# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
-#          by temporarily specifying "+s"!
-#
-link_o.hpux32:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-Fl'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-	SHAREDCMD='/usr/ccs/bin/ld'; \
-	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_a.hpux32:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-Fl'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-	SHAREDCMD='/usr/ccs/bin/ld'; \
-	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-#
-# HP-UX in 64bit mode has "+s" enabled by default; it will search for
-# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
-#
-link_o.hpux64:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='+forceload'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-	SHAREDCMD='/usr/ccs/bin/ld'; \
-	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_a.hpux64:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='+forceload'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-	SHAREDCMD='/usr/ccs/bin/ld'; \
-	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-
-link_o.aix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-bnogc'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE'; \
-	SHAREDCMD='$(CC)'; \
-	$(LINK_SO_O)
-link_a.aix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS='-bnogc'; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE'; \
-	SHAREDCMD='$(CC)'; \
-	$(LINK_SO_A_VIA_O)
-
-link_o.reliantunix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS=; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='-G'; \
-	SHAREDCMD='$(CC)'; \
-	$(LINK_SO_O)
-link_a.reliantunix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	SHLIB_SUFFIX=; \
-	LIBDEPS="$(LIBDEPS) -lc"; \
-	ALLSYMSFLAGS=; \
-	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='-G'; \
-	SHAREDCMD='$(CC)'; \
-	$(LINK_SO_A_UNPACKED)
-
-# Targets to build symbolic links when needed
-symlink.gnu symlink.solaris symlink.svr3 symlink.irix \
-symlink.aix symlink.reliantunix:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).so; \
-	$(SYMLINK_SO)
-symlink.darwin:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.dylib; \
-	$(SYMLINK_SO)
-symlink.hpux32 symlink.hpux64:
-	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME).sl; \
-	$(SYMLINK_SO)
-# The following lines means those specific architectures do no symlinks
-symlink.cygwin symlib.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
-
-# Compatibility targets
-link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
-link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
-symlink.bsd-gcc-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
-link_o.darwin-shared: link_o.darwin
-link_a.darwin-shared: link_a.darwin
-symlink.darwin-shared: symlink.darwin
-link_o.cygwin-shared: link_o.cygwin
-link_a.cygwin-shared: link_a.cygwin
-symlink.cygwin-shared: symlink.cygwin
-link_o.alpha-osf1-shared: link_o.alpha-osf1
-link_a.alpha-osf1-shared: link_a.alpha-osf1
-symlink.alpha-osf1-shared: symlink.alpha-osf1
-link_o.tru64-shared: link_o.tru64
-link_a.tru64-shared: link_a.tru64
-symlink.tru64-shared: symlink.tru64
-link_o.tru64-shared-rpath: link_o.tru64-rpath
-link_a.tru64-shared-rpath: link_a.tru64-rpath
-symlink.tru64-shared-rpath: symlink.tru64-rpath
-link_o.solaris-shared: link_o.solaris
-link_a.solaris-shared: link_a.solaris
-symlink.solaris-shared: symlink.solaris
-link_o.svr3-shared: link_o.svr3
-link_a.svr3-shared: link_a.svr3
-symlink.svr3-shared: symlink.svr3
-link_o.svr5-shared: link_o.svr3
-link_a.svr5-shared: link_a.svr3
-symlink.svr5-shared: symlink.svr3
-link_o.irix-shared: link_o.irix
-link_a.irix-shared: link_a.irix
-symlink.irix-shared: symlink.irix
-link_o.hpux-shared: link_o.hpux32
-link_a.hpux-shared: link_a.hpux32
-symlink.hpux-shared: symlink.hpux32
-link_o.hpux64-shared: link_o.hpux64
-link_a.hpux64-shared: link_a.hpux64
-symlink.hpux64-shared: symlink.hpux64
-link_o.aix-shared: link_o.aix
-link_a.aix-shared: link_a.aix
-symlink.aix-shared: symlink.aix
-link_o.reliantunix-shared: link_o.reliantunix
-link_a.reliantunix-shared: link_a.reliantunix
-symlink.reliantunix-shared: symlink.reliantunix

NEWS

@@ -5,6 +5,35 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
+
+      o Security: fix various ASN1 parsing bugs.
+      o New -ignore_err option to OCSP utility.
+      o Various interop and bug fixes in S/MIME code.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack 
+      o Security: make RSA blinding default.
+      o Configuration: Irix fixes, AIX fixes, better mingw support.
+      o Support for new platforms: linux-ia64-ecc.
+      o Build: shared library support fixes.
+      o ASN.1: treat domainComponent correctly.
+      o Documentation: fixes and additions.
+
+  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
+
+      o Security: Important security related bugfixes.
+      o Enhanced compatibility with MIT Kerberos.
+      o Can be built without the ENGINE framework.
+      o IA32 assembler enhancements.
+      o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
+      o Configuration: the no-err option now works properly.
+      o SSL/TLS: now handles manual certificate chain building.
+      o SSL/TLS: certain session ID malfunctions corrected.
+
   Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
 
       o New library section OCSP.
@@ -18,11 +47,14 @@
       o New elliptic curve library section.
       o New AES (Rijndael) library section.
       o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
-        Linux x86_64
+        Linux x86_64, Linux 64-bit on Sparc v9
       o Extended support for some platforms: VxWorks
       o Enhanced support for shared libraries.
+      o Now only builds PIC code when shared library support is requested.
       o Support for pkg-config.
       o Lots of new manuals.
+      o Makes symbolic links to or copies of manuals to cover all described
+        functions.
       o Change DES API to clean up the namespace (some applications link also
         against libdes providing similar functions having the same name).
         Provide macros for backward compatibility (will be removed in the
@@ -48,6 +80,22 @@
       o SSL/TLS: add callback to retrieve SSL/TLS messages.
       o SSL/TLS: support AES cipher suites (RFC3268).
 
+  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
+
+      o Security: fix various ASN1 parsing bugs.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack 
+      o Security: make RSA blinding default.
+      o Build: shared library support fixes.
+
+  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
+
+      o Important security related bugfixes.
+
   Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
 
       o New configuration targets for Tandem OSS and A/UX.

PROBLEMS

@@ -89,3 +89,43 @@ failures in other parts of the code.
 (See Ticket #426.)
 
 Workaround: modify the target to +O2 when building with no-asm.
+
+* Poor support for AIX shared builds.
+
+do_aix-shared rule is not flexible enough to parameterize through a
+config-line. './Configure aix43-cc shared' is working, but not
+'./Configure aix64-gcc shared'. In latter case make fails to create shared
+libraries. It's possible to build 64-bit shared libraries by running
+'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
+supporting even gcc shared builds. See RT#463 for background information.
+
+* Problems building shared libraries on SCO OpenServer Release 5.0.6
+  with gcc 2.95.3
+
+The symptoms appear when running the test suite, more specifically
+test/ectest, with the following result:
+
+OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
+ectest.c:186: ABORT
+
+The cause of the problem seems to be that isxdigit(), called from
+BN_hex2bn(), returns 0 on a perfectly legitimate hex digit.  Further
+investigation shows that any of the isxxx() macros return 0 on any
+input.  A direct look in the information array that the isxxx() use,
+called __ctype, shows that it contains all zeroes...
+
+Taking a look at the newly created libcrypto.so with nm, one can see
+that the variable __ctype is defined in libcrypto's .bss (which
+explains why it is filled with zeroes):
+
+$ nm -Pg libcrypto.so | grep __ctype
+__ctype B 0011659c
+__ctype2 U         
+
+Curiously, __ctype2 is undefined, in spite of being declared in
+/usr/include/ctype.h in exactly the same way as __ctype.
+
+Any information helping to solve this issue would be deeply
+appreciated.
+
+NOTE: building non-shared doesn't come with this problem.

README

@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.8-dev XX xxx XXXX
+ OpenSSL 0.9.7c 30 Sep 2003
 
- Copyright (c) 1998-2002 The OpenSSL Project
+ Copyright (c) 1998-2003 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
@@ -14,13 +14,13 @@
  protocols as well as a full-strength general purpose cryptography library.
  The project is managed by a worldwide community of volunteers that use the
  Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation.
+ related documentation. 
 
  OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
  and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
  OpenSSL license plus the SSLeay license) situation, which basically means
  that you are free to get and use it for commercial and non-commercial
- purposes as long as you fulfill the conditions of both licenses.
+ purposes as long as you fulfill the conditions of both licenses. 
 
  OVERVIEW
  --------
@@ -53,11 +53,11 @@
         MDC2 message digest. A DES based hash that is popular on smart cards.
 
      Public Key
-        RSA encryption/decryption/generation.
+        RSA encryption/decryption/generation.  
             There is no limit on the number of bits.
-        DSA encryption/decryption/generation.
+        DSA encryption/decryption/generation.   
             There is no limit on the number of bits.
-        Diffie-Hellman key-exchange/key generation.
+        Diffie-Hellman key-exchange/key generation.  
             There is no limit on the number of bits.
 
      X.509v3 certificates
@@ -154,7 +154,7 @@
     - Stack Traceback (if the application dumps core)
 
  Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/rt2.html) by mail to:
+ (http://www.openssl.org/support/rt2.html) by mail to:
 
     openssl-bugs@openssl.org
 
@@ -185,4 +185,3 @@
  # ./Configure dist; make clean
  # cd ..
  # diff -ur openssl-orig openssl-work > mydiffs.patch
-

STATUS

@@ -1,11 +1,17 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/12/30 23:56:09 $
+  ______________                           $Date: 2003/09/30 12:08:19 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7c: Released on September 30th, 2003
+    o  OpenSSL 0.9.7b: Released on April     10th, 2003
+    o  OpenSSL 0.9.7a: Released on February  19th, 2003
     o  OpenSSL 0.9.7:  Released on December  31st, 2002
+    o  OpenSSL 0.9.6k: Released on September 30th, 2003
+    o  OpenSSL 0.9.6j: Released on April     10th, 2003
+    o  OpenSSL 0.9.6i: Released on February  19th, 2003
     o  OpenSSL 0.9.6h: Released on December   5th, 2002
     o  OpenSSL 0.9.6g: Released on August     9th, 2002
     o  OpenSSL 0.9.6f: Released on August     8th, 2002
@@ -27,17 +33,7 @@
 
   RELEASE SHOWSTOPPERS
 
-    o [2002-11-21]
-      PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may
-      be optimized away in modern compilers.  This is definitely not good
-      and needs to be fixed immediately.  The formula to use is presented
-      in:
-
-      http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0
-
-      The problem report that mentions this is:
-
-      https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343
+    o 
 
   AVAILABLE PATCHES
 
@@ -62,17 +58,9 @@
 	Shared library support for VMS.
 	Kerberos 5 authentication (Heimdal)
 	Constification
-	Compression
-	Attribute Certificate support
-	Certificate Pair support
-	Storage Engines (primarly an LDAP storage engine)
-	Certificate chain validation with full RFC 3280 compatibility
 
   NEEDS PATCH
 
-    o  0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not
-       handle ECCdraft cipher suites correctly.
-
     o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
 
     o  "OpenSSL STATUS" is never up-to-date.

TABLE

@@ -32,7 +32,7 @@ $unistd       =
 $thread_cflag = 
 $sys_id       = WIN32
 $lflags       = 
-$bn_ops       = BN_LLONG DES_PTR RC4_INDEX
+$bn_ops       = BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -225,6 +225,56 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
+*** FreeBSD-ia64
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
+$bn_obj       = asm/ia64-cpp.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** FreeBSD-sparc64
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
 *** MPE/iX-gcc
 $cc           = gcc
 $cflags       = -D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB
@@ -250,31 +300,6 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
-*** Mingw32
-$cc           = gcc
-$cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
-$unistd       = 
-$thread_cflag = 
-$sys_id       = 
-$lflags       = 
-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = win32
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** NetBSD-m68
 $cc           = gcc
 $cflags       = -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
@@ -683,15 +708,15 @@ $thread_cflag = -Kthread
 $sys_id       = 
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= svr5-shared
 $shared_cflag = -Kpic
@@ -708,15 +733,15 @@ $thread_cflag = -pthread
 $sys_id       = 
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= svr5-shared
 $shared_cflag = -fPIC
@@ -725,56 +750,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
-*** OpenUNIX-8-pentium
-$cc           = cc
-$cflags       = -O -DFILIO_H -Kalloca -Kpentium
-$unistd       = 
-$thread_cflag = -Kthread
-$sys_id       = 
-$lflags       = -lsocket -lnsl
-$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= svr5-shared
-$shared_cflag = -Kpic
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
-*** OpenUNIX-8-pentium_pro
-$cc           = cc
-$cflags       = -O -DFILIO_H -Kalloca -Kpentium_pro
-$unistd       = 
-$thread_cflag = -Kthread
-$sys_id       = 
-$lflags       = -lsocket -lnsl
-$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= svr5-shared
-$shared_cflag = -Kpic
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** ReliantUNIX
 $cc           = cc
 $cflags       = -KPIC -g -DTERMIOS -DB_ENDIAN
@@ -1118,10 +1093,10 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
-$shared_target= 
+$shared_target= aix-shared
 $shared_cflag = 
 $shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -1168,10 +1143,10 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
-$shared_target= 
+$shared_target= aix-shared
 $shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
+$shared_ldflag = -q64
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = -X 64
 
@@ -2302,7 +2277,7 @@ $arflags      =
 
 *** hpux-ia64-cc
 $cc           = cc
-$cflags       = -Ae +DD32 +O3 +ESlit -z -DB_ENDIAN
+$cflags       = -Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2352,7 +2327,7 @@ $arflags      =
 
 *** hpux-parisc-cc
 $cc           = cc
-$cflags       = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+$cflags       = +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2427,7 +2402,7 @@ $arflags      =
 
 *** hpux-parisc1_1-cc
 $cc           = cc
-$cflags       = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$cflags       = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2452,7 +2427,7 @@ $arflags      =
 
 *** hpux-parisc2-cc
 $cc           = cc
-$cflags       = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$cflags       = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2577,7 +2552,7 @@ $arflags      =
 
 *** hpux64-ia64-cc
 $cc           = cc
-$cflags       = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN
+$cflags       = -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2652,7 +2627,7 @@ $arflags      =
 
 *** hpux64-parisc2-cc
 $cc           = cc
-$cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$cflags       = +DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2752,7 +2727,7 @@ $arflags      =
 
 *** irix-mips3-cc
 $cc           = cc
-$cflags       = -n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$cflags       = -n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
@@ -3050,6 +3025,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
+*** linux-ia64-ecc
+$cc           = ecc
+$cflags       = -DL_ENDIAN -DTERMIO -O2 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
+$bn_obj       = asm/ia64.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
 *** linux-k6
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall
@@ -3104,10 +3104,10 @@ $arflags      =
 $cc           = gcc
 $cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
-$thread_cflag = (unknown)
+$thread_cflag = -D_REENTRANT
 $sys_id       = 
-$lflags       = 
-$bn_ops       = BN_LLONG
+$lflags       = -ldl
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -3117,11 +3117,11 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -3129,10 +3129,10 @@ $arflags      =
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
-$thread_cflag = (unknown)
+$thread_cflag = -D_REENTRANT
 $sys_id       = 
-$lflags       = 
-$bn_ops       = BN_LLONG
+$lflags       = -ldl
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -3142,11 +3142,11 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -3425,13 +3425,38 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
+*** mingw
+$cc           = gcc
+$cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = MINGW32
+$lflags       = -mno-cygwin -lwsock32 -lgdi32
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .dll
+$ranlib       = 
+$arflags      = 
+
 *** ncr-scde
 $cc           = cc
 $cflags       = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
-$lflags       = -lsocket -lnsl
+$lflags       = -lsocket -lnsl -lc89
 $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = 
 $des_obj      = 
@@ -3656,47 +3681,22 @@ $cflags       = -belf
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
-$lflags       = -lsocket -lresolv -lnsl
+$lflags       = -lsocket -lnsl
 $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= svr3-shared
 $shared_cflag = -Kpic
 $shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
-*** sco5-cc-pentium
-$cc           = cc
-$cflags       = -Kpentium
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = 
-$lflags       = -lsocket
-$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -3706,7 +3706,7 @@ $cflags       = -O3 -fomit-frame-pointer
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
-$lflags       = -lsocket -lresolv -lnsl
+$lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
 $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
@@ -3721,7 +3721,7 @@ $dso_scheme   = dlfcn
 $shared_target= svr3-shared
 $shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -3958,15 +3958,15 @@ $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = asm/bn86-sol.o asm/co86-sol.o
-$des_obj      = asm/dx86-sol.o asm/yx86-sol.o
-$bf_obj       = asm/bx86-sol.o
-$md5_obj      = asm/mx86-sol.o
-$sha1_obj     = asm/sx86-sol.o
-$cast_obj     = asm/cx86-sol.o
-$rc4_obj      = asm/rx86-sol.o
-$rmd160_obj   = asm/rm86-sol.o
-$rc5_obj      = asm/r586-sol.o
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
@@ -4175,31 +4175,6 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
-*** unixware-2.0-pentium
-$cc           = cc
-$cflags       = -DFILIO_H -DNO_STRINGS_H -Kpentium
-$unistd       = 
-$thread_cflag = -Kthread
-$sys_id       = 
-$lflags       = -lsocket -lnsl -lresolv -lx
-$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** unixware-2.1
 $cc           = cc
 $cflags       = -O -DFILIO_H
@@ -4225,56 +4200,6 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
-*** unixware-2.1-p6
-$cc           = cc
-$cflags       = -O -DFILIO_H -Kp6
-$unistd       = 
-$thread_cflag = -Kthread
-$sys_id       = 
-$lflags       = -lsocket -lnsl -lresolv -lx
-$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
-*** unixware-2.1-pentium
-$cc           = cc
-$cflags       = -O -DFILIO_H -Kpentium
-$unistd       = 
-$thread_cflag = -Kthread
-$sys_id       = 
-$lflags       = -lsocket -lnsl -lresolv -lx
-$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** unixware-7
 $cc           = cc
 $cflags       = -O -DFILIO_H -Kalloca
@@ -4283,15 +4208,15 @@ $thread_cflag = -Kthread
 $sys_id       = 
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= svr5-shared
 $shared_cflag = -Kpic
@@ -4308,15 +4233,15 @@ $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= gnu-shared
 $shared_cflag = -fPIC
@@ -4325,14 +4250,14 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
-*** unixware-7-pentium
-$cc           = cc
-$cflags       = -O -DFILIO_H -Kalloca -Kpentium
+*** vxworks-mipsle
+$cc           = ccmips
+$cflags       = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I$(WIND_BASE)/target/h
 $unistd       = 
-$thread_cflag = -Kthread
-$sys_id       = 
-$lflags       = -lsocket -lnsl
-$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$thread_cflag = 
+$sys_id       = VXWORKS
+$lflags       = -r
+$bn_ops       = 
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -4342,37 +4267,12 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= svr5-shared
-$shared_cflag = -Kpic
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
-*** unixware-7-pentium_pro
-$cc           = cc
-$cflags       = -O -DFILIO_H -Kalloca -Kpentium_pro
-$unistd       = 
-$thread_cflag = -Kthread
-$sys_id       = 
-$lflags       = -lsocket -lnsl
-$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= svr5-shared
-$shared_cflag = -Kpic
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
+$shared_extension = 
+$ranlib       = ranlibmips
 $arflags      = 
 
 *** vxworks-ppc405
@@ -4449,3 +4349,28 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 
 $arflags      = 
+
+*** vxworks-ppc860
+$cc           = ccppc
+$cflags       = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
+$unistd       = 
+$thread_cflag = 
+$sys_id       = VXWORKS
+$lflags       = -r
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 

VMS/mkshared.com

@@ -285,7 +285,6 @@ $       if alg_entry .eqs. "" then goto loop2
 $       if alg_entry .nes. ","
 $       then
 $         if alg_entry .eqs. "KRB5" then goto loop ! Special for now
-$	  if alg_entry .eqs. "STATIC_ENGINE" then goto loop ! Special for now
 $         if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
 $	  goto loop2
 $       endif

VMS/tcpip_shr_decc.opt

@@ -0,0 +1 @@
+sys$share:tcpip$ipc_shr.exe/share

apps/apps.c

@@ -122,7 +122,9 @@
 #include <openssl/pkcs12.h>
 #include <openssl/ui.h>
 #include <openssl/safestack.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 
 #ifdef OPENSSL_SYS_WINDOWS
 #define strcasecmp _stricmp
@@ -138,10 +140,6 @@
 #include "apps.h"
 #undef NON_MAIN
 
-#ifdef OPENSSL_SYS_WINDOWS
-#  include "bss_file.c"
-#endif
-
 typedef struct {
 	char *name;
 	unsigned long flag;
@@ -859,6 +857,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
+#ifndef OPENSSL_NO_ENGINE
 	if (format == FORMAT_ENGINE)
 		{
 		if (!e)
@@ -868,6 +867,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 				ui_method, &cb_data);
 		goto end;
 		}
+#endif
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -935,6 +935,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
+#ifndef OPENSSL_NO_ENGINE
 	if (format == FORMAT_ENGINE)
 		{
 		if (!e)
@@ -944,6 +945,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
 				ui_method, &cb_data);
 		goto end;
 		}
+#endif
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -1329,6 +1331,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
 	return NULL;
 }
 
+#ifndef OPENSSL_NO_ENGINE
 /* Try to load an engine in a shareable library */
 static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
 	{
@@ -1385,6 +1388,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
 		}
         return e;
         }
+#endif
 
 int load_config(BIO *err, CONF *cnf)
 	{

apps/apps.h

@@ -121,7 +121,9 @@
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
 #include <openssl/txt_db.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 #include <openssl/ossl_typ.h>
 
 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
@@ -179,30 +181,57 @@ extern BIO *bio_err;
 		do_pipe_sig()
 #  define apps_shutdown()
 #else
-#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
-   defined(OPENSSL_SYS_WIN32)
-#    ifdef _O_BINARY
-#      define apps_startup() \
-		do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
-		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+#  ifndef OPENSSL_NO_ENGINE
+#    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+     defined(OPENSSL_SYS_WIN32)
+#      ifdef _O_BINARY
+#        define apps_startup() \
+			do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+#      else
+#        define apps_startup() \
+			do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+#      endif
 #    else
 #      define apps_startup() \
-		do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
-		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+			do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+			ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+			setup_ui_method(); } while(0)
 #    endif
+#    define apps_shutdown() \
+			do { CONF_modules_unload(1); destroy_ui_method(); \
+			EVP_cleanup(); ENGINE_cleanup(); \
+			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+			ERR_free_strings(); } while(0)
 #  else
-#    define apps_startup() \
-		do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
-		ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
-		setup_ui_method(); } while(0)
+#    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+     defined(OPENSSL_SYS_WIN32)
+#      ifdef _O_BINARY
+#        define apps_startup() \
+			do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+			setup_ui_method(); } while(0)
+#      else
+#        define apps_startup() \
+			do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+			setup_ui_method(); } while(0)
+#      endif
+#    else
+#      define apps_startup() \
+			do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+			ERR_load_crypto_strings(); \
+			setup_ui_method(); } while(0)
+#    endif
+#    define apps_shutdown() \
+			do { CONF_modules_unload(1); destroy_ui_method(); \
+			EVP_cleanup(); \
+			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+			ERR_free_strings(); } while(0)
 #  endif
-#  define apps_shutdown() \
-		do { CONF_modules_unload(1); destroy_ui_method(); \
-		EVP_cleanup(); ENGINE_cleanup(); \
-		CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
-		ERR_free_strings(); } while(0)
 #endif
 
 typedef struct args_st
@@ -248,7 +277,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
 	const char *pass, ENGINE *e, const char *cert_descrip);
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
+#ifndef OPENSSL_NO_ENGINE
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
+#endif
 
 int load_config(BIO *err, CONF *cnf);
 char *make_config_name(void);

apps/asn1pars.c

@@ -82,8 +82,6 @@
 
 int MAIN(int, char **);
 
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
-
 int MAIN(int argc, char **argv)
 	{
 	int i,badops=0,offset=0,ret=1,j;
@@ -92,7 +90,6 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
 	int informat,indent=0, noout = 0, dump = 0;
 	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
-	char *genstr=NULL, *genconf=NULL;
 	unsigned char *tmpbuf;
 	BUF_MEM *buf=NULL;
 	STACK *osk=NULL;
@@ -170,16 +167,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			sk_push(osk,*(++argv));
 			}
-		else if (strcmp(*argv,"-genstr") == 0)
-			{
-			if (--argc < 1) goto bad;
-			genstr= *(++argv);
-			}
-		else if (strcmp(*argv,"-genconf") == 0)
-			{
-			if (--argc < 1) goto bad;
-			genconf= *(++argv);
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -208,8 +195,6 @@ bad:
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
-		BIO_printf(bio_err," -genstr str   string to generate ASN1 structure from\n");
-		BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
 		goto end;
 		}
 
@@ -263,39 +248,25 @@ bad:
 	if ((buf=BUF_MEM_new()) == NULL) goto end;
 	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
 
-	if (genstr || genconf)
+	if (informat == FORMAT_PEM)
 		{
-		num = do_generate(bio_err, genstr, genconf, buf);
-		if (num < 0)
-			{
-			ERR_print_errors(bio_err);
+		BIO *tmp;
+
+		if ((b64=BIO_new(BIO_f_base64())) == NULL)
 			goto end;
-			}
+		BIO_push(b64,in);
+		tmp=in;
+		in=b64;
+		b64=tmp;
 		}
 
-	else
+	num=0;
+	for (;;)
 		{
-
-		if (informat == FORMAT_PEM)
-			{
-			BIO *tmp;
-
-			if ((b64=BIO_new(BIO_f_base64())) == NULL)
-				goto end;
-			BIO_push(b64,in);
-			tmp=in;
-			in=b64;
-			b64=tmp;
-			}
-
-		num=0;
-		for (;;)
-			{
-			if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
-			i=BIO_read(in,&(buf->data[num]),BUFSIZ);
-			if (i <= 0) break;
-			num+=i;
-			}
+		if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
+		i=BIO_read(in,&(buf->data[num]),BUFSIZ);
+		if (i <= 0) break;
+		num+=i;
 		}
 	str=buf->data;
 
@@ -364,61 +335,3 @@ end:
 	OPENSSL_EXIT(ret);
 	}
 
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
-	{
-	CONF *cnf = NULL;
-	int len;
-	long errline;
-	unsigned char *p;
-	ASN1_TYPE *atyp = NULL;
-
-	if (genconf)
-		{
-		cnf = NCONF_new(NULL);
-		if (!NCONF_load(cnf, genconf, &errline))
-			goto conferr;
-		if (!genstr)
-			genstr = NCONF_get_string(cnf, "default", "asn1");
-		if (!genstr)
-			{
-			BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
-			goto err;
-			}
-		}
-
-	atyp = ASN1_generate_nconf(genstr, cnf);
-	NCONF_free(cnf);
-
-	if (!atyp)
-		return -1;
-
-	len = i2d_ASN1_TYPE(atyp, NULL);
-
-	if (len <= 0)
-		goto err;
-
-	if (!BUF_MEM_grow(buf,len))
-		goto err;
-
-	p=(unsigned char *)buf->data;
-
-	i2d_ASN1_TYPE(atyp, &p);
-
-	ASN1_TYPE_free(atyp);
-	return len;
-
-	conferr:
-
-	if (errline > 0)
-		BIO_printf(bio, "Error on line %ld of config file '%s'\n",
-							errline, genconf);
-	else
-		BIO_printf(bio, "Error loading config file '%s'\n", genconf);
-
-	err:
-	NCONF_free(cnf);
-	ASN1_TYPE_free(atyp);
-
-	return -1;
-
-	}

apps/ca.c

@@ -196,7 +196,9 @@ static char *ca_usage[]={
 " -extensions ..  - Extension section (override value in config file)\n",
 " -extfile file   - Configuration file with X509v3 extentions to add\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
+#ifndef OPENSSL_NO_ENGINE
 " -engine e       - use engine e, possibly a hardware device.\n",
+#endif
 " -status serial  - Shows certificate status given the serial number\n",
 " -updatedb       - Updates db for expired certificates\n",
 NULL
@@ -333,7 +335,9 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
+#endif
 	char *tofree=NULL;
 
 #ifdef EFENCE
@@ -537,11 +541,13 @@ EF_ALIGNMENT=0;
 			rev_arg = *(++argv);
 			rev_type = REV_CA_COMPROMISE;
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else
 			{
 bad:
@@ -562,7 +568,9 @@ bad:
 
 	ERR_load_crypto_strings();
 
+#ifndef OPENSSL_NO_ENGINE
 	e = setup_engine(bio_err, engine, 0);
+#endif
 
 	/*****************************************************************/
 	tofree=NULL;
@@ -1535,11 +1543,6 @@ bad:
 			if (pkey->type == EVP_PKEY_DSA) 
 				dgst=EVP_dss1();
 			else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey->type == EVP_PKEY_EC)
-				dgst=EVP_ecdsa();
-			else
 #endif
 				dgst=EVP_md5();
 			}
@@ -1604,6 +1607,10 @@ bad:
 				}
 			j=TXT_DB_write(out,db);
 			if (j <= 0) goto err;
+			BIO_free_all(out);
+			out = NULL;
+			BIO_free_all(in);
+			in = NULL;
 			strncpy(buf[1],dbfile,BSIZE-4);
 			buf[1][BSIZE-4]='\0';
 #ifndef OPENSSL_SYS_VMS
@@ -1611,10 +1618,6 @@ bad:
 #else
 			strcat(buf[1],"-old");
 #endif
-			BIO_free(in);
-			in = NULL;
-			BIO_free(out);
-			out = NULL;
 			if (rename(dbfile,buf[1]) < 0)
 				{
 				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
@@ -1641,7 +1644,8 @@ err:
 	BIO_free_all(out);
 	BIO_free_all(in);
 
-	sk_X509_pop_free(cert_sk,X509_free);
+	if (cert_sk)
+		sk_X509_pop_free(cert_sk,X509_free);
 
 	if (ret) ERR_print_errors(bio_err);
 	app_RAND_write_file(randfile, bio_err);
@@ -2189,7 +2193,7 @@ again2:
 
 #ifdef X509_V3
 	/* Make it an X509 v3 certificate. */
-	if (!X509_set_version(x509,2)) goto err;
+	if (!X509_set_version(ret,2)) goto err;
 #endif
 
 	if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
@@ -2324,16 +2328,6 @@ again2:
 		EVP_PKEY_copy_parameters(pktmp,pkey);
 	EVP_PKEY_free(pktmp);
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	if (pkey->type == EVP_PKEY_EC)
-		dgst = EVP_ecdsa();
-	pktmp = X509_get_pubkey(ret);
-	if (EVP_PKEY_missing_parameters(pktmp) &&
-		!EVP_PKEY_missing_parameters(pkey))
-		EVP_PKEY_copy_parameters(pktmp, pkey);
-	EVP_PKEY_free(pktmp);
-#endif
-
 
 	if (!X509_sign(ret,pkey,dgst))
 		goto err;
@@ -3079,16 +3073,16 @@ X509_NAME *do_subject(char *subject, long chtype)
 	int nid;
 
 	if (!buf || !ne_types || !ne_values)
-		{
+	{
 		BIO_printf(bio_err, "malloc error\n");
 		goto error;
-		}	
+	}
 
 	if (*subject != '/')
-		{
+	{
 		BIO_printf(bio_err, "Subject does not start with '/'.\n");
 		goto error;
-		}
+	}
 	sp++; /* skip leading / */
 
 	while (*sp)
@@ -3101,12 +3095,12 @@ X509_NAME *do_subject(char *subject, long chtype)
 				{
 				if (*++sp)
 					*bp++ = *sp++;
-				else	
+				else
 					{
 					BIO_printf(bio_err, "escape character at end of string\n");
 					goto error;
 					}
-				}	
+				}
 			else if (*sp == '=')
 				{
 				sp++;
@@ -3144,7 +3138,7 @@ X509_NAME *do_subject(char *subject, long chtype)
 			}
 		*bp++ = '\0';
 		ne_num++;
-		}	
+		}
 
 	if (!(n = X509_NAME_new()))
 		goto error;

apps/crl.c

@@ -81,6 +81,7 @@ static char *crl_usage[]={
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -hash           - print hash value\n",
+" -fingerprint    - print the crl fingerprint\n",
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
 " -nextupdate     - nextUpdate field\n",

apps/dgst.c

@@ -100,7 +100,9 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 
 	apps_startup();
 
@@ -166,11 +168,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			keyform=str2fmt(*(++argv));
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
@@ -208,7 +212,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
+#endif
 
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
@@ -228,7 +234,9 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());

apps/dh.c

@@ -87,12 +87,17 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
+#ifndef OPENSSL_NO_ENGINE
+	char *engine;
+#endif
 
 	apps_startup();
 
@@ -103,7 +108,9 @@ int MAIN(int argc, char **argv)
 	if (!load_config(bio_err, NULL))
 		goto end;
 
+#ifndef OPENSSL_NO_ENGINE
 	engine=NULL;
+#endif
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -134,11 +141,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -170,13 +179,17 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
+#endif
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());

apps/dhparam.c

@@ -148,7 +148,9 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 #ifndef OPENSSL_NO_DSA
@@ -157,7 +159,10 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL,*engine=NULL;
+	char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
+	char *engine=NULL;
+#endif
 	int num = 0, g = 0;
 
 	apps_startup();
@@ -199,11 +204,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -249,7 +256,9 @@ bad:
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
+#endif
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
@@ -259,7 +268,9 @@ bad:
 
 	ERR_load_crypto_strings();
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if (g && !num)
 		num = DEFBITS;

apps/dsa.c

@@ -90,7 +90,9 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -98,7 +100,10 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
+#ifndef OPENSSL_NO_ENGINE
+	char *engine;
+#endif
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -112,7 +117,9 @@ int MAIN(int argc, char **argv)
 	if (!load_config(bio_err, NULL))
 		goto end;
 
+#ifndef OPENSSL_NO_ENGINE
 	engine=NULL;
+#endif
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -153,11 +160,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -189,7 +198,9 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
+#endif
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef OPENSSL_NO_IDEA
@@ -207,7 +218,9 @@ bad:
 
 	ERR_load_crypto_strings();
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");

apps/dsaparam.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #ifndef OPENSSL_NO_DSA
 #include <assert.h>
 #include <stdio.h>
@@ -88,29 +82,17 @@
  * -C
  * -noout
  * -genkey
- *  #ifdef GENCB_TEST
- * -timebomb n  - interrupt keygen after <n> seconds
- *  #endif
  */
 
-#ifdef GENCB_TEST
-
-static int stop_keygen_flag = 0;
-
-static void timebomb_sigalarm(int foo)
-	{
-	stop_keygen_flag = 1;
-	}
-
-#endif
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
@@ -118,9 +100,8 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
-#ifdef GENCB_TEST
-	int timebomb=0;
 #endif
 
 	apps_startup();
@@ -162,17 +143,12 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if(strcmp(*argv, "-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine = *(++argv);
 			}
-#ifdef GENCB_TEST
-		else if(strcmp(*argv, "-timebomb") == 0)
-			{
-			if (--argc < 1) goto bad;
-			timebomb = atoi(*(++argv));
-			}
 #endif
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
@@ -221,9 +197,8 @@ bad:
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -genkey       generate a DSA key\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#ifdef GENCB_TEST
-		BIO_printf(bio_err," -timebomb n   interrupt keygen after <n> seconds\n");
 #endif
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
@@ -268,7 +243,9 @@ bad:
 			}
 		}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if (need_rand)
 		{
@@ -280,47 +257,10 @@ bad:
 
 	if (numbits > 0)
 		{
-		BN_GENCB cb;
-		BN_GENCB_set(&cb, dsa_cb, bio_err);
 		assert(need_rand);
-		dsa = DSA_new();
-		if(!dsa)
-			{
-			BIO_printf(bio_err,"Error allocating DSA object\n");
-			goto end;
-			}
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
-#ifdef GENCB_TEST
-		if(timebomb > 0)
-	{
-		struct sigaction act;
-		act.sa_handler = timebomb_sigalarm;
-		act.sa_flags = 0;
-		BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
-				timebomb);
-		if(sigaction(SIGALRM, &act, NULL) != 0)
-			{
-			BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
-			goto end;
-			}
-		alarm(timebomb);
-	}
-#endif
-	        if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
-			{
-#ifdef GENCB_TEST
-			if(stop_keygen_flag)
-				{
-				BIO_printf(bio_err,"DSA key generation time-stopped\n");
-				/* This is an asked-for behaviour! */
-				ret = 0;
-				goto end;
-				}
-#endif
-			BIO_printf(bio_err,"Error, DSA key generation failed\n");
-			goto end;
-			}
+	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
 		}
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
@@ -445,7 +385,7 @@ end:
 	OPENSSL_EXIT(ret);
 	}
 
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -453,15 +393,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
+	BIO_write(arg,&c,1);
+	(void)BIO_flush(arg);
 #ifdef LINT
 	p=n;
 #endif
-#ifdef GENCB_TEST
-	if(stop_keygen_flag)
-		return 0;
-#endif
-	return 1;
 	}
 #endif

apps/ec.c

@@ -1,395 +0,0 @@
-/* apps/ec.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef OPENSSL_NO_EC
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	ec_main
-
-/* -inform arg    - input format - default PEM (one of DER, NET or PEM)
- * -outform arg   - output format - default PEM
- * -in arg        - input file - default stdin
- * -out arg       - output file - default stdout
- * -des           - encrypt output if PEM format with DES in cbc mode
- * -text          - print a text version
- * -param_out     - print the elliptic curve parameters
- * -conv_form arg - specifies the point encoding form
- * -param_enc arg - specifies the parameter encoding
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-	ENGINE 	*e = NULL;
-	int 	ret = 1;
-	EC_KEY 	*eckey = NULL;
-	int 	i, badops = 0;
-	const EVP_CIPHER *enc = NULL;
-	BIO 	*in = NULL, *out = NULL;
-	int 	informat, outformat, text=0, noout=0;
-	int  	pubin = 0, pubout = 0, param_out = 0;
-	char 	*infile, *outfile, *prog, *engine;
-	char 	*passargin = NULL, *passargout = NULL;
-	char 	*passin = NULL, *passout = NULL;
-	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
-	int	new_form = 0;
-	int	asn1_flag = OPENSSL_EC_NAMED_CURVE;
-	int 	new_asn1_flag = 0;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	engine = NULL;
-	infile = NULL;
-	outfile = NULL;
-	informat = FORMAT_PEM;
-	outformat = FORMAT_PEM;
-
-	prog = argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-		else if (strcmp(*argv, "-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-		else if (strcmp(*argv, "-noout") == 0)
-			noout = 1;
-		else if (strcmp(*argv, "-text") == 0)
-			text = 1;
-		else if (strcmp(*argv, "-conv_form") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_form = 1;
-			if (strcmp(*argv, "compressed") == 0)
-				form = POINT_CONVERSION_COMPRESSED;
-			else if (strcmp(*argv, "uncompressed") == 0)
-				form = POINT_CONVERSION_UNCOMPRESSED;
-			else if (strcmp(*argv, "hybrid") == 0)
-				form = POINT_CONVERSION_HYBRID;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-param_enc") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_asn1_flag = 1;
-			if (strcmp(*argv, "named_curve") == 0)
-				asn1_flag = OPENSSL_EC_NAMED_CURVE;
-			else if (strcmp(*argv, "explicit") == 0)
-				asn1_flag = 0;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-param_out") == 0)
-			param_out = 1;
-		else if (strcmp(*argv, "-pubin") == 0)
-			pubin=1;
-		else if (strcmp(*argv, "-pubout") == 0)
-			pubout=1;
-		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
-			{
-			BIO_printf(bio_err, "unknown option %s\n", *argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, " -inform arg     input format - "
-				"DER or PEM\n");
-		BIO_printf(bio_err, " -outform arg    output format - "
-				"DER or PEM\n");
-		BIO_printf(bio_err, " -in arg         input file\n");
-		BIO_printf(bio_err, " -passin arg     input file pass "
-				"phrase source\n");
-		BIO_printf(bio_err, " -out arg        output file\n");
-		BIO_printf(bio_err, " -passout arg    output file pass "
-				"phrase source\n");
-		BIO_printf(bio_err, " -engine e       use engine e, "
-				"possibly a hardware device.\n");
-		BIO_printf(bio_err, " -des            encrypt PEM output, "
-				"instead of 'des' every other \n"
-				"                 cipher "
-				"supported by OpenSSL can be used\n");
-		BIO_printf(bio_err, " -text           print the key\n");
-		BIO_printf(bio_err, " -noout          don't print key out\n");
-		BIO_printf(bio_err, " -param_out      print the elliptic "
-				"curve parameters\n");
-		BIO_printf(bio_err, " -conv_form arg  specifies the "
-				"point conversion form \n");
-		BIO_printf(bio_err, "                 possible values:"
-				" compressed\n");
-		BIO_printf(bio_err, "                                 "
-				" uncompressed (default)\n");
-		BIO_printf(bio_err, "                                  "
-				" hybrid\n");
-		BIO_printf(bio_err, " -param_enc arg  specifies the way"
-				" the ec parameters are encoded\n");
-		BIO_printf(bio_err, "                 in the asn1 der "
-				"encoding\n");
-		BIO_printf(bio_err, "                 possilbe values:"
-				" named_curve (default)\n");
-		BIO_printf(bio_err,"                                  "
-				"explicit\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-        e = setup_engine(bio_err, engine, 0);
-
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
-		{
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-		}
-
-	in = BIO_new(BIO_s_file());
-	out = BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in, stdin, BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in, infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-
-	BIO_printf(bio_err, "read EC key\n");
-	if (informat == FORMAT_ASN1) 
-		{
-		if (pubin) 
-			eckey = d2i_EC_PUBKEY_bio(in, NULL);
-		else 
-			eckey = d2i_ECPrivateKey_bio(in, NULL);
-		} 
-	else if (informat == FORMAT_PEM) 
-		{
-		if (pubin) 
-			eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, 
-				NULL);
-		else 
-			eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
-				passin);
-		} 
-	else
-		{
-		BIO_printf(bio_err, "bad input format specified for key\n");
-		goto end;
-		}
-	if (eckey == NULL)
-		{
-		BIO_printf(bio_err,"unable to load Key\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out, outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if (new_form)
-		{
-		EC_GROUP_set_point_conversion_form(eckey->group, form);
-		eckey->conv_form = form;
-		}
-
-	if (new_asn1_flag)
-		EC_GROUP_set_asn1_flag(eckey->group, asn1_flag);
-
-	if (text) 
-		if (!EC_KEY_print(out, eckey, 0))
-			{
-			perror(outfile);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-	if (noout) 
-		goto end;
-
-	BIO_printf(bio_err, "writing EC key\n");
-	if (outformat == FORMAT_ASN1) 
-		{
-		if (param_out)
-			i = i2d_ECPKParameters_bio(out, eckey->group);
-		else if (pubin || pubout) 
-			i = i2d_EC_PUBKEY_bio(out, eckey);
-		else 
-			i = i2d_ECPrivateKey_bio(out, eckey);
-		} 
-	else if (outformat == FORMAT_PEM) 
-		{
-		if (param_out)
-			i = PEM_write_bio_ECPKParameters(out, eckey->group);
-		else if (pubin || pubout)
-			i = PEM_write_bio_EC_PUBKEY(out, eckey);
-		else 
-			i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
-						NULL, 0, NULL, passout);
-		} 
-	else 
-		{
-		BIO_printf(bio_err, "bad output format specified for "
-			"outfile\n");
-		goto end;
-		}
-
-	if (!i)
-		{
-		BIO_printf(bio_err, "unable to write private key\n");
-		ERR_print_errors(bio_err);
-		}
-	else
-		ret=0;
-end:
-	if (in)
-		BIO_free(in);
-	if (out)
-		BIO_free_all(out);
-	if (eckey)
-		EC_KEY_free(eckey);
-	if (passin)
-		OPENSSL_free(passin);
-	if (passout)
-		OPENSSL_free(passout);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-}
-#endif

apps/ecparam.c

@@ -1,709 +0,0 @@
-/* apps/ecparam.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-#ifndef OPENSSL_NO_EC
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	ecparam_main
-
-/* -inform arg      - input format - default PEM (DER or PEM)
- * -outform arg     - output format - default PEM
- * -in  arg         - input file  - default stdin
- * -out arg         - output file - default stdout
- * -noout           - do not print the ec parameter
- * -text            - print the ec parameters in text form
- * -check           - validate the ec parameters
- * -C               - print a 'C' function creating the parameters
- * -name arg        - use the ec parameters with 'short name' name
- * -list_curves     - prints a list of all currently available curve 'short names'
- * -conv_form arg   - specifies the point conversion form 
- *                  - possible values: compressed
- *                                     uncompressed (default)
- *                                     hybrid
- * -param_enc arg   - specifies the way the ec parameters are encoded
- *                    in the asn1 der encoding
- *                    possible values: named_curve (default)
- *                                     explicit
- * -no_seed         - if 'explicit' parameters are choosen do not use the seed
- * -genkey          - generate ec key
- * -rand file       - files to use for random number input
- * -engine e        - use engine e, possibly a hardware device
- */
-
-
-static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	EC_GROUP *group = NULL;
-	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; 
-	int 	new_form = 0;
-	int 	asn1_flag = OPENSSL_EC_NAMED_CURVE;
-	int 	new_asn1_flag = 0;
-	char 	*curve_name = NULL, *inrand = NULL;
-	int	list_curves = 0, no_seed = 0, check = 0,
-		badops = 0, text = 0, i, need_rand = 0, genkey = 0;
-	char	*infile = NULL, *outfile = NULL, *prog;
-	BIO 	*in = NULL, *out = NULL;
-	int 	informat, outformat, noout = 0, C = 0, ret = 1;
-	ENGINE	*e = NULL;
-	char	*engine = NULL;
-
-	BIGNUM	*ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
-		*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
-	unsigned char *buffer = NULL;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-text") == 0)
-			text = 1;
-		else if (strcmp(*argv,"-C") == 0)
-			C = 1;
-		else if (strcmp(*argv,"-check") == 0)
-			check = 1;
-		else if (strcmp (*argv, "-name") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			curve_name = *(++argv);
-			}
-		else if (strcmp(*argv, "-list_curves") == 0)
-			list_curves = 1;
-		else if (strcmp(*argv, "-conv_form") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_form = 1;
-			if (strcmp(*argv, "compressed") == 0)
-				form = POINT_CONVERSION_COMPRESSED;
-			else if (strcmp(*argv, "uncompressed") == 0)
-				form = POINT_CONVERSION_UNCOMPRESSED;
-			else if (strcmp(*argv, "hybrid") == 0)
-				form = POINT_CONVERSION_HYBRID;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-param_enc") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_asn1_flag = 1;
-			if (strcmp(*argv, "named_curve") == 0)
-				asn1_flag = OPENSSL_EC_NAMED_CURVE;
-			else if (strcmp(*argv, "explicit") == 0)
-				asn1_flag = 0;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-no_seed") == 0)
-			no_seed = 1;
-		else if (strcmp(*argv, "-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-genkey") == 0)
-			{
-			genkey=1;
-			need_rand=1;
-			}
-		else if (strcmp(*argv, "-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			need_rand=1;
-			}
-		else if(strcmp(*argv, "-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine = *(++argv);
-			}	
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, " -inform arg       input format - "
-				"default PEM (DER or PEM)\n");
-		BIO_printf(bio_err, " -outform arg      output format - "
-				"default PEM\n");
-		BIO_printf(bio_err, " -in  arg          input file  - "
-				"default stdin\n");
-		BIO_printf(bio_err, " -out arg          output file - "
-				"default stdout\n");
-		BIO_printf(bio_err, " -noout            do not print the "
-				"ec parameter\n");
-		BIO_printf(bio_err, " -text             print the ec "
-				"parameters in text form\n");
-		BIO_printf(bio_err, " -check            validate the ec "
-				"parameters\n");
-		BIO_printf(bio_err, " -C                print a 'C' "
-				"function creating the parameters\n");
-		BIO_printf(bio_err, " -name arg         use the "
-				"ec parameters with 'short name' name\n");
-		BIO_printf(bio_err, " -list_curves      prints a list of "
-				"all currently available curve 'short names'\n");
-		BIO_printf(bio_err, " -conv_form arg    specifies the "
-				"point conversion form \n");
-		BIO_printf(bio_err, "                   possible values:"
-				" compressed\n");
-		BIO_printf(bio_err, "                                   "
-				" uncompressed (default)\n");
-		BIO_printf(bio_err, "                                   "
-				" hybrid\n");
-		BIO_printf(bio_err, " -param_enc arg    specifies the way"
-				" the ec parameters are encoded\n");
-		BIO_printf(bio_err, "                   in the asn1 der "
-				"encoding\n");
-		BIO_printf(bio_err, "                   possible values:"
-				" named_curve (default)\n");
-		BIO_printf(bio_err, "                                   "
-				" explicit\n");
-		BIO_printf(bio_err, " -no_seed          if 'explicit'"
-				" parameters are choosen do not"
-				" use the seed\n");
-		BIO_printf(bio_err, " -genkey           generate ec"
-				" key\n");
-		BIO_printf(bio_err, " -rand file        files to use for"
-				" random number input\n");
-		BIO_printf(bio_err, " -engine e         use engine e, "
-				"possibly a hardware device\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	e = setup_engine(bio_err, engine, 0);
-
-	if (list_curves)
-		{
-		EC_builtin_curve *curves = NULL;
-		size_t crv_len = 0;
-		size_t n = 0;
-		size_t len;
-
-		crv_len = EC_get_builtin_curves(NULL, 0);
-
-		curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
-
-		if (curves == NULL)
-			goto end;
-
-		if (!EC_get_builtin_curves(curves, crv_len))
-			{
-			OPENSSL_free(curves);
-			goto end;
-			}
-
-		
-		for (n = 0; n < crv_len; n++)
-			{
-			const char *comment;
-			const char *sname;
-			comment = curves[n].comment;
-			sname   = OBJ_nid2sn(curves[n].nid);
-			if (comment == NULL)
-				comment = "CURVE DESCRIPTION NOT AVAILABLE";
-			if (sname == NULL)
-				sname = "";
-
-			len = BIO_printf(out, "  %-10s: ", sname);
-			if (len + strlen(comment) > 80)
-				BIO_printf(out, "\n%80s\n", comment);
-			else
-				BIO_printf(out, "%s\n", comment);
-			} 
-
-		OPENSSL_free(curves);
-		ret = 0;
-		goto end;
-		}
-
-	if (curve_name != NULL)
-		{
-		int nid = OBJ_sn2nid(curve_name);
-	
-		if (nid == 0)
-			{
-			BIO_printf(bio_err, "unknown curve name (%s)\n", 
-				curve_name);
-			goto end;
-			}
-
-		group = EC_GROUP_new_by_nid(nid);
-		if (group == NULL)
-			{
-			BIO_printf(bio_err, "unable to create curve (%s)\n", 
-				curve_name);
-			goto end;
-			}
-		EC_GROUP_set_asn1_flag(group, asn1_flag);
-		EC_GROUP_set_point_conversion_form(group, form);
-		}
-	else if (informat == FORMAT_ASN1)
-		{
-		group = d2i_ECPKParameters_bio(in, NULL);
-		}
-	else if (informat == FORMAT_PEM)
-		{
-		group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
-		}
-	else
-		{
-		BIO_printf(bio_err, "bad input format specified\n");
-		goto end;
-		}
-
-	if (group == NULL)
-		{
-		BIO_printf(bio_err, 
-			"unable to load elliptic curve parameters\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (new_form)
-		EC_GROUP_set_point_conversion_form(group, form);
-
-	if (new_asn1_flag)
-		EC_GROUP_set_asn1_flag(group, asn1_flag);
-
-	if (no_seed)
-		{
-		EC_GROUP_set_seed(group, NULL, 0);
-		}
-
-	if (text)
-		{
-		if (!ECPKParameters_print(out, group, 0))
-			goto end;
-		}
-
-	if (check)
-		{
-		if (group == NULL)
-			BIO_printf(bio_err, "no elliptic curve parameters\n");
-		BIO_printf(bio_err, "checking elliptic curve parameters: ");
-		if (!EC_GROUP_check(group, NULL))
-			{
-			BIO_printf(bio_err, "failed\n");
-			ERR_print_errors(bio_err);
-			}
-		else
-			BIO_printf(bio_err, "ok\n");
-			
-		}
-
-	if (C)
-		{
-		size_t	buf_len = 0, tmp_len = 0;
-		const EC_POINT *point;
-		int	is_prime, len = 0;
-		const EC_METHOD *meth = EC_GROUP_method_of(group);
-
-		if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
-		    (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
-		    (ec_order = BN_new()) == NULL || 
-		    (ec_cofactor = BN_new()) == NULL )
-			{
-			perror("OPENSSL_malloc");
-			goto end;
-			}
-
-		is_prime = (EC_METHOD_get_field_type(meth) == 
-			NID_X9_62_prime_field);
-
-		if (is_prime)
-			{
-			if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
-				ec_b, NULL))
-				goto end;
-			}
-		else
-			{
-			/* TODO */
-			goto end;
-			}
-
-		if ((point = EC_GROUP_get0_generator(group)) == NULL)
-			goto end;
-		if (!EC_POINT_point2bn(group, point, 
-			EC_GROUP_get_point_conversion_form(group), ec_gen, 
-			NULL))
-			goto end;
-		if (!EC_GROUP_get_order(group, ec_order, NULL))
-			goto end;
-		if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
-			goto end;
-
-		if (!ec_p || !ec_a || !ec_b || !ec_gen || 
-			!ec_order || !ec_cofactor)
-			goto end;
-
-		len = BN_num_bits(ec_order);
-
-		if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
-			buf_len = tmp_len;
-
-		buffer = (unsigned char *)OPENSSL_malloc(buf_len);
-
-		if (buffer == NULL)
-			{
-			perror("OPENSSL_malloc");
-			goto end;
-			}
-
-		ecparam_print_var(out, ec_p, "ec_p", len, buffer);
-		ecparam_print_var(out, ec_a, "ec_a", len, buffer);
-		ecparam_print_var(out, ec_b, "ec_b", len, buffer);
-		ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
-		ecparam_print_var(out, ec_order, "ec_order", len, buffer);
-		ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, 
-			buffer);
-
-		BIO_printf(out, "\n\n");
-
-		BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
-		BIO_printf(out, "\tint ok=0;\n");
-		BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
-		BIO_printf(out, "\tEC_POINT *point = NULL;\n");
-		BIO_printf(out, "\tBIGNUM   *tmp_1 = NULL, *tmp_2 = NULL, "
-				"*tmp_3 = NULL;\n\n");
-		BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
-				"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
-				"goto err;\n", len, len);
-		BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
-				"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
-				"goto err;\n", len, len);
-		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
-				"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
-				"goto err;\n", len, len);
-		if (is_prime)
-			{
-			BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
-				"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
-				"\n\t\tgoto err;\n\n");
-			}
-		else
-			{
-			/* TODO */
-			goto end;
-			}
-		BIO_printf(out, "\t/* build generator */\n");
-		BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
-				"sizeof(ec_gen_%d), tmp_1)) == NULL)"
-				"\n\t\tgoto err;\n", len, len);
-		BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
-				"NULL, NULL);\n");
-		BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
-		BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
-				"sizeof(ec_order_%d), tmp_2)) == NULL)"
-				"\n\t\tgoto err;\n", len, len);
-		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
-				"sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
-				"\n\t\tgoto err;\n", len, len);
-		BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
-				" tmp_2, tmp_3))\n\t\tgoto err;\n");
-		BIO_printf(out, "\n\tok=1;\n");
-		BIO_printf(out, "err:\n");
-		BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
-		BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
-		BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
-		BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
-		BIO_printf(out, "\tif (!ok)\n");
-		BIO_printf(out, "\t\t{\n");
-		BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
-		BIO_printf(out, "\t\tgroup = NULL;\n");
-		BIO_printf(out, "\t\t}\n");
-		BIO_printf(out, "\treturn(group);\n\t}\n");
-	}
-
-	if (!noout)
-		{
-		if (outformat == FORMAT_ASN1)
-			i = i2d_ECPKParameters_bio(out, group);
-		else if (outformat == FORMAT_PEM)
-			i = PEM_write_bio_ECPKParameters(out, group);
-		else	
-			{
-			BIO_printf(bio_err,"bad output format specified for"
-				" outfile\n");
-			goto end;
-			}
-		if (!i)
-			{
-			BIO_printf(bio_err, "unable to write elliptic "
-				"curve parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-	
-	if (need_rand)
-		{
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-		}
-
-	if (genkey)
-		{
-		EC_KEY *eckey = EC_KEY_new();
-
-		if (eckey == NULL)
-			goto end;
-
-		assert(need_rand);
-
-		eckey->group = group;
-		
-		if (!EC_KEY_generate_key(eckey))
-			{
-			eckey->group = NULL;
-			EC_KEY_free(eckey);
-			goto end;
-			}
-		if (outformat == FORMAT_ASN1)
-			i = i2d_ECPrivateKey_bio(out, eckey);
-		else if (outformat == FORMAT_PEM)
-			i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
-				NULL, 0, NULL, NULL);
-		else	
-			{
-			BIO_printf(bio_err, "bad output format specified "
-				"for outfile\n");
-			eckey->group = NULL;
-			EC_KEY_free(eckey);
-			goto end;
-			}
-		eckey->group = NULL;
-		EC_KEY_free(eckey);
-		}
-
-	if (need_rand)
-		app_RAND_write_file(NULL, bio_err);
-
-	ret=0;
-end:
-	if (ec_p)
-		BN_free(ec_p);
-	if (ec_a)
-		BN_free(ec_a);
-	if (ec_b)
-		BN_free(ec_b);
-	if (ec_gen)
-		BN_free(ec_gen);
-	if (ec_order)
-		BN_free(ec_order);
-	if (ec_cofactor)
-		BN_free(ec_cofactor);
-	if (buffer)
-		OPENSSL_free(buffer);
-	if (in != NULL)
-		BIO_free(in);
-	if (out != NULL)
-		BIO_free_all(out);
-	if (group != NULL)
-		EC_GROUP_free(group);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-}
-
-int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
-	int len, unsigned char *buffer)
-	{
-	BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
-	if (BN_is_zero(in))
-		BIO_printf(out, "\n\t0x00");
-	else 
-		{
-		int i, l;
-
-		l = BN_bn2bin(in, buffer);
-		for (i=0; i<l-1; i++)
-			{
-			if ((i%12) == 0) 
-				BIO_printf(out, "\n\t");
-			BIO_printf(out, "0x%02X,", buffer[i]);
-			}
-		if ((i%12) == 0) 
-			BIO_printf(out, "\n\t");
-		BIO_printf(out, "0x%02X", buffer[i]);
-		}
-	BIO_printf(out, "\n\t};\n\n");
-	return 1;
-	}
-#endif

apps/enc.c

@@ -100,7 +100,9 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	static const char magic[]="Salted__";
 	char mbuf[sizeof magic-1];
 	char *strbuf=NULL;
@@ -119,7 +121,9 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
 	char pname[PROG_NAME_SIZE+1];
+#ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
+#endif
 
 	apps_startup();
 
@@ -163,11 +167,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
@@ -270,7 +276,9 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+#ifndef OPENSSL_NO_ENGINE
 			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
+#endif
 
 			BIO_printf(bio_err,"Cipher Types\n");
 			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
@@ -284,7 +292,9 @@ bad:
 		argv++;
 		}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if (bufsize != NULL)
 		{

apps/engine.c

@@ -56,6 +56,8 @@
  *
  */
 
+#ifndef OPENSSL_NO_ENGINE
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -518,3 +520,10 @@ end:
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
+#else
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif

apps/gendh.c

@@ -57,12 +57,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <string.h>
@@ -87,13 +81,17 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 	BIO *out=NULL;
 
 	apps_startup();
@@ -121,11 +119,13 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -144,14 +144,18 @@ bad:
 		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
 	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
 		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+#endif
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 		
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)

apps/gendsa.c

@@ -77,7 +77,9 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@@ -85,7 +87,9 @@ int MAIN(int argc, char **argv)
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
 	const EVP_CIPHER *enc=NULL;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 
 	apps_startup();
 
@@ -111,11 +115,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -167,7 +173,9 @@ bad:
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+#endif
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
@@ -176,7 +184,9 @@ bad:
 		goto end;
 		}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");

apps/genrsa.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <string.h>
@@ -87,7 +81,9 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
@@ -96,7 +92,9 @@ int MAIN(int argc, char **argv)
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 	char *inrand=NULL;
 	BIO *out=NULL;
 
@@ -128,11 +126,13 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -183,7 +183,9 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
+#endif
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
@@ -197,7 +199,9 @@ bad:
 		goto err;
 	}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if (outfile == NULL)
 		{

apps/makeapps.com

@@ -139,13 +139,13 @@ $! Define The Application Files.
 $!
 $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "CA;PKCS7;CRL2P7;CRL;"+-
-	      "RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+-
+	      "RSA;RSAUTL;DSA;DSAPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
 	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
-	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,EC.OBJ,ECPARAM.OBJ,-
+	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
 	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ

apps/ocsp.c

@@ -55,6 +55,7 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+#ifndef OPENSSL_NO_OCSP
 
 #include <stdio.h>
 #include <string.h>
@@ -135,6 +136,7 @@ int MAIN(int argc, char **argv)
 	int accept_count = -1;
 	int badarg = 0;
 	int i;
+	int ignore_err = 0;
 	STACK *reqnames = NULL;
 	STACK_OF(OCSP_CERTID) *ids = NULL;
 
@@ -194,6 +196,8 @@ int MAIN(int argc, char **argv)
 				}
 			else badarg = 1;
 			}
+		else if (!strcmp(*args, "-ignore_err"))
+			ignore_err = 1;
 		else if (!strcmp(*args, "-noverify"))
 			noverify = 1;
 		else if (!strcmp(*args, "-nonce"))
@@ -523,7 +527,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-serial n          serial number to check\n");
 		BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");
 		BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");
-		BIO_printf (bio_err, "-sign_certs file   additional certificates to include in signed request\n");
+		BIO_printf (bio_err, "-sign_other file   additional certificates to include in signed request\n");
 		BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");
 		BIO_printf (bio_err, "-req_text          print text form of request\n");
 		BIO_printf (bio_err, "-resp_text         print text form of response\n");
@@ -543,10 +547,10 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
 		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
 		BIO_printf (bio_err, "-noverify          don't verify response at all\n");
-		BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
+		BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
 		BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");
 		BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");
-		BIO_printf (bio_err, "-no_sig_verify     don't check signature on response\n");
+		BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
 		BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");
 		BIO_printf (bio_err, "-no_chain          don't chain verify response\n");
 		BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");
@@ -722,7 +726,12 @@ int MAIN(int argc, char **argv)
 		}
 	else if (host)
 		{
+#ifndef OPENSSL_NO_SOCK
 		cbio = BIO_new_connect(host);
+#else
+		BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
+		goto end;
+#endif
 		if (!cbio)
 			{
 			BIO_printf(bio_err, "Error creating connect BIO\n");
@@ -732,7 +741,16 @@ int MAIN(int argc, char **argv)
 		if (use_ssl == 1)
 			{
 			BIO *sbio;
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 			ctx = SSL_CTX_new(SSLv23_client_method());
+#elif !defined(OPENSSL_NO_SSL3)
+			ctx = SSL_CTX_new(SSLv3_client_method());
+#elif !defined(OPENSSL_NO_SSL2)
+			ctx = SSL_CTX_new(SSLv2_client_method());
+#else
+			BIO_printf(bio_err, "SSL is disabled\n");
+			goto end;
+#endif
 			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
 			sbio = BIO_new_ssl(ctx, 1);
 			cbio = BIO_push(sbio, cbio);
@@ -794,6 +812,8 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(out, "Responder Error: %s (%ld)\n",
 				OCSP_response_status_str(i), i);
+		if (ignore_err)
+			goto redo_accept;
 		ret = 0;
 		goto end;
 		}
@@ -1139,7 +1159,11 @@ static BIO *init_responder(char *port)
 	bufbio = BIO_new(BIO_f_buffer());
 	if (!bufbio) 
 		goto err;
+#ifndef OPENSSL_NO_SOCK
 	acbio = BIO_new_accept(port);
+#else
+	BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");
+#endif
 	if (!acbio)
 		goto err;
 	BIO_set_accept_bios(acbio, bufbio);
@@ -1226,3 +1250,4 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
 	return 1;
 	}
 
+#endif

apps/openssl.c

@@ -122,7 +122,9 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
 #include "progs.h"
 #include "s_apps.h"
@@ -161,7 +163,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
 		goto err;
 		}
 
-	if (type < 0 || type > CRYPTO_NUM_LOCKS)
+	if (type < 0 || type >= CRYPTO_NUM_LOCKS)
 		{
 		errstr = "type out of bounds";
 		goto err;

apps/pkcs12.c

@@ -2,10 +2,10 @@
 #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
 
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
+ * project 1999.
  */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -120,7 +120,9 @@ int MAIN(int argc, char **argv)
     char *passin = NULL, *passout = NULL;
     char *inrand = NULL;
     char *CApath = NULL, *CAfile = NULL;
+#ifndef OPENSSL_NO_ENGINE
     char *engine=NULL;
+#endif
 
     apps_startup();
 
@@ -164,14 +166,10 @@ int MAIN(int argc, char **argv)
 					 maciter = PKCS12_DEFAULT_ITER;
 		else if (!strcmp (*args, "-nomaciter"))
 					 maciter = 1;
-		else if (!strcmp (*args, "-nomac"))
-					 maciter = -1;
 		else if (!strcmp (*args, "-nodes")) enc=NULL;
 		else if (!strcmp (*args, "-certpbe")) {
 			if (args[1]) {
 				args++;
-				if (!strcmp(*args, "NONE"))
-					cert_pbe = -1;
 				cert_pbe=OBJ_txt2nid(*args);
 				if(cert_pbe == NID_undef) {
 					BIO_printf(bio_err,
@@ -182,10 +180,7 @@ int MAIN(int argc, char **argv)
 		} else if (!strcmp (*args, "-keypbe")) {
 			if (args[1]) {
 				args++;
-				if (!strcmp(*args, "NONE"))
-					key_pbe = -1;
-				else
-					key_pbe=OBJ_txt2nid(*args);
+				key_pbe=OBJ_txt2nid(*args);
 				if(key_pbe == NID_undef) {
 					BIO_printf(bio_err,
 						 "Unknown PBE algorithm %s\n", *args);
@@ -259,11 +254,13 @@ int MAIN(int argc, char **argv)
 			args++;	
 			CAfile = *args;
 		    } else badarg = 1;
+#ifndef OPENSSL_NO_ENGINE
 		} else if (!strcmp(*args,"-engine")) {
 		    if (args[1]) {
 			args++;	
 			engine = *args;
 		    } else badarg = 1;
+#endif
 		} else badarg = 1;
 
 	} else badarg = 1;
@@ -311,14 +308,18 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
+#ifndef OPENSSL_NO_ENGINE
 	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
+#endif
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
     	goto end;
     }
 
+#ifndef OPENSSL_NO_ENGINE
     e = setup_engine(bio_err, engine, 0);
+#endif
 
     if(passarg) {
 	if(export_cert) passargout = passarg;
@@ -364,6 +365,24 @@ int MAIN(int argc, char **argv)
 	    goto end;
    }
 
+#if 0
+   if (certfile) {
+    	if(!(certsin = BIO_new_file(certfile, "r"))) {
+	    BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);
+	    perror (certfile);
+	    goto end;
+	}
+    }
+
+    if (keyname) {
+    	if(!(inkey = BIO_new_file(keyname, "r"))) {
+	    BIO_printf(bio_err, "Can't key certificate file %s\n", keyname);
+	    perror (keyname);
+	    goto end;
+	}
+     }
+#endif
+
 #ifdef CRYPTO_MDEBUG
     CRYPTO_pop_info();
     CRYPTO_push_info("write files");
@@ -400,31 +419,27 @@ int MAIN(int argc, char **argv)
 
     if (export_cert) {
 	EVP_PKEY *key = NULL;
-	X509 *ucert = NULL, *x = NULL;
+	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+	STACK_OF(PKCS7) *safes = NULL;
+	PKCS12_SAFEBAG *bag = NULL;
+	PKCS8_PRIV_KEY_INFO *p8 = NULL;
+	PKCS7 *authsafe = NULL;
+	X509 *ucert = NULL;
 	STACK_OF(X509) *certs=NULL;
-	unsigned char *catmp = NULL;
+	char *catmp = NULL;
 	int i;
-
-	if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
-		{	
-		BIO_printf(bio_err, "Nothing to do!\n");
-		goto export_end;
-		}
-
-	if (options & NOCERTS)
-		chain = 0;
+	unsigned char keyid[EVP_MAX_MD_SIZE];
+	unsigned int keyidlen = 0;
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_push_info("process -export_cert");
 	CRYPTO_push_info("reading private key");
 #endif
-	if (!(options & NOKEYS))
-		{
-		key = load_key(bio_err, keyname ? keyname : infile,
-				FORMAT_PEM, 1, passin, e, "private key");
-		if (!key)
-			goto export_end;
-		}
+	key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1,
+		passin, e, "private key");
+	if (!key) {
+		goto export_end;
+	}
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@@ -432,62 +447,50 @@ int MAIN(int argc, char **argv)
 #endif
 
 	/* Load in all certs in input file */
-	if(!(options & NOCERTS))
-		{
-		certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
-							"certificates");
-		if (!certs)
-			goto export_end;
-
-		if (key)
-			{
-			/* Look for matching private key */
-			for(i = 0; i < sk_X509_num(certs); i++)
-				{
-				x = sk_X509_value(certs, i);
-				if(X509_check_private_key(x, key))
-					{
-					ucert = x;
-					/* Zero keyid and alias */
-					X509_keyid_set1(ucert, NULL, 0);
-					X509_alias_set1(ucert, NULL, 0);
-					/* Remove from list */
-					sk_X509_delete(certs, i);
-					break;
-					}
-				}
-			if (!ucert)
-				{
-				BIO_printf(bio_err, "No certificate matches private key\n");
-				goto export_end;
-				}
-			}
-
-		}
+	if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+		"certificates"))) {
+		goto export_end;
+	}
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("reading certs from input 2");
 #endif
 
-	/* Add any more certificates asked for */
-	if(certfile)
-		{
-		STACK_OF(X509) *morecerts=NULL;
-		if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
-					    NULL, e,
-					    "certificates from certfile")))
-			goto export_end;
-		while(sk_X509_num(morecerts) > 0)
-			sk_X509_push(certs, sk_X509_shift(morecerts));
-		sk_X509_free(morecerts);
- 		}
-
+	for(i = 0; i < sk_X509_num(certs); i++) {
+		ucert = sk_X509_value(certs, i);
+		if(X509_check_private_key(ucert, key)) {
+			X509_digest(ucert, EVP_sha1(), keyid, &keyidlen);
+			break;
+		}
+	}
+	if(!keyidlen) {
+		ucert = NULL;
+		BIO_printf(bio_err, "No certificate matches private key\n");
+		goto export_end;
+	}
+	
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("reading certs from certfile");
 #endif
 
+	bags = sk_PKCS12_SAFEBAG_new_null ();
+
+	/* Add any more certificates asked for */
+	if (certfile) {
+		STACK_OF(X509) *morecerts=NULL;
+		if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+					    NULL, e,
+					    "certificates from certfile"))) {
+			goto export_end;
+		}
+		while(sk_X509_num(morecerts) > 0) {
+			sk_X509_push(certs, sk_X509_shift(morecerts));
+		}
+		sk_X509_free(morecerts);
+ 	}
+
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("building chain");
@@ -523,51 +526,100 @@ int MAIN(int argc, char **argv)
 		}			
     	}
 
-	/* Add any CA names */
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("building bags");
+#endif
 
-	for (i = 0; i < sk_num(canames); i++)
-		{
-		catmp = (unsigned char *)sk_value(canames, i);
-		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
-		}
-		
+	/* We now have loads of certificates: include them all */
+	for(i = 0; i < sk_X509_num(certs); i++) {
+		X509 *cert = NULL;
+		cert = sk_X509_value(certs, i);
+		bag = PKCS12_x5092certbag(cert);
+		/* If it matches private key set id */
+		if(cert == ucert) {
+			if(name) PKCS12_add_friendlyname(bag, name, -1);
+			PKCS12_add_localkeyid(bag, keyid, keyidlen);
+		} else if((catmp = sk_shift(canames))) 
+				PKCS12_add_friendlyname(bag, catmp, -1);
+		sk_PKCS12_SAFEBAG_push(bags, bag);
+	}
+	sk_X509_pop_free(certs, X509_free);
+	certs = NULL;
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
-	CRYPTO_push_info("reading password");
+	CRYPTO_push_info("encrypting bags");
 #endif
 
 	if(!noprompt &&
-		EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
-		{
-	    	BIO_printf (bio_err, "Can't read Password\n");
-	    	goto export_end;
-        	}
+		EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
+	    BIO_printf (bio_err, "Can't read Password\n");
+	    goto export_end;
+        }
 	if (!twopass) strcpy(macpass, pass);
+	/* Turn certbags into encrypted authsafe */
+	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
+								 iter, bags);
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	bags = NULL;
+
+	if (!authsafe) {
+		ERR_print_errors (bio_err);
+		goto export_end;
+	}
+
+	safes = sk_PKCS7_new_null ();
+	sk_PKCS7_push (safes, authsafe);
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
-	CRYPTO_push_info("creating PKCS#12 structure");
+	CRYPTO_push_info("building shrouded key bag");
 #endif
 
-	p12 = PKCS12_create(pass, name, key, ucert, certs,
-				key_pbe, cert_pbe, iter, -1, keytype);
+	/* Make a shrouded key bag */
+	p8 = EVP_PKEY2PKCS8 (key);
+	if(keytype) PKCS8_add_keyusage(p8, keytype);
+	bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
+	PKCS8_PRIV_KEY_INFO_free(p8);
+	p8 = NULL;
+        if (name) PKCS12_add_friendlyname (bag, name, -1);
+	if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1);
+	PKCS12_add_localkeyid (bag, keyid, keyidlen);
+	bags = sk_PKCS12_SAFEBAG_new_null();
+	sk_PKCS12_SAFEBAG_push (bags, bag);
 
-	if (!p12)
-		{
-	    	ERR_print_errors (bio_err);
-		goto export_end;
-		}
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("encrypting shrouded key bag");
+#endif
 
-	if (maciter != -1)
-		PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
+	/* Turn it into unencrypted safe bag */
+	authsafe = PKCS12_pack_p7data (bags);
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	bags = NULL;
+	sk_PKCS7_push (safes, authsafe);
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("building pkcs12");
+#endif
+
+	p12 = PKCS12_init(NID_pkcs7_data);
+
+	PKCS12_pack_authsafes(p12, safes);
+
+	sk_PKCS7_pop_free(safes, PKCS7_free);
+	safes = NULL;
+
+	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("writing pkcs12");
 #endif
 
-	i2d_PKCS12_bio(out, p12);
+	i2d_PKCS12_bio (out, p12);
 
 	ret = 0;
 
@@ -580,7 +632,8 @@ int MAIN(int argc, char **argv)
 
 	if (key) EVP_PKEY_free(key);
 	if (certs) sk_X509_pop_free(certs, X509_free);
-	if (ucert) X509_free(ucert);
+	if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
+	if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();

apps/pkcs7.c

@@ -82,7 +82,9 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -90,7 +92,9 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
 	int ret=1;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 
 	apps_startup();
 
@@ -134,11 +138,13 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -161,14 +167,18 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
+#endif
 		ret = 1;
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());

apps/pkcs8.c

@@ -85,7 +85,9 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey=NULL;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
@@ -145,11 +147,13 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*args,"-engine") == 0)
 			{
 			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
+#endif
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -182,11 +186,15 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
+#endif
 		return (1);
 	}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
@@ -227,7 +235,7 @@ int MAIN(int argc, char **argv)
 			return (1);
 		}
 		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
-			BIO_printf(bio_err, "Error converting key\n", outfile);
+			BIO_printf(bio_err, "Error converting key\n");
 			ERR_print_errors(bio_err);
 			return (1);
 		}
@@ -251,8 +259,7 @@ int MAIN(int argc, char **argv)
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
 					p8pass, strlen(p8pass),
 					NULL, 0, iter, p8inf))) {
-				BIO_printf(bio_err, "Error encrypting key\n",
-								 outfile);
+				BIO_printf(bio_err, "Error encrypting key\n");
 				ERR_print_errors(bio_err);
 				return (1);
 			}
@@ -295,7 +302,7 @@ int MAIN(int argc, char **argv)
 		}
 
 		if (!p8) {
-			BIO_printf (bio_err, "Error reading key\n", outfile);
+			BIO_printf (bio_err, "Error reading key\n");
 			ERR_print_errors(bio_err);
 			return (1);
 		}
@@ -309,13 +316,13 @@ int MAIN(int argc, char **argv)
 	}
 
 	if (!p8inf) {
-		BIO_printf(bio_err, "Error decrypting key\n", outfile);
+		BIO_printf(bio_err, "Error decrypting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
 	}
 
 	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
-		BIO_printf(bio_err, "Error converting key\n", outfile);
+		BIO_printf(bio_err, "Error converting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
 	}

apps/progs.h

@@ -17,8 +17,6 @@ extern int rsa_main(int argc,char *argv[]);
 extern int rsautl_main(int argc,char *argv[]);
 extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
-extern int ec_main(int argc,char *argv[]);
-extern int ecparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
 extern int genrsa_main(int argc,char *argv[]);
 extern int gendsa_main(int argc,char *argv[]);
@@ -37,7 +35,9 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
+#ifndef OPENSSL_NO_ENGINE
 extern int engine_main(int argc,char *argv[]);
+#endif
 extern int ocsp_main(int argc,char *argv[]);
 
 #define FUNC_TYPE_GENERAL	1
@@ -80,12 +80,6 @@ FUNCTION functions[] = {
 #endif
 #ifndef OPENSSL_NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
-#endif
-#ifndef OPENSSL_NO_EC
-	{FUNC_TYPE_GENERAL,"ec",ec_main},
-#endif
-#ifndef OPENSSL_NO_EC
-	{FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
 #ifndef OPENSSL_NO_RSA
@@ -100,7 +94,9 @@ FUNCTION functions[] = {
 #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
 #endif
+#ifndef OPENSSL_NO_SPEED
 	{FUNC_TYPE_GENERAL,"speed",speed_main},
+#endif
 #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
 #endif
@@ -119,7 +115,9 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
 	{FUNC_TYPE_GENERAL,"rand",rand_main},
+#ifndef OPENSSL_NO_ENGINE
 	{FUNC_TYPE_GENERAL,"engine",engine_main},
+#endif
 	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
 #ifndef OPENSSL_NO_MD2
 	{FUNC_TYPE_MD,"md2",dgst_main},

apps/progs.pl

@@ -33,8 +33,6 @@ foreach (@ARGV)
 		{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
 		{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))
-		{ print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}
 	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
 		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^pkcs12$/))

apps/rand.c

@@ -76,7 +76,9 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -84,7 +86,9 @@ int MAIN(int argc, char **argv)
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 
 	apps_startup();
 
@@ -106,6 +110,7 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(argv[i], "-engine") == 0)
 			{
 			if ((argv[i+1] != NULL) && (engine == NULL))
@@ -113,6 +118,7 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
+#endif
 		else if (strcmp(argv[i], "-rand") == 0)
 			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -150,13 +156,17 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-out file             - write to file\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
+#endif
 		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err, "-base64               - encode output\n");
 		goto err;
 		}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 	if (inrand != NULL)

apps/req.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
@@ -148,7 +142,6 @@ static int batch=0;
 #define TYPE_RSA	1
 #define TYPE_DSA	2
 #define TYPE_DH		3
-#define TYPE_EC		4
 
 int MAIN(int, char **);
 
@@ -157,9 +150,6 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 #ifndef OPENSSL_NO_DSA
 	DSA *dsa_params=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	EC_KEY *ec_params = NULL;
 #endif
 	unsigned long nmflag = 0, reqflag = 0;
 	int ex=1,x509=0,days=30;
@@ -172,7 +162,9 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 	char *extensions = NULL;
 	char *req_exts = NULL;
 	const EVP_CIPHER *cipher=NULL;
@@ -220,11 +212,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -328,59 +322,11 @@ int MAIN(int argc, char **argv)
 						}
 					}
 				BIO_free(in);
-				in=NULL;
 				newkey=BN_num_bits(dsa_params->p);
+				in=NULL;
 				}
 			else 
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (strncmp("ec:",p,3) == 0)
-				{
-				X509 *xtmp=NULL;
-				EVP_PKEY *dtmp;
-
-				pkey_type=TYPE_EC;
-				p+=3;
-				if ((in=BIO_new_file(p,"r")) == NULL)
-					{
-					perror(p);
-					goto end;
-					}
-				if ((ec_params = EC_KEY_new()) == NULL)
-					goto end;
-				if ((ec_params->group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL)) == NULL)
-					{
-					if (ec_params)
-						EC_KEY_free(ec_params);
-					ERR_clear_error();
-					(void)BIO_reset(in);
-					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
-						{	
-						BIO_printf(bio_err,"unable to load EC parameters from file\n");
-						goto end;
-						}
-
-					if ((dtmp=X509_get_pubkey(xtmp))==NULL)
-						goto end;
-					if (dtmp->type == EVP_PKEY_EC)
-						ec_params = ECParameters_dup(dtmp->pkey.eckey);
-					EVP_PKEY_free(dtmp);
-					X509_free(xtmp);
-					if (ec_params == NULL)
-						{
-						BIO_printf(bio_err,"Certificate does not contain EC parameters\n");
-						goto end;
-						}
-					}
-
-				BIO_free(in);
-				in=NULL;
-				
-				newkey = EC_GROUP_get_degree(ec_params->group);
-
-				}
-			else
-#endif
 #ifndef OPENSSL_NO_DH
 				if (strncmp("dh:",p,4) == 0)
 				{
@@ -389,9 +335,7 @@ int MAIN(int argc, char **argv)
 				}
 			else
 #endif
-				{
-				goto bad;
-				}
+				pkey_type=TYPE_RSA;
 
 			newreq=1;
 			}
@@ -488,7 +432,9 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
+#endif
 		BIO_printf(bio_err," -subject       output the request's subject\n");
 		BIO_printf(bio_err," -passin        private key password source\n");
 		BIO_printf(bio_err," -key file      use the private key contained in file\n");
@@ -499,9 +445,6 @@ bad:
 		BIO_printf(bio_err,"                the random number generator\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-#ifndef OPENSSL_NO_ECDSA
-		BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
-#endif
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
 		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
@@ -516,7 +459,7 @@ bad:
 		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
 		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
 		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
-		BIO_printf(bio_err," -nameopt arg   - various certificate name options\n");
+		BIO_printf(bio_err," -nameopt arg    - various certificate name options\n");
 		BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");
 		goto end;
 		}
@@ -680,7 +623,9 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if (keyfile != NULL)
 		{
@@ -692,8 +637,7 @@ bad:
 			   message */
 			goto end;
 			}
-		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || 
-			EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
+		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
 			{
 			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 			if (randfile == NULL)
@@ -717,15 +661,14 @@ bad:
 				newkey=DEFAULT_KEY_LENGTH;
 			}
 
-		if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
+		if (newkey < MIN_KEY_LENGTH)
 			{
 			BIO_printf(bio_err,"private key length is too short,\n");
 			BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey);
 			goto end;
 			}
 		BIO_printf(bio_err,"Generating a %d bit %s private key\n",
-			newkey,(pkey_type == TYPE_RSA)?"RSA":
-			(pkey_type == TYPE_DSA)?"DSA":"EC");
+			newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA");
 
 		if ((pkey=EVP_PKEY_new()) == NULL) goto end;
 
@@ -747,15 +690,6 @@ bad:
 			dsa_params=NULL;
 			}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey_type == TYPE_EC)
-			{
-			if (!EC_KEY_generate_key(ec_params)) goto end;
-			if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params)) 
-				goto end;
-			ec_params = NULL;
-			}
-#endif
 
 		app_RAND_write_file(randfile, bio_err);
 
@@ -861,10 +795,6 @@ loop:
 #ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_EC)
-			digest=EVP_ecdsa();
 #endif
 		if (req == NULL)
 			{
@@ -1150,9 +1080,6 @@ end:
 	OBJ_cleanup();
 #ifndef OPENSSL_NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	if (ec_params != NULL) EC_KEY_free(ec_params);
 #endif
 	apps_shutdown();
 	OPENSSL_EXIT(ex);
@@ -1318,11 +1245,17 @@ start:		for (;;)
 
 			sprintf(buf,"%s_min",v->name);
 			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+				{
+				ERR_clear_error();
 				n_min = -1;
+				}
 
 			sprintf(buf,"%s_max",v->name);
 			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+				{
+				ERR_clear_error();
 				n_max = -1;
+				}
 
 			if (!add_DN_object(subj,v->value,def,value,nid,
 				n_min,n_max, chtype))

apps/rsa.c

@@ -104,7 +104,9 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 	int modulus=0;
 
 	apps_startup();
@@ -156,11 +158,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-sgckey") == 0)
 			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
@@ -212,13 +216,17 @@ bad:
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
+#endif
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");

apps/rsautl.c

@@ -85,7 +85,9 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
+#endif
 	char *keyfile = NULL;
 	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
 	int keyform = FORMAT_PEM;
@@ -125,9 +127,11 @@ int MAIN(int argc, char **argv)
 		} else if (strcmp(*argv,"-keyform") == 0) {
 			if (--argc < 1) badarg = 1;
 			keyform=str2fmt(*(++argv));
+#ifndef OPENSSL_NO_ENGINE
 		} else if(!strcmp(*argv, "-engine")) {
 			if (--argc < 1) badarg = 1;
 			engine = *(++argv);
+#endif
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -162,7 +166,9 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
@@ -305,7 +311,9 @@ static void usage()
 	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
 	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
+#ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
+#endif
 
 }
 

apps/s_apps.h

@@ -112,6 +112,14 @@
 #include <sys/types.h>
 #include <openssl/opensslconf.h>
 
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+#define _kbhit kbhit
+#endif
+
 #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
 /* VAX C does not defined fd_set and friends, but it's actually quite simple */
 /* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */

apps/s_client.c

@@ -136,10 +136,6 @@ typedef unsigned int u_int;
 #include <openssl/rand.h>
 #include "s_apps.h"
 
-#ifdef OPENSSL_SYS_WINDOWS
-#include <conio.h>
-#endif
-
 #ifdef OPENSSL_SYS_WINCE
 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
 #ifdef fileno
@@ -221,8 +217,10 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
 	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
 	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
-	BIO_printf(bio_err,"                 only \"smtp\" is supported.\n");
+	BIO_printf(bio_err,"                 only \"smtp\" and \"pop3\" are supported.\n");
+#ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
+#endif
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 
 	}
@@ -249,14 +247,16 @@ int MAIN(int argc, char **argv)
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
-	int smtp_starttls = 0;
+	int starttls_proto = 0;
 	int prexit = 0, vflags = 0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
 	char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
-#ifdef OPENSSL_SYS_WINDOWS
+#endif
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
 	struct timeval tv;
 #endif
 
@@ -411,15 +411,19 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			++argv;
 			if (strcmp(*argv,"smtp") == 0)
-				smtp_starttls = 1;
+				starttls_proto = 1;
+			else if (strcmp(*argv,"pop3") == 0)
+				starttls_proto = 2;
 			else
 				goto bad;
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if	(strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id = *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -444,7 +448,9 @@ bad:
 	OpenSSL_add_ssl_algorithms();
 	SSL_load_error_strings();
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine_id, 1);
+#endif
 
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
@@ -579,12 +585,18 @@ re_start:
 	sbuf_off=0;
 
 	/* This is an ugly hack that does a lot of assumptions */
-	if (smtp_starttls)
+	if (starttls_proto == 1)
 		{
 		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
+	if (starttls_proto == 2)
+		{
+		BIO_read(sbio,mbuf,BUFSIZZ);
+		BIO_printf(sbio,"STLS\r\n");
+		BIO_read(sbio,sbuf,BUFSIZZ);
+		}
 
 	for (;;)
 		{
@@ -605,11 +617,11 @@ re_start:
 				print_stuff(bio_c_out,con,full_log);
 				if (full_log > 0) full_log--;
 
-				if (smtp_starttls)
+				if (starttls_proto)
 					{
 					BIO_printf(bio_err,"%s",mbuf);
 					/* We don't need to know any more */
-					smtp_starttls = 0;
+					starttls_proto = 0;
 					}
 
 				if (reconnect)
@@ -628,7 +640,7 @@ re_start:
 
 		if (!ssl_pending)
 			{
-#ifndef OPENSSL_SYS_WINDOWS
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
 			if (tty_on)
 				{
 				if (read_tty)  FD_SET(fileno(stdin),&readfds);
@@ -655,8 +667,8 @@ re_start:
 			 * will choke the compiler: if you do have a cast then
 			 * you can either go for (int *) or (void *).
 			 */
-#ifdef OPENSSL_SYS_WINDOWS
-			/* Under Windows we make the assumption that we can
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+                        /* Under Windows/DOS we make the assumption that we can
 			 * always write to the tty: therefore if we need to
 			 * write to the tty we just fall through. Otherwise
 			 * we timeout the select every second and see if there
@@ -670,7 +682,7 @@ re_start:
 					tv.tv_usec = 0;
 					i=select(width,(void *)&readfds,(void *)&writefds,
 						 NULL,&tv);
-#ifdef OPENSSL_SYS_WINCE
+#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
 					if(!i && (!_kbhit() || !read_tty) ) continue;
 #else
 					if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
@@ -839,8 +851,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 				}
 			}
 
-#ifdef OPENSSL_SYS_WINDOWS
-#ifdef OPENSSL_SYS_WINCE
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
 		else if (_kbhit())
 #else
 		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))

apps/s_server.c

@@ -108,17 +108,6 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
 
 #include <assert.h>
 #include <stdio.h>
@@ -151,10 +140,6 @@ typedef unsigned int u_int;
 #include <openssl/rand.h>
 #include "s_apps.h"
 
-#ifdef OPENSSL_SYS_WINDOWS
-#include <conio.h>
-#endif
-
 #ifdef OPENSSL_SYS_WINCE
 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
 #ifdef fileno
@@ -183,7 +168,6 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
 static DH *load_dh_param(char *dhfile);
 static DH *get_dh512(void);
 #endif
-
 #ifdef MONOLITH
 static void s_server_init(void);
 #endif
@@ -222,7 +206,6 @@ static DH *get_dh512(void)
 	}
 #endif
 
-
 /* static int load_CA(SSL_CTX *ctx, char *file);*/
 
 #undef BUFSIZZ
@@ -255,7 +238,9 @@ static int s_msg=0;
 static int s_quiet=0;
 
 static int hack=0;
+#ifndef OPENSSL_NO_ENGINE
 static char *engine_id=NULL;
+#endif
 static const char *session_id_prefix=NULL;
 
 #ifdef MONOLITH
@@ -280,7 +265,9 @@ static void s_server_init(void)
 	s_msg=0;
 	s_quiet=0;
 	hack=0;
+#ifndef OPENSSL_NO_ENGINE
 	engine_id=NULL;
+#endif
 	}
 #endif
 
@@ -300,11 +287,6 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");
 	BIO_printf(bio_err," -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
 	BIO_printf(bio_err,"                 or a default set of parameters is used\n");
-#ifndef OPENSSL_NO_ECDH
-	BIO_printf(bio_err," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
-	                   "                 Use \"openssl ecparam -list_curves\" for all names\n" \
-	                   "                 (default is sect163r2).\n");
-#endif
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
@@ -328,16 +310,15 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
 #ifndef OPENSSL_NO_DH
 	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
-	BIO_printf(bio_err," -no_ecdhe     - Disable ephemeral ECDH\n");
 #endif
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
         BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");
+#ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
+#endif
 	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	}
@@ -505,14 +486,15 @@ int MAIN(int argc, char *argv[])
 	char *CApath=NULL,*CAfile=NULL;
 	char *context = NULL;
 	char *dhfile = NULL;
-	char *named_curve = NULL;
 	int badop=0,bugs=0;
 	int ret=1;
 	int off=0;
-	int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
+	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e=NULL;
+#endif
 	char *inrand=NULL;
 
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
@@ -590,13 +572,6 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			dhfile = *(++argv);
 			}
-#ifndef OPENSSL_NO_ECDH		
-		else if	(strcmp(*argv,"-named_curve") == 0)
-			{
-			if (--argc < 1) goto bad;
-			named_curve = *(++argv);
-			}
-#endif
 		else if	(strcmp(*argv,"-dcert") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -665,8 +640,6 @@ int MAIN(int argc, char *argv[])
 			{ no_tmp_rsa=1; }
 		else if	(strcmp(*argv,"-no_dhe") == 0)
 			{ no_dhe=1; }
-		else if	(strcmp(*argv,"-no_ecdhe") == 0)
-			{ no_ecdhe=1; }
 		else if	(strcmp(*argv,"-www") == 0)
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
@@ -696,11 +669,13 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			session_id_prefix = *(++argv);
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -725,7 +700,9 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine_id, 1);
+#endif
 
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
@@ -749,7 +726,7 @@ bad:
 			}
 		}
 
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
 	if (nocert)
 #endif
 		{
@@ -837,59 +814,6 @@ bad:
 		DH_free(dh);
 		}
 #endif
-
-#ifndef OPENSSL_NO_ECDH
-	if (!no_ecdhe)
-		{
-		EC_KEY *ecdh=NULL;
-
-		ecdh = EC_KEY_new();
-		if (ecdh == NULL)
-			{
-			BIO_printf(bio_err,"Could not create ECDH struct.\n");
-			goto end;
-			}
-
-		if (named_curve)
-			{
-			int nid = OBJ_sn2nid(named_curve);
-
-			if (nid == 0)
-				{
-				BIO_printf(bio_err, "unknown curve name (%s)\n", 
-					named_curve);
-				goto end;
-				}
-
-			ecdh->group = EC_GROUP_new_by_nid(nid);
-			if (ecdh->group == NULL)
-				{
-				BIO_printf(bio_err, "unable to create curve (%s)\n", 
-					named_curve);
-				goto end;
-				}
-			}
-
-		if (ecdh->group != NULL)
-			{
-			BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
-			}
-		else
-			{
-			BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
-			ecdh->group=EC_GROUP_new_by_nid(NID_sect163r2);
-			if (ecdh->group == NULL) 
-				{
-				BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
-				goto end;
-				}
-			}
-		(void)BIO_flush(bio_s_out);
-
-		SSL_CTX_set_tmp_ecdh(ctx,ecdh);
-		EC_KEY_free(ecdh);
-		}
-#endif
 	
 	if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
 		goto end;
@@ -989,7 +913,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	unsigned long l;
 	SSL *con=NULL;
 	BIO *sbio;
-#ifdef OPENSSL_SYS_WINDOWS
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
 	struct timeval tv;
 #endif
 
@@ -1063,7 +987,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		if (!read_from_sslcon)
 			{
 			FD_ZERO(&readfds);
-#ifndef OPENSSL_SYS_WINDOWS
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
 			FD_SET(fileno(stdin),&readfds);
 #endif
 			FD_SET(s,&readfds);
@@ -1073,8 +997,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 			 * the compiler: if you do have a cast then you can either
 			 * go for (int *) or (void *).
 			 */
-#ifdef OPENSSL_SYS_WINDOWS
-			/* Under Windows we can't select on stdin: only
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+                        /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
 			 * on sockets. As a workaround we timeout the select every
 			 * second and check for any keypress. In a proper Windows
 			 * application we wouldn't do this because it is inefficient.
@@ -1335,7 +1259,13 @@ static int init_ssl_connection(SSL *con)
 	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
 		TLS1_FLAGS_TLS_PADDING_BUG)
 		BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
-
+#ifndef OPENSSL_NO_KRB5
+	if (con->kssl_ctx->client_princ != NULL)
+		{
+		BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
+			con->kssl_ctx->client_princ);
+		}
+#endif /* OPENSSL_NO_KRB5 */
 	return(1);
 	}
 

apps/s_socket.c

@@ -62,6 +62,8 @@
 #include <errno.h>
 #include <signal.h>
 
+#include <openssl/e_os2.h>
+
 /* With IPv6, it looks like Digital has mixed up the proper order of
    recursive header file inclusion, resulting in the compiler complaining
    that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
@@ -79,14 +81,6 @@ typedef unsigned int u_int;
 #include "s_apps.h"
 #include <openssl/ssl.h>
 
-#ifdef FLAT_INC
-#include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
-
-#ifndef OPENSSL_NO_SOCK
-
 static struct hostent *GetHostByName(char *name);
 #ifdef OPENSSL_SYS_WINDOWS
 static void ssl_sock_cleanup(void);
@@ -559,5 +553,3 @@ static struct hostent *GetHostByName(char *name)
 		return(ret);
 		}
 	}
-
-#endif

apps/smime.c

@@ -104,7 +104,9 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
         int keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 
 	args = argv + 1;
 	ret = 1;
@@ -166,6 +168,10 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_BINARY;
 		else if (!strcmp (*args, "-nosigs"))
 				flags |= PKCS7_NOSIGS;
+		else if (!strcmp (*args, "-nooldmime"))
+				flags |= PKCS7_NOOLDMIMETYPE;
+		else if (!strcmp (*args, "-crlfeol"))
+				flags |= PKCS7_CRLFEOL;
 		else if (!strcmp (*args, "-crl_check"))
 				store_flags |= X509_V_FLAG_CRL_CHECK;
 		else if (!strcmp (*args, "-crl_check_all"))
@@ -176,11 +182,13 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
+#ifndef OPENSSL_NO_ENGINE
 		} else if (!strcmp(*args,"-engine")) {
 			if (args[1]) {
 				args++;
 				engine = *args;
 			} else badarg = 1;
+#endif
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -330,7 +338,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
 		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
 		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
+#endif
 		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
@@ -339,7 +349,9 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");

apps/speed.c

@@ -55,28 +55,15 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The ECDH and ECDSA speed test software is originally written by 
- * Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
 
 /* most of this code has been pilfered from my libdes speed.c program */
 
+#ifndef OPENSSL_NO_SPEED
+
 #undef SECONDS
 #define SECONDS		3	
 #define RSA_SECONDS	10
 #define DSA_SECONDS	10
-#define ECDSA_SECONDS   10
-#define ECDH_SECONDS    10
 
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
@@ -199,12 +186,6 @@
 #ifndef OPENSSL_NO_DSA
 #include "./testdsa.h"
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
@@ -248,10 +229,6 @@ static int do_multi(int multi);
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
-
-#define EC_NUM       16
-#define MAX_ECDH_SIZE 256
-
 static const char *names[ALGOR_NUM]={
   "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
   "des cbc","des ede3","idea cbc",
@@ -261,9 +238,6 @@ static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
 static double rsa_results[RSA_NUM][2];
 static double dsa_results[DSA_NUM][2];
-static double ecdsa_results[EC_NUM][2];
-static double ecdh_results[EC_NUM][1];
-
 
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
@@ -398,7 +372,9 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
+#endif
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
 	long count=0,save_count=0;
@@ -506,24 +482,6 @@ int MAIN(int argc, char **argv)
 #define	R_RSA_1024	1
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
-
-#define R_EC_P160    0
-#define R_EC_P192    1	
-#define R_EC_P224    2
-#define R_EC_P256    3
-#define R_EC_P384    4
-#define R_EC_P521    5
-#define R_EC_K163    6
-#define R_EC_K233    7
-#define R_EC_K283    8
-#define R_EC_K409    9
-#define R_EC_K571    10
-#define R_EC_B163    11
-#define R_EC_B233    12
-#define R_EC_B283    13
-#define R_EC_B409    14
-#define R_EC_B571    15
-
 #ifndef OPENSSL_NO_RSA
 	RSA *rsa_key[RSA_NUM];
 	long rsa_c[RSA_NUM][2];
@@ -539,83 +497,8 @@ int MAIN(int argc, char **argv)
 	long dsa_c[DSA_NUM][2];
 	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
 #endif
-#ifndef OPENSSL_NO_EC
-	/* We only test over the following curves as they are representative, 
-	 * To add tests over more curves, simply add the curve NID
-	 * and curve name to the following arrays and increase the 
-	 * EC_NUM value accordingly. 
-	 */
-	static unsigned int test_curves[EC_NUM] = 
-	{	
-	/* Prime Curves */
-	NID_secp160r1,
-	NID_X9_62_prime192v1,
-	NID_secp224r1,
-	NID_X9_62_prime256v1,
-	NID_secp384r1,
-	NID_secp521r1,
-	/* Binary Curves */
-	NID_sect163k1,
-	NID_sect233k1,
-	NID_sect283k1,
-	NID_sect409k1,
-	NID_sect571k1,
-	NID_sect163r2,
-	NID_sect233r1,
-	NID_sect283r1,
-	NID_sect409r1,
-	NID_sect571r1
-	}; 
-	static char * test_curves_names[EC_NUM] = 
-	{
-	/* Prime Curves */
-	"secp160r1",
-	"nistp192",
-	"nistp224",
-	"nistp256",
-	"nistp384",
-	"nistp521",
-	/* Binary Curves */
-	"nistk163",
-	"nistk233",
-	"nistk283",
-	"nistk409",
-	"nistk571",
-	"nistb163",
-	"nistb233",
-	"nistb283",
-	"nistb409",
-	"nistb571"
-	};
-	static int test_curves_bits[EC_NUM] =
-        {
-        160, 192, 224, 256, 384, 521,
-        163, 233, 283, 409, 571,
-        163, 233, 283, 409, 571
-        };
-
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-        unsigned char ecdsasig[256];
-        unsigned int ecdsasiglen;
-        EC_KEY *ecdsa[EC_NUM];
-        long ecdsa_c[EC_NUM][2];
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-        EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
-        unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
-        int secret_size_a, secret_size_b;
-        int ecdh_checks = 0;
-        int secret_idx = 0;
-        long ecdh_c[EC_NUM][2];
-#endif
-
 	int rsa_doit[RSA_NUM];
 	int dsa_doit[DSA_NUM];
-	int ecdsa_doit[EC_NUM];
-        int ecdh_doit[EC_NUM];
 	int doit[ALGOR_NUM];
 	int pr_header=0;
 	const EVP_CIPHER *evp_cipher=NULL;
@@ -634,17 +517,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_DSA
 	memset(dsa_key,0,sizeof(dsa_key));
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	for (i=0; i<EC_NUM; i++)
-		{
-		ecdh_a[i] = NULL;
-		ecdh_b[i] = NULL;
-		}
-#endif
-
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
@@ -683,15 +555,6 @@ int MAIN(int argc, char **argv)
 		rsa_doit[i]=0;
 	for (i=0; i<DSA_NUM; i++)
 		dsa_doit[i]=0;
-#ifndef OPENSSL_NO_ECDSA
-	for (i=0; i<EC_NUM; i++)
-		ecdsa_doit[i]=0;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	for (i=0; i<EC_NUM; i++)
-		ecdh_doit[i]=0;
-#endif
-
 	
 	j=0;
 	argc--;
@@ -731,6 +594,7 @@ int MAIN(int argc, char **argv)
 			j--;	/* Otherwise, -elapsed gets confused with
 				   an algorithm. */
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
 			{
 			argc--;
@@ -747,6 +611,7 @@ int MAIN(int argc, char **argv)
 			   means all of them should be run) */
 			j--;
 			}
+#endif
 #ifdef HAVE_FORK
 		else if	((argc > 0) && (strcmp(*argv,"-multi") == 0))
 			{
@@ -910,52 +775,6 @@ int MAIN(int argc, char **argv)
 			dsa_doit[R_DSA_1024]=1;
 			}
 		else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		     if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
-		else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
-		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
-		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
-		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
-		else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
-		else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
-		else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
-		else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
-		else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
-		else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
-		else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
-		else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
-		else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
-		else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
-		else if (strcmp(*argv,"ecdsa") == 0)
-			{
-			for (i=0; i < EC_NUM; i++)
-				ecdsa_doit[i]=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_ECDH
-		     if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
-		else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
-		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
-		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
-		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
-		else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
-		else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
-		else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
-		else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
-		else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
-		else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
-		else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
-		else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
-		else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
-		else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
-		else if (strcmp(*argv,"ecdh") == 0)
-			{
-			for (i=0; i < EC_NUM; i++)
-				ecdh_doit[i]=1;
-			}
-		else
 #endif
 			{
 			BIO_printf(bio_err,"Error: bad option or value\n");
@@ -1022,18 +841,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_DSA
 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
 #endif
-#ifndef OPENSSL_NO_ECDSA
-			BIO_printf(bio_err,"ecdsap160 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
-			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
-			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
-			BIO_printf(bio_err,"ecdsa\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
-			BIO_printf(bio_err,"ecdhp160  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
-			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
-			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
-			BIO_printf(bio_err,"ecdh\n");
-#endif
 
 #ifndef OPENSSL_NO_IDEA
 			BIO_printf(bio_err,"idea     ");
@@ -1064,7 +871,9 @@ int MAIN(int argc, char **argv)
 #if defined(TIMES) || defined(USE_TOD)
 			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
+#ifndef OPENSSL_NO_ENGINE
 			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
+#endif
 			BIO_printf(bio_err,"-evp e          use EVP e.\n");
 			BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
 			BIO_printf(bio_err,"-mr             produce machine readable output.\n");
@@ -1263,114 +1072,6 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 
-#ifndef OPENSSL_NO_ECDSA
-	ecdsa_c[R_EC_P160][0]=count/1000;
-	ecdsa_c[R_EC_P160][1]=count/1000/2;
-	for (i=R_EC_P224; i<=R_EC_P521; i++)
-		{
-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-			ecdsa_doit[i]=0;
-		else
-			{
-			if (ecdsa_c[i] == 0)
-				{
-				ecdsa_c[i][0]=1;
-				ecdsa_c[i][1]=1;
-				}
-			}
-		}
-	ecdsa_c[R_EC_K163][0]=count/1000;
-	ecdsa_c[R_EC_K163][1]=count/1000/2;
-	for (i=R_EC_K233; i<=R_EC_K571; i++)
-		{
-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-			ecdsa_doit[i]=0;
-		else
-			{
-			if (ecdsa_c[i] == 0)
-				{
-				ecdsa_c[i][0]=1;
-				ecdsa_c[i][1]=1;
-				}
-			}
-		}
-	ecdsa_c[R_EC_B163][0]=count/1000;
-	ecdsa_c[R_EC_B163][1]=count/1000/2;
-	for (i=R_EC_B233; i<=R_EC_B571; i++)
-		{
-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-			ecdsa_doit[i]=0;
-		else
-			{
-			if (ecdsa_c[i] == 0)
-				{
-				ecdsa_c[i][0]=1;
-				ecdsa_c[i][1]=1;
-				}
-			}
-		}
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	ecdh_c[R_EC_P160][0]=count/1000;
-	ecdh_c[R_EC_P160][1]=count/1000;
-	for (i=R_EC_P224; i<=R_EC_P521; i++)
-		{
-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-			ecdh_doit[i]=0;
-		else
-			{
-			if (ecdh_c[i] == 0)
-				{
-				ecdh_c[i][0]=1;
-				ecdh_c[i][1]=1;
-				}
-			}
-		}
-	ecdh_c[R_EC_K163][0]=count/1000;
-	ecdh_c[R_EC_K163][1]=count/1000;
-	for (i=R_EC_K233; i<=R_EC_K571; i++)
-		{
-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-			ecdh_doit[i]=0;
-		else
-			{
-			if (ecdh_c[i] == 0)
-				{
-				ecdh_c[i][0]=1;
-				ecdh_c[i][1]=1;
-				}
-			}
-		}
-	ecdh_c[R_EC_B163][0]=count/1000;
-	ecdh_c[R_EC_B163][1]=count/1000;
-	for (i=R_EC_B233; i<=R_EC_B571; i++)
-		{
-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-			ecdh_doit[i]=0;
-		else
-			{
-			if (ecdh_c[i] == 0)
-				{
-				ecdh_c[i][0]=1;
-				ecdh_c[i][1]=1;
-				}
-			}
-		}
-#endif
-
 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
 #else
@@ -1896,220 +1597,6 @@ int MAIN(int argc, char **argv)
 		}
 	if (rnd_fake) RAND_cleanup();
 #endif
-
-#ifndef OPENSSL_NO_ECDSA
-	if (RAND_status() != 1) 
-		{
-		RAND_seed(rnd_seed, sizeof rnd_seed);
-		rnd_fake = 1;
-		}
-	for (j=0; j<EC_NUM; j++) 
-		{
-		int ret;
-
-		if (!ecdsa_doit[j]) continue; /* Ignore Curve */ 
-		ecdsa[j] = EC_KEY_new();
-		if (ecdsa[j] == NULL) 
-			{
-			BIO_printf(bio_err,"ECDSA failure.\n");
-			ERR_print_errors(bio_err);
-			rsa_count=1;
-			} 
-		else 
-			{
-			ecdsa[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
-			/* Could not obtain group information */
-			if (ecdsa[j]->group == NULL) 
-				{
-				BIO_printf(bio_err,"ECDSA failure.Could not obtain group information\n");
-				ERR_print_errors(bio_err);
-				rsa_count=1;
-				} 
-			else 
-				{
-				/* Perform ECDSA signature test */
-				EC_KEY_generate_key(ecdsa[j]);
-				ret = ECDSA_sign(0, buf, 20, ecdsasig, 
-					&ecdsasiglen, ecdsa[j]);
-				if (ret == 0) 
-					{
-					BIO_printf(bio_err,"ECDSA sign failure.  No ECDSA sign will be done.\n");
-					ERR_print_errors(bio_err);
-					rsa_count=1;
-					} 
-				else 
-					{
-					pkey_print_message("sign","ecdsa",
-						ecdsa_c[j][0], 
-						test_curves_bits[j],
-						ECDSA_SECONDS);
-
-					Time_F(START);
-					for (count=0,run=1; COND(ecdsa_c[j][0]);
-						count++) 
-						{
-						ret=ECDSA_sign(0, buf, 20, 
-							ecdsasig, &ecdsasiglen,
-							ecdsa[j]);
-						if (ret == 0) 
-							{
-							BIO_printf(bio_err, "ECDSA sign failure\n");
-							ERR_print_errors(bio_err);
-							count=1;
-							break;
-							}
-						}
-						d=Time_F(STOP);
-
-						BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
-						"%ld %d bit ECDSA signs in %.2fs \n", 
-						count, test_curves_bits[j], d);
-						ecdsa_results[j][0]=d/(double)count;
-						rsa_count=count;
-					}
-
-				/* Perform ECDSA verification test */
-				ret=ECDSA_verify(0, buf, 20, ecdsasig, 
-					ecdsasiglen, ecdsa[j]);
-				if (ret != 1) 
-					{
-					BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");
-					ERR_print_errors(bio_err);
-					ecdsa_doit[j] = 0;
-					} 
-				else 
-					{
-					pkey_print_message("verify","ecdsa",
-					ecdsa_c[j][1],
-					test_curves_bits[j],
-					ECDSA_SECONDS);
-					Time_F(START);
-					for (count=0,run=1; COND(ecdsa_c[j][1]); count++) 
-						{
-						ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
-						if (ret != 1) 
-							{
-							BIO_printf(bio_err, "ECDSA verify failure\n");
-							ERR_print_errors(bio_err);
-							count=1;
-							break;
-							}
-						}
-						d=Time_F(STOP);
-						BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
-							: "%ld %d bit ECDSA verify in %.2fs\n",
-						count, test_curves_bits[j], d);
-						ecdsa_results[j][1]=d/(double)count;
-					}
-
-				if (rsa_count <= 1) 
-					{
-					/* if longer than 10s, don't do any more */
-					for (j++; j<EC_NUM; j++)
-					ecdsa_doit[j]=0;
-					}
-				}
-			}
-		}
-	if (rnd_fake) RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	if (RAND_status() != 1)
-		{
-		RAND_seed(rnd_seed, sizeof rnd_seed);
-		rnd_fake = 1;
-		}
-	for (j=0; j<EC_NUM; j++)
-		{
-		if (!ecdh_doit[j]) continue;
-		ecdh_a[j] = EC_KEY_new();
-		ecdh_b[j] = EC_KEY_new();
-		if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
-			{
-			BIO_printf(bio_err,"ECDH failure.\n");
-			ERR_print_errors(bio_err);
-			rsa_count=1;
-			}
-		else
-			{
-			ecdh_a[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
-			if (ecdh_a[j]->group == NULL)
-				{
-				BIO_printf(bio_err,"ECDH failure.\n");
-				ERR_print_errors(bio_err);
-				rsa_count=1;
-				}
-			else
-				{
-				ecdh_b[j]->group = ecdh_a[j]->group;
-
-				/* generate two ECDH key pairs */
-				if (!EC_KEY_generate_key(ecdh_a[j]) ||
-					!EC_KEY_generate_key(ecdh_b[j]))
-					{
-					BIO_printf(bio_err,"ECDH key generation failure.\n");
-					ERR_print_errors(bio_err);
-					rsa_count=1;		
-					}
-				else
-					{
-					secret_size_a = ECDH_compute_key(secret_a, 
-						ecdh_b[j]->pub_key,
-						ecdh_a[j]);
-					secret_size_b = ECDH_compute_key(secret_b, 
-						ecdh_a[j]->pub_key,
-						ecdh_b[j]);
-					if (secret_size_a != secret_size_b) 
-						ecdh_checks = 0;
-					else
-						ecdh_checks = 1;
-
-					for (secret_idx = 0; 
-					    (secret_idx < secret_size_a)
-						&& (ecdh_checks == 1);
-					    secret_idx++)
-						{
-						if (secret_a[secret_idx] != secret_b[secret_idx])
-						ecdh_checks = 0;
-						}
-
-					if (ecdh_checks == 0)
-						{
-						BIO_printf(bio_err,"ECDH computations don't match.\n");
-						ERR_print_errors(bio_err);
-						rsa_count=1;		
-						}
-
-					pkey_print_message("","ecdh",
-					ecdh_c[j][0], 
-					test_curves_bits[j],
-					ECDH_SECONDS);
-					Time_F(START);
-					for (count=0,run=1; COND(ecdh_c[j][0]); count++)
-						{
-						ECDH_compute_key(secret_a, 
-						ecdh_b[j]->pub_key,
-						ecdh_a[j]);
-						}
-					d=Time_F(STOP);
-					BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
-					count, test_curves_bits[j], d);
-					ecdh_results[j][0]=d/(double)count;
-					rsa_count=count;
-					}
-				}
-			}
-
-		if (rsa_count <= 1)
-			{
-			/* if longer than 10s, don't do any more */
-			for (j++; j<EC_NUM; j++)
-			ecdh_doit[j]=0;
-			}
-		}
-	if (rnd_fake) RAND_cleanup();
-#endif
 #ifdef HAVE_FORK
 show_res:
 #endif
@@ -2235,57 +1722,7 @@ show_res:
 				1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	j=1;
-	for (k=0; k<EC_NUM; k++)
-		{
-		if (!ecdsa_doit[k]) continue;
-		if (j && !mr)
-			{
-			printf("%30ssign    verify    sign/s verify/s\n"," ");
-			j=0;
-			}
-
-		if (mr)
-			fprintf(stdout,"+F4:%u:%u:%f:%f\n", 
-				k, test_curves_bits[k],
-				ecdsa_results[k][0],ecdsa_results[k][1]);
-		else
-			fprintf(stdout,
-				"%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", 
-				test_curves_bits[k],
-				test_curves_names[k],
-				ecdsa_results[k][0],ecdsa_results[k][1], 
-				1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);
-		}
-#endif
-
-
-#ifndef OPENSSL_NO_ECDH
-	j=1;
-	for (k=0; k<EC_NUM; k++)
-		{
-		if (!ecdh_doit[k]) continue;
-		if (j && !mr)
-			{
-			printf("%30sop      op/s\n"," ");
-			j=0;
-			}
-		if (mr)
-			fprintf(stdout,"+F5:%u:%u:%f:%f\n",
-				k, test_curves_bits[k],
-				ecdh_results[k][0], 1.0/ecdh_results[k][0]);
-
-		else
-			fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",
-				test_curves_bits[k],
-				test_curves_names[k],
-				ecdh_results[k][0], 1.0/ecdh_results[k][0]);
-		}
-#endif
-
 	mret=0;
-
 end:
 	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
@@ -2300,22 +1737,6 @@ end:
 		if (dsa_key[i] != NULL)
 			DSA_free(dsa_key[i]);
 #endif
-
-#ifndef OPENSSL_NO_ECDSA
-	for (i=0; i<EC_NUM; i++)
-		if (ecdsa[i] != NULL)
-			EC_KEY_free(ecdsa[i]);
-#endif
-#ifndef OPENSSL_NO_ECDH
-	for (i=0; i<EC_NUM; i++)
-	{
-		if (ecdh_a[i] != NULL)
-			EC_KEY_free(ecdh_a[i]);
-		if (ecdh_b[i] != NULL)
-			EC_KEY_free(ecdh_b[i]);
-	}
-#endif
-
 	apps_shutdown();
 	OPENSSL_EXIT(mret);
 	}
@@ -2517,49 +1938,6 @@ static int do_multi(int multi)
 				else
 					dsa_results[k][1]=d;
 				}
-#ifndef OPENSSL_NO_ECDSA
-			else if(!strncmp(buf,"+F4:",4))
-				{
-				int k;
-				double d;
-				
-				p=buf+4;
-				k=atoi(sstrsep(&p,sep));
-				sstrsep(&p,sep);
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);
-				else
-					ecdsa_results[k][0]=d;
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);
-				else
-					ecdsa_results[k][1]=d;
-				}
-#endif 
-
-#ifndef OPENSSL_NO_ECDH
-			else if(!strncmp(buf,"+F5:",4))
-				{
-				int k;
-				double d;
-				
-				p=buf+4;
-				k=atoi(sstrsep(&p,sep));
-				sstrsep(&p,sep);
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);
-				else
-					ecdh_results[k][0]=d;
-
-				}
-#endif
-
 			else if(!strncmp(buf,"+H:",3))
 				{
 				}
@@ -2570,3 +1948,4 @@ static int do_multi(int multi)
 	return 1;
 	}
 #endif
+#endif

apps/spkac.c

@@ -92,7 +92,9 @@ int MAIN(int argc, char **argv)
 	CONF *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 
 	apps_startup();
 
@@ -141,11 +143,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -171,7 +175,9 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
+#ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
+#endif
 		goto end;
 		}
 
@@ -181,7 +187,9 @@ bad:
 		goto end;
 	}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if(keyfile) {
 		pkey = load_key(bio_err,

apps/verify.c

@@ -86,7 +86,9 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -142,11 +144,13 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
 				}
+#ifndef OPENSSL_NO_ENGINE
 			else if (strcmp(*argv,"-engine") == 0)
 				{
 				if (--argc < 1) goto end;
 				engine= *(++argv);
 				}
+#endif
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-ignore_critical") == 0)
@@ -170,7 +174,9 @@ int MAIN(int argc, char **argv)
 			break;
 		}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
@@ -219,7 +225,11 @@ int MAIN(int argc, char **argv)
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+#ifndef OPENSSL_NO_ENGINE
+		BIO_printf(bio_err," [-engine e]");
+#endif
+		BIO_printf(bio_err," cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;

apps/version.c

@@ -172,19 +172,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 
-	if (version)
-		{
-		if (SSLeay() == SSLEAY_VERSION_NUMBER)
-			{
-			printf("%s\n",SSLeay_version(SSLEAY_VERSION));
-			}
-		else
-			{
-			printf("%s (Library: %s)\n",
-				OPENSSL_VERSION_TEXT,
-				SSLeay_version(SSLEAY_VERSION));
-			}
-		}
+	if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION));
 	if (date)    printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
 	if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
 	if (options) 

apps/x509.c

@@ -131,7 +131,9 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
+#ifndef OPENSSL_NO_ENGINE
 " -engine e       - use engine e, possibly a hardware device.\n",
+#endif
 " -certopt arg    - various certificate text options\n",
 NULL
 };
@@ -183,7 +185,9 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0, certflag = 0;
+#ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+#endif
 
 	reqfile=0;
 
@@ -354,17 +358,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
 			}
-		else if (strcmp(*argv,"-setalias") == 0)
-			{
-			if (--argc < 1) goto bad;
-			alias= *(++argv);
-			trustout = 1;
-			}
+#ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
@@ -450,7 +450,9 @@ bad:
 		goto end;
 		}
 
+#ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine, 0);
+#endif
 
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);
@@ -870,10 +872,6 @@ bad:
 		                if (Upkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (Upkey->type == EVP_PKEY_EC)
-					digest=EVP_ecdsa();
-#endif
 
 				assert(need_rand);
 				if (!sign(x,Upkey,days,clrext,digest,
@@ -894,10 +892,6 @@ bad:
 		                if (CApkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (CApkey->type == EVP_PKEY_EC)
-					digest = EVP_ecdsa();
-#endif
 				
 				assert(need_rand);
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
@@ -929,10 +923,6 @@ bad:
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (pk->type == EVP_PKEY_EC)
-					digest=EVP_ecdsa();
-#endif
 
 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
@@ -1155,7 +1145,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	else if (!(bs = load_serial(CAfile, serialfile, create)))
 		goto end;
 
-	if (!X509_STORE_add_cert(ctx,x)) goto end;
+/*	if (!X509_STORE_add_cert(ctx,x)) goto end;*/
 
 	/* NOTE: this certificate can/should be self signed, unless it was
 	 * a certificate request in which case it is not. */

bugs/SSLv3

@@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when
 doing a re-connect, always takes the first cipher in the cipher list.
 
 If we accept a netscape connection, demand a client cert, have a
-non-self-sighed CA which does not have it's CA in netscape, and the
+non-self-signed CA which does not have it's CA in netscape, and the
 browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta
 
 Netscape browsers do not really notice the server sending a

config

@@ -74,34 +74,27 @@ if [ "x$XREL" != "x" ]; then
 		echo "whatever-whatever-sco5"; exit 0
 		;;
 	    4.2MP)
-		if [ "x$VERSION" = "x2.01" ]; then
-		    echo "${MACHINE}-whatever-unixware201"; exit 0
-		elif [ "x$VERSION" = "x2.02" ]; then
-		    echo "${MACHINE}-whatever-unixware202"; exit 0
-		elif [ "x$VERSION" = "x2.03" ]; then
-		    echo "${MACHINE}-whatever-unixware203"; exit 0
-		elif [ "x$VERSION" = "x2.1.1" ]; then
-		    echo "${MACHINE}-whatever-unixware211"; exit 0
-		elif [ "x$VERSION" = "x2.1.2" ]; then
-		    echo "${MACHINE}-whatever-unixware212"; exit 0
-		elif [ "x$VERSION" = "x2.1.3" ]; then
-		    echo "${MACHINE}-whatever-unixware213"; exit 0
-		else
-		    echo "${MACHINE}-whatever-unixware2"; exit 0
-		fi
+		case "x${VERSION}" in
+		    x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;;
+		    x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;;
+		    x2*)   echo "whatever-whatever-unixware2";  exit 0 ;;
+		esac
 		;;
 	    4.2)
-		echo "whatever-whatever-unixware1"; exit 0
-		;;
-	    OpenUNIX)
-		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
-		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
-		fi
+		echo "i386-whatever-unixware1"; exit 0
 		;;
 	    5)
-		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
-		    echo "${MACHINE}-sco-unixware7"; exit 0
-		fi
+		case "x${VERSION}" in
+		    # We hardcode i586 in place of ${MACHINE} for the
+		    # following reason. The catch is that even though Pentium
+		    # is minimum requirement for platforms in question,
+		    # ${MACHINE} gets always assigned to i386. Now, problem
+		    # with i386 is that it makes ./config pass 386 to
+		    # ./Configure, which in turn makes make generate
+		    # inefficient SHA-1 (for this moment) code.
+		    x7*)  echo "i586-sco-unixware7";           exit 0 ;;
+		    x8*)  echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;;
+		esac
 		;;
 	esac
     fi
@@ -464,6 +457,10 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
   fi
 fi
 
+if [ "${SYSTEM}" = "AIX" ]; then	# favor vendor cc over gcc
+    (cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc
+fi
+
 CCVER=${CCVER:-0}
 
 # read the output of the embedded GuessOS 
@@ -476,7 +473,7 @@ echo Operating system: $GUESSOS
 # more time that I want to waste at the moment
 case "$GUESSOS" in
   mips2-sgi-irix)
-	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
 	CPU=${CPU:-0}
 	if [ $CPU -ge 4000 ]; then
 		options="$options -mips2"
@@ -484,7 +481,7 @@ case "$GUESSOS" in
 	OUT="irix-$CC"
 	;;
   mips3-sgi-irix)
-	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
 	CPU=${CPU:-0}
 	if [ $CPU -ge 5000 ]; then
 		options="$options -mips4"
@@ -500,7 +497,7 @@ case "$GUESSOS" in
 	  echo "         You have about 5 seconds to press Ctrl-C to abort."
 	  (stty -icanon min 0 time 50; read waste) < /dev/tty
 	fi
-        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
         CPU=${CPU:-0}
         if [ $CPU -ge 5000 ]; then
                 options="$options -mips4"
@@ -644,6 +641,7 @@ EOF
   *-*-sunos4) OUT="sunos-$CC" ;;
   alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
   sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
+  ia64-*-freebsd*) OUT="FreeBSD-ia64" ;;
   *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
   *-freebsd[1-2]*) OUT="FreeBSD" ;;
   *86*-*-netbsd) OUT="NetBSD-x86" ;;
@@ -702,7 +700,7 @@ EOF
 	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
 	     echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
 	     echo "         If you wish to build 32-bit library, the you have to"
-	     echo "         invoke './Configure hpux-ia64-cc' *manually*."
+	     echo "         invoke './Configure hpux-ia32-cc' *manually*."
 	     if [ "$TEST" = "false" ]; then
 		echo "         You have about 5 seconds to press Ctrl-C to abort."
 		(stty -icanon min 0 time 50; read waste) < /dev/tty

crypto/Makefile.ssl

@@ -28,7 +28,7 @@ LIBS=
 
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa ecdh dh dso engine aes \
+	bn ec rsa dsa dh dso engine aes \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
 

crypto/aes/aes.h

@@ -100,7 +100,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
 	unsigned char *ivec, int *num);
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 	const unsigned long length, const AES_KEY *key,
-	unsigned char counter[AES_BLOCK_SIZE],
+	unsigned char ivec[AES_BLOCK_SIZE],
 	unsigned char ecount_buf[AES_BLOCK_SIZE],
 	unsigned int *num);
 

crypto/aes/aes_cbc.c

@@ -86,7 +86,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			for(n=len; n < AES_BLOCK_SIZE; ++n)
 				tmp[n] = ivec[n];
 			AES_encrypt(tmp, tmp, key);
-			memcpy(out, tmp, len);
+			memcpy(out, tmp, AES_BLOCK_SIZE);
 			memcpy(ivec, tmp, AES_BLOCK_SIZE);
 		}			
 	} else {

crypto/aes/aes_core.c

@@ -750,7 +750,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 	rk[2] = GETU32(userKey +  8);
 	rk[3] = GETU32(userKey + 12);
 	if (bits == 128) {
-		for (;;) {
+		while (1) {
 			temp  = rk[3];
 			rk[4] = rk[0] ^
 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
@@ -770,7 +770,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 	rk[4] = GETU32(userKey + 16);
 	rk[5] = GETU32(userKey + 20);
 	if (bits == 192) {
-		for (;;) {
+		while (1) {
 			temp = rk[ 5];
 			rk[ 6] = rk[ 0] ^
 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
@@ -792,7 +792,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 	rk[6] = GETU32(userKey + 24);
 	rk[7] = GETU32(userKey + 28);
 	if (bits == 256) {
-		for (;;) {
+		while (1) {
 			temp = rk[ 7];
 			rk[ 8] = rk[ 0] ^
 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^

crypto/aes/aes_ctr.c

@@ -62,19 +62,49 @@
 /* NOTE: CTR mode is big-endian.  The rest of the AES code
  * is endian-neutral. */
 
-/* increment counter (128-bit int) by 2^64 */
+/* increment counter (128-bit int) by 1 */
 static void AES_ctr128_inc(unsigned char *counter) {
 	unsigned long c;
 
-	/* Grab 3rd dword of counter and increment */
+	/* Grab bottom dword of counter and increment */
 #ifdef L_ENDIAN
-	c = GETU32(counter + 8);
+	c = GETU32(counter +  0);
 	c++;
-	PUTU32(counter + 8, c);
+	PUTU32(counter +  0, c);
 #else
-	c = GETU32(counter + 4);
+	c = GETU32(counter + 12);
 	c++;
-	PUTU32(counter + 4, c);
+	PUTU32(counter + 12, c);
+#endif
+
+	/* if no overflow, we're done */
+	if (c)
+		return;
+
+	/* Grab 1st dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  4);
+	c++;
+	PUTU32(counter +  4, c);
+#else
+	c = GETU32(counter +  8);
+	c++;
+	PUTU32(counter +  8, c);
+#endif
+
+	/* if no overflow, we're done */
+	if (c)
+		return;
+
+	/* Grab 2nd dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  8);
+	c++;
+	PUTU32(counter +  8, c);
+#else
+	c = GETU32(counter +  4);
+	c++;
+	PUTU32(counter +  4, c);
 #endif
 
 	/* if no overflow, we're done */
@@ -100,10 +130,16 @@ static void AES_ctr128_inc(unsigned char *counter) {
  * encrypted counter is kept in ecount_buf.  Both *num and
  * ecount_buf must be initialised with zeros before the first
  * call to AES_ctr128_encrypt().
+ *
+ * This algorithm assumes that the counter is in the x lower bits
+ * of the IV (ivec), and that the application has full control over
+ * overflow and the rest of the IV.  This implementation takes NO
+ * responsability for checking that the counter doesn't overflow
+ * into the rest of the IV when incremented.
  */
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 	const unsigned long length, const AES_KEY *key,
-	unsigned char counter[AES_BLOCK_SIZE],
+	unsigned char ivec[AES_BLOCK_SIZE],
 	unsigned char ecount_buf[AES_BLOCK_SIZE],
 	unsigned int *num) {
 
@@ -117,8 +153,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 
 	while (l--) {
 		if (n == 0) {
-			AES_encrypt(counter, ecount_buf, key);
-			AES_ctr128_inc(counter);
+			AES_encrypt(ivec, ecount_buf, key);
+ 			AES_ctr128_inc(ivec);
 		}
 		*(out++) = *(in++) ^ ecount_buf[n];
 		n = (n+1) % AES_BLOCK_SIZE;

crypto/asn1/a_enum.c

@@ -147,7 +147,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
 		goto err;
 		}
-	if(BN_get_sign(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
+	if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED;
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
@@ -175,6 +175,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
 
 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_sign(ret,1);
+	else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1;
 	return(ret);
 	}

crypto/asn1/a_int.c

@@ -393,8 +393,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
 		goto err;
 		}
-	if (BN_get_sign(bn))
-		ret->type = V_ASN1_NEG_INTEGER;
+	if(bn->neg) ret->type = V_ASN1_NEG_INTEGER;
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
@@ -427,8 +426,7 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
 
 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_INTEGER)
-		BN_set_sign(ret, 1);
+	else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1;
 	return(ret);
 	}
 

crypto/asn1/a_mbstr.c

@@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg)
 
 static int out_utf8(unsigned long value, void *arg)
 {
-	long *outlen;
+	int *outlen;
 	outlen = arg;
 	*outlen += UTF8_putc(NULL, -1, value);
 	return 1;

crypto/asn1/a_strex.c

@@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
  * otherwise it is the number of bytes per character
  */
 
-const static char tag2nbyte[] = {
+const static signed char tag2nbyte[] = {
 	-1, -1, -1, -1, -1,	/* 0-4 */
 	-1, -1, -1, -1, -1,	/* 5-9 */
 	-1, -1, 0, -1,		/* 10-13 */

crypto/asn1/a_strnid.c

@@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 /* Now the tables and helper functions for the string table:
  */
 
-/* size limits: this stuff is taken straight from RFC2459 */
+/* size limits: this stuff is taken straight from RFC3280 */
 
 #define ub_name				32768
 #define ub_common_name			64
@@ -153,6 +153,8 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 #define ub_organization_unit_name	64
 #define ub_title			64
 #define ub_email_address		128
+#define ub_serial_number		64
+
 
 /* This table must be kept in NID order */
 
@@ -170,9 +172,11 @@ static ASN1_STRING_TABLE tbl_standard[] = {
 {NID_givenName,			1, ub_name, DIRSTRING_TYPE, 0},
 {NID_surname,			1, ub_name, DIRSTRING_TYPE, 0},
 {NID_initials,			1, ub_name, DIRSTRING_TYPE, 0},
+{NID_serialNumber,		1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
 {NID_friendlyName,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
 {NID_name,			1, ub_name, DIRSTRING_TYPE, 0},
 {NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_domainComponent,		1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
 {NID_ms_csp_name,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
 };
 
@@ -249,4 +253,38 @@ static void st_free(ASN1_STRING_TABLE *tbl)
 	if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
 }
 
+
 IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
+
+#ifdef STRING_TABLE_TEST
+
+main()
+{
+	ASN1_STRING_TABLE *tmp;
+	int i, last_nid = -1;
+
+	for (tmp = tbl_standard, i = 0;
+		i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
+		{
+			if (tmp->nid < last_nid)
+				{
+				last_nid = 0;
+				break;
+				}
+			last_nid = tmp->nid;
+		}
+
+	if (last_nid != 0)
+		{
+		printf("Table order OK\n");
+		exit(0);
+		}
+
+	for (tmp = tbl_standard, i = 0;
+		i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
+			printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
+							OBJ_nid2ln(tmp->nid));
+
+}
+
+#endif

crypto/asn1/a_time.c

@@ -105,7 +105,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 
 	ts=OPENSSL_gmtime(&t,&data);
 	if (ts == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
 		return NULL;
+		}
 	if((ts->tm_year >= 50) && (ts->tm_year < 150))
 					return ASN1_UTCTIME_set(s, t);
 	return ASN1_GENERALIZEDTIME_set(s,t);

crypto/asn1/asn1.h

@@ -132,7 +132,7 @@ extern "C" {
 #define B_ASN1_NUMERICSTRING	0x0001
 #define B_ASN1_PRINTABLESTRING	0x0002
 #define B_ASN1_T61STRING	0x0004
-#define B_ASN1_TELETEXSTRING	0x0008
+#define B_ASN1_TELETEXSTRING	0x0004
 #define B_ASN1_VIDEOTEXSTRING	0x0008
 #define B_ASN1_IA5STRING	0x0010
 #define B_ASN1_GRAPHICSTRING	0x0020
@@ -191,11 +191,6 @@ typedef struct asn1_object_st
 	} ASN1_OBJECT;
 
 #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
-/* This indicates that the ASN1_STRING is not a real value but just a place
- * holder for the location where indefinite length constructed data should
- * be inserted in the memory buffer 
- */
-#define ASN1_STRING_FLAG_NDEF 0x010 
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
 	{
@@ -284,9 +279,6 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
 	int i2d_##name(const type *a, unsigned char **out); \
 	DECLARE_ASN1_ITEM(name)
 
-#define	DECLARE_ASN1_NDEF_FUNCTION(name) \
-	int i2d_##name##_NDEF(name *a, unsigned char **out);
-
 #define DECLARE_ASN1_FUNCTIONS_const(name) \
 	name *name##_new(void); \
 	void name##_free(name *a);
@@ -800,8 +792,6 @@ DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
 
-DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
-
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
 int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
@@ -858,7 +848,6 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
 int ASN1_check_infinite_end(unsigned char **p,long len);
 void ASN1_put_object(unsigned char **pp, int constructed, int length,
 	int tag, int xclass);
-int ASN1_put_eoc(unsigned char **pp);
 int ASN1_object_size(int constructed, int length, int tag);
 
 /* Used to implement other functions */
@@ -945,13 +934,9 @@ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
 ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
 int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 
 void ASN1_add_oid_module(void);
 
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-	
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -965,8 +950,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_A2I_ASN1_ENUMERATED			 101
 #define ASN1_F_A2I_ASN1_INTEGER				 102
 #define ASN1_F_A2I_ASN1_STRING				 103
-#define ASN1_F_APPEND_TAG				 177
-#define ASN1_F_ASN1_CB					 178
 #define ASN1_F_ASN1_CHECK_TLEN				 104
 #define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105
 #define ASN1_F_ASN1_COLLECT				 106
@@ -977,7 +960,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_DUP					 111
 #define ASN1_F_ASN1_ENUMERATED_SET			 112
 #define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
-#define ASN1_F_ASN1_GENERATE_V3				 182
 #define ASN1_F_ASN1_GET_OBJECT				 114
 #define ASN1_F_ASN1_HEADER_NEW				 115
 #define ASN1_F_ASN1_I2D_BIO				 116
@@ -993,17 +975,16 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_SEQ_PACK				 126
 #define ASN1_F_ASN1_SEQ_UNPACK				 127
 #define ASN1_F_ASN1_SIGN				 128
-#define ASN1_F_ASN1_STR2TYPE				 179
 #define ASN1_F_ASN1_STRING_TABLE_ADD			 129
 #define ASN1_F_ASN1_STRING_TYPE_NEW			 130
 #define ASN1_F_ASN1_TEMPLATE_D2I			 131
 #define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
 #define ASN1_F_ASN1_TEMPLATE_NEW			 133
+#define ASN1_F_ASN1_TIME_SET				 175
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
 #define ASN1_F_ASN1_UNPACK_STRING			 136
 #define ASN1_F_ASN1_VERIFY				 137
-#define ASN1_F_BITSTR_CB				 180
 #define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
 #define ASN1_F_BN_TO_ASN1_INTEGER			 139
 #define ASN1_F_COLLECT_DATA				 140
@@ -1028,15 +1009,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509_PKEY				 159
 #define ASN1_F_I2D_ASN1_TIME				 160
 #define ASN1_F_I2D_DSA_PUBKEY				 161
-#define ASN1_F_I2D_ECDSA_PUBKEY				 174
-#define ASN1_F_I2D_EC_PUBKEY				 176
 #define ASN1_F_I2D_NETSCAPE_RSA				 162
 #define ASN1_F_I2D_PRIVATEKEY				 163
 #define ASN1_F_I2D_PUBLICKEY				 164
 #define ASN1_F_I2D_RSA_PUBKEY				 165
 #define ASN1_F_LONG_C2I					 166
-#define ASN1_F_OID_MODULE_INIT				 175
-#define ASN1_F_PARSE_TAGGING				 181
+#define ASN1_F_OID_MODULE_INIT				 174
 #define ASN1_F_PKCS5_PBE2_SET				 167
 #define ASN1_F_X509_CINF_NEW				 168
 #define ASN1_F_X509_CRL_ADD0_REVOKED			 169
@@ -1059,8 +1037,8 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_DATA_IS_WRONG				 109
 #define ASN1_R_DECODE_ERROR				 110
 #define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_DEPTH_EXCEEDED				 173
 #define ASN1_R_ENCODE_ERROR				 112
+#define ASN1_R_ERROR_GETTING_TIME			 173
 #define ASN1_R_ERROR_LOADING_SECTION			 172
 #define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
 #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
@@ -1073,57 +1051,38 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_FIELD_MISSING				 121
 #define ASN1_R_FIRST_NUM_TOO_LARGE			 122
 #define ASN1_R_HEADER_TOO_LONG				 123
-#define ASN1_R_ILLEGAL_BITSTRING_FORMAT			 174
-#define ASN1_R_ILLEGAL_BOOLEAN				 175
 #define ASN1_R_ILLEGAL_CHARACTERS			 124
-#define ASN1_R_ILLEGAL_FORMAT				 176
-#define ASN1_R_ILLEGAL_HEX				 177
-#define ASN1_R_ILLEGAL_IMPLICIT_TAG			 178
-#define ASN1_R_ILLEGAL_INTEGER				 179
-#define ASN1_R_ILLEGAL_NESTED_TAGGING			 180
 #define ASN1_R_ILLEGAL_NULL				 125
-#define ASN1_R_ILLEGAL_NULL_VALUE			 181
-#define ASN1_R_ILLEGAL_OBJECT				 182
 #define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126
 #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170
 #define ASN1_R_ILLEGAL_TAGGED_ANY			 127
-#define ASN1_R_ILLEGAL_TIME_VALUE			 183
-#define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 184
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
 #define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
 #define ASN1_R_INVALID_DIGIT				 130
-#define ASN1_R_INVALID_MODIFIER				 185
-#define ASN1_R_INVALID_NUMBER				 186
 #define ASN1_R_INVALID_SEPARATOR			 131
 #define ASN1_R_INVALID_TIME_FORMAT			 132
 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
 #define ASN1_R_INVALID_UTF8STRING			 134
 #define ASN1_R_IV_TOO_LARGE				 135
 #define ASN1_R_LENGTH_ERROR				 136
-#define ASN1_R_LIST_ERROR				 187
 #define ASN1_R_MISSING_EOC				 137
 #define ASN1_R_MISSING_SECOND_NUMBER			 138
-#define ASN1_R_MISSING_VALUE				 188
 #define ASN1_R_MSTRING_NOT_UNIVERSAL			 139
 #define ASN1_R_MSTRING_WRONG_TAG			 140
 #define ASN1_R_NON_HEX_CHARACTERS			 141
-#define ASN1_R_NOT_ASCII_FORMAT				 189
 #define ASN1_R_NOT_ENOUGH_DATA				 142
 #define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143
 #define ASN1_R_NULL_IS_WRONG_LENGTH			 144
-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT			 190
 #define ASN1_R_ODD_NUMBER_OF_CHARS			 145
 #define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146
 #define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147
 #define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148
 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149
-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG		 195
 #define ASN1_R_SHORT_LINE				 150
 #define ASN1_R_STRING_TOO_LONG				 151
 #define ASN1_R_STRING_TOO_SHORT				 152
 #define ASN1_R_TAG_VALUE_TOO_HIGH			 153
 #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
-#define ASN1_R_TIME_NOT_ASCII_FORMAT			 191
 #define ASN1_R_TOO_LONG					 155
 #define ASN1_R_TYPE_NOT_CONSTRUCTED			 156
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
@@ -1133,13 +1092,10 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163
-#define ASN1_R_UNKNOWN_TAG				 192
-#define ASN1_R_UNKOWN_FORMAT				 193
 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164
 #define ASN1_R_UNSUPPORTED_CIPHER			 165
 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
-#define ASN1_R_UNSUPPORTED_TYPE				 194
 #define ASN1_R_WRONG_TAG				 168
 #define ASN1_R_WRONG_TYPE				 169
 

crypto/asn1/asn1_err.c

@@ -70,8 +70,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_APPEND_TAG,0),	"APPEND_TAG"},
-{ERR_PACK(0,ASN1_F_ASN1_CB,0),	"ASN1_CB"},
 {ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),	"ASN1_CHECK_TLEN"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),	"ASN1_COLLECT"},
@@ -82,7 +80,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),	"ASN1_ENUMERATED_set"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),	"ASN1_ENUMERATED_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_GENERATE_V3,0),	"ASN1_generate_v3"},
 {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
 {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
@@ -98,17 +95,16 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
-{ERR_PACK(0,ASN1_F_ASN1_STR2TYPE,0),	"ASN1_STR2TYPE"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_add"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),	"ASN1_TEMPLATE_EX_D2I"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),	"ASN1_TEMPLATE_NEW"},
+{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0),	"ASN1_TIME_set"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_verify"},
-{ERR_PACK(0,ASN1_F_BITSTR_CB,0),	"BITSTR_CB"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_COLLECT_DATA,0),	"COLLECT_DATA"},
@@ -133,15 +129,12 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
 {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"I2D_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),	"i2d_DSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_ECDSA_PUBKEY,0),	"I2D_ECDSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_EC_PUBKEY,0),	"i2d_EC_PUBKEY"},
 {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
 {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},
 {ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0),	"i2d_RSA_PUBKEY"},
 {ERR_PACK(0,ASN1_F_LONG_C2I,0),	"LONG_C2I"},
 {ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0),	"OID_MODULE_INIT"},
-{ERR_PACK(0,ASN1_F_PARSE_TAGGING,0),	"PARSE_TAGGING"},
 {ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),	"PKCS5_pbe2_set"},
 {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_NEW"},
 {ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0),	"X509_CRL_add0_revoked"},
@@ -167,8 +160,8 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
 {ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
-{ASN1_R_DEPTH_EXCEEDED                   ,"depth exceeded"},
 {ASN1_R_ENCODE_ERROR                     ,"encode error"},
+{ASN1_R_ERROR_GETTING_TIME               ,"error getting time"},
 {ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
 {ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
@@ -181,57 +174,38 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_FIELD_MISSING                    ,"field missing"},
 {ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
 {ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
-{ASN1_R_ILLEGAL_BITSTRING_FORMAT         ,"illegal bitstring format"},
-{ASN1_R_ILLEGAL_BOOLEAN                  ,"illegal boolean"},
 {ASN1_R_ILLEGAL_CHARACTERS               ,"illegal characters"},
-{ASN1_R_ILLEGAL_FORMAT                   ,"illegal format"},
-{ASN1_R_ILLEGAL_HEX                      ,"illegal hex"},
-{ASN1_R_ILLEGAL_IMPLICIT_TAG             ,"illegal implicit tag"},
-{ASN1_R_ILLEGAL_INTEGER                  ,"illegal integer"},
-{ASN1_R_ILLEGAL_NESTED_TAGGING           ,"illegal nested tagging"},
 {ASN1_R_ILLEGAL_NULL                     ,"illegal null"},
-{ASN1_R_ILLEGAL_NULL_VALUE               ,"illegal null value"},
-{ASN1_R_ILLEGAL_OBJECT                   ,"illegal object"},
 {ASN1_R_ILLEGAL_OPTIONAL_ANY             ,"illegal optional any"},
 {ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
 {ASN1_R_ILLEGAL_TAGGED_ANY               ,"illegal tagged any"},
-{ASN1_R_ILLEGAL_TIME_VALUE               ,"illegal time value"},
-{ASN1_R_INTEGER_NOT_ASCII_FORMAT         ,"integer not ascii format"},
 {ASN1_R_INTEGER_TOO_LARGE_FOR_LONG       ,"integer too large for long"},
 {ASN1_R_INVALID_BMPSTRING_LENGTH         ,"invalid bmpstring length"},
 {ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
-{ASN1_R_INVALID_MODIFIER                 ,"invalid modifier"},
-{ASN1_R_INVALID_NUMBER                   ,"invalid number"},
 {ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
 {ASN1_R_INVALID_TIME_FORMAT              ,"invalid time format"},
 {ASN1_R_INVALID_UNIVERSALSTRING_LENGTH   ,"invalid universalstring length"},
 {ASN1_R_INVALID_UTF8STRING               ,"invalid utf8string"},
 {ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
 {ASN1_R_LENGTH_ERROR                     ,"length error"},
-{ASN1_R_LIST_ERROR                       ,"list error"},
 {ASN1_R_MISSING_EOC                      ,"missing eoc"},
 {ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
-{ASN1_R_MISSING_VALUE                    ,"missing value"},
 {ASN1_R_MSTRING_NOT_UNIVERSAL            ,"mstring not universal"},
 {ASN1_R_MSTRING_WRONG_TAG                ,"mstring wrong tag"},
 {ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
-{ASN1_R_NOT_ASCII_FORMAT                 ,"not ascii format"},
 {ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
 {ASN1_R_NO_MATCHING_CHOICE_TYPE          ,"no matching choice type"},
 {ASN1_R_NULL_IS_WRONG_LENGTH             ,"null is wrong length"},
-{ASN1_R_OBJECT_NOT_ASCII_FORMAT          ,"object not ascii format"},
 {ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
 {ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
 {ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
 {ASN1_R_SEQUENCE_LENGTH_MISMATCH         ,"sequence length mismatch"},
 {ASN1_R_SEQUENCE_NOT_CONSTRUCTED         ,"sequence not constructed"},
-{ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG     ,"sequence or set needs config"},
 {ASN1_R_SHORT_LINE                       ,"short line"},
 {ASN1_R_STRING_TOO_LONG                  ,"string too long"},
 {ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
 {ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
 {ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
-{ASN1_R_TIME_NOT_ASCII_FORMAT            ,"time not ascii format"},
 {ASN1_R_TOO_LONG                         ,"too long"},
 {ASN1_R_TYPE_NOT_CONSTRUCTED             ,"type not constructed"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
@@ -241,13 +215,10 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
 {ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
 {ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
-{ASN1_R_UNKNOWN_TAG                      ,"unknown tag"},
-{ASN1_R_UNKOWN_FORMAT                    ,"unkown format"},
 {ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE  ,"unsupported any defined by type"},
 {ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
 {ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
 {ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
-{ASN1_R_UNSUPPORTED_TYPE                 ,"unsupported type"},
 {ASN1_R_WRONG_TAG                        ,"wrong tag"},
 {ASN1_R_WRONG_TYPE                       ,"wrong type"},
 {0,NULL}

crypto/asn1/asn1_gen.c

@@ -1,839 +0,0 @@
-/* asn1_gen.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2002.
- */
-/* ====================================================================
- * Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/x509v3.h>
-
-#define ASN1_GEN_FLAG		0x10000
-#define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)
-#define ASN1_GEN_FLAG_EXP	(ASN1_GEN_FLAG|2)
-#define ASN1_GEN_FLAG_TAG	(ASN1_GEN_FLAG|3)
-#define ASN1_GEN_FLAG_BITWRAP	(ASN1_GEN_FLAG|4)
-#define ASN1_GEN_FLAG_OCTWRAP	(ASN1_GEN_FLAG|5)
-#define ASN1_GEN_FLAG_SEQWRAP	(ASN1_GEN_FLAG|6)
-#define ASN1_GEN_FLAG_SETWRAP	(ASN1_GEN_FLAG|7)
-#define ASN1_GEN_FLAG_FORMAT	(ASN1_GEN_FLAG|8)
-
-#define ASN1_GEN_STR(str,val)	{str, sizeof(str) - 1, val}
-
-#define ASN1_FLAG_EXP_MAX	20
-
-/* Input formats */
-
-/* ASCII: default */
-#define ASN1_GEN_FORMAT_ASCII	1
-/* UTF8 */
-#define ASN1_GEN_FORMAT_UTF8	2
-/* Hex */
-#define ASN1_GEN_FORMAT_HEX	3
-/* List of bits */
-#define ASN1_GEN_FORMAT_BITLIST	4
-
-
-struct tag_name_st
-	{
-	char *strnam;
-	int len;
-	int tag;
-	};
-
-typedef struct
-	{
-	int exp_tag;
-	int exp_class;
-	int exp_constructed;
-	int exp_pad;
-	long exp_len;
-	} tag_exp_type;
-
-typedef struct
-	{
-	int imp_tag;
-	int imp_class;
-	int utype;
-	int format;
-	const char *str;
-	tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
-	int exp_count;
-	} tag_exp_arg;
-
-static int bitstr_cb(const char *elem, int len, void *bitstr);
-static int asn1_cb(const char *elem, int len, void *bitstr);
-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
-static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
-static int asn1_str2tag(const char *tagstr, int len);
-
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
-	{
-	X509V3_CTX cnf;
-
-	if (!nconf)
-		return ASN1_generate_v3(str, NULL);
-
-	X509V3_set_nconf(&cnf, nconf);
-	return ASN1_generate_v3(str, &cnf);
-	}
-
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
-	{
-	ASN1_TYPE *ret;
-	tag_exp_arg asn1_tags;
-	tag_exp_type *etmp;
-
-	int i, len;
-
-	unsigned char *orig_der = NULL, *new_der = NULL;
-	unsigned char *cpy_start, *p;
-	int cpy_len;
-	long hdr_len;
-	int hdr_constructed = 0, hdr_tag, hdr_class;
-	int r;
-
-	asn1_tags.imp_tag = -1;
-	asn1_tags.imp_class = -1;
-	asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
-	asn1_tags.exp_count = 0;
-	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
-		return NULL;
-
-	if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
-		{
-		if (!cnf)
-			{
-			ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
-			return NULL;
-			}
-		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
-		}
-	else
-		ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
-
-	if (!ret)
-		return NULL;
-
-	/* If no tagging return base type */
-	if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
-		return ret;
-
-	/* Generate the encoding */
-	cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
-	ASN1_TYPE_free(ret);
-	ret = NULL;
-	/* Set point to start copying for modified encoding */
-	cpy_start = orig_der;
-
-	/* Do we need IMPLICIT tagging? */
-	if (asn1_tags.imp_tag != -1)
-		{
-		/* If IMPLICIT we will replace the underlying tag */
-		/* Skip existing tag+len */
-		r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
-		if (r & 0x80)
-			goto err;
-		/* Update copy length */
-		cpy_len -= cpy_start - orig_der;
-		/* For IMPLICIT tagging the length should match the
-		 * original length and constructed flag should be
-		 * consistent.
-		 */
-		if (r & 0x1)
-			{
-			/* Indefinite length constructed */
-			hdr_constructed = 2;
-			hdr_len = 0;
-			}
-		else
-			/* Just retain constructed flag */
-			hdr_constructed = r & V_ASN1_CONSTRUCTED;
-		/* Work out new length with IMPLICIT tag: ignore constructed
-		 * because it will mess up if indefinite length
-		 */
-		len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
-		}
-	else
-		len = cpy_len;
-
-	/* Work out length in any EXPLICIT, starting from end */
-
-	for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
-		{
-		/* Content length: number of content octets + any padding */
-		len += etmp->exp_pad;
-		etmp->exp_len = len;
-		/* Total object length: length including new header */
-		len = ASN1_object_size(0, len, etmp->exp_tag);
-		}
-
-	/* Allocate buffer for new encoding */
-
-	new_der = OPENSSL_malloc(len);
-
-	/* Generate tagged encoding */
-
-	p = new_der;
-
-	/* Output explicit tags first */
-
-	for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
-		{
-		ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
-					etmp->exp_tag, etmp->exp_class);
-		if (etmp->exp_pad)
-			*p++ = 0;
-		}
-
-	/* If IMPLICIT, output tag */
-
-	if (asn1_tags.imp_tag != -1)
-		ASN1_put_object(&p, hdr_constructed, hdr_len,
-					asn1_tags.imp_tag, asn1_tags.imp_class);
-
-	/* Copy across original encoding */
-	memcpy(p, cpy_start, cpy_len);
-
-	p = new_der;
-
-	/* Obtain new ASN1_TYPE structure */
-	ret = d2i_ASN1_TYPE(NULL, &p, len);
-
-	err:
-	if (orig_der)
-		OPENSSL_free(orig_der);
-	if (new_der)
-		OPENSSL_free(new_der);
-
-	return ret;
-
-	}
-
-static int asn1_cb(const char *elem, int len, void *bitstr)
-	{
-	tag_exp_arg *arg = bitstr;
-	int i;
-	int utype;
-	int vlen = 0;
-	const char *p, *vstart = NULL;
-
-	int tmp_tag, tmp_class;
-
-	for(i = 0, p = elem; i < len; p++, i++)
-		{
-		/* Look for the ':' in name value pairs */
-		if (*p == ':')
-			{
-			vstart = p + 1;
-			vlen = len - (vstart - elem);
-			len = p - elem;
-			break;
-			}
-		}
-
-	utype = asn1_str2tag(elem, len);
-
-	if (utype == -1)
-		{
-		ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
-		ERR_add_error_data(2, "tag=", elem);
-		return -1;
-		}
-
-	/* If this is not a modifier mark end of string and exit */
-	if (!(utype & ASN1_GEN_FLAG))
-		{
-		arg->utype = utype;
-		arg->str = vstart;
-		/* If no value and not end of string, error */
-		if (!vstart && elem[len])
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
-			return -1;
-			}
-		return 0;
-		}
-
-	switch(utype)
-		{
-
-		case ASN1_GEN_FLAG_IMP:
-		/* Check for illegal multiple IMPLICIT tagging */
-		if (arg->imp_tag != -1)
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
-			return -1;
-			}
-		if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_EXP:
-
-		if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
-			return -1;
-		if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_SEQWRAP:
-		if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_SETWRAP:
-		if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_BITWRAP:
-		if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_OCTWRAP:
-		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_FORMAT:
-		if (!strncmp(vstart, "ASCII", 5))
-			arg->format = ASN1_GEN_FORMAT_ASCII;
-		else if (!strncmp(vstart, "UTF8", 4))
-			arg->format = ASN1_GEN_FORMAT_UTF8;
-		else if (!strncmp(vstart, "HEX", 3))
-			arg->format = ASN1_GEN_FORMAT_HEX;
-		else if (!strncmp(vstart, "BITLIST", 3))
-			arg->format = ASN1_GEN_FORMAT_BITLIST;
-		else
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
-			return -1;
-			}
-		break;
-
-		}
-
-	return 1;
-
-	}
-
-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
-	{
-	char erch[2];
-	long tag_num;
-	char *eptr;
-	if (!vstart)
-		return 0;
-	tag_num = strtoul(vstart, &eptr, 10);
-	/* Check we haven't gone past max length: should be impossible */
-	if (eptr && *eptr && (eptr > vstart + vlen))
-		return 0;
-	if (tag_num < 0)
-		{
-		ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
-		return 0;
-		}
-	*ptag = tag_num;
-	/* If we have non numeric characters, parse them */
-	if (eptr)
-		vlen -= eptr - vstart;
-	else 
-		vlen = 0;
-	if (vlen)
-		{
-		switch (*eptr)
-			{
-
-			case 'U':
-			*pclass = V_ASN1_UNIVERSAL;
-			break;
-
-			case 'A':
-			*pclass = V_ASN1_APPLICATION;
-			break;
-
-			case 'P':
-			*pclass = V_ASN1_PRIVATE;
-			break;
-
-			case 'C':
-			*pclass = V_ASN1_CONTEXT_SPECIFIC;
-			break;
-
-			default:
-			erch[0] = *eptr;
-			erch[1] = 0;
-			ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
-			ERR_add_error_data(2, "Char=", erch);
-			return 0;
-			break;
-
-			}
-		}
-	else
-		*pclass = V_ASN1_CONTEXT_SPECIFIC;
-
-	return 1;
-
-	}
-
-/* Handle multiple types: SET and SEQUENCE */
-
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
-	{
-	ASN1_TYPE *ret = NULL, *typ = NULL;
-	STACK_OF(ASN1_TYPE) *sk = NULL;
-	STACK_OF(CONF_VALUE) *sect = NULL;
-	unsigned char *der = NULL, *p;
-	int derlen;
-	int i, is_set;
-	sk = sk_ASN1_TYPE_new_null();
-	if (section)
-		{
-		if (!cnf)
-			goto bad;
-		sect = X509V3_get_section(cnf, (char *)section);
-		if (!sect)
-			goto bad;
-		for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
-			{
-			typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
-			if (!typ)
-				goto bad;
-			sk_ASN1_TYPE_push(sk, typ);
-			typ = NULL;
-			}
-		}
-
-	/* Now we has a STACK of the components, convert to the correct form */
-
-	if (utype == V_ASN1_SET)
-		is_set = 1;
-	else
-		is_set = 0;
-
-
-	derlen = i2d_ASN1_SET((STACK *)sk, NULL, i2d_ASN1_TYPE, utype, V_ASN1_UNIVERSAL, is_set);
-	der = OPENSSL_malloc(derlen);
-	p = der;
-	i2d_ASN1_SET((STACK *)sk, &p, i2d_ASN1_TYPE, utype, V_ASN1_UNIVERSAL, is_set);
-
-	if (!(ret = ASN1_TYPE_new()))
-		goto bad;
-
-	if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
-		goto bad;
-
-	ret->type = utype;
-
-	ret->value.asn1_string->data = der;
-	ret->value.asn1_string->length = derlen;
-
-	der = NULL;
-
-	bad:
-
-	if (der)
-		OPENSSL_free(der);
-
-	if (sk)
-		sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
-	if (typ)
-		ASN1_TYPE_free(typ);
-	if (sect)
-		X509V3_section_free(cnf, sect);
-
-	return ret;
-	}
-
-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
-	{
-	tag_exp_type *exp_tmp;
-	/* Can only have IMPLICIT if permitted */
-	if ((arg->imp_tag != -1) && !imp_ok)
-		{
-		ASN1err(ASN1_F_APPEND_TAG, ASN1_R_ILLEGAL_IMPLICIT_TAG);
-		return 0;
-		}
-
-	if (arg->exp_count == ASN1_FLAG_EXP_MAX)
-		{
-		ASN1err(ASN1_F_APPEND_TAG, ASN1_R_DEPTH_EXCEEDED);
-		return 0;
-		}
-
-	exp_tmp = &arg->exp_list[arg->exp_count++];
-
-	/* If IMPLICIT set tag to implicit value then
-	 * reset implicit tag since it has been used.
-	 */
-	if (arg->imp_tag != -1)
-		{
-		exp_tmp->exp_tag = arg->imp_tag;
-		exp_tmp->exp_class = arg->imp_class;
-		arg->imp_tag = -1;
-		arg->imp_class = -1;
-		}
-	else
-		{
-		exp_tmp->exp_tag = exp_tag;
-		exp_tmp->exp_class = exp_class;
-		}
-	exp_tmp->exp_constructed = exp_constructed;
-	exp_tmp->exp_pad = exp_pad;
-
-	return 1;
-	}
-
-
-static int asn1_str2tag(const char *tagstr, int len)
-	{
-	int i;
-	static struct tag_name_st *tntmp, tnst [] = {
-		ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
-		ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
-		ASN1_GEN_STR("NULL", V_ASN1_NULL),
-		ASN1_GEN_STR("INT", V_ASN1_INTEGER),
-		ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
-		ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
-		ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
-		ASN1_GEN_STR("OID", V_ASN1_OBJECT),
-		ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
-		ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
-		ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
-		ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
-		ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
-		ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
-		ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
-		ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
-		ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
-		ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
-		ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
-		ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
-		ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
-		ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
-		ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
-		ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
-		ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
-		ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
-		ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
-		ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
-		ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
-		ASN1_GEN_STR("T61", V_ASN1_T61STRING),
-		ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
-		ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
-
-		/* Special cases */
-		ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
-		ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
-		ASN1_GEN_STR("SET", V_ASN1_SET),
-		/* type modifiers */
-		/* Explicit tag */
-		ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
-		ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
-		/* Implicit tag */
-		ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
-		ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
-		/* OCTET STRING wrapper */
-		ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
-		/* SEQUENCE wrapper */
-		ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
-		/* SET wrapper */
-		ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SEQWRAP),
-		/* BIT STRING wrapper */
-		ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
-		ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
-		ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
-	};
-
-	if (len == -1)
-		len = strlen(tagstr);
-	
-	tntmp = tnst;	
-	for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
-		{
-		if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
-			return tntmp->tag;
-		}
-	
-	return -1;
-	}
-
-static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
-	{
-	ASN1_TYPE *atmp = NULL;
-
-	CONF_VALUE vtmp;
-
-	unsigned char *rdata;
-	long rdlen;
-
-	int no_unused = 1;
-
-	if (!(atmp = ASN1_TYPE_new()))
-		{
-		ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	if (!str)
-		str = "";
-
-	switch(utype)
-		{
-
-		case V_ASN1_NULL:
-		if (str && *str)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
-			goto bad_form;
-			}
-		break;
-		
-		case V_ASN1_BOOLEAN:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		vtmp.value = (char *)str;
-		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_INTEGER:
-		case V_ASN1_ENUMERATED:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_OBJECT:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.asn1_string = ASN1_STRING_new()))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		atmp->value.asn1_string->type = utype;
-		if (!ASN1_TIME_check(atmp->value.asn1_string))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
-			goto bad_str;
-			}
-
-		break;
-
-		case V_ASN1_BMPSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_UTF8STRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_UNIVERSALSTRING:
-
-		if (format == ASN1_GEN_FORMAT_ASCII)
-			format = MBSTRING_ASC;
-		else if (format == ASN1_GEN_FORMAT_UTF8)
-			format = MBSTRING_UTF8;
-		else
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
-			goto bad_form;
-			}
-
-
-		if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
-						-1, format, ASN1_tag2bit(utype)) <= 0)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		
-
-		break;
-
-		case V_ASN1_BIT_STRING:
-
-		case V_ASN1_OCTET_STRING:
-
-		if (!(atmp->value.asn1_string = ASN1_STRING_new()))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_form;
-			}
-
-		if (format == ASN1_GEN_FORMAT_HEX)
-			{
-
-			if (!(rdata = string_to_hex((char *)str, &rdlen)))
-				{
-				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
-				goto bad_str;
-				}
-
-			atmp->value.asn1_string->data = rdata;
-			atmp->value.asn1_string->length = rdlen;
-			atmp->value.asn1_string->type = utype;
-
-			}
-		else if (format == ASN1_GEN_FORMAT_ASCII)
-			ASN1_STRING_set(atmp->value.asn1_string, str, -1);
-		else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
-			{
-			if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
-				{
-				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
-				goto bad_str;
-				}
-			no_unused = 0;
-			
-			}
-		else 
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
-			goto bad_form;
-			}
-
-		if ((utype == V_ASN1_BIT_STRING) && no_unused)
-			{
-			atmp->value.asn1_string->flags
-				&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        		atmp->value.asn1_string->flags
-				|= ASN1_STRING_FLAG_BITS_LEFT;
-			}
-
-
-		break;
-
-		default:
-		ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
-		goto bad_str;
-		break;
-		}
-
-
-	atmp->type = utype;
-	return atmp;
-
-
-	bad_str:
-	ERR_add_error_data(2, "string=", str);
-	bad_form:
-
-	ASN1_TYPE_free(atmp);
-	return NULL;
-
-	}
-
-static int bitstr_cb(const char *elem, int len, void *bitstr)
-	{
-	long bitnum;
-	char *eptr;
-	if (!elem)
-		return 0;
-	bitnum = strtoul(elem, &eptr, 10);
-	if (eptr && *eptr && (eptr != elem + len))
-		return 0;
-	if (bitnum < 0)
-		{
-		ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
-		return 0;
-		}
-	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
-		{
-		ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	return 1;
-	}
-

crypto/asn1/asn1_lib.c

@@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
 			l<<=7L;
 			l|= *(p++)&0x7f;
 			if (--max == 0) goto err;
+			if (l > (INT_MAX >> 7L)) goto err;
 			}
 		l<<=7L;
 		l|= *(p++)&0x7f;
 		tag=(int)l;
+		if (--max == 0) goto err;
 		}
 	else
 		{ 
@@ -203,22 +205,13 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
 			}
 		p += ttag;
 		}
-	if (constructed == 2)
-		*(p++)=0x80;
+	if ((constructed == 2) && (length == 0))
+		*(p++)=0x80; /* der_put_length would output 0 instead */
 	else
 		asn1_put_length(&p,length);
 	*pp=p;
 	}
 
-int ASN1_put_eoc(unsigned char **pp)
-	{
-	unsigned char *p = *pp;
-	*p++ = 0;
-	*p++ = 0;
-	*pp = p;
-	return 2;
-	}
-
 static void asn1_put_length(unsigned char **pp, int length)
 	{
 	unsigned char *p= *pp;
@@ -256,8 +249,8 @@ int ASN1_object_size(int constructed, int length, int tag)
 			ret++;
 			}
 		}
-	if (constructed == 2)
-		return ret + 3;
+	if ((length == 0) && (constructed == 2))
+		ret+=2;
 	ret++;
 	if (length > 127)
 		{

crypto/asn1/asn1_par.c

@@ -256,11 +256,9 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
 
 				opp=op;
 				os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
-				if (os != NULL && os->length > 0)
+				if (os != NULL)
 					{
-					opp = os->data;
-					/* testing whether the octet string is
-					 * printable */
+					opp=os->data;
 					for (i=0; i<os->length; i++)
 						{
 						if ((	(opp[i] < ' ') &&
@@ -273,8 +271,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
 							break;
 							}
 						}
-					if (printable)
-					/* printable string */
+					if (printable && (os->length > 0))
 						{
 						if (BIO_write(bp,":",1) <= 0)
 							goto end;
@@ -282,21 +279,8 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
 							os->length) <= 0)
 							goto end;
 						}
-					else if (!dump)
-					/* not printable => print octet string
-					 * as hex dump */
-						{
-						if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)
-							goto end;
-						for (i=0; i<os->length; i++)
-							{
-							if (BIO_printf(bp,"%02X"
-								, opp[i]) <= 0)
-								goto end;
-							}
-						}
-					else
-					/* print the normal dump */
+					if (!printable && (os->length > 0)
+						&& dump)
 						{
 						if (!nl) 
 							{
@@ -304,15 +288,11 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
 								goto end;
 							}
 						if (BIO_dump_indent(bp,(char *)opp,
-							((dump == -1 || dump > 
-							os->length)?os->length:dump),
+							((dump == -1 || dump > os->length)?os->length:dump),
 							dump_indent) <= 0)
 							goto end;
 						nl=1;
 						}
-					}
-				if (os != NULL)
-					{
 					M_ASN1_OCTET_STRING_free(os);
 					os=NULL;
 					}

crypto/asn1/asn1t.h

@@ -112,7 +112,7 @@ extern "C" {
 /* Macros to aid ASN1 template writing */
 
 #define ASN1_ITEM_TEMPLATE(tname) \
-	static const ASN1_TEMPLATE tname##_item_tt 
+	const static ASN1_TEMPLATE tname##_item_tt 
 
 #define ASN1_ITEM_TEMPLATE_END(tname) \
 	;\
@@ -150,7 +150,7 @@ extern "C" {
  */
 
 #define ASN1_SEQUENCE(tname) \
-	static const ASN1_TEMPLATE tname##_seq_tt[] 
+	const static ASN1_TEMPLATE tname##_seq_tt[] 
 
 #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
 
@@ -166,37 +166,22 @@ extern "C" {
 		#stname \
 	ASN1_ITEM_end(tname)
 
-#define ASN1_NDEF_SEQUENCE(tname) \
-	ASN1_SEQUENCE(tname)
-
 #define ASN1_SEQUENCE_cb(tname, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
 	ASN1_SEQUENCE(tname)
 
 #define ASN1_BROKEN_SEQUENCE(tname) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
 	ASN1_SEQUENCE(tname)
 
 #define ASN1_SEQUENCE_ref(tname, cb, lck) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
 	ASN1_SEQUENCE(tname)
 
 #define ASN1_SEQUENCE_enc(tname, enc, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
 	ASN1_SEQUENCE(tname)
 
-#define ASN1_NDEF_SEQUENCE_END(tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_NDEF_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		NULL,\
-		sizeof(tname),\
-		#tname \
-	ASN1_ITEM_end(tname)
-
 #define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
 
 #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
@@ -239,10 +224,10 @@ extern "C" {
  */
 
 #define ASN1_CHOICE(tname) \
-	static const ASN1_TEMPLATE tname##_ch_tt[] 
+	const static ASN1_TEMPLATE tname##_ch_tt[] 
 
 #define ASN1_CHOICE_cb(tname, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
 	ASN1_CHOICE(tname)
 
 #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
@@ -368,20 +353,16 @@ extern "C" {
 #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
 			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
 
-/* EXPLICIT OPTIONAL using indefinite length constructed form */
-#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
-
 /* Macros for the ASN1_ADB structure */
 
 #define ASN1_ADB(name) \
-	static const ASN1_ADB_TABLE name##_adbtbl[] 
+	const static ASN1_ADB_TABLE name##_adbtbl[] 
 
 #ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
 
 #define ASN1_ADB_END(name, flags, field, app_table, def, none) \
 	;\
-	static const ASN1_ADB name##_adb = {\
+	const static ASN1_ADB name##_adb = {\
 		flags,\
 		offsetof(name, field),\
 		app_table,\
@@ -395,9 +376,9 @@ extern "C" {
 
 #define ASN1_ADB_END(name, flags, field, app_table, def, none) \
 	;\
-	static const ASN1_ITEM *name##_adb(void) \
+	const static ASN1_ITEM *name##_adb(void) \
 	{ \
-	static const ASN1_ADB internal_adb = \
+	const static ASN1_ADB internal_adb = \
 		{\
 		flags,\
 		offsetof(name, field),\
@@ -416,7 +397,7 @@ extern "C" {
 #define ADB_ENTRY(val, template) {val, template}
 
 #define ASN1_ADB_TEMPLATE(name) \
-	static const ASN1_TEMPLATE name##_tt 
+	const static ASN1_TEMPLATE name##_tt 
 
 /* This is the ASN1 template structure that defines
  * a wrapper round the actual type. It determines the
@@ -537,13 +518,6 @@ struct ASN1_ADB_TABLE_st {
 
 #define ASN1_TFLG_COMBINE	(0x1<<10)
 
-/* This flag when present in a SEQUENCE OF, SET OF
- * or EXPLICIT causes indefinite length constructed
- * encoding to be used if required.
- */
-
-#define ASN1_TFLG_NDEF		(0x1<<11)
-
 /* This is the actual ASN1 item itself */
 
 struct ASN1_ITEM_st {
@@ -596,25 +570,19 @@ const char *sname;		/* Structure name */
  * has a special meaning, it is used as a mask
  * of acceptable types using the B_ASN1 constants.
  *
- * NDEF_SEQUENCE is the same as SEQUENCE except
- * that it will use indefinite length constructed
- * encoding if requested.
- *
  */
 
-#define ASN1_ITYPE_PRIMITIVE		0x0
+#define ASN1_ITYPE_PRIMITIVE	0x0
 
-#define ASN1_ITYPE_SEQUENCE		0x1
+#define ASN1_ITYPE_SEQUENCE	0x1
 
-#define ASN1_ITYPE_CHOICE		0x2
+#define ASN1_ITYPE_CHOICE	0x2
 
-#define ASN1_ITYPE_COMPAT		0x3
+#define ASN1_ITYPE_COMPAT	0x3
 
-#define ASN1_ITYPE_EXTERN		0x4
+#define ASN1_ITYPE_EXTERN	0x4
 
-#define ASN1_ITYPE_MSTRING		0x5
-
-#define ASN1_ITYPE_NDEF_SEQUENCE	0x6
+#define ASN1_ITYPE_MSTRING	0x5
 
 /* Cache for ASN1 tag and length, so we
  * don't keep re-reading it for things
@@ -799,12 +767,6 @@ typedef struct ASN1_AUX_st {
 		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
 	} 
 
-#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
-	int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
-	{ \
-		return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
-	} 
-
 /* This includes evil casts to remove const: they will go away when full
  * ASN1 constification is done.
  */

crypto/asn1/d2i_pr.c

@@ -68,9 +68,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
@@ -110,16 +107,6 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 			goto err;
 			}
 		break;
-#endif
-#ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		if ((ret->pkey.eckey = d2i_ECPrivateKey(NULL, 
-			(const unsigned char **)pp, length)) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
 #endif
 	default:
 		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
@@ -151,10 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
 	/* Since we only need to discern "traditional format" RSA and DSA
 	 * keys we can just count the elements.
          */
-	if(sk_ASN1_TYPE_num(inkey) == 6) 
-		keytype = EVP_PKEY_DSA;
-	else if (sk_ASN1_TYPE_num(inkey) == 4)
-		keytype = EVP_PKEY_EC;
+	if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA;
 	else keytype = EVP_PKEY_RSA;
 	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
 	return d2i_PrivateKey(keytype, a, pp, length);

crypto/asn1/d2i_pu.c

@@ -68,9 +68,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 
 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
@@ -103,24 +100,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 #endif
 #ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPublicKey(&(ret->pkey.dsa),
+		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,
 			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
-#endif
-#ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		if ((ret->pkey.eckey = ECPublicKey_set_octet_string(
-			&(ret->pkey.eckey), (const unsigned char **)pp, 
-			length)) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-	break;
 #endif
 	default:
 		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);

crypto/asn1/i2d_pr.c

@@ -67,9 +67,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 	{
@@ -86,12 +83,6 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
 		}
 #endif
-#ifndef OPENSSL_NO_EC
-	if (a->type == EVP_PKEY_EC)
-		{
-		return(i2d_ECPrivateKey(a->pkey.eckey, pp));
-		}
-#endif
 
 	ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
 	return(-1);

crypto/asn1/i2d_pu.c

@@ -67,9 +67,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 
 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 	{
@@ -82,10 +79,6 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 #ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
-#endif
-#ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		return(ECPublicKey_get_octet_string(a->pkey.eckey, pp));
 #endif
 	default:
 		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

crypto/asn1/t_pkey.c

@@ -55,15 +55,9 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_RSA
@@ -75,31 +69,26 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 
 static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
-static int print_bin(BIO *fp, const char *str, const unsigned char *num,
-		size_t len, int off);
 #ifndef OPENSSL_NO_RSA
 #ifndef OPENSSL_NO_FP_API
 int RSA_print_fp(FILE *fp, const RSA *x, int off)
-	{
-	BIO *b;
-	int ret;
+        {
+        BIO *b;
+        int ret;
 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
+        if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
+                return(0);
 		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=RSA_print(b,x,off);
-	BIO_free(b);
-	return(ret);
-	}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=RSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
 #endif
 
 int RSA_print(BIO *bp, const RSA *x, int off)
@@ -238,313 +227,6 @@ err:
 	}
 #endif /* !OPENSSL_NO_DSA */
 
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = ECPKParameters_print(b, x, off);
-	BIO_free(b);
-	return(ret);
-	}
-
-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
-	{
-	BIO *b;
-	int ret;
- 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
-		return(0);
-		}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = EC_KEY_print(b, x, off);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
-
-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
-	{
-	unsigned char *buffer=NULL;
-	size_t	buf_len=0, i;
-	int     ret=0, reason=ERR_R_BIO_LIB;
-	BN_CTX  *ctx=NULL;
-	EC_POINT *point=NULL;
-	BIGNUM	*p=NULL, *a=NULL, *b=NULL, *gen=NULL,
-		*order=NULL, *cofactor=NULL;
-	const unsigned char *seed;
-	size_t	seed_len=0;
-	
-	static const char *gen_compressed = "Generator (compressed):";
-	static const char *gen_uncompressed = "Generator (uncompressed):";
-	static const char *gen_hybrid = "Generator (hybrid):";
- 
-	if (!x)
-		{
-		reason = ERR_R_PASSED_NULL_PARAMETER;
-		goto err;
-		}
-
-	if (EC_GROUP_get_asn1_flag(x))
-		{
-		/* the curve parameter are given by an asn1 OID */
-		int nid;
-
-		if (!BIO_indent(bp, off, 128))
-			goto err;
-
-		nid = EC_GROUP_get_nid(x);
-		if (nid == 0)
-			goto err;
-
-		if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
-			goto err;
-		if (BIO_printf(bp, "\n") <= 0)
-			goto err;
-		}
-	else
-		{
-		/* explicit parameters */
-		int is_char_two = 0;
-		point_conversion_form_t form;
-		int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
-
-		if (tmp_nid == NID_X9_62_characteristic_two_field)
-			is_char_two = 1;
-
-		if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
-			(b = BN_new()) == NULL || (order = BN_new()) == NULL ||
-			(cofactor = BN_new()) == NULL)
-			{
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-
-		if (is_char_two)
-			{
-			if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
-				{
-				reason = ERR_R_EC_LIB;
-				goto err;
-				}
-			}
-		else /* prime field */
-			{
-			if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
-				{
-				reason = ERR_R_EC_LIB;
-				goto err;
-				}
-			}
-
-		if ((point = EC_GROUP_get0_generator(x)) == NULL)
-			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-		if (!EC_GROUP_get_order(x, order, NULL) || 
-            		!EC_GROUP_get_cofactor(x, cofactor, NULL))
-			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-		
-		form = EC_GROUP_get_point_conversion_form(x);
-
-		if ((gen = EC_POINT_point2bn(x, point, 
-				form, NULL, ctx)) == NULL)
-			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-
-		buf_len = (size_t)BN_num_bytes(p);
-		if (buf_len < (i = (size_t)BN_num_bytes(a)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(b)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(gen)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(order)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
-			buf_len = i;
-
-		if ((seed = EC_GROUP_get0_seed(x)) != NULL)
-			seed_len = EC_GROUP_get_seed_len(x);
-
-		buf_len += 10;
-		if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-			{
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-
-		if (!BIO_indent(bp, off, 128))
-			goto err;
-
-		/* print the 'short name' of the field type */
-		if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
-			<= 0)
-			goto err;  
-
-		if (is_char_two)
-			{
-			/* print the 'short name' of the base type OID */
-			int basis_type = EC_GROUP_get_basis_type(x);
-			if (basis_type == 0)
-				goto err;
-
-			if (!BIO_indent(bp, off, 128))
-				goto err;
-
-			if (BIO_printf(bp, "Basis Type: %s\n", 
-				OBJ_nid2sn(basis_type)) <= 0)
-				goto err;
-
-			/* print the polynomial */
-			if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,
-				off))
-				goto err;
-			}
-		else
-			{
-			if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))
-				goto err;
-			}
-		if ((a != NULL) && !print(bp, "A:   ", a, buffer, off)) 
-			goto err;
-		if ((b != NULL) && !print(bp, "B:   ", b, buffer, off))
-			goto err;
-		if (form == POINT_CONVERSION_COMPRESSED)
-			{
-			if ((gen != NULL) && !print(bp, gen_compressed, gen,
-				buffer, off))
-				goto err;
-			}
-		else if (form == POINT_CONVERSION_UNCOMPRESSED)
-			{
-			if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
-				buffer, off))
-				goto err;
-			}
-		else /* form == POINT_CONVERSION_HYBRID */
-			{
-			if ((gen != NULL) && !print(bp, gen_hybrid, gen,
-				buffer, off))
-				goto err;
-			}
-		if ((order != NULL) && !print(bp, "Order: ", order, 
-			buffer, off)) goto err;
-		if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, 
-			buffer, off)) goto err;
-		if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
-			goto err;
-		}
-	ret=1;
-err:
-	if (!ret)
- 		ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
-	if (p) 
-		BN_free(p);
-	if (a) 
-		BN_free(a);
-	if (b)
-		BN_free(b);
-	if (gen)
-		BN_free(gen);
-	if (order)
-		BN_free(order);
-	if (cofactor)
-		BN_free(cofactor);
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (buffer != NULL) 
-		OPENSSL_free(buffer);
-	return(ret);	
-	}
-
-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
-	{
-	unsigned char *buffer=NULL;
-	size_t	buf_len=0, i;
-	int     ret=0, reason=ERR_R_BIO_LIB;
-	BIGNUM  *pub_key=NULL, *order=NULL;
-	BN_CTX  *ctx=NULL;
- 
-	if (!x || !x->group)
-		{
-		reason = ERR_R_PASSED_NULL_PARAMETER;
-		goto err;
-		}
-
-	if ((pub_key = EC_POINT_point2bn(x->group, x->pub_key,
-		x->conv_form, NULL, ctx)) == NULL)
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
-
-	buf_len = (size_t)BN_num_bytes(pub_key);
-	if (x->priv_key)
-		{
-		if ((i = (size_t)BN_num_bytes(x->priv_key)) > buf_len)
-			buf_len = i;
-		}
-
-	buf_len += 10;
-	if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-
-	if (x->priv_key != NULL)
-		{
-		if (!BIO_indent(bp, off, 128))
-			goto err;
-		if ((order = BN_new()) == NULL)
-			goto err;
-		if (!EC_GROUP_get_order(x->group, order, NULL))
-			goto err;
-		if (BIO_printf(bp, "Private-Key: (%d bit)\n", 
-			BN_num_bits(order)) <= 0) goto err;
-		}
-  
-	if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, 
-		buffer, off))
-		goto err;
-	if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
-		buffer, off))
-		goto err;
-	if (!ECPKParameters_print(bp, x->group, off))
-		goto err;
-	ret=1;
-err:
-	if (!ret)
- 		ECerr(EC_F_EC_KEY_PRINT, reason);
-	if (pub_key) 
-		BN_free(pub_key);
-	if (order)
-		BN_free(order);
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (buffer != NULL)
-		OPENSSL_free(buffer);
-	return(ret);
-	}
-#endif /* OPENSSL_NO_EC */
-
 static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 	     int off)
 	{
@@ -552,15 +234,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 	const char *neg;
 
 	if (num == NULL) return(1);
-	neg = (BN_get_sign(num))?"-":"";
+	neg=(num->neg)?"-":"";
 	if(!BIO_indent(bp,off,128))
 		return 0;
-	if (BN_is_zero(num))
-		{
-		if (BIO_printf(bp, "%s 0\n", number) <= 0)
-			return 0;
-		return 1;
-		}
 
 	if (BN_num_bytes(num) <= BN_BYTES)
 		{
@@ -596,61 +272,23 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 	return(1);
 	}
 
-static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
-		size_t len, int off)
-	{
-	size_t i;
-	char str[128];
-
-	if (buf == NULL)
-		return 1;
-	if (off)
-		{
-		if (off > 128)
-			off=128;
-		memset(str,' ',off);
-		if (BIO_write(fp, str, off) <= 0)
-			return 0;
-		}
-
-	if (BIO_printf(fp,"%s", name) <= 0)
-		return 0;
-
-	for (i=0; i<len; i++)
-		{
-		if ((i%15) == 0)
-			{
-			str[0]='\n';
-			memset(&(str[1]),' ',off+4);
-			if (BIO_write(fp, str, off+1+4) <= 0)
-				return 0;
-			}
-		if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
-			return 0;
-		}
-	if (BIO_write(fp,"\n",1) <= 0)
-		return 0;
-
-	return 1;
-	}
-
 #ifndef OPENSSL_NO_DH
 #ifndef OPENSSL_NO_FP_API
 int DHparams_print_fp(FILE *fp, const DH *x)
-	{
-	BIO *b;
-	int ret;
+        {
+        BIO *b;
+        int ret;
 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
+        if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
+                return(0);
 		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=DHparams_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DHparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
 #endif
 
 int DHparams_print(BIO *bp, const DH *x)
@@ -695,20 +333,20 @@ err:
 #ifndef OPENSSL_NO_DSA
 #ifndef OPENSSL_NO_FP_API
 int DSAparams_print_fp(FILE *fp, const DSA *x)
-	{
-	BIO *b;
-	int ret;
+        {
+        BIO *b;
+        int ret;
 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
+        if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
+                return(0);
 		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=DSAparams_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSAparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
 #endif
 
 int DSAparams_print(BIO *bp, const DSA *x)
@@ -747,59 +385,3 @@ err:
 
 #endif /* !OPENSSL_NO_DSA */
 
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
-	{
-	BIO *b;
-	int ret;
- 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-		return(0);
-		}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = ECParameters_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
-
-int ECParameters_print(BIO *bp, const EC_KEY *x)
-	{
-	int     reason=ERR_R_EC_LIB, ret=0;
-	BIGNUM	*order=NULL;
- 
-	if (!x || !x->group)
-		{
-		reason = ERR_R_PASSED_NULL_PARAMETER;;
-		goto err;
-		}
-
-	if ((order = BN_new()) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-
-	if (!EC_GROUP_get_order(x->group, order, NULL))
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
- 
-	if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", 
-		BN_num_bits(order)) <= 0)
-		goto err;
-	if (!ECPKParameters_print(bp, x->group, 4))
-		goto err;
-	ret=1;
-err:
-	if (order)
-		BN_free(order);
-	ECerr(EC_F_ECPARAMETERS_PRINT, reason);
-	return(ret);
-	}
-  
-#endif

crypto/asn1/t_req.c

@@ -159,14 +159,6 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
 			DSA_print(bp,pkey->pkey.dsa,16);
 			}
 		else
-#endif
-#ifndef OPENSSL_NO_EC
-		if (pkey->type == EVP_PKEY_EC)
-		{
-			BIO_printf(bp, "%12sEC Public Key: \n","");
-			EC_KEY_print(bp, pkey->pkey.eckey, 16);
-		}
-	else
 #endif
 			BIO_printf(bp,"%12sUnknown Public Key:\n","");
 

crypto/asn1/t_spki.c

@@ -93,15 +93,6 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 		}
 		else
 #endif
-#ifndef OPENSSL_NO_EC
-		if (pkey->type == EVP_PKEY_EC)
-		{
-			BIO_printf(out, "  EC Public Key:\n");
-			EC_KEY_print(out, pkey->pkey.eckey,2);
-		}
-		else
-#endif
-
 			BIO_printf(out,"  Unknown Public Key:\n");
 		EVP_PKEY_free(pkey);
 	}

crypto/asn1/t_x509.c

@@ -66,9 +66,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
@@ -231,14 +228,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 			DSA_print(bp,pkey->pkey.dsa,16);
 			}
 		else
-#endif
-#ifndef OPENSSL_NO_EC
-		if (pkey->type == EVP_PKEY_EC)
-			{
-			BIO_printf(bp, "%12sEC Public Key:\n","");
-			EC_KEY_print(bp, pkey->pkey.eckey, 16);
-			}
-		else
 #endif
 			BIO_printf(bp,"%12sUnknown Public Key:\n","");
 

crypto/asn1/tasn_dec.c

@@ -289,7 +289,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1
 				goto auxerr;
 		return 1;
 
-		case ASN1_ITYPE_NDEF_SEQUENCE:
 		case ASN1_ITYPE_SEQUENCE:
 		p = *in;
 		tmplen = len;
@@ -692,6 +691,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
 
 int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
 {
+	ASN1_VALUE **opval = NULL;
 	ASN1_STRING *stmp;
 	ASN1_TYPE *typ = NULL;
 	int ret = 0;
@@ -706,6 +706,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
 			*pval = (ASN1_VALUE *)typ;
 		} else typ = (ASN1_TYPE *)*pval;
 		if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+		opval = pval;
 		pval = (ASN1_VALUE **)&typ->value.ptr;
 	}
 	switch(utype) {
@@ -797,7 +798,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
 
 	ret = 1;
 	err:
-	if(!ret) ASN1_TYPE_free(typ);
+	if(!ret)
+		{
+		ASN1_TYPE_free(typ);
+		if (opval)
+			*opval = NULL;
+		}
 	return ret;
 }
 

crypto/asn1/tasn_enc.c

@@ -3,7 +3,7 @@
  * project 2000.
  */
 /* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -63,57 +63,38 @@
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
 
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
-					const ASN1_ITEM *it,
-					int tag, int aclass);
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-					int skcontlen, const ASN1_ITEM *item,
-					int do_sort, int iclass);
-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-					const ASN1_TEMPLATE *tt,
-					int tag, int aclass);
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-					const ASN1_ITEM *it, int flags);
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *seq, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int isset);
 
-/* Top level i2d equivalents: the 'ndef' variant instructs the encoder
- * to use indefinite length constructed encoding, where appropriate
- */
-
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
-{
-	return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
-}
-
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
-{
-	return asn1_item_flags_i2d(val, out, it, 0);
-}
-
-/* Encode an ASN1 item, this is use by the
+/* Encode an ASN1 item, this is compatible with the
  * standard 'i2d' function. 'out' points to 
- * a buffer to output the data to.
+ * a buffer to output the data to, in future we will
+ * have more advanced versions that can output data
+ * a piece at a time and this will simply be a special
+ * case.
  *
  * The new i2d has one additional feature. If the output
  * buffer is NULL (i.e. *out == NULL) then a buffer is
  * allocated and populated with the encoding.
  */
 
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it, int flags)
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
 {
 	if(out && !*out) {
 		unsigned char *p, *buf;
 		int len;
-		len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+		len = ASN1_item_ex_i2d(&val, NULL, it, -1, 0);
 		if(len <= 0) return len;
 		buf = OPENSSL_malloc(len);
 		if(!buf) return -1;
 		p = buf;
-		ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+		ASN1_item_ex_i2d(&val, &p, it, -1, 0);
 		*out = buf;
 		return len;
 	}
-
-	return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+		
+	return ASN1_item_ex_i2d(&val, out, it, -1, 0);
 }
 
 /* Encode an item, taking care of IMPLICIT tagging (if any).
@@ -121,34 +102,31 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_
  * used in external types.
  */
 
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-			const ASN1_ITEM *it, int tag, int aclass)
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
 {
 	const ASN1_TEMPLATE *tt = NULL;
 	unsigned char *p = NULL;
-	int i, seqcontlen, seqlen, ndef = 1;
+	int i, seqcontlen, seqlen;
+	ASN1_STRING *strtmp;
 	const ASN1_COMPAT_FUNCS *cf;
 	const ASN1_EXTERN_FUNCS *ef;
 	const ASN1_AUX *aux = it->funcs;
-	ASN1_aux_cb *asn1_cb = 0;
-
-	if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
-		return 0;
-
-	if(aux && aux->asn1_cb)
-		 asn1_cb = aux->asn1_cb;
+	ASN1_aux_cb *asn1_cb;
+	if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return 0;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
 
 	switch(it->itype) {
 
 		case ASN1_ITYPE_PRIMITIVE:
 		if(it->templates)
-			return asn1_template_ex_i2d(pval, out, it->templates,
-								tag, aclass);
+			return ASN1_template_i2d(pval, out, it->templates);
 		return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
 		break;
 
 		case ASN1_ITYPE_MSTRING:
-		return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+		strtmp = (ASN1_STRING *)*pval;
+		return asn1_i2d_ex_primitive(pval, out, it, -1, 0);
 
 		case ASN1_ITYPE_CHOICE:
 		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
@@ -159,8 +137,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
 			const ASN1_TEMPLATE *chtt;
 			chtt = it->templates + i;
 			pchval = asn1_get_field_ptr(pval, chtt);
-			return asn1_template_ex_i2d(pchval, out, chtt,
-								-1, aclass);
+			return ASN1_template_i2d(pchval, out, chtt);
 		} 
 		/* Fixme: error condition if selector out of range */
 		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
@@ -184,11 +161,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
 			*p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
 		return i;
 		
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		/* Use indefinite length constructed if requested */
-		if (aclass & ASN1_TFLG_NDEF) ndef = 2;
-		/* fall through */
-
 		case ASN1_ITYPE_SEQUENCE:
 		i = asn1_enc_restore(&seqcontlen, out, pval, it);
 		/* An error occurred */
@@ -200,9 +172,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
 		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
 		if(tag == -1) {
 			tag = V_ASN1_SEQUENCE;
-			/* Retain any other flags in aclass */
-			aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
-					| V_ASN1_UNIVERSAL;
+			aclass = V_ASN1_UNIVERSAL;
 		}
 		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
 				return 0;
@@ -214,13 +184,13 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
 			if(!seqtt) return 0;
 			pseqval = asn1_get_field_ptr(pval, seqtt);
 			/* FIXME: check for errors in enhanced version */
-			seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
-								-1, aclass);
+			/* FIXME: special handling of indefinite length encoding */
+			seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt);
 		}
-		seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+		seqlen = ASN1_object_size(1, seqcontlen, tag);
 		if(!out) return seqlen;
 		/* Output SEQUENCE header */
-		ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+		ASN1_put_object(out, 1, seqcontlen, tag, aclass);
 		for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
 			const ASN1_TEMPLATE *seqtt;
 			ASN1_VALUE **pseqval;
@@ -228,9 +198,8 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
 			if(!seqtt) return 0;
 			pseqval = asn1_get_field_ptr(pval, seqtt);
 			/* FIXME: check for errors in enhanced version */
-			asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+			ASN1_template_i2d(pseqval, out, seqtt);
 		}
-		if (ndef == 2) ASN1_put_eoc(out);
 		if(asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
 				return 0;
 		return seqlen;
@@ -242,95 +211,41 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
 }
 
 int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt)
-	{
-	return asn1_template_ex_i2d(pval, out, tt, -1, 0);
-	}
-
-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt, int tag, int iclass)
 {
-	int i, ret, flags, ttag, tclass, ndef;
+	int i, ret, flags, aclass;
 	flags = tt->flags;
-	/* Work out tag and class to use: tagging may come
-	 * either from the template or the arguments, not both
-	 * because this would create ambiguity. Additionally
-	 * the iclass argument may contain some additional flags
-	 * which should be noted and passed down to other levels.
-	 */
-	if (flags & ASN1_TFLG_TAG_MASK)
-		{
-		/* Error if argument and template tagging */
-		if (tag != -1)
-			/* FIXME: error code here */
-			return -1;
-		/* Get tagging from template */
-		ttag = tt->tag;
-		tclass = flags & ASN1_TFLG_TAG_CLASS;
-		}
-	else if (tag != -1)
-		{
-		/* No template tagging, get from arguments */
-		ttag = tag;
-		tclass = iclass & ASN1_TFLG_TAG_CLASS;
-		}
-	else
-		{
-		ttag = -1;
-		tclass = 0;
-		}
-	/* 
-	 * Remove any class mask from iflag.
-	 */
-	iclass &= ~ASN1_TFLG_TAG_CLASS;
-
-	/* At this point 'ttag' contains the outer tag to use,
-	 * 'tclass' is the class and iclass is any flags passed
-	 * to this function.
-	 */
-
-	/* if template and arguments require ndef, use it */
-	if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
-		ndef = 2;
-	else ndef = 1;
-
+	aclass = flags & ASN1_TFLG_TAG_CLASS;
 	if(flags & ASN1_TFLG_SK_MASK) {
 		/* SET OF, SEQUENCE OF */
 		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
 		int isset, sktag, skaclass;
 		int skcontlen, sklen;
 		ASN1_VALUE *skitem;
-
 		if(!*pval) return 0;
-
 		if(flags & ASN1_TFLG_SET_OF) {
 			isset = 1;
 			/* 2 means we reorder */
 			if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2;
 		} else isset = 0;
-
-		/* Work out inner tag value: if EXPLICIT
-		 * or no tagging use underlying type.
-		 */
-		if((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
-			sktag = ttag;
-			skaclass = tclass;
+		/* First work out inner tag value */
+		if(flags & ASN1_TFLG_IMPTAG) {
+			sktag = tt->tag;
+			skaclass = aclass;
 		} else {
 			skaclass = V_ASN1_UNIVERSAL;
 			if(isset) sktag = V_ASN1_SET;
 			else sktag = V_ASN1_SEQUENCE;
 		}
-
-		/* Determine total length of items */
+		/* Now work out length of items */
 		skcontlen = 0;
 		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
 			skitem = sk_ASN1_VALUE_value(sk, i);
-			skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
-							ASN1_ITEM_ptr(tt->item),
-							-1, iclass);
+			skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
 		}
-		sklen = ASN1_object_size(ndef, skcontlen, sktag);
+		sklen = ASN1_object_size(1, skcontlen, sktag);
 		/* If EXPLICIT need length of surrounding tag */
 		if(flags & ASN1_TFLG_EXPTAG)
-			ret = ASN1_object_size(ndef, sklen, ttag);
+			ret = ASN1_object_size(1, sklen, tt->tag);
 		else ret = sklen;
 
 		if(!out) return ret;
@@ -338,43 +253,35 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const AS
 		/* Now encode this lot... */
 		/* EXPLICIT tag */
 		if(flags & ASN1_TFLG_EXPTAG)
-			ASN1_put_object(out, ndef, sklen, ttag, tclass);
+			ASN1_put_object(out, 1, sklen, tt->tag, aclass);
 		/* SET or SEQUENCE and IMPLICIT tag */
-		ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
-		/* And the stuff itself */
-		asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
-								isset, iclass);
-		if (ndef == 2) {
-			ASN1_put_eoc(out);
-			if(flags & ASN1_TFLG_EXPTAG)
-				ASN1_put_eoc(out);
-		}
+		ASN1_put_object(out, 1, skcontlen, sktag, skaclass);
+		/* And finally the stuff itself */
+		asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset);
 
 		return ret;
 	}
-
+			
 	if(flags & ASN1_TFLG_EXPTAG) {
 		/* EXPLICIT tagging */
 		/* Find length of tagged item */
-		i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item),
-								-1, iclass);
+		i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
 		if(!i) return 0;
 		/* Find length of EXPLICIT tag */
-		ret = ASN1_object_size(ndef, i, ttag);
+		ret = ASN1_object_size(1, i, tt->tag);
 		if(out) {
 			/* Output tag and item */
-			ASN1_put_object(out, ndef, i, ttag, tclass);
-			ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
-								-1, iclass);
-			if (ndef == 2) ASN1_put_eoc(out);
+			ASN1_put_object(out, 1, i, tt->tag, aclass);
+			ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
 		}
 		return ret;
 	}
-
-	/* Either normal or IMPLICIT tagging: combine class and flags */
-	return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
-						ttag, tclass | iclass);
-
+	if(flags & ASN1_TFLG_IMPTAG) {
+		/* IMPLICIT tagging */
+		return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass);
+	}
+	/* Nothing special: treat as normal */
+	return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
 }
 
 /* Temporary structure used to hold DER encoding of items for SET OF */
@@ -397,9 +304,7 @@ static int der_cmp(const void *a, const void *b)
 
 /* Output the content octets of SET OF or SEQUENCE OF */
 
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-					int skcontlen, const ASN1_ITEM *item,
-					int do_sort, int iclass)
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort)
 {
 	int i;
 	ASN1_VALUE *skitem;
@@ -418,7 +323,7 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
 	if(!do_sort) {
 		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
 			skitem = sk_ASN1_VALUE_value(sk, i);
-			ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+			ASN1_item_i2d(skitem, out, item);
 		}
 		return 1;
 	}
@@ -427,7 +332,7 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
 	for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
 		skitem = sk_ASN1_VALUE_value(sk, i);
 		tder->data = p;
-		tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+		tder->length = ASN1_item_i2d(skitem, &p, item);
 		tder->field = skitem;
 	}
 	/* Now sort them */
@@ -454,7 +359,6 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const A
 	int len;
 	int utype;
 	int usetag;
-	int ndef = 0;
 
 	utype = it->utype;
 
@@ -477,27 +381,19 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const A
 
 	/* -1 means omit type */
 
-	if(len == -1)
-		return 0;
-
-	/* -2 return is special meaning use ndef */
-	if (len == -2)
-		{
-		ndef = 2;
-		len = 0;
-		}
+	if(len == -1) return 0;
 
 	/* If not implicitly tagged get tag from underlying type */
 	if(tag == -1) tag = utype;
 
 	/* Output tag+length followed by content octets */
 	if(out) {
-		if(usetag) ASN1_put_object(out, ndef, len, tag, aclass);
+		if(usetag) ASN1_put_object(out, 0, len, tag, aclass);
 		asn1_ex_i2c(pval, *out, &utype, it);
 		*out += len;
 	}
 
-	if(usetag) return ASN1_object_size(ndef, len, tag);
+	if(usetag) return ASN1_object_size(0, len, tag);
 	return len;
 }
 
@@ -590,19 +486,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_
 		default:
 		/* All based on ASN1_STRING and handled the same */
 		strtmp = (ASN1_STRING *)*pval;
-		/* Special handling for NDEF */
-		if ((it->size == ASN1_TFLG_NDEF)
-			&& (strtmp->flags & ASN1_STRING_FLAG_NDEF))
-			{
-			if (cout)
-				{
-				strtmp->data = cout;
-				strtmp->length = 0;
-				ASN1_put_eoc(&cout);
-				}
-			/* Special return code */
-			return -2;
-			}
 		cont = strtmp->data;
 		len = strtmp->length;
 

crypto/asn1/tasn_fre.c

@@ -130,7 +130,6 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
 		if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it);
 		break;
 
-		case ASN1_ITYPE_NDEF_SEQUENCE:
 		case ASN1_ITYPE_SEQUENCE:
 		if(asn1_do_lock(pval, -1, it) > 0) return;
 		if(asn1_cb) {

crypto/asn1/tasn_new.c

@@ -155,7 +155,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int
 				goto auxerr;
 		break;
 
-		case ASN1_ITYPE_NDEF_SEQUENCE:
 		case ASN1_ITYPE_SEQUENCE:
 		if(asn1_cb) {
 			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
@@ -232,7 +231,6 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
 		case ASN1_ITYPE_COMPAT:
 		case ASN1_ITYPE_CHOICE:
 		case ASN1_ITYPE_SEQUENCE:
-		case ASN1_ITYPE_NDEF_SEQUENCE:
 		*pval = NULL;
 		break;
 	}

crypto/asn1/tasn_typ.c

@@ -131,7 +131,3 @@ IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
 IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
 IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
 IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
-
-/* Special, OCTET STRING with indefinite length constructed support */
-
-IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)

crypto/asn1/tasn_utl.c

@@ -102,8 +102,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
 {
 	const ASN1_AUX *aux;
 	int *lck, ret;
-	if((it->itype != ASN1_ITYPE_SEQUENCE)
-	   && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) return 0;
+	if(it->itype != ASN1_ITYPE_SEQUENCE) return 0;
 	aux = it->funcs;
 	if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0;
 	lck = offset2ptr(*pval, aux->ref_offset);

crypto/asn1/x_pubkey.c

@@ -63,14 +63,13 @@
 
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	if (operation == ASN1_OP_FREE_POST)
-		{
+{
+	if(operation == ASN1_OP_FREE_POST) {
 		X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
 		EVP_PKEY_free(pubkey->pkey);
-		}
-	return 1;
 	}
+	return 1;
+}
 
 ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
 	ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
@@ -109,12 +108,13 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 			a->parameter->type=V_ASN1_NULL;
 			}
 		}
+	else
 #ifndef OPENSSL_NO_DSA
-	else if (pkey->type == EVP_PKEY_DSA)
+		if (pkey->type == EVP_PKEY_DSA)
 		{
 		unsigned char *pp;
 		DSA *dsa;
-		
+
 		dsa=pkey->pkey.dsa;
 		dsa->write_params=0;
 		ASN1_TYPE_free(a->parameter);
@@ -128,62 +128,8 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		ASN1_STRING_set(a->parameter->value.sequence,p,i);
 		OPENSSL_free(p);
 		}
+	else
 #endif
-#ifndef OPENSSL_NO_EC
-	else if (pkey->type == EVP_PKEY_EC)
-		{
-		int nid=0;
-		unsigned char *pp;
-		EC_KEY *eckey;
-		
-		eckey = pkey->pkey.eckey;
-		ASN1_TYPE_free(a->parameter);
-
-		if ((a->parameter = ASN1_TYPE_new()) == NULL)
-			{
-			X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-			goto err;
-			}
-
-		if (EC_GROUP_get_asn1_flag(eckey->group)
-                     && (nid = EC_GROUP_get_nid(eckey->group)))
-			{
-			/* just set the OID */
-			a->parameter->type = V_ASN1_OBJECT;
-			a->parameter->value.object = OBJ_nid2obj(nid);
-			}
-		else /* explicit parameters */
-			{
-			if ((i = i2d_ECParameters(eckey, NULL)) == 0)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-				goto err;
-				}
-			if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}	
-			pp = p;
-			if (!i2d_ECParameters(eckey, &pp))
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-				OPENSSL_free(p);
-				goto err;
-				}
-			a->parameter->type = V_ASN1_SEQUENCE;
-			if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-				OPENSSL_free(p);
-				goto err;
-				}
-			ASN1_STRING_set(a->parameter->value.sequence, p, i);
-			OPENSSL_free(p);
-			}
-		}
-#endif
-	else if (1)
 		{
 		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
 		goto err;
@@ -227,7 +173,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	long j;
 	int type;
 	unsigned char *p;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#ifndef OPENSSL_NO_DSA
 	const unsigned char *cp;
 	X509_ALGOR *a;
 #endif
@@ -235,102 +181,40 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	if (key == NULL) goto err;
 
 	if (key->pkey != NULL)
-		{
-		CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-		return(key->pkey);
-		}
+	    {
+	    CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+	    return(key->pkey);
+	    }
 
 	if (key->public_key == NULL) goto err;
 
 	type=OBJ_obj2nid(key->algor->algorithm);
-	if ((ret = EVP_PKEY_new()) == NULL)
+	p=key->public_key->data;
+        j=key->public_key->length;
+        if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
 		{
-		X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+		X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB);
 		goto err;
 		}
-	ret->type = EVP_PKEY_type(type);
+	ret->save_parameters=0;
 
-	/* the parameters must be extracted before the public key (ECDSA!) */
-	
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-	a=key->algor;
-#endif
-
-	if (0)
-		;
 #ifndef OPENSSL_NO_DSA
-	else if (ret->type == EVP_PKEY_DSA)
+	a=key->algor;
+	if (ret->type == EVP_PKEY_DSA)
 		{
 		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
 			{
-			if ((ret->pkey.dsa = DSA_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
 			ret->pkey.dsa->write_params=0;
 			cp=p=a->parameter->value.sequence->data;
 			j=a->parameter->value.sequence->length;
-			if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
+			if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j))
 				goto err;
 			}
 		ret->save_parameters=1;
 		}
 #endif
-#ifndef OPENSSL_NO_EC
-	else if (ret->type == EVP_PKEY_EC)
-		{
-		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
-			{
-			/* type == V_ASN1_SEQUENCE => we have explicit parameters
-                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
-			 */
-			if ((ret->pkey.eckey= EC_KEY_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_GET, 
-					ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			cp = p = a->parameter->value.sequence->data;
-			j = a->parameter->value.sequence->length;
-			if (!d2i_ECParameters(&ret->pkey.eckey, &cp, (long)j))
-				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
-				goto err;
-				}
-			}
-		else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
-			{
-			/* type == V_ASN1_OBJECT => the parameters are given
-			 * by an asn1 OID
-			 */
-			EC_KEY *eckey;
-			if (ret->pkey.eckey == NULL)
-				ret->pkey.eckey = EC_KEY_new();
-			eckey = ret->pkey.eckey;
-			if (eckey->group)
-				EC_GROUP_free(eckey->group);
-			if ((eckey->group = EC_GROUP_new_by_nid(
-                             OBJ_obj2nid(a->parameter->value.object))) == NULL)
-				goto err;
-			EC_GROUP_set_asn1_flag(eckey->group, 
-						OPENSSL_EC_NAMED_CURVE);
-			}
-			/* the case implicitlyCA is currently not implemented */
-		ret->save_parameters = 1;
-		}
-#endif
-
-	p=key->public_key->data;
-        j=key->public_key->length;
-        if ((ret = d2i_PublicKey(type, &ret, &p, (long)j)) == NULL)
-		{
-		X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
-		goto err;
-		}
-
-	key->pkey = ret;
-	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+	key->pkey=ret;
+	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY);
 	return(ret);
 err:
 	if (ret != NULL)
@@ -344,7 +228,7 @@ err:
 
 EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
 	     long length)
-	{
+{
 	X509_PUBKEY *xpk;
 	EVP_PKEY *pktmp;
 	xpk = d2i_X509_PUBKEY(NULL, pp, length);
@@ -352,16 +236,15 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
 	pktmp = X509_PUBKEY_get(xpk);
 	X509_PUBKEY_free(xpk);
 	if(!pktmp) return NULL;
-	if(a)
-		{
+	if(a) {
 		EVP_PKEY_free(*a);
 		*a = pktmp;
-		}
-	return pktmp;
 	}
+	return pktmp;
+}
 
 int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
-	{
+{
 	X509_PUBKEY *xpk=NULL;
 	int ret;
 	if(!a) return 0;
@@ -369,7 +252,7 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 	ret = i2d_X509_PUBKEY(xpk, pp);
 	X509_PUBKEY_free(xpk);
 	return ret;
-	}
+}
 
 /* The following are equivalents but which return RSA and DSA
  * keys
@@ -377,117 +260,75 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 #ifndef OPENSSL_NO_RSA
 RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
 	     long length)
-	{
+{
 	EVP_PKEY *pkey;
 	RSA *key;
 	unsigned char *q;
 	q = *pp;
 	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return NULL;
+	if(!pkey) return NULL;
 	key = EVP_PKEY_get1_RSA(pkey);
 	EVP_PKEY_free(pkey);
-	if (!key) return NULL;
+	if(!key) return NULL;
 	*pp = q;
-	if (a)
-		{
+	if(a) {
 		RSA_free(*a);
 		*a = key;
-		}
-	return key;
 	}
+	return key;
+}
 
 int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
-	{
+{
 	EVP_PKEY *pktmp;
 	int ret;
-	if (!a) return 0;
+	if(!a) return 0;
 	pktmp = EVP_PKEY_new();
-	if (!pktmp)
-		{
+	if(!pktmp) {
 		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
+	}
 	EVP_PKEY_set1_RSA(pktmp, a);
 	ret = i2d_PUBKEY(pktmp, pp);
 	EVP_PKEY_free(pktmp);
 	return ret;
-	}
+}
 #endif
 
 #ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
 	     long length)
-	{
+{
 	EVP_PKEY *pkey;
 	DSA *key;
 	unsigned char *q;
 	q = *pp;
 	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return NULL;
+	if(!pkey) return NULL;
 	key = EVP_PKEY_get1_DSA(pkey);
 	EVP_PKEY_free(pkey);
-	if (!key) return NULL;
+	if(!key) return NULL;
 	*pp = q;
-	if (a)
-		{
+	if(a) {
 		DSA_free(*a);
 		*a = key;
-		}
-	return key;
 	}
+	return key;
+}
 
 int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
-	{
+{
 	EVP_PKEY *pktmp;
 	int ret;
 	if(!a) return 0;
 	pktmp = EVP_PKEY_new();
-	if(!pktmp)
-		{
+	if(!pktmp) {
 		ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
+	}
 	EVP_PKEY_set1_DSA(pktmp, a);
 	ret = i2d_PUBKEY(pktmp, pp);
 	EVP_PKEY_free(pktmp);
 	return ret;
-	}
-#endif
-
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, unsigned char **pp, long length)
-	{
-	EVP_PKEY *pkey;
-	EC_KEY *key;
-	unsigned char *q;
-	q = *pp;
-	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return(NULL);
-	key = EVP_PKEY_get1_EC_KEY(pkey);
-	EVP_PKEY_free(pkey);
-	if (!key)  return(NULL);
-	*pp = q;
-	if (a)
-		{
-		EC_KEY_free(*a);
-		*a = key;
-		}
-	return(key);
-	}
-
-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
-	{
-	EVP_PKEY *pktmp;
-	int ret;
-	if (!a)	return(0);
-	if ((pktmp = EVP_PKEY_new()) == NULL)
-		{
-		ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	EVP_PKEY_set1_EC_KEY(pktmp, a);
-	ret = i2d_PUBKEY(pktmp, pp);
-	EVP_PKEY_free(pktmp);
-	return(ret);
-	}
+}
 #endif

crypto/asn1/x_x509a.c

@@ -91,14 +91,6 @@ static X509_CERT_AUX *aux_get(X509 *x)
 int X509_alias_set1(X509 *x, unsigned char *name, int len)
 {
 	X509_CERT_AUX *aux;
-	if (!name)
-		{
-		if (!x || !x->aux || !x->aux->alias)
-			return 1;
-		ASN1_UTF8STRING_free(x->aux->alias);
-		x->aux->alias = NULL;
-		return 1;
-		}
 	if(!(aux = aux_get(x))) return 0;
 	if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
 	return ASN1_STRING_set(aux->alias, name, len);
@@ -107,14 +99,6 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len)
 int X509_keyid_set1(X509 *x, unsigned char *id, int len)
 {
 	X509_CERT_AUX *aux;
-	if (!id)
-		{
-		if (!x || !x->aux || !x->aux->keyid)
-			return 1;
-		ASN1_OCTET_STRING_free(x->aux->keyid);
-		x->aux->keyid = NULL;
-		return 1;
-		}
 	if(!(aux = aux_get(x))) return 0;
 	if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
 	return ASN1_STRING_set(aux->keyid, id, len);
@@ -127,13 +111,6 @@ unsigned char *X509_alias_get0(X509 *x, int *len)
 	return x->aux->alias->data;
 }
 
-unsigned char *X509_keyid_get0(X509 *x, int *len)
-{
-	if(!x->aux || !x->aux->keyid) return NULL;
-	if(len) *len = x->aux->keyid->length;
-	return x->aux->keyid->data;
-}
-
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
 {
 	X509_CERT_AUX *aux;
@@ -172,9 +149,3 @@ void X509_reject_clear(X509 *x)
 	}
 }
 
-ASN1_SEQUENCE(X509_CERT_PAIR) = {
-	ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
-	ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
-} ASN1_SEQUENCE_END(X509_CERT_PAIR)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)

crypto/bf/asm/.cvsignore

@@ -1 +1,2 @@
 bx86unix.cpp
+bx86-elf.s

crypto/bio/b_print.c

@@ -378,7 +378,7 @@ _dopr(
             case 'p':
                 value = (long)va_arg(args, void *);
                 fmtint(sbuffer, buffer, &currlen, maxlen,
-                    value, 16, min, max, flags);
+                    value, 16, min, max, flags|DP_F_NUM);
                 break;
             case 'n': /* XXX */
                 if (cflags == DP_C_SHORT) {
@@ -482,8 +482,9 @@ fmtint(
     int flags)
 {
     int signvalue = 0;
+    char *prefix = "";
     unsigned LLONG uvalue;
-    char convert[DECIMAL_SIZE(value)+1];
+    char convert[DECIMAL_SIZE(value)+3];
     int place = 0;
     int spadlen = 0;
     int zpadlen = 0;
@@ -501,6 +502,10 @@ fmtint(
         else if (flags & DP_F_SPACE)
             signvalue = ' ';
     }
+    if (flags & DP_F_NUM) {
+	if (base == 8) prefix = "0";
+	if (base == 16) prefix = "0x";
+    }
     if (flags & DP_F_UP)
         caps = 1;
     do {
@@ -514,7 +519,7 @@ fmtint(
     convert[place] = 0;
 
     zpadlen = max - place;
-    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
+    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
     if (zpadlen < 0)
         zpadlen = 0;
     if (spadlen < 0)
@@ -536,6 +541,12 @@ fmtint(
     if (signvalue)
         doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
 
+    /* prefix */
+    while (*prefix) {
+	doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
+	prefix++;
+    }
+
     /* zeros */
     if (zpadlen > 0) {
         while (zpadlen > 0) {
@@ -692,7 +703,7 @@ fmtfp(
      * Decimal point. This should probably use locale to find the correct
      * char to print out.
      */
-    if (max > 0) {
+    if (max > 0 || (flags & DP_F_NUM)) {
         doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
 
         while (fplace > 0)
@@ -825,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
 		 * had the buffer been large enough.) */
 		return -1;
 	else
-		return (retlen <= INT_MAX) ? retlen : -1;
+		return (retlen <= INT_MAX) ? (int)retlen : -1;
 	}

crypto/bio/b_sock.c

@@ -492,7 +492,7 @@ void BIO_sock_cleanup(void)
 
 #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
 
-int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
+int BIO_socket_ioctl(int fd, long type, void *arg)
 	{
 	int i;
 
@@ -742,7 +742,7 @@ int BIO_set_tcp_ndelay(int s, int on)
 int BIO_socket_nbio(int s, int mode)
 	{
 	int ret= -1;
-	unsigned long l;
+	int l;
 
 	l=mode;
 #ifdef FIONBIO

crypto/bio/bf_buff.c

@@ -494,6 +494,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
 			if (i <= 0)
 				{
 				BIO_copy_next_retry(b);
+				*buf='\0';
 				if (i < 0) return((num > 0)?num:i);
 				if (i == 0) return(num);
 				}

crypto/bio/bio.h

@@ -244,7 +244,7 @@ typedef struct bio_method_st
 	long (_far *ctrl)();
 	int (_far *create)();
 	int (_far *destroy)();
-	long (_fat *callback_ctrl)();
+	long (_far *callback_ctrl)();
 	} BIO_METHOD;
 #endif
 
@@ -585,7 +585,7 @@ struct hostent *BIO_gethostbyname(const char *name);
  * and an appropriate error code is set).
  */
 int BIO_sock_error(int sock);
-int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
+int BIO_socket_ioctl(int fd, long type, void *arg);
 int BIO_socket_nbio(int fd,int mode);
 int BIO_get_port(const char *str, unsigned short *port_ptr);
 int BIO_get_host_ip(const char *str, unsigned char *ip);

crypto/bio/bio_lib.c

@@ -395,6 +395,8 @@ BIO *BIO_pop(BIO *b)
 	if (b == NULL) return(NULL);
 	ret=b->next_bio;
 
+	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+
 	if (b->prev_bio != NULL)
 		b->prev_bio->next_bio=b->next_bio;
 	if (b->next_bio != NULL)
@@ -402,7 +404,6 @@ BIO *BIO_pop(BIO *b)
 
 	b->next_bio=NULL;
 	b->prev_bio=NULL;
-	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
 	return(ret);
 	}
 

crypto/bio/bss_bio.c

@@ -1,4 +1,57 @@
 /* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 /* Special method for a BIO where the other endpoint is also a BIO
  * of this kind, handled by the same thread (i.e. the "peer" is actually
@@ -502,7 +555,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 		break;
 		
 	case BIO_C_DESTROY_BIO_PAIR:
-		/* Effects both BIOs in the pair -- call just once!
+		/* Affects both BIOs in the pair -- call just once!
 		 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
 		bio_destroy_pair(bio);
 		ret = 1;

crypto/bio/bss_file.c

@@ -213,12 +213,29 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 		b->shutdown=(int)num&BIO_CLOSE;
 		b->ptr=(char *)ptr;
 		b->init=1;
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
-		/* Set correct text/binary mode */
+#if defined(OPENSSL_SYS_WINDOWS)
 		if (num & BIO_FP_TEXT)
 			_setmode(fileno((FILE *)ptr),_O_TEXT);
 		else
 			_setmode(fileno((FILE *)ptr),_O_BINARY);
+#elif defined(OPENSSL_SYS_MSDOS)
+		{
+		int fd = fileno((FILE*)ptr);
+		/* Set correct text/binary mode */
+		if (num & BIO_FP_TEXT)
+			_setmode(fd,_O_TEXT);
+		/* Dangerous to set stdin/stdout to raw (unless redirected) */
+		else
+			{
+			if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
+				{
+				if (isatty(fd) <= 0)
+					_setmode(fd,_O_BINARY);
+				}
+			else
+				_setmode(fd,_O_BINARY);
+			}
+		}
 #elif defined(OPENSSL_SYS_OS2)
 		if (num & BIO_FP_TEXT)
 			setmode(fileno((FILE *)ptr), O_TEXT);

crypto/bn/Makefile.ssl

@@ -22,6 +22,7 @@ BN_ASM=		bn_asm.o
 #BN_ASM=	bn86-elf.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
 
 GENERAL=Makefile
 TEST=bntest.c exptest.c
@@ -31,14 +32,12 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
 	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
 	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
-	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
-	bn_depr.c
+	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
 
 LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
 	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
 	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
-	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
-	bn_depr.o
+	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
 
 SRC= $(LIBSRC)
 
@@ -193,14 +192,6 @@ bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bn_ctx.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bn_ctx.o: ../cryptlib.h bn_ctx.c bn_lcl.h
-bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
 bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -235,13 +226,6 @@ bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bn_gcd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bn_gcd.o: ../cryptlib.h bn_gcd.c bn_lcl.h
-bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_gf2m.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_gf2m.o: ../cryptlib.h bn_gf2m.c bn_lcl.h
 bn_kron.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
 bn_kron.o: ../../include/openssl/opensslconf.h bn_kron.c bn_lcl.h
 bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
@@ -279,13 +263,6 @@ bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bn_mul.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bn_mul.o: ../cryptlib.h bn_lcl.h bn_mul.c
-bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_nist.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_nist.o: ../cryptlib.h bn_lcl.h bn_nist.c
 bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h