Time to release the next beta.

The tag will be OpenSSL_0_9_8-beta2.

Configure

@@ -472,7 +472,7 @@ my %table=(
 "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
 
 # MinGW
-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL:-mno-cygwin -shared:.dll.a",
+"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a",
 
 # UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
@@ -1133,6 +1133,7 @@ else
 	$openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
 	}
 
+$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
 # Compiler fix-ups
 if ($target =~ /icc$/)
 	{

FAQ

@@ -46,6 +46,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL test suite fail on MacOS X?
 * Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
 * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
+* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
 
 [PROG] Questions about programming with OpenSSL
 
@@ -598,6 +599,14 @@ Reportedly elder *BSD a.out platforms also suffer from this problem and
 remedy should be same. Provided binary is statically linked and should be
 working across wider range of *BSD branches, not just OpenBSD.
 
+* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
+
+If the test program in question fails withs SIGILL, Illegal Instruction
+exception, then you more than likely to run SSE2-capable CPU, such as
+Intel P4, under control of kernel which does not support SSE2
+instruction extentions. See accompanying INSTALL file and
+OPENSSL_ia32cap(3) documentation page for further information.
+
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?
@@ -652,6 +661,17 @@ by:
 Note that debug and release libraries are NOT interchangeable.  If you
 built OpenSSL with /MD your application must use /MD and cannot use /MDd.
 
+As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
+.DLLs compiled with some specific run-time option [we recommend the
+default /MD] can be deployed with application compiled with different
+option or even different compiler. But there is a catch! Instead of
+re-compiling OpenSSL toolkit, as you would have to with prior versions,
+you have to compile small C snippet with compiler and/or options of
+your choice. The snippet gets installed as
+<install-root>/include/openssl/applink.c and should be either added to
+your project or simply #include-d in one [and only one] of your source
+files. Failure to do either manifests itself as fatal "no
+OPENSSL_Applink" error.
 
 * How do I read or write a DER encoded buffer using the ASN1 functions?
 

Makefile.org

@@ -150,12 +150,12 @@ BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
 		CC='${CC}' CFLAG='${CFLAG}' 			\
 		AS='${CC}' ASFLAG='${CFLAG} -c'			\
 		AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}'	\
-		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/lib'		\
+		SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib'		\
 		INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}'	\
-		MAKEDEPEND='$$(TOP)/util/domd $$(TOP) -MD $(MAKEDEPPROG)'\
+		MAKEDEPEND='$${TOP}/util/domd $${TOP} -MD ${MAKEDEPPROG}'\
 		DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'	\
 		MAKEDEPPROG='${MAKEDEPPROG}'			\
-		LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)"	\
+		LDFLAGS='${LDFLAGS}' SHARED_LDFLAGS='${SHARED_LDFLAGS}'	\
 		KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'	\
 		EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'	\
 		SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}'	\
@@ -173,7 +173,7 @@ BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
 BUILD_CMD=if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
 	if [ -d "$$dir" ]; then \
 		(cd $$dir && echo "making $$target in $$dir..." && \
-		$(MAKE) $(BUILDENV) $$target ) || exit 1; \
+		$(MAKE) $(BUILDENV) BUILDENV="$(BUILDENV)" $$target ) || exit 1; \
 	else \
 		$(MAKE) $$dir; \
 	fi; fi
@@ -276,7 +276,7 @@ Makefile: Makefile.org Configure config
 	@false
 
 libclean:
-	rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
+	rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
 
 clean:	libclean
 	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@@ -476,13 +476,13 @@ install_sw:
 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
-					c=`echo $$i | sed 's/^lib/cyg/'`; \
+					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				fi ); \
 			fi; \
 		done; \

Makefile.shared

@@ -89,21 +89,23 @@ CALC_VERSIONS=	\
 
 LINK_APP=	\
   ( $(SET_X);   \
-    LIBDEPS=$${LIBDEPS:-$(LIBDEPS)}; \
+    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
-    LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
+    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
+    LIBPATH=`for x in $(LIBDEPS); do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${LDCMD:=$(CC)} $${LDFLAGS:=$(CFLAGS)} \
+    $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
-	-o $${APPNAME:=$(APPNAME)} $(OBJECTS) $$LIBDEPS )
 
 LINK_SO=	\
   ( $(SET_X);   \
-    LIBDEPS=$${LIBDEPS:-$(LIBDEPS)}; \
+    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+    SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
     nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
     LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${SHAREDCMD:=$(CC)} $${SHAREDFLAGS:=$(CFLAGS) $(SHARED_LDFLAGS)} \
+    $${SHAREDCMD} $${SHAREDFLAGS} \
 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
 	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
   ) && $(SYMLINK_SO); \
@@ -229,7 +231,8 @@ link_o.cygwin:
 	SHLIB=cyg$(LIBNAME); \
 	expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \
 	SHLIB_SUFFIX=.dll; \
-	SHLIB_SOVER=-$(LIBVERSION); \
+	LIBVERSION="$(LIBVERSION)"; \
+	SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
@@ -240,16 +243,16 @@ link_a.cygwin:
 	SHLIB=cyg$(LIBNAME); \
 	expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \
 	SHLIB_SUFFIX=.dll; \
-	SHLIB_SOVER=; \
+	SHLIB_SOVER=-$(LIBVERSION); \
 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	base=;  [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x61200000; \
+	base=;  [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
 	[ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \
 	[ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \
 	$(LINK_SO_A) || exit 1; \
-	cp -p $$SHLIB$$SHLIB_SUFFIX apps/; \
+	cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX apps/; \
-	cp -p $$SHLIB$$SHLIB_SUFFIX test/
+	cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX test/
 link_app.cygwin:
 	$(LINK_APP)
 

NEWS

@@ -5,6 +5,73 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
+
+      o Major work on the BIGNUM library for higher efficiency and to
+        make operations more streamlined and less contradictory.  This
+        is the result of a major audit of the BIGNUM library.
+      o Addition of BIGNUM functions for fields GF(2^m) and NIST
+        curves, to support the Elliptic Crypto functions.
+      o Major work on Elliptic Crypto; ECDH and ECDSA added, including
+        the use through EVP, X509 and ENGINE.
+      o New ASN.1 mini-compiler that's usable through the OpenSSL
+        configuration file.
+      o Added support for ASN.1 indefinite length constructed encoding.
+      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
+      o Complete rework of shared library construction and linking
+        programs with shared or static libraries, through a separate
+        Makefile.shared.
+      o Changed ENGINE framework to load dynamic engine modules
+        automatically from specifically given directories.
+      o New structure and ASN.1 functions for CertificatePair.
+      o Changed the ZLIB compression method to be stateful.
+      o Changed the key-generation and primality testing "progress"
+        mechanism to take a structure that contains the ticker
+        function and an argument.
+      o New engine module: GMP (performs private key exponentiation).
+      o New engine module: VIA PadLOck ACE extension in VIA C3
+        Nehemiah processors.
+      o Added support for IPv6 addresses in certificate extensions.
+        See RFC 1884, section 2.2.
+      o Added support for certificate policy mappings, policy
+        constraints and name constraints.
+      o Added support for multi-valued AVAs in the OpenSSL
+        configuration file.
+      o Added support for multiple certificates with the same subject
+        in the 'openssl ca' index file.
+      o Make it possible to create self-signed certificates using
+        'openssl ca -selfsign'.
+      o Make it possible to generate a serial number file with
+        'openssl ca -create_serial'.
+      o New binary search functions with extended functionality.
+      o New BUF functions.
+      o New STORE structure and library to provide an interface to all
+        sorts of data repositories.  Supports storage of public and
+        private keys, certificates, CRLs, numbers and arbitrary blobs.
+	This library is unfortunately unfinished and unused withing
+	OpenSSL.
+      o New control functions for the error stack.
+      o Changed the PKCS#7 library to support one-pass S/MIME
+        processing.
+      o Added the possibility to compile without old deprecated
+        functionality with the OPENSSL_NO_DEPRECATED macro or the
+        'no-deprecated' argument to the config and Configure scripts.
+      o Constification of all ASN.1 conversion functions, and other
+        affected functions.
+      o Improved platform support for PowerPC.
+      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
+      o New X509_VERIFY_PARAM structure to support parametrisation
+        of X.509 path validation.
+      o Major overhaul of RC4 performance on Intel P4, IA-64 and
+        AMD64.
+      o Changed the Configure script to have some algorithms disabled
+        by default.  Those can be explicitely enabled with the new
+        argument form 'enable-xxx'.
+      o Change the default digest in 'openssl' commands from MD5 to
+        SHA-1.
+      o Added support for DTLS.  THIS IS STILL BEING WORKED ON!
+      o New BIGNUM blinding.
+
   Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
 
       o More compilation issues fixed.

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.8-dev XX xxx XXXX
+ OpenSSL 0.9.8-beta2 24 May 2005
 
  Copyright (c) 1998-2005 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

STATUS

@@ -1,10 +1,12 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2005/04/25 21:42:14 $
+  ______________                           $Date: 2005/05/24 03:42:48 $
 
   DEVELOPMENT STATE
 
-    o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.9:  Under development...
+    o  OpenSSL 0.9.8-beta2:  Released on May 24th, 2005
+    o  OpenSSL 0.9.8-beta1:  Released on May 19th, 2005
     o  OpenSSL 0.9.7g: Released on April     11th, 2005
     o  OpenSSL 0.9.7f: Released on March     22nd, 2005
     o  OpenSSL 0.9.7e: Released on October   25th, 2004
@@ -55,16 +57,8 @@
 	Private key, certificate and CRL API and implementation.
 	Developing and bugfixing PKCS#7 (S/MIME code).
         Various X509 issues: character sets, certificate request extensions.
-    o Geoff and Richard are currently working on:
-	ENGINE (the new code that gives hardware support among others).
     o Richard is currently working on:
-	UI (User Interface)
-	UTIL (a new set of library functions to support some higher level
-	      functionality that is currently missing).
-	Shared library support for VMS.
-	Kerberos 5 authentication (Heimdal)
 	Constification
-	Compression
 	Attribute Certificate support
 	Certificate Pair support
 	Storage Engines (primarly an LDAP storage engine)

TABLE

@@ -2991,7 +2991,7 @@ $rmd160_obj   = rm86-cof.o
 $rc5_obj      = r586-cof.o
 $dso_scheme   = win32
 $shared_target= cygwin-shared
-$shared_cflag = -D_WINDLL
+$shared_cflag = -D_WINDLL -DOPENSSL_USE_APPLINK
 $shared_ldflag = -mno-cygwin -shared
 $shared_extension = .dll.a
 $ranlib       = 

apps/Makefile

@@ -86,7 +86,7 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	fi; \
-	$(MAKE) -f $(TOP)/Makefile.shared \
+	$(MAKE) -f $(TOP)/Makefile.shared $(BUILDENV) \
 		APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
 		link_app.$${shlib_target}
@@ -158,7 +158,7 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	else \
 	  LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
 	fi; \
-	$(MAKE) -f $(TOP)/Makefile.shared \
+	$(MAKE) -f $(TOP)/Makefile.shared $(BUILDENV) \
 		APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		link_app.$${shlib_target}
@@ -621,25 +621,24 @@ rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 rand.o: ../include/openssl/x509_vfy.h apps.h rand.c
-req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/asn1.h
+req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-req.o: ../include/openssl/bio.h ../include/openssl/bn.h
+req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-req.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-req.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-req.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
-req.o: ../include/openssl/err.h ../include/openssl/evp.h
+req.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+req.o: ../include/openssl/stack.h ../include/openssl/store.h
-req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+req.o: ../include/openssl/ui.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
-req.o: ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h

apps/speed.c

@@ -496,9 +496,13 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_SHA
 	unsigned char sha[SHA_DIGEST_LENGTH];
+#ifndef OPENSSL_NO_SHA256
 	unsigned char sha256[SHA256_DIGEST_LENGTH];
+#endif
+#ifndef OPENSSL_NO_SHA512
 	unsigned char sha512[SHA512_DIGEST_LENGTH];
 #endif
+#endif
 #ifndef OPENSSL_NO_RIPEMD
 	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
 #endif
@@ -878,11 +882,15 @@ int MAIN(int argc, char **argv)
 							doit[D_SHA256]=1,
 							doit[D_SHA512]=1;
 		else
+#ifndef OPENSSL_NO_SHA256
 			if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
 		else
+#endif
+#ifndef OPENSSL_NO_SHA512
 			if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1;
 		else
 #endif
+#endif
 #ifndef OPENSSL_NO_RIPEMD
 			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
 		else
@@ -1064,8 +1072,12 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_SHA1
 			BIO_printf(bio_err,"sha1     ");
-			BIO_printf(bio_err,"sha256  ");
+#endif
-			BIO_printf(bio_err,"sha512  ");
+#ifndef OPENSSL_NO_SHA256
+			BIO_printf(bio_err,"sha256   ");
+#endif
+#ifndef OPENSSL_NO_SHA512
+			BIO_printf(bio_err,"sha512   ");
 #endif
 #ifndef OPENSSL_NO_RIPEMD160
 			BIO_printf(bio_err,"rmd160");

config

@@ -647,11 +647,14 @@ case "$GUESSOS" in
 	    OUT="solaris64-x86_64-$CC"
 	else
 	    OUT="solaris-x86-$CC"
+	    if [ `uname -r | sed -e 's/5\.//'` -lt 10 ]; then
+		options="$options no-sse2"
+	    fi
 	fi
 	;;
   *-*-sunos4)		OUT="sunos-$CC" ;;
 
-  *86*-*-bsdi4)		OUT="bsdi-elf-gcc" ;;
+  *86*-*-bsdi4)		OUT="bsdi-elf-gcc"; options="$options no-sse2" ;;
   alpha*-*-*bsd*)	OUT="BSD-generic64; options="$options -DL_ENDIAN" ;;
   powerpc64-*-*bsd*)	OUT="BSD-generic64; options="$options -DB_ENDIAN" ;;
   sparc64-*-*bsd*)	OUT="BSD-sparc64" ;;
@@ -659,7 +662,7 @@ case "$GUESSOS" in
   amd64-*-*bsd*)	OUT="BSD-x86_64" ;;
   *86*-*-*bsd*)		case "`(file -L /usr/lib/libc.so.*) 2>/dev/null`" in
 			*ELF*)	OUT="BSD-x86-elf" ;;
-			*)	OUT="BSD-x86" ;;
+			*)	OUT="BSD-x86"; options="$options no-sse2" ;;
 			esac ;;
   *-*-*bsd*)		OUT="BSD-generic32" ;;
 

crypto/Makefile

@@ -67,6 +67,12 @@ x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl
 x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl
 	$(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@
 
+uplink.o:	../ms/uplink.c
+	$(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c
+
+uplink-cof.s:	../ms/uplink.pl
+	$(PERL) ../ms/uplink.pl coff > $@
+
 x86_64cpuid.s: x86_64cpuid.pl
 	$(PERL) x86_64cpuid.pl $@
 ia64cpuid.s: ia64cpuid.S
@@ -82,7 +88,7 @@ subdirs:
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i && echo "making all in crypto/$$i..." && \
-	$(MAKE) INCLUDES='${INCLUDES}' all ) || exit 1; \
+	$(MAKE) $(BUILDENV) INCLUDES='${INCLUDES}' all ) || exit 1; \
 	done;
 
 files:

crypto/asn1/asn1.h

@@ -932,7 +932,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
 #define ASN1_i2d_bio_of(type,i2d,out,x) \
 	((int (*)(I2D_OF(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
 #define ASN1_i2d_bio_of_const(type,i2d,out,x) \
-	((int (*)(I2D_OF_const(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
+	((int (*)(I2D_OF_const(type),BIO *,const type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
 int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);

crypto/bio/Makefile

@@ -92,7 +92,7 @@ b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 b_dump.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-b_dump.o: ../../include/openssl/symhacks.h ../cryptlib.h b_dump.c
+b_dump.o: ../../include/openssl/symhacks.h ../cryptlib.h b_dump.c bio_lcl.h
 b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -183,14 +183,14 @@ bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bss_fd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bss_fd.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_fd.c
+bss_fd.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_fd.c
 bss_file.o: ../../e_os.h ../../include/openssl/bio.h
 bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bss_file.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bss_file.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_file.c
+bss_file.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_file.c
 bss_log.o: ../../e_os.h ../../include/openssl/bio.h
 bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

crypto/bio/bss_file.c

@@ -236,12 +236,17 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 		b->shutdown=(int)num&BIO_CLOSE;
 		b->ptr=ptr;
 		b->init=1;
-#if BIO_FLAGS_UPLINK!=0 && defined(_IOB_ENTRIES)
+#if BIO_FLAGS_UPLINK!=0
+#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
+#define _IOB_ENTRIES 20
+#endif
+#if defined(_IOB_ENTRIES)
 		/* Safety net to catch purely internal BIO_set_fp calls */
 		if ((size_t)ptr >= (size_t)stdin &&
 		    (size_t)ptr <  (size_t)(stdin+_IOB_ENTRIES))
 			BIO_clear_flags(b,BIO_FLAGS_UPLINK);
 #endif
+#endif
 #ifdef UP_fsetmode
 		if (b->flags&BIO_FLAGS_UPLINK)
 			UP_fsetmode(b->ptr,num&BIO_FP_TEXT?'t':'b');

crypto/bn/bn_nist.c

@@ -282,6 +282,11 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
 	nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);
 
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma save
+# pragma message disable BADSUBSCRIPT
+#endif
+
 	nist_set_192(t_d, buf, 0, 3, 3);
 	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
 		++carry;
@@ -290,6 +295,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
 		++carry;
 
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma restore
+#endif
+
 	nist_set_192(t_d, buf, 5, 5, 5)
 	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
 		++carry;

crypto/cryptlib.c

@@ -624,7 +624,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
 #include <tchar.h>
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
-static int IsService(void)
+int OPENSSL_isservice(void)
 { HWINSTA h;
   DWORD len;
   WCHAR *name;
@@ -722,7 +722,7 @@ void OPENSSL_showfatal (const char *fmta,...)
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
     /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && IsService())
+    if (GetVersion() < 0x80000000 && OPENSSL_isservice())
     {	HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
 	const TCHAR *pmsg=buf;
 	ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
@@ -754,6 +754,7 @@ void OPENSSL_showfatal (const char *fmta,...)
     vfprintf (stderr,fmta,ap);
     va_end (ap);
 }
+int OPENSSL_isservice (void) { return 0; }
 #endif
 
 void OpenSSLDie(const char *file,int line,const char *assertion)

crypto/cryptlib.h

@@ -66,7 +66,7 @@
 
 #ifdef OPENSSL_USE_APPLINK
 #define BIO_FLAGS_UPLINK 0x8000
-#include "uplink.h"
+#include "ms/uplink.h"
 #endif
 
 #include <openssl/crypto.h>
@@ -103,6 +103,7 @@ extern unsigned long OPENSSL_ia32cap_P;
 void OPENSSL_showfatal(const char *,...);
 void *OPENSSL_stderr(void);
 extern int OPENSSL_NONPIC_relocated;
+int OPENSSL_isservice(void);
 
 #ifdef  __cplusplus
 }

crypto/dso/dso_dlfcn.c

@@ -237,7 +237,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
 static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
 	{
 	void *ptr;
-	DSO_FUNC_TYPE sym;
+	DSO_FUNC_TYPE sym, *tsym = &sym;
 
 	if((dso == NULL) || (symname == NULL))
 		{
@@ -255,7 +255,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
 		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
 		return(NULL);
 		}
-	*(void **)(&sym) = dlsym(ptr, symname);
+	*(void **)(tsym) = dlsym(ptr, symname);
 	if(sym == NULL)
 		{
 		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);

crypto/ec/ec_lib.c

@@ -622,7 +622,7 @@ void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
 	}
 
 /* this has 'package' visibility */
-void EC_EX_DATA_clear_free_extra_data(EC_EXTRA_DATA **ex_data,
+void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,
 	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
 	{
 	EC_EXTRA_DATA **p;

crypto/ecdh/ech_lib.c

@@ -78,6 +78,7 @@ const char *ECDH_version="ECDH" OPENSSL_VERSION_PTEXT;
 
 static const ECDH_METHOD *default_ECDH_method = NULL;
 
+static void *ecdh_data_new(void);
 static void *ecdh_data_dup(void *);
 static void  ecdh_data_free(void *);
 
@@ -167,7 +168,7 @@ static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
 	return(ret);
 	}
 
-void *ecdh_data_new(void)
+static void *ecdh_data_new(void)
 	{
 	return (void *)ECDH_DATA_new_method(NULL);
 	}

crypto/ecdsa/ecs_lib.c

@@ -65,6 +65,7 @@ const char *ECDSA_version="ECDSA" OPENSSL_VERSION_PTEXT;
 
 static const ECDSA_METHOD *default_ECDSA_method = NULL;
 
+static void *ecdsa_data_new(void);
 static void *ecdsa_data_dup(void *);
 static void  ecdsa_data_free(void *);
 
@@ -147,7 +148,7 @@ static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
 	return(ret);
 }
 
-void *ecdsa_data_new(void)
+static void *ecdsa_data_new(void)
 {
 	return (void *)ECDSA_DATA_new_method(NULL);
 }

crypto/objects/obj_dat.h

@@ -2740,8 +2740,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[648]),/* "Microsoft Smartcardlogin" */
 &(nid_objs[136]),/* "Microsoft Trust List Signing" */
 &(nid_objs[649]),/* "Microsoft Universal Principal Name" */
-&(nid_objs[404]),/* "NULL" */
 &(nid_objs[393]),/* "NULL" */
+&(nid_objs[404]),/* "NULL" */
 &(nid_objs[72]),/* "Netscape Base Url" */
 &(nid_objs[76]),/* "Netscape CA Policy Url" */
 &(nid_objs[74]),/* "Netscape CA Revocation Url" */
@@ -3450,8 +3450,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 0]),/* OBJ_undef                        0 */
 &(nid_objs[393]),/* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
-&(nid_objs[645]),/* OBJ_itu_t                        0 */
 &(nid_objs[404]),/* OBJ_ccitt                        OBJ_itu_t */
+&(nid_objs[645]),/* OBJ_itu_t                        0 */
 &(nid_objs[434]),/* OBJ_data                         0 9 */
 &(nid_objs[181]),/* OBJ_iso                          1 */
 &(nid_objs[182]),/* OBJ_member_body                  1 2 */

crypto/opensslv.h

@@ -12,7 +12,7 @@
  * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
  * 0.9.3	  0x0090300f
  * 0.9.3a	  0x0090301f
- * 0.9.4 	  0x0090400f
+ * 0.9.4	  0x0090400f
  * 1.2.3z	  0x102031af
  *
  * For continuity reasons (because 0.9.5 is already out, and is coded
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x00908000L
+#define OPENSSL_VERSION_NUMBER	0x00908002L
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8-fips-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8-fips-beta2 24 May 2005"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8-beta2 24 May 2005"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 

crypto/pem/pem.h

@@ -230,9 +230,9 @@ return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,uns
 }
 
 #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x) \
+int PEM_write_##name(FILE *fp, const type *x) \
 { \
-return(((int (*)(I2D_OF_const(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \
+return(((int (*)(I2D_OF_const(type),const char *,FILE *, const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \
 }
 
 #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
@@ -266,9 +266,9 @@ return(((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsi
 }
 
 #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x) \
+int PEM_write_bio_##name(BIO *bp, const type *x) \
 { \
-return(((int (*)(I2D_OF_const(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \
+return(((int (*)(I2D_OF_const(type),const char *,BIO *,const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \
 }
 
 #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
@@ -333,6 +333,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 #define DECLARE_PEM_write_fp(name, type) \
 	int PEM_write_##name(FILE *fp, type *x);
 
+#define DECLARE_PEM_write_fp_const(name, type) \
+	int PEM_write_##name(FILE *fp, const type *x);
+
 #define DECLARE_PEM_write_cb_fp(name, type) \
 	int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
 	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
@@ -346,6 +349,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 #define DECLARE_PEM_write_bio(name, type) \
 	int PEM_write_bio_##name(BIO *bp, type *x);
 
+#define DECLARE_PEM_write_bio_const(name, type) \
+	int PEM_write_bio_##name(BIO *bp, const type *x);
+
 #define DECLARE_PEM_write_cb_bio(name, type) \
 	int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
@@ -362,6 +368,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 	DECLARE_PEM_write_bio(name, type) \
 	DECLARE_PEM_write_fp(name, type) 
 
+#define DECLARE_PEM_write_const(name, type) \
+	DECLARE_PEM_write_bio_const(name, type) \
+	DECLARE_PEM_write_fp_const(name, type)
+
 #define DECLARE_PEM_write_cb(name, type) \
 	DECLARE_PEM_write_cb_bio(name, type) \
 	DECLARE_PEM_write_cb_fp(name, type) 
@@ -374,6 +384,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 	DECLARE_PEM_read(name, type) \
 	DECLARE_PEM_write(name, type)
 
+#define DECLARE_PEM_rw_const(name, type) \
+	DECLARE_PEM_read(name, type) \
+	DECLARE_PEM_write_const(name, type)
+
 #define DECLARE_PEM_rw_cb(name, type) \
 	DECLARE_PEM_read(name, type) \
 	DECLARE_PEM_write_cb(name, type)
@@ -601,7 +615,7 @@ DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 
 DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
 
-DECLARE_PEM_rw(RSAPublicKey, RSA)
+DECLARE_PEM_rw_const(RSAPublicKey, RSA)
 DECLARE_PEM_rw(RSA_PUBKEY, RSA)
 
 #endif
@@ -612,19 +626,19 @@ DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
 
 DECLARE_PEM_rw(DSA_PUBKEY, DSA)
 
-DECLARE_PEM_rw(DSAparams, DSA)
+DECLARE_PEM_rw_const(DSAparams, DSA)
 
 #endif
 
 #ifndef OPENSSL_NO_EC
-DECLARE_PEM_rw(ECPKParameters, EC_GROUP)
+DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
 DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
 DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
 #endif
 
 #ifndef OPENSSL_NO_DH
 
-DECLARE_PEM_rw(DHparams, DH)
+DECLARE_PEM_rw_const(DHparams, DH)
 
 #endif
 

crypto/perlasm/x86unix.pl

@@ -537,7 +537,8 @@ sub main'file_end
 	if ($main'elf && grep {/%[x]*mm[0-7]/i} @out) {
 		local($tmp);
 
-		push (@out,"\n.comm\t${under}OPENSSL_ia32cap_P,4,4\n");
+		push (@out,"\n.section\t.bss\n");
+		push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n");
 
 		push (@out,".section\t.init\n");
 		# One can argue that it's wasteful to craft every
@@ -572,6 +573,8 @@ sub main'file_end
 		movl	%edx,0(%edi)
 		popl	%ebx
 		popl	%edi
+		jmp	1f
+	.align	$align
 	1:
 ___
 		push (@out,$tmp);
@@ -716,6 +719,9 @@ sub main'initseg
 		$tmp=<<___;
 .section	.init
 	call	$under$f
+	jmp	1f
+.align	$align
+1:
 ___
 		}
 	elsif ($main'coff)

crypto/pkcs7/pk7_smime.c

@@ -88,6 +88,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 
     	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
 		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+		PKCS7_free(p7);
 		return NULL;
 	}
 
@@ -105,6 +106,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 		{
 		if(!(smcap = sk_X509_ALGOR_new_null())) {
 			PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+			PKCS7_free(p7);
 			return NULL;
 		}
 #ifndef OPENSSL_NO_DES
@@ -130,6 +132,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 
 	if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
 		PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+		PKCS7_free(p7);
 		return NULL;
 	}
 
@@ -139,10 +142,12 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 
         if (!PKCS7_dataFinal(p7,p7bio)) {
 		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
+		PKCS7_free(p7);
+		BIO_free_all(p7bio);
 		return NULL;
 	}
 
-        BIO_free_all(p7bio);
+	BIO_free_all(p7bio);
 	return p7;
 }
 

crypto/rand/rand_win.c

@@ -632,7 +632,8 @@ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 void RAND_screen(void) /* function available for backward compatibility */
 {
 	RAND_poll();
-	readscreen();
+	if (GetVersion() >= 0x80000000 || !OPENSSL_isservice())
+		readscreen();
 }
 
 

crypto/rand/randfile.c

@@ -57,7 +57,7 @@
  */
 
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */
-#define _XOPEN_SOURCE 1
+#define _XOPEN_SOURCE 500
 
 #include <errno.h>
 #include <stdio.h>

crypto/sha/sha.h

@@ -148,6 +148,7 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
 #define SHA384_DIGEST_LENGTH	48
 #define SHA512_DIGEST_LENGTH	64
 
+#ifndef OPENSSL_NO_SHA512
 /*
  * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
  * being exactly 64-bit wide. See Implementation Notes in sha512.c
@@ -177,6 +178,7 @@ typedef struct SHA512state_st
 	} u;
 	unsigned int num,md_len;
 	} SHA512_CTX;
+#endif
 
 #ifndef OPENSSL_NO_SHA512
 int SHA384_Init(SHA512_CTX *c);

crypto/sha/sha256t.c

@@ -10,6 +10,14 @@
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
+int main(int argc, char *argv[])
+{
+    printf("No SHA256 support\n");
+    return(0);
+}
+#else
+
 unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
 	0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
 	0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
@@ -136,3 +144,4 @@ int main ()
 
   return 0;
 }
+#endif

crypto/sha/sha512t.c

@@ -11,6 +11,14 @@
 #include <openssl/evp.h>
 #include <openssl/crypto.h>
 
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
+int main(int argc, char *argv[])
+{
+    printf("No SHA512 support\n");
+    return(0);
+}
+#else
+
 unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
 	0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
 	0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
@@ -173,3 +181,4 @@ int main ()
 
   return 0;
 }
+#endif

crypto/x86cpuid.pl

@@ -5,6 +5,8 @@ require "x86asm.pl";
 
 &asm_init($ARGV[0],"x86cpuid");
 
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
 &function_begin("OPENSSL_ia32_cpuid");
 	&xor	("edx","edx");
 	&pushf	();
@@ -115,17 +117,19 @@ require "x86asm.pl";
 	&mov	("ecx",&DWP(0,"ecx"));
 	&bt	(&DWP(0,"ecx"),1);
 	&jnc	(&label("no_x87"));
-	&bt	(&DWP(0,"ecx"),26);
+	if ($sse2) {
-	&jnc	(&label("no_sse2"));
+		&bt	(&DWP(0,"ecx"),26);
-	&pxor	("xmm0","xmm0");
+		&jnc	(&label("no_sse2"));
-	&pxor	("xmm1","xmm1");
+		&pxor	("xmm0","xmm0");
-	&pxor	("xmm2","xmm2");
+		&pxor	("xmm1","xmm1");
-	&pxor	("xmm3","xmm3");
+		&pxor	("xmm2","xmm2");
-	&pxor	("xmm4","xmm4");
+		&pxor	("xmm3","xmm3");
-	&pxor	("xmm5","xmm5");
+		&pxor	("xmm4","xmm4");
-	&pxor	("xmm6","xmm6");
+		&pxor	("xmm5","xmm5");
-	&pxor	("xmm7","xmm7");
+		&pxor	("xmm6","xmm6");
-&set_label("no_sse2");
+		&pxor	("xmm7","xmm7");
+	&set_label("no_sse2");
+	}
 	# just a bunch of fldz to zap the fp/mm bank...
 	&data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9);
 	&emms	();

doc/apps/ca.pod

@@ -422,7 +422,7 @@ the same as B<-msie_hack>
 the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
 for more information.
 
-=item B<nameopt>, B<certopt>
+=item B<name_opt>, B<cert_opt>
 
 these options allow the format used to display the certificate details
 when asking the user to confirm signing. All the options supported by
@@ -544,8 +544,8 @@ A sample configuration file with the relevant sections for B<ca>:
  policy         = policy_any            # default policy
  email_in_dn    = no                    # Don't add the email into cert DN
 
- nameopt	= ca_default		# Subject name display option
+ name_opt	= ca_default		# Subject name display option
- certopt	= ca_default		# Certificate display option
+ cert_opt	= ca_default		# Certificate display option
  copy_extensions = none			# Don't copy extensions from request
 
  [ policy_any ]

doc/crypto/SSLeay_version.pod

@@ -1,74 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSLeay_version - retrieve version/build information about OpenSSL library
-
-=head1 SYNOPSIS
-
- #include <openssl/crypto.h>
-
- const char *SSLeay_version(int type);
-
-=head1 DESCRIPTION
-
-SSLeay_version() returns a pointer to a constant string describing the
-version of the OpenSSL library or giving information about the library
-build.
-
-The following B<type> values are supported:
-
-=over 4
-
-=item SSLEAY_VERSION
-
-The version of the OpenSSL library including the release date.
-
-=item SSLEAY_CFLAGS
-
-The compiler flags set for the compilation process in the form
-"compiler: ..."  if available or "compiler: information not available"
-otherwise.
-
-=item SSLEAY_BUILT_ON
-
-The date of the build process in the form "built on: ..." if available
-or "built on: date not available" otherwise.
-
-=item SSLEAY_PLATFORM
-
-The "Configure" target of the library build in the form "platform: ..."
-if available or "platform: information not available" otherwise.
-
-=item SSLEAY_DIR
-
-The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
-if available or "OPENSSLDIR: N/A" otherwise.
-
-=back
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item "not available"
-
-An invalid value for B<type> was given.
-
-=item Pointer to constant string
-
-Textual description.
-
-=back
-
-=head1 SEE ALSO
-
-L<crypto(3)|crypto(3)>
-
-=head1 HISTORY
-
-B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
-
-=cut

doc/crypto/ecdsa.pod

@@ -14,13 +14,11 @@ ecdsa - Elliptic Curve Digital Signature Algorithm
  ECDSA_SIG*	d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, 
 		long len);
 
- ECDSA_DATA*	ECDSA_DATA_new(void);
- ECDSA_DATA*	ECDSA_DATA_new_method(ENGINE *eng);
- void		ECDSA_DATA_free(ECDSA_DATA *data);
- ECDSA_DATA*	ecdsa_check(EC_KEY *eckey);
-
  ECDSA_SIG*	ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
 			EC_KEY *eckey);
+ ECDSA_SIG*	ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 
+			const BIGNUM *kinv, const BIGNUM *rp,
+			EC_KEY *eckey);
  int		ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
 			const ECDSA_SIG *sig, EC_KEY* eckey);
  int		ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
@@ -28,6 +26,10 @@ ecdsa - Elliptic Curve Digital Signature Algorithm
  int		ECDSA_sign(int type, const unsigned char *dgst,
 			int dgstlen, unsigned char *sig,
 			unsigned int *siglen, EC_KEY *eckey);
+ int		ECDSA_sign_ex(int type, const unsigned char *dgst,
+			int dgstlen, unsigned char *sig,
+			unsigned int *siglen, const BIGNUM *kinv, 
+			const BIGNUM *rp, EC_KEY *eckey);
  int		ECDSA_verify(int type, const unsigned char *dgst,
 			int dgstlen, const unsigned char *sig,
 			int siglen, EC_KEY *eckey);
@@ -72,35 +74,6 @@ the decoded signature in a newly allocated B<ECDSA_SIG> structure.
 B<*sig> points to the buffer containing the DER encoded signature
 of size B<len>.
 
-The B<ECDSA_DATA> structure extends the B<EC_KEY_METH_DATA>
-structure with ECDSA specific data.
-
- struct
-	{
-	/* EC_KEY_METH_DATA part */
-	int  (*init)(EC_KEY *);
-	void (*finish)(EC_KEY *);
-	/* method (ECDSA) specific part */
-	BIGNUM	*kinv;	/* signing pre-calc */
-	BIGNUM	*r;	/* signing pre-calc */
-	...
-	} 
- ECDSA_DATA;
-
-B<kinv> and B<r> are used to store precomputed values (see
-B<ECDSA_sign_setup>). 
-
-ECDSA_DATA_new() returns a newly allocated and initialized
-B<ECDSA_DATA> structure (or NULL on error). 
-
-ECDSA_DATA_free() frees the B<ECDSA_DATA> structure B<data>.
-
-ecdsa_check() returns the pointer to the B<ECDSA_DATA>
-structure in B<EC_KEY-E<gt>meth_data> (if B<EC_KEY-E<gt>meth_data>
-is not a pointer to a B<ECDSA_DATA> structure then the old
-data is freed and a new B<ECDSA_DATA> structure is allocated
-using B<ECDSA_DATA_new>).
-
 ECDSA_size() returns the maximum length of a DER encoded
 ECDSA signature created with the private EC key B<eckey>.
 
@@ -108,13 +81,15 @@ ECDSA_sign_setup() may be used to precompute parts of the
 signing operation. B<eckey> is the private EC key and B<ctx>
 is a pointer to B<BN_CTX> structure (or NULL). The precomputed
 values or returned in B<kinv> and B<rp> and can be used in a
-later call to B<ECDSA_sign> or B<ECDSA_do_sign> when placed in
+later call to B<ECDSA_sign_ex> or B<ECDSA_do_sign_ex>.
-B<ECDSA_DATA-E<gt>kinv> and B<ECDSA_DATA-E<gt>r>.
 
-ECDSA_sign() computes a digital signature of the B<dgstlen> bytes
+ECDSA_sign() is wrapper function for ECDSA_sign_ex with B<kinv>
-hash value B<dgst> using the private EC key B<eckey> and places
+and B<rp> set to NULL.
-the DER encoding of the created signature in B<sig>. The length
+
-of the created signature is returned in B<sig_len>. Note: B<sig>
+ECDSA_sign_ex() computes a digital signature of the B<dgstlen> bytes
+hash value B<dgst> using the private EC key B<eckey> and the optional
+pre-computed values B<kinv> and B<rp>. The DER encoded signatures is
+stored in B<sig> and it's length is returned in B<sig_len>. Note: B<sig>
 must point to B<ECDSA_size> bytes of memory. The parameter B<type>
 is ignored.
 
@@ -123,10 +98,13 @@ B<siglen> is a valid ECDSA signature of the hash value
 value B<dgst> of size B<dgstlen> using the public key B<eckey>.
 The parameter B<type> is ignored.
 
-ECDSA_do_sign() computes a digital signature of the B<dgst_len>
+ECDSA_do_sign() is wrapper function for ECDSA_do_sign_ex with B<kinv>
-bytes hash value B<dgst> using the private key B<eckey> and 
+and B<rp> set to NULL.
-returns the signature in a newly allocated B<ECDSA_SIG> structure
+
-(or NULL on error).
+ECDSA_do_sign_ex() computes a digital signature of the B<dgst_len>
+bytes hash value B<dgst> using the private key B<eckey> and the
+optional pre-computed values B<kinv> and B<rp>. The signature is
+returned in a newly allocated B<ECDSA_SIG> structure (or NULL on error).
 
 ECDSA_do_verify() verifies that the signature B<sig> is a valid
 ECDSA signature of the hash value B<dgst> of size B<dgst_len>

e_os.h

@@ -235,6 +235,23 @@ extern "C" {
 #  define NO_DIRENT
 
 #  ifdef WINDOWS
+#    ifndef _WIN32_WINNT
+       /*
+	* Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
+	* Most notably we ought to check for availability of each specific
+	* routine with GetProcAddress() and/or quard NT-specific calls with
+	* GetVersion() < 0x80000000. One can argue that in latter "or" case
+	* we ought to /DELAYLOAD some .DLLs in order to protect ourselves
+	* against run-time link errors. This doesn't seem to be necessary,
+	* because it turned out that already Windows 95, first non-NT Win32
+	* implementation, is equipped with at least NT 3.51 stubs, dummy
+	* routines with same name, but which do nothing. Meaning that it's
+	* apparently appropriate to guard generic NT calls with GetVersion
+	* alone, while NT 4.0 and above calls ought to be additionally
+	* checked upon with GetProcAddress.
+	*/
+#      define _WIN32_WINNT 0x0400
+#    endif
 #    include <windows.h>
 #    include <stddef.h>
 #    include <errno.h>

engines/Makefile

@@ -65,7 +65,7 @@ lib:	$(LIBOBJ)
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		set -e; \
 		for l in $(LIBNAMES); do \
-			$(MAKE) -f ../Makefile.shared \
+			$(MAKE) -f ../Makefile.shared $(BUILDENV) \
 				LIBNAME=$$l LIBEXTRAS=e_$$l.o \
 				LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
 				link_o.$(SHLIB_TARGET); \
@@ -82,14 +82,19 @@ files:
 links:
 
 # XXXXX This currently only works on systems that use .so as suffix
-# for shared libraries.
+# for shared libraries as well as for Cygwin which uses the
+# dlfcn_name_converter and therefore stores the engines with .so suffix, too.
 install:
 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		set -e; \
 		for l in $(LIBNAMES); do \
 			( echo installing $$l; \
-			  cp lib$$l.so $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so.new; \
+			  if [ "$(PLATFORM)" != "Cygwin" ]; then \
+				  cp lib$$l.so $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so.new; \
+			  else \
+				  cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so.new; \
+			  fi; \
 			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so.new; \
 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so ); \
 		done; \

ms/uplink.pl

@@ -44,7 +44,7 @@ print <<___;
 .align	4
 .Lazy$i:
 	pushl	\$$i
-	pushl	_OPENSSL_UplinkTable
+	pushl	\$_OPENSSL_UplinkTable
 	call	_OPENSSL_Uplink
 	addl	\$8,%esp
 	jmp	*(_OPENSSL_UplinkTable+4*$i)

ssl/Makefile

@@ -160,7 +160,7 @@ d1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c
-d1_clnt.o: ssl_locl.h
+d1_clnt.o: kssl_lcl.h ssl_locl.h
 d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 d1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h

ssl/d1_clnt.c

@@ -115,6 +115,7 @@
 
 #include <stdio.h>
 #include "ssl_locl.h"
+#include "kssl_lcl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>

ssl/kssl.c

@@ -68,7 +68,7 @@
 
 #include <openssl/opensslconf.h>
 
-#define _XOPEN_SOURCE /* glibc2 needs this to declare strptime() */
+#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
 #include <time.h>
 #undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
 #include <string.h>

ssl/s3_srvr.c

@@ -1886,7 +1886,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 		n2s(p,i);
 		enc_ticket.length = i;
 
-		if (n < enc_ticket.length + 6)
+		if (n < (int)enc_ticket.length + 6)
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
 				SSL_R_DATA_LENGTH_TOO_LONG);
@@ -1899,7 +1899,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 		n2s(p,i);
 		authenticator.length = i;
 
-		if (n < enc_ticket.length + authenticator.length + 6)
+		if (n < (int)(enc_ticket.length + authenticator.length) + 6)
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
 				SSL_R_DATA_LENGTH_TOO_LONG);

ssl/ssltest.c

@@ -128,7 +128,7 @@
 #define USE_SOCKETS
 #include "e_os.h"
 
-#define _XOPEN_SOURCE 1		/* Or isascii won't be declared properly on
+#define _XOPEN_SOURCE 500	/* Or isascii won't be declared properly on
 				   VMS (at least with DECompHP C).  */
 #include <ctype.h>
 

test/Makefile

@@ -312,7 +312,7 @@ BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 	else \
 		LIBRARIES="$(LIBSSL) $(LIBCRYPTO)"; \
 	fi; \
-	$(MAKE) -f $(TOP)/Makefile.shared \
+	$(MAKE) -f $(TOP)/Makefile.shared $(BUILDENV) \
 		APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		link_app.$${shlib_target}
@@ -549,8 +549,11 @@ md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c
-mdc2test.o: ../e_os.h ../include/openssl/e_os2.h
+mdc2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
-mdc2test.o: ../include/openssl/opensslconf.h mdc2test.c
+mdc2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+mdc2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+mdc2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mdc2test.o: ../include/openssl/symhacks.h mdc2test.c
 randtest.o: ../e_os.h ../include/openssl/e_os2.h
 randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
 randtest.o: ../include/openssl/rand.h randtest.c
@@ -559,8 +562,11 @@ rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc2test.c
 rc4test.o: ../e_os.h ../include/openssl/e_os2.h
 rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
 rc4test.o: ../include/openssl/sha.h rc4test.c
-rc5test.o: ../e_os.h ../include/openssl/e_os2.h
+rc5test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
-rc5test.o: ../include/openssl/opensslconf.h rc5test.c
+rc5test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+rc5test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rc5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+rc5test.o: ../include/openssl/symhacks.h rc5test.c
 rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h

util/cygwin.sh

@@ -47,6 +47,14 @@ function doc_install()
   create_cygwin_readme
 }
 
+function certs_install()
+{
+  CERTS_DIR=${INSTALL_PREFIX}/usr/ssl/certs
+
+  mkdir -p ${CERTS_DIR}
+  cp -rp certs/* ${CERTS_DIR}
+}
+
 function create_cygwin_readme()
 {
   README_DIR=${INSTALL_PREFIX}/usr/share/doc/Cygwin
@@ -104,6 +112,8 @@ base_install
 
 doc_install
 
+certs_install
+
 create_cygwin_readme
 
 create_profile_files
@@ -112,11 +122,13 @@ cd ${INSTALL_PREFIX}
 strip usr/bin/*.exe usr/bin/*.dll
 
 # Runtime package
-find etc usr/bin usr/share/doc usr/ssl/certs usr/ssl/man/man[157] \
+find etc usr/bin usr/lib/engines usr/share/doc usr/ssl/certs \
-     usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private -empty -o \! -type d |
+     usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private \
+     -empty -o \! -type d |
 tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 -
 # Development package
-find usr/include usr/lib usr/ssl/man/man3 -empty -o \! -type d |
+find usr/include usr/lib/*.a usr/lib/pkgconfig usr/ssl/man/man3 \
+     -empty -o \! -type d |
 tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 -
 
 ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2

util/mkdef.pl

@@ -741,7 +741,8 @@ sub do_defs
 				} elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
 					next;
 				} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
-					 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) {
+					 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_rw_const\s*\(\s*(\w*)\s*,/ ) {
 					# Things not in Win16
 					$def .=
 					    "#INFO:"

util/pl/VC-32.pl

@@ -11,7 +11,7 @@ $rm='del';
 
 # C compiler stuff
 $cc='cl';
-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0333 -DL_ENDIAN -DDSO_WIN32';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
 $lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
 $mlflags='';
 
@@ -99,23 +99,18 @@ if ($shlib)
 	# Engage Applink...
 	#
 	$app_ex_obj.=" \$(OBJ_D)\\applink.obj /implib:\$(TMP_D)\\junk.lib";
-	$cflags.=" -DOPENSSL_USE_APPLINK";
+	$cflags.=" -DOPENSSL_USE_APPLINK -I.";
 	# I'm open for better suggestions than overriding $banner...
 	$banner=<<'___';
 	@echo Building OpenSSL
 
 $(OBJ_D)\applink.obj:	ms\applink.c
 	$(CC) /Fo$(OBJ_D)\applink.obj $(APP_CFLAGS) -c ms\applink.c
-$(OBJ_D)\uplink.obj:	ms\uplink.c $(OBJ_D)\applink.c
+$(OBJ_D)\uplink.obj:	ms\uplink.c ms\applink.c
 	$(CC) /Fo$(OBJ_D)\uplink.obj $(SHLIB_CFLAGS) -c ms\uplink.c
-$(INCL_D)\uplink.h:	ms\uplink.h
-	$(CP) ms\uplink.h $(INCL_D)\uplink.h
 $(INCO_D)\applink.c:	ms\applink.c
 	$(CP) ms\applink.c $(INCO_D)\applink.c
-$(OBJ_D)\applink.c:	ms\applink.c
-	$(CP) ms\applink.c $(OBJ_D)\applink.c
 
-HEADER=$(HEADER) $(INCL_D)\uplink.h
 EXHEADER= $(EXHEADER) $(INCO_D)\applink.c
 
 LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj