Prepare for 1.0.2c release

Reviewed-by: Richard Levitte <levitte@openssl.org>

.cvsignore

@@ -0,0 +1,22 @@
+openssl.pc
+libcrypto.pc
+libssl.pc
+MINFO
+makefile.one
+tmp
+out
+outinc
+rehash.time
+testlog
+make.log
+maketest.log
+cctest
+cctest.c
+cctest.a
+*.flc
+semantic.cache
+Makefile
+*.dll*
+*.so*
+*.sl*
+*.dylib*

.gitignore

@@ -30,7 +30,6 @@
 !/test/igetest.c
 !/test/r160test.c
 !/test/fips_algvs.c
-!/test/testutil.c
 
 /test/*.ss
 /test/*.srl
@@ -74,7 +73,6 @@ crypto/sha/asm/sha512-sse2.asm
 /apps/openssl
 /test/sha256t
 /test/sha512t
-/test/gost2814789t
 /test/*test
 /test/fips_aesavs
 /test/fips_desmovs
@@ -100,12 +98,14 @@ Makefile.save
 *.bak
 tags
 TAGS
-cscope.out
-*.d
 
 # Windows
+/tmp32
+/tmp32.dbg
 /tmp32dll
 /tmp32dll.dbg
+/out32
+/out32.dbg
 /out32dll
 /out32dll.dbg
 /inc32

CHANGES.SSLeay

@@ -29,7 +29,7 @@ eric (about to go bushwalking for the 4 day easter break :-)
 7-Jan-98
     - Finally reworked the cipher string to ciphers again, so it
       works correctly
-    - All the app_data stuff is now ex_data with function calls to access.
+    - All the app_data stuff is now ex_data with funcion calls to access.
       The index is supplied by a function and 'methods' can be setup
       for the types that are called on XXX_new/XXX_free.  This lets
       applications get notified on creation and destruction.  Some of
@@ -937,7 +937,7 @@ Reasons to start playing with version 0.5.0
   certificate, it is my aim to use perl5/Tk but I don't have time to do
   this right now.  It will generate the certificates but the management
   scripts still need to be written.  This is not a hard task.
-- Things have been cleaned up a lot.
+- Things have been cleaned up alot.
 - Have a look at the enc and dgst programs in the apps directory.
 - It supports v3 of x509 certiticates.
 

Configure

@@ -3,8 +3,6 @@ eval 'exec perl -S $0 ${1+"$@"}'
     if $running_under_some_shell;
 ##
 ##  Configure -- OpenSSL source tree configuration script
-##  If editing this file, run this command before committing
-##	make -f Makefile.org TABLE
 ##
 
 require 5.000;
@@ -62,7 +60,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 # 386           generate 80386 code
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
-# -<xxx> +<xxx> compiler options are passed through
+# -<xxx> +<xxx> compiler options are passed through 
 #
 # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
 #		provided to stack calls. Generates unique stack functions for
@@ -103,11 +101,28 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 # AES_ASM	ASE_[en|de]crypt is implemented in assembler
 
 # Minimum warning options... any contributions to OpenSSL should at least get
-# past these.
+# past these. 
 
 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
 
-my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
+# TODO(openssl-team): fix problems and investigate if (at least) the following
+# warnings can also be enabled:
+# -Wconditional-uninitialized, -Wswitch-enum, -Wunused-macros,
+# -Wmissing-field-initializers, -Wmissing-variable-declarations,
+# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
+# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
+# -Wextended-offsetof
+my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token  -Wno-extended-offsetof";
+
+# These are used in addition to $gcc_devteam_warn when the compiler is clang.
+# TODO(openssl-team): fix problems and investigate if (at least) the
+# following warnings can also be enabled: -Wconditional-uninitialized,
+# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers,
+# -Wmissing-variable-declarations,
+# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
+# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
+# -Wextended-offsetof
+my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
 
 my $strict_warnings = 0;
 
@@ -128,11 +143,11 @@ my $tlib="-lnsl -lsocket";
 my $bits1="THIRTY_TWO_BIT ";
 my $bits2="SIXTY_FOUR_BIT ";
 
-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:e_padlock-x86.o";
+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
 
 my $x86_elf_asm="$x86_asm:elf";
 
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:e_padlock-x86_64.o";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:";
 my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
 my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void";
 my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void";
@@ -149,7 +164,7 @@ my $ppc32_asm=$ppc64_asm;
 my $no_asm="::::::::::::::::void";
 
 # As for $BSDthreads. Idea is to maintain "collective" set of flags,
-# which would cover all BSD flavors. -pthread applies to them all,
+# which would cover all BSD flavors. -pthread applies to them all, 
 # but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
 # -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
 # which has to be accompanied by explicit -D_THREAD_SAFE and
@@ -175,38 +190,34 @@ my %table=(
 "debug-ben",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe::(unknown)::::::",
+"debug-ben-debug",	"gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
 "debug-ben-debug-64",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-ben-debug-64-clang",	"clang:$gcc_devteam_warn -fsanitize=undefined -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-ben-debug-64-noopt",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-ben-macos",	"cc:$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
+"debug-ben-macos",	"cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
+"debug-ben-macos-gcc46",	"gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
+"debug-ben-darwin64","cc:$gcc_devteam_warn -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-ben-debug-64-clang",	"clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-ben-no-opt",	"gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
-"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:$x86_64_asm:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-erbridge",   "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
 "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o:e_padlock-x86.o:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "dist",		"cc:-O::(unknown)::::::",
-"debug-test-64-clang",	"clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"darwin64-debug-test-64-clang",  "clang:-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:MACOSX::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 
 # Basic configs that should work on any (32 and less bit) box
 "gcc",		"gcc:-O3::(unknown):::BN_LLONG:::",
@@ -232,19 +243,19 @@ my %table=(
 # compiler:-)
 #						<appro@fy.chalmers.se>
 "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-
+ 
 #### Solaris x86 with Sun C setups
 "solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
 "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with Sun C setups
@@ -257,20 +268,24 @@ my %table=(
 "solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 ####
 "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
+
+#### SunOS configs, assuming sparc for the gcc one.
+#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
 
 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -323,7 +338,7 @@ my %table=(
 "hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64",
 # GCC builds...
 "hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
-"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64",
+"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", 
 
 # Legacy HPUX 9.X configs...
 "hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -350,8 +365,8 @@ my %table=(
 ####
 # *-generic* is endian-neutral target, but ./config is free to
 # throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc",	"gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #######################################################################
 # Note that -march is not among compiler options in below linux-armv4
@@ -380,30 +395,30 @@ my %table=(
 #
 #       ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
 #
-"linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aarch64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4",	"gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # Configure script adds minimally required -march for assembly support,
 # if no -march was specified at command line. mips32 and mips64 below
 # refer to contemporary MIPS Architecture specifications, MIPS32 and
 # MIPS64, rather than to kernel bitness.
-"linux-mips32",	"gcc:-mabi=32 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-mips64",   "gcc:-mabi=n32 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"linux64-mips64",   "gcc:-mabi=64 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-mips32",	"gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64",   "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"linux64-mips64",   "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### IA-32 targets...
-"linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+"linux-ia32-icc",	"icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
 ####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ppc64le","gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
 "linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-clang",	"clang: -m64 -DL_ENDIAN -DTERMIO -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-icc", "icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x32",	"gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32:",
-"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-clang",	"clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x32",	"gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### So called "highgprs" target for z/Architecture CPUs
 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
 # /proc/cpuinfo. The idea is to preserve most significant bits of
@@ -417,16 +432,16 @@ my %table=(
 # ldconfig and run-time linker to autodiscover. Unfortunately it
 # doesn't work just yet, because of couple of bugs in glibc
 # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
-"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
+"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -440,44 +455,48 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-#
-# TI_CGT_C6000_7.3.x is a requirement
-"linux-c64xplus","cl6x:--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT::-D_REENTRANT:::BN_LLONG:c64xpluscpuid.o:bn-c64xplus.o c64xplus-gf2m.o:::aes-c64xplus.o aes_cbc.o aes_ctr.o:::sha1-c64xplus.o sha256-c64xplus.o sha512-c64xplus.o::rc4-c64xplus.o:::::ghash-c64xplus.o::void:dlfcn:linux-shared:--pic:-z --sysv --shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):true",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 
-# Android: linux-* but without -DTERMIO and pointers to headers and libs.
+# Android: linux-* but without pointers to headers and libs.
 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### *BSD [do see comment about ${BSDthreads} above!]
-"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
-"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
 # simply *happens* to work around a compiler bug in gcc 3.3.3,
 # triggered by RIPEMD160 code.
-"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64",	"gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64",	"cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 "nextstep",	"cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 
+# NCR MP-RAS UNIX ver 02.03.01
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
+
 # QNX
 "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-"QNX6",       "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"QNX6-i386",  "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6",       "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6-i386",  "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# BeOS
+"beos-x86-r5",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
+"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so",
 
 #### SCO/Caldera targets.
 #
@@ -501,15 +520,52 @@ my %table=(
 
 #### IBM's AIX.
 "aix3-cc",  "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32",
-"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
+"aix-gcc",  "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32",
+"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
 # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
 # at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+
+#
+# Cray T90 and similar (SDSC)
+# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+# defined.  The T90 ints and longs are 8 bytes long, and apparently the
+# B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
+# non L_ENDIAN code aligns the bytes in each word correctly.
+#
+# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
+#'Taking the address of a bit field is not allowed. '
+#'An expression with bit field exists as the operand of "sizeof" '
+# (written by Wayne Schroeder <schroede@SDSC.EDU>)
+#
+# j90 is considered the base machine type for unicos machines,
+# so this configuration is now called "cray-j90" ...
+"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
+#
+# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems).  I added
+# another use.  Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
+
+# DGUX, 88100.
+"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+
+# Sinix/ReliantUNIX RM400
+# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
+"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
 
 # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
 
 # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
 # You need to compile using the c89.sh wrapper in the tools directory, because the
@@ -545,14 +601,12 @@ my %table=(
 # with itself, Applink is never engaged and can as well be omitted.
 "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
 
-# UWIN
+# UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
 
 # Cygwin
-"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN32::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
 
 # NetWare from David Ward (dsward@novell.com)
 # requires either MetroWerks NLM development tools, or gcc / nlmconv
@@ -570,7 +624,7 @@ my %table=(
 "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
 
 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
 
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -578,37 +632,26 @@ my %table=(
 # K&R C is no longer supported; you need gcc on old Ultrix installations
 ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
 
-##### MacOS X (a.k.a. Darwin) setup
+##### MacOS X (a.k.a. Rhapsody or Darwin) setup
+"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
 "darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 # iPhoneOS/iOS
-#
-# It takes three prior-set environment variables to make it work:
-#
-# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
-# CROSS_TOP=/where/SDKs/are
-# CROSS_SDK=iPhoneOSx.y.sdk
-#
-# Exact paths vary with Xcode releases, but for couple of last ones
-# they would look like this:
-#
-# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
-# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
-# CROSS_SDK=iPhoneOS7.0.sdk
-#
-"iphoneos-cross","cc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR -RC4_CHUNK DES_INT DES_UNROLL -BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 
 ##### A/UX
 "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
 
+##### Sony NEWS-OS 4.x
+"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+
 ##### GNU Hurd
-"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+"hurd-x86",  "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
 
 ##### OS/2 EMX
 "OS2-EMX", "gcc::::::::",
@@ -623,6 +666,9 @@ my %table=(
 "vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:",
 "vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:",
 
+##### Compaq Non-Stop Kernel (Tandem)
+"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
+
 # uClinux
 "uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
 "uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
@@ -632,7 +678,7 @@ my %table=(
 my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
 		    debug-VC-WIN64I debug-VC-WIN64A
 		    VC-NT VC-CE VC-WIN32 debug-VC-WIN32
-		    BC-32
+		    BC-32 
 		    netware-clib netware-clib-bsdsock
 		    netware-libc netware-libc-bsdsock);
 
@@ -676,8 +722,8 @@ my $openssldir="";
 my $exe_ext="";
 my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
 my $cross_compile_prefix="";
-my $fipslibdir="/usr/local/ssl/fips-2.0/lib/";
-my $nofipscanistercheck=0;
+my $fipsdir="/usr/local/ssl/fips-2.0";
+my $fipslibdir="";
 my $baseaddr="0xFB00000";
 my $no_threads=0;
 my $threads=0;
@@ -715,13 +761,19 @@ my $default_ranlib;
 my $perl;
 my $fips=0;
 
+if (exists $ENV{FIPSDIR})
+	{
+	$fipsdir = $ENV{FIPSDIR};
+	$fipsdir =~ s/\/$//;
+	}
+
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
-		 "deprecated" => "default",
 		 "ec_nistp_64_gcc_128" => "default",
 		 "gmp"		  => "default",
 		 "jpake"          => "experimental",
+		 "libunbound"     => "experimental",
 		 "md2"            => "default",
 		 "rc5"            => "default",
 		 "rfc3779"	  => "default",
@@ -737,7 +789,7 @@ my @experimental = ();
 
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -806,6 +858,7 @@ PROCESS_ARGS:
 				{
 				if ($1 eq "ssl")
 					{
+					$disabled{"ssl2"} = "option(ssl)";
 					$disabled{"ssl3"} = "option(ssl)";
 					}
 				elsif ($1 eq "tls")
@@ -821,7 +874,7 @@ PROCESS_ARGS:
 					{
 					$disabled{$1} = "option";
 					}
-				}
+				}			
 			}
 		elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
 			{
@@ -879,11 +932,6 @@ PROCESS_ARGS:
 			# The check for the option is there so scripts aren't
 			# broken
 			}
-		elsif (/^nofipscanistercheck$/)
-			{
-			$fips = 1;
-			$nofipscanistercheck = 1;
-			}
 		elsif (/^[-+]/)
 			{
 			if (/^--prefix=(.*)$/)
@@ -914,9 +962,13 @@ PROCESS_ARGS:
 				{
 				$withargs{"zlib-include"}="-I$1";
 				}
+			elsif (/^--with-fipsdir=(.*)$/)
+				{
+				$fipsdir="$1";
+				}
 			elsif (/^--with-fipslibdir=(.*)$/)
 				{
-				$fipslibdir="$1/";
+				$fipslibdir="$1";
 				}
 			elsif (/^--with-baseaddr=(.*)$/)
 				{
@@ -994,6 +1046,23 @@ if (defined($disabled{"ec"}))
 	$disabled{"ecdh"} = "forced";
 	}
 
+# SSL 2.0 requires MD5 and RSA
+if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
+	{
+	$disabled{"ssl2"} = "forced";
+	}
+
+if ($fips && $fipslibdir eq "")
+	{
+	$fipslibdir = $fipsdir . "/lib/";
+	}
+
+# RSAX ENGINE sets default non-FIPS RSA method.
+if ($fips)
+	{
+	$disabled{"rsax"} = "forced";
+	}
+
 # SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
 if (defined($disabled{"md5"}) || defined($disabled{"sha"})
     || (defined($disabled{"rsa"})
@@ -1044,10 +1113,6 @@ print "Configuring for $target\n";
 
 &usage if (!defined($table{$target}));
 
-if ($fips)
-	{
-	delete $disabled{"shared"} if ($disabled{"shared"} eq "default");
-	}
 
 foreach (sort (keys %disabled))
 	{
@@ -1080,7 +1145,7 @@ foreach (sort (keys %disabled))
 			{
 			$openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
 			print " OPENSSL_NO_$ALGO";
-
+		
 			if (/^err$/)	{ $flags .= "-DOPENSSL_NO_ERR "; }
 			elsif (/^asm$/)	{ $no_asm = 1; }
 			}
@@ -1107,7 +1172,6 @@ foreach (sort (keys %disabled))
 	}
 
 my $exp_cflags = "";
-
 foreach (sort @experimental)
 	{
 	my $ALGO;
@@ -1123,24 +1187,7 @@ my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
 $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
 $exe_ext=".nlm" if ($target =~ /netware/);
 $exe_ext=".pm"  if ($target =~ /vos/);
-if ($openssldir eq "" and $prefix eq "")
-	{
-	if ($fips)
-		{
-		if (exists $ENV{FIPSDIR})
-			{
-			$openssldir="$ENV{FIPSDIR}";
-			}
-		else
-			{
-			$openssldir="/usr/local/ssl/fips-2.0";
-			}
-		}
-	else
-		{
-		$openssldir="/usr/local/ssl";
-		}
-	}
+$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";
 
 $default_ranlib= &which("ranlib") or $default_ranlib="true";
@@ -1148,10 +1195,6 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
   or $perl="perl";
 my $make = $ENV{'MAKE'} || "make";
 
-my $fips_auth_key = $ENV{'FIPS_AUTH_KEY'};
-my $fips_auth_officer = $ENV{'FIPS_AUTH_OFFICER'};
-my $fips_auth_user = $ENV{'FIPS_AUTH_USER'};
-
 $cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
 
 chop $openssldir if $openssldir =~ /\/$/;
@@ -1169,6 +1212,7 @@ my $cc = $fields[$idx_cc];
 if($ENV{CC}) {
     $cc = $ENV{CC};
 }
+
 my $cflags = $fields[$idx_cflags];
 my $unistd = $fields[$idx_unistd];
 my $thread_cflag = $fields[$idx_thread_cflag];
@@ -1349,7 +1393,7 @@ else
 #			$thread_defines .= "#define $def\n";
 #			}
 #		}
-	}
+	}	
 
 $lflags="$libs$lflags" if ($libs ne "");
 
@@ -1358,12 +1402,6 @@ if ($no_asm)
 	$cpuid_obj=$bn_obj=$ec_obj=
 	$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
 	$modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
-	$cflags=~s/\-D[BL]_ENDIAN//		if ($fips);
-	$thread_cflags=~s/\-D[BL]_ENDIAN//	if ($fips);
-	}
-elsif (defined($disabled{ec2m}))
-	{
-	$bn_obj =~ s/\w+-gf2m.o//;
 	}
 
 if (!$no_shared)
@@ -1397,17 +1435,11 @@ if ($zlib)
 		}
 	}
 
-#Build the library with OPENSSL_USE_DEPRECATED if deprecation is not disabled
-if(!defined($disabled{"deprecated"}))
-	{
-	$cflags = "-DOPENSSL_USE_DEPRECATED $cflags";
-	}
-
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
 my $shared_mark = "";
 if ($shared_target eq "")
 	{
-	$no_shared_warn = 1 if !$no_shared && !$fips;
+	$no_shared_warn = 1 if !$no_shared;
 	$no_shared = 1;
 	}
 if (!$no_shared)
@@ -1513,6 +1545,7 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);
 if ($fips)
 	{
 	$openssl_other_defines.="#define OPENSSL_FIPS\n";
+	$cflags .= " -I\$(FIPSDIR)/include";
 	}
 
 $cpuid_obj="mem_clr.o"	unless ($cpuid_obj =~ /\.o$/);
@@ -1550,7 +1583,7 @@ if ($aes_obj =~ /\.o$/)
 	# aes-ctr.o is not a real file, only indication that assembler
 	# module implements AES_ctr32_encrypt...
 	$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
-	# aes-xts.o indicates presence of AES_xts_[en|de]crypt...
+	# aes-xts.o indicates presense of AES_xts_[en|de]crypt...
 	$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
 	$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
 	$cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
@@ -1615,20 +1648,28 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
 
 if ($strict_warnings)
 	{
+	my $ecc = $cc;
+	$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
 	my $wopt;
-	die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/);
+	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
 	foreach $wopt (split /\s+/, $gcc_devteam_warn)
 		{
 		$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
 		}
+	if ($ecc eq "clang")
+		{
+		foreach $wopt (split /\s+/, $clang_devteam_warn)
+			{
+			$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+			}
+		}
 	}
 
-open(IN,"<Makefile.org") || die "unable to read Makefile.org:$!\n";
+open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
 unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
 open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
 print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
 my $sdirs=0;
-
 while (<IN>)
 	{
 	chomp;
@@ -1641,7 +1682,6 @@ while (<IN>)
 			}
 		}
 	$sdirs = 0 unless /\\$/;
-        s/fips // if (/^DIRS=/ && !$fips);
         s/engines // if (/^DIRS=/ && $disabled{"engine"});
 	s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
 	s/^VERSION=.*/VERSION=$version/;
@@ -1672,7 +1712,7 @@ while (<IN>)
 		s/^CC=.*$/CC= $cc/;
 		s/^AR=\s*ar/AR= $ar/;
 		s/^RANLIB=.*/RANLIB= $ranlib/;
-		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc" || ($cc eq 'cc' && $target =~ /darwin/);
+		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
 		}
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
@@ -1703,11 +1743,12 @@ while (<IN>)
 	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
 	s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
 	s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
+
+	s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
 	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
 	s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
-	s/^SHARED_FIPS=.*/SHARED_FIPS=/;
-	s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/;
 	s/^BASEADDR=.*/BASEADDR=$baseaddr/;
+
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1952,8 +1993,8 @@ print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2;
 print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
 print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
 print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
-print "BF_PTR used\n" if $bf_ptr == 1;
-print "BF_PTR2 used\n" if $bf_ptr == 2;
+print "BF_PTR used\n" if $bf_ptr == 1; 
+print "BF_PTR2 used\n" if $bf_ptr == 2; 
 
 if($IsMK1MF) {
 	open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
@@ -1973,7 +2014,7 @@ EOF
 	$make_targets .= " links" if $symlink;
 	$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
 	$make_targets .= " gentests" if $symlink;
-	(system $make_command.$make_targets) == 0 or die "make $make_targets failed"
+	(system $make_command.$make_targets) == 0 or exit $?
 		if $make_targets ne "";
 	if ( $perl =~ m@^/@) {
 	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
@@ -2026,16 +2067,9 @@ BEGIN
     BEGIN
 	BLOCK "040904b0"
 	BEGIN
-#if defined(FIPS)
-	    VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0"
-#endif
-	    // Required:
+	    // Required:	    
 	    VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
-#if defined(FIPS)
-	    VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0"
-#else
 	    VALUE "FileDescription", "OpenSSL Shared Library\\0"
-#endif
 	    VALUE "FileVersion", "$version\\0"
 #if defined(CRYPTO)
 	    VALUE "InternalName", "libeay32\\0"
@@ -2043,15 +2077,12 @@ BEGIN
 #elif defined(SSL)
 	    VALUE "InternalName", "ssleay32\\0"
 	    VALUE "OriginalFilename", "ssleay32.dll\\0"
-#elif defined(FIPS)
-	    VALUE "InternalName", "libosslfips\\0"
-	    VALUE "OriginalFilename", "libosslfips.dll\\0"
 #endif
 	    VALUE "ProductName", "The OpenSSL Toolkit\\0"
 	    VALUE "ProductVersion", "$version\\0"
 	    // Optional:
 	    //VALUE "Comments", "\\0"
-	    VALUE "LegalCopyright", "Copyright <20> 1998-2005 The OpenSSL Project. Copyright <20> 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+	    VALUE "LegalCopyright", "Copyright  <EFBFBD> 1998-2005 The OpenSSL Project. Copyright <20> 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
 	    //VALUE "LegalTrademarks", "\\0"
 	    //VALUE "PrivateBuild", "\\0"
 	    //VALUE "SpecialBuild", "\\0"
@@ -2065,7 +2096,7 @@ END
 EOF
 	close(OUT);
   }
-
+  
 print <<EOF;
 
 Configured for $target.
@@ -2167,7 +2198,7 @@ sub print_table_entry
 	    $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag,
 	    $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-
+			
 	print <<EOF
 
 *** $target

FAQ

@@ -35,7 +35,6 @@ OpenSSL  -  Frequently Asked Questions
 * What is a "128 bit certificate"? Can I create one with OpenSSL?
 * Why does OpenSSL set the authority key identifier extension incorrectly?
 * How can I set up a bundle of commercial root CA certificates?
-* Some secure servers 'hang' with OpenSSL 1.0.1, is this a bug?
 
 [BUILD] Questions about building and testing OpenSSL
 
@@ -76,7 +75,6 @@ OpenSSL  -  Frequently Asked Questions
 * Why does Valgrind complain about the use of uninitialized data?
 * Why doesn't a memory BIO work when a file does?
 * Where are the declarations and implementations of d2i_X509() etc?
-* When debugging I observe SIGILL during OpenSSL initialization: why?
 
 ===============================================================================
 
@@ -85,6 +83,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
+OpenSSL 1.0.1a was released on Apr 19th, 2012.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -133,7 +132,7 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from
 * Where can I get a compiled version of OpenSSL?
 
 You can finder pointers to binary distributions in
-<URL: http://www.openssl.org/about/binaries.html> .
+<URL: http://www.openssl.org/related/binaries.html> .
 
 Some applications that use OpenSSL are distributed in binary form.
 When using such an application, you don't need to install OpenSSL
@@ -412,7 +411,7 @@ whatever name they choose.
 The ways to print out the oneline format of the DN (Distinguished Name) have
 been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
 interface, the "-nameopt" option could be introduded. See the manual
-page of the "openssl x509" command line tool for details. The old behaviour
+page of the "openssl x509" commandline tool for details. The old behaviour
 has however been left as default for the sake of compatibility.
 
 * What is a "128 bit certificate"? Can I create one with OpenSSL?
@@ -434,7 +433,7 @@ software from the US only weak encryption algorithms could be freely exported
 inadequate. A relaxation of the rules allowed the use of strong encryption but
 only to an authorised server.
 
-Two slightly different techniques were developed to support this, one used by
+Two slighly different techniques were developed to support this, one used by
 Netscape was called "step up", the other used by MSIE was called "Server Gated
 Cryptography" (SGC). When a browser initially connected to a server it would
 check to see if the certificate contained certain extensions and was issued by
@@ -485,16 +484,6 @@ bundle used by Mozilla and/or modssl as described in this article:
   <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html>
 
 
-* Some secure servers 'hang' with OpenSSL 1.0.1, is this a bug?
-
-OpenSSL 1.0.1 is the first release to support TLS 1.2, among other things,
-this increases the size of the default ClientHello message to more than
-255 bytes in length. Some software cannot handle this and hangs. For more
-details and workarounds see:
-
-  <URL: http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=2771>
-
-
 [BUILD] =======================================================================
 
 * Why does the linker complain about undefined symbols?
@@ -709,7 +698,7 @@ working across wider range of *BSD branches, not just OpenBSD.
 If the test program in question fails withs SIGILL, Illegal Instruction
 exception, then you more than likely to run SSE2-capable CPU, such as
 Intel P4, under control of kernel which does not support SSE2
-instruction extensions. See accompanying INSTALL file and
+instruction extentions. See accompanying INSTALL file and
 OPENSSL_ia32cap(3) documentation page for further information.
 
 * Why does compiler fail to compile sha512.c?
@@ -723,15 +712,15 @@ possible alternative might be to switch to GCC.
 
 * Test suite still fails, what to do?
 
-Another common reason for test failures is bugs in the toolchain
-or run-time environment.  Known cases of this are documented in the
-PROBLEMS file, please review it before you beat the drum. Even if you
-don't find anything in that file, please do consider the possibility
-of a compiler bug. Compiler bugs often appear in rather bizarre ways,
-they never make sense, and tend to emerge when you least expect
-them. One thing to try is to reduce the level of optimization (such
-as by editing the CFLAG variable line in the top-level Makefile),
-and then recompile and re-run the test.
+Another common reason for failure to complete some particular test is
+simply bad code generated by a buggy component in toolchain or deficiency
+in run-time environment. There are few cases documented in PROBLEMS file,
+consult it for possible workaround before you beat the drum. Even if you
+don't find solution or even mention there, do reserve for possibility of
+a compiler bug. Compiler bugs might appear in rather bizarre ways, they
+never make sense, and tend to emerge when you least expect them. In order
+to identify one, drop optimization level, e.g. by editing CFLAG line in
+top-level Makefile, recompile and re-run the test.
 
 * I think I've found a bug, what should I do?
 
@@ -741,16 +730,9 @@ documentation and the mailing lists for similar queries. If you are still
 unsure whether it is a bug or not submit a query to the openssl-users mailing
 list.
 
-If you think you have found a bug based on the output of static analysis tools
-then please manually check the issue is genuine. Such tools can produce a
-LOT of false positives.
-
 
 * I'm SURE I've found a bug, how do I report it?
 
-To avoid duplicated reports check the mailing lists and release notes for the
-relevant version of OpenSSL to see if the problem has been reported already.
-
 Bug reports with no security implications should be sent to the request
 tracker. This can be done by mailing the report to <rt@openssl.org> (or its
 alias <openssl-bugs@openssl.org>), please note that messages sent to the
@@ -778,9 +760,7 @@ See also <URL: http://www.openssl.org/support/rt.html>
 If you think your bug has security implications then please send it to
 openssl-security@openssl.org if you don't get a prompt reply at least 
 acknowledging receipt then resend or mail it directly to one of the
-more active team members (e.g. Steve). If you wish to use PGP to send
-in a report please use one or more of the keys of the team members listed
-at <URL: http://www.openssl.org/about/>
+more active team members (e.g. Steve).
 
 Note that bugs only present in the openssl utility are not in general
 considered to be security issues. 
@@ -1069,20 +1049,5 @@ These are defined and implemented by macros of the form:
 The implementation passes an ASN1 "template" defining the structure into an
 ASN1 interpreter using generalised functions such as ASN1_item_d2i().
 
-* When debugging I observe SIGILL during OpenSSL initialization: why?
-
-OpenSSL adapts to processor it executes on and for this reason has to
-query its capabilities. Unfortunately on some processors the only way
-to achieve this for non-privileged code is to attempt instructions
-that can cause Illegal Instruction exceptions. The initialization
-procedure is coded to handle these exceptions to manipulate corresponding
-bits in capabilities vector. This normally appears transparent, except
-when you execute it under debugger, which stops prior delivering signal
-to handler. Simply resuming execution does the trick, but when debugging
-a lot it might feel counterproductive. Two options. Either set explicit
-capability environment variable in order to bypass the capability query
-(see corresponding crypto/*cap.c for details). Or configure debugger not
-to stop upon SIGILL exception, e.g. in gdb case add 'handle SIGILL nostop'
-to your .gdbinit.
 
 ===============================================================================

GitConfigure

@@ -5,6 +5,4 @@ BRANCH=`git rev-parse --abbrev-ref HEAD`
 ./Configure $@ no-symlinks
 make files
 util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH
-MAKE=make
-which bsdmake > /dev/null && MAKE=bsdmake
-$MAKE -f makefile.$BRANCH init
+make -f makefile.$BRANCH init

GitMake

@@ -2,6 +2,4 @@
 
 BRANCH=`git rev-parse --abbrev-ref HEAD`
 
-MAKE=make
-which bsdmake > /dev/null && MAKE=bsdmake
-$MAKE -f makefile.$BRANCH $@
+make -f makefile.$BRANCH $@

INSTALL

@@ -79,7 +79,7 @@
                 compiler flags for any other CPU specific configuration,
                 e.g. "-m32" to build x86 code on an x64 system.
 
-  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extension is
+  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is
 		detected at run-time, but the decision whether or not the
 		machine code will be executed is taken solely on CPU
 		capability vector. This means that if you happen to run OS
@@ -103,6 +103,12 @@
                 define preprocessor symbols, specify additional libraries,
                 library directories or other compiler options.
 
+  -DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
+		BSD. Useful if you are running ocf-linux or something
+		similar. Once enabled you can also enable the use of
+		cryptodev digests, which is usually slower unless you have
+		large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force
+		it.
 
  Installation in Detail
  ----------------------

INSTALL.MacOS

@@ -0,0 +1,72 @@
+OpenSSL - Port To The Macintosh OS 9 or Earlier
+===============================================
+
+Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
+X) is now provided. "Initial" means that unlike other platforms where you
+get an SDK and a "swiss army" openssl application, on Macintosh you only
+get one sample application which fetches a page over HTTPS(*) and dumps it
+in a window. We don't even build the test applications so that we can't
+guarantee that all algorithms are operational.
+
+Required software:
+
+- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar;
+- Scriptable Finder;
+- CodeWarrior Pro 5;
+
+Installation procedure:
+
+- fetch the source at ftp://ftp.openssl.org/ (well, you probably already
+  did, huh?)
+- unpack the .tar.gz file:
+	- if you have StuffIt Expander then just drag it over it;
+	- otherwise uncompress it with MacGzip and then unpack with SUNtar;
+- locate MacOS folder in OpenSSL source tree and open it;
+- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it
+  "in-place", i.e. unpacked files should end-up in the very same folder;
+- execute mklinks.as;
+- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****);
+- that's it for now;
+
+(*)	URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40
+        to 42, change appropriately.
+(**)	If you use SUNtar, then it might have already unbinhexed the files
+	in question.
+(***)	The project file was saved with CW Pro 5.3. If you have an earlier
+	version and it refuses to open it, then download
+	http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
+	overwriting the original OpenSSL.mcp.
+(****)	Other targets are works in progress. If you feel like giving 'em a
+	shot, then you should know that OpenSSL* and Lib* targets are
+	supposed to be built with the GUSI, MacOS library which mimics
+	BSD sockets and some other POSIX APIs. The GUSI distribution is
+	expected to be found in the same directory as the openssl source tree,
+	i.e., in the parent directory to the one where this very file,
+	namely INSTALL.MacOS, resides. For more information about GUSI, see
+	http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
+
+Finally some essential comments from our generous contributor:-)
+
+"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a
+hack, but it works for what I'm doing. If you don't like the way I've done
+it, then feel free to change what I've done. I freely admit that I've done
+some less-than-ideal things in my port, and if you don't like the way I've
+done something, then feel free to change it-- I won't be offended!
+
+... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket"
+library I wrote. My MacSocket library is a wrapper around OpenTransport,
+handling stuff like endpoint creation, reading, writing, etc. It is not
+designed as a high-performance package such as you'd use in a webserver,
+but is fine for lots of other applications. MacSocket also uses some other
+code libraries I've written to deal with string manipulations and error
+handling. Feel free to use these things in your own code, but give me
+credit and/or send me free stuff in appreciation! :-)
+
+...
+
+If you have any questions, feel free to email me as the following:
+
+roy@centricsystems.ca
+
+-Roy Wood"
+

INSTALL.NW

@@ -378,7 +378,7 @@ The openssl program has numerous options and can be used for many different
 things.  Many of the options operate in an interactive mode requiring the
 user to enter data.  Because of this, a default screen is created for the
 program.  However, when running the test script it is not desirable to
-have a separate screen.  Therefore, the build also creates openssl2.nlm.
+have a seperate screen.  Therefore, the build also creates openssl2.nlm.
 Openssl2.nlm is functionally identical but uses the console screen.
 Openssl2 can be used when a non-interactive mode is desired.
 

INSTALL.VMS

@@ -134,7 +134,7 @@ Currently, the logical names supported are:
                         will not be implemented.  Supported algorithms to
                         do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
                         SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
-                        SSL3.  So, for example, having the logical name
+                        SSL2.  So, for example, having the logical name
                         OPENSSL_NO_RSA with the value YES means that the
                         LIBCRYPTO.OLB library will not contain an RSA
                         implementation.

MacOS/GUSI_Init.cpp

@@ -0,0 +1,62 @@
+/**************** BEGIN GUSI CONFIGURATION ****************************
+ *
+ * GUSI Configuration section generated by GUSI Configurator
+ * last modified: Wed Jan  5 20:33:51 2000
+ *
+ * This section will be overwritten by the next run of Configurator.
+ */
+
+#define GUSI_SOURCE
+#include <GUSIConfig.h>
+#include <sys/cdefs.h>
+
+/* Declarations of Socket Factories */
+
+__BEGIN_DECLS
+void GUSIwithInetSockets();
+void GUSIwithLocalSockets();
+void GUSIwithMTInetSockets();
+void GUSIwithMTTcpSockets();
+void GUSIwithMTUdpSockets();
+void GUSIwithOTInetSockets();
+void GUSIwithOTTcpSockets();
+void GUSIwithOTUdpSockets();
+void GUSIwithPPCSockets();
+void GUSISetupFactories();
+__END_DECLS
+
+/* Configure Socket Factories */
+
+void GUSISetupFactories()
+{
+#ifdef GUSISetupFactories_BeginHook
+	GUSISetupFactories_BeginHook
+#endif
+	GUSIwithInetSockets();
+#ifdef GUSISetupFactories_EndHook
+	GUSISetupFactories_EndHook
+#endif
+}
+
+/* Declarations of File Devices */
+
+__BEGIN_DECLS
+void GUSIwithDConSockets();
+void GUSIwithNullSockets();
+void GUSISetupDevices();
+__END_DECLS
+
+/* Configure File Devices */
+
+void GUSISetupDevices()
+{
+#ifdef GUSISetupDevices_BeginHook
+	GUSISetupDevices_BeginHook
+#endif
+	GUSIwithNullSockets();
+#ifdef GUSISetupDevices_EndHook
+	GUSISetupDevices_EndHook
+#endif
+}
+
+/**************** END GUSI CONFIGURATION *************************/

MacOS/GetHTTPS.src/CPStringUtils.hpp

@@ -0,0 +1,104 @@
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
+void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
+void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength);
+
+void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength);
+void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength);
+
+int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true);
+int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
+int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true);
+
+Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
+Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true);
+
+void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
+void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength);
+void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
+void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+
+void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
+void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
+
+long CStrLength(const char *theCString);
+long PStrLength(const unsigned char *thePString);
+
+OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle);
+OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle);
+
+OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle);
+OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle);
+OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle);
+
+OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
+OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
+OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil);
+OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil);
+
+void ZeroMem(void *theMemPtr,const unsigned long numBytes);
+
+char *FindCharInCStr(const char theChar,const char *theCString);
+long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false);
+long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false);
+
+void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength);
+void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength);
+
+void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
+void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
+OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset);
+
+void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle);
+
+
+OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength);
+OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle);
+
+OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength);
+OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle);
+
+OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true);
+OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true);
+
+
+void ConvertCStrToUpperCase(char *theSrcCStr);
+
+
+int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr);
+int CountWordsInCStr(const char *inSrcCStr);
+
+OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits);
+
+void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
+OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
+
+
+OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat);
+OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1);
+
+void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false);
+
+
+#ifdef __cplusplus
+}
+#endif

MacOS/GetHTTPS.src/ErrorHandling.cpp

@@ -1,12 +1,12 @@
 /* ====================================================================
- * Copyright (c) 1998-2014 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
+ *    notice, this list of conditions and the following disclaimer. 
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -51,73 +51,120 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+ 
+ 
+ 
+ #include "ErrorHandling.hpp"
+#include "CPStringUtils.hpp"
 
-#ifndef HEADER_BN_INT_H
-# define HEADER_BN_INT_H
-
-# include <openssl/bn.h>
-
-#ifdef  __cplusplus
-extern "C" {
+#ifdef __EXCEPTIONS_ENABLED__
+	#include "CMyException.hpp"
 #endif
 
-# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-        (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
-BIGNUM *bn_wexpand(BIGNUM *a, int words);
-BIGNUM *bn_expand2(BIGNUM *a, int words);
 
-void bn_correct_top(BIGNUM *a);
+static char					gErrorMessageBuffer[512];
 
-/*
- * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
- * This is an array r[] of values that are either zero or odd with an
- * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at
- * most one of any w+1 consecutive digits is non-zero with the exception that
- * the most significant digit may be only w-1 zeros away from that next
- * non-zero digit.
- */
-signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len);
-
-int bn_get_top(const BIGNUM *a);
-
-void bn_set_top(BIGNUM *a, int top);
-
-int bn_get_dmax(const BIGNUM *a);
-
-/* Set all words to zero */
-void bn_set_all_zero(BIGNUM *a);
-
-/*
- * Copy the internal BIGNUM words into out which holds size elements (and size
- * must be bigger than top)
- */
-int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size);
-
-BN_ULONG *bn_get_words(const BIGNUM *a);
-
-/*
- * Set the internal data words in a to point to words which contains size
- * elements. The BN_FLG_STATIC_DATA flag is set
- */
-void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size);
-
-/*
- * Copy data into the BIGNUM. The caller must check that dmax is sufficient to
- * hold the data
- */
-void bn_set_data(BIGNUM *a, const void *data, size_t size);
-
-size_t bn_sizeof_BIGNUM(void);
-
-/*
- * Return element el from an array of BIGNUMs starting at base (required
- * because callers do not know the size of BIGNUM at compilation time)
- */
-BIGNUM *bn_array_el(BIGNUM *base, int el);
+char 						*gErrorMessage = gErrorMessageBuffer;
+int							gErrorMessageMaxLength = sizeof(gErrorMessageBuffer);
 
 
-#ifdef  __cplusplus
+
+void SetErrorMessage(const char *theErrorMessage)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+
+void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength);
+	}
+
+}
+
+void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+
+void AppendCStrToErrorMessage(const char *theErrorMessage)
+{
+	if (theErrorMessage != nil)
+	{
+		ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+
+void AppendLongIntToErrorMessage(const long theLongInt)
+{
+	ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength);
+}
+
+
+
+char *GetErrorMessage(void)
+{
+	return gErrorMessage;
+}
+
+
+OSErr GetErrorMessageInNewHandle(Handle *inoutHandle)
+{
+OSErr		errCode;
+
+
+	errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle);
+	
+	return(errCode);
+}
+
+
+OSErr GetErrorMessageInExistingHandle(Handle inoutHandle)
+{
+OSErr		errCode;
+
+
+	errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle);
+	
+	return(errCode);
+}
+
+
+
+OSErr AppendErrorMessageToHandle(Handle inoutHandle)
+{
+OSErr		errCode;
+
+
+	errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil);
+	
+	return(errCode);
+}
+
+
+#ifdef __EXCEPTIONS_ENABLED__
+
+void ThrowErrorMessageException(void)
+{
+	ThrowDescriptiveException(gErrorMessage);
 }
-#endif
 
 #endif

MacOS/GetHTTPS.src/ErrorHandling.hpp

@@ -0,0 +1,147 @@
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef kGenericError
+	#define kGenericError		-1
+#endif
+
+extern char	*gErrorMessage;
+
+
+void SetErrorMessage(const char *theErrorMessage);
+void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt);
+void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt);
+void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr);
+void AppendCStrToErrorMessage(const char *theErrorMessage);
+void AppendLongIntToErrorMessage(const long theLongInt);
+
+
+char *GetErrorMessage(void);
+OSErr GetErrorMessageInNewHandle(Handle *inoutHandle);
+OSErr GetErrorMessageInExistingHandle(Handle inoutHandle);
+OSErr AppendErrorMessageToHandle(Handle inoutHandle);
+
+
+#ifdef __EXCEPTIONS_ENABLED__
+	void ThrowErrorMessageException(void);
+#endif
+
+
+
+//	A bunch of evil macros that would be unnecessary if I were always using C++ !
+
+#define SetErrorMessageAndBailIfNil(theArg,theMessage)								\
+{																					\
+	if (theArg == nil)																\
+	{																				\
+		SetErrorMessage(theMessage);												\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageAndBail(theMessage)											\
+{																					\
+		SetErrorMessage(theMessage);												\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+}
+
+
+#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt)						\
+{																					\
+		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+}
+
+
+#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt)	\
+{																					\
+	if (theErrCode != noErr)														\
+	{																				\
+		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
+		errCode = theErrCode;														\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt)	\
+{																					\
+	if (theErrCode != noErr)														\
+	{																				\
+		SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt);			\
+		errCode = theErrCode;														\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageAndCStrAndBail(theMessage,theCStr)							\
+{																					\
+	SetErrorMessageAndCStr(theMessage,theCStr);										\
+	errCode = kGenericError;														\
+	goto EXITPOINT;																	\
+}
+
+
+#define SetErrorMessageAndBailIfError(theErrCode,theMessage)						\
+{																					\
+	if (theErrCode != noErr)														\
+	{																				\
+		SetErrorMessage(theMessage);												\
+		errCode = theErrCode;														\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt)			\
+{																					\
+	if (theArg == nil)																\
+	{																				\
+		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define BailIfError(theErrCode)														\
+{																					\
+	if ((theErrCode) != noErr)														\
+	{																				\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrCodeAndBail(theErrCode)												\
+{																					\
+	errCode = theErrCode;															\
+																					\
+	goto EXITPOINT;																	\
+}
+
+
+#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage)						\
+{																					\
+	SetErrorMessage(theMessage);													\
+	errCode = theErrCode;															\
+	goto EXITPOINT;																	\
+}
+
+
+#define BailNow()																	\
+{																					\
+	errCode = kGenericError;														\
+	goto EXITPOINT;																	\
+}
+
+
+#ifdef __cplusplus
+}
+#endif

MacOS/GetHTTPS.src/GetHTTPS.cpp

@@ -0,0 +1,209 @@
+/*
+ *	An demo illustrating how to retrieve a URI from a secure HTTP server.
+ *
+ *	Author: 	Roy Wood
+ *	Date:		September 7, 1999
+ *	Comments:	This relies heavily on my MacSockets library.
+ *				This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this)
+ *				to live in a folder called "OpenSSL-0.9.4" in this project's parent folder.  For example:
+ *
+ *					Macintosh HD:
+ *						Development:
+ *							OpenSSL-0.9.4:
+ *								(OpenSSL sources here)
+ *							OpenSSL Example:
+ *								(OpenSSL example junk here)
+ *
+ *
+ *				Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl" 
+ *				are installed!  Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
+ */
+/* modified to seed the PRNG */
+/* modified to use CRandomizer for seeding */
+
+
+//	Include some funky libs I've developed over time
+
+#include "CPStringUtils.hpp"
+#include "ErrorHandling.hpp"
+#include "MacSocket.h"
+#include "Randomizer.h"
+
+//	We use the OpenSSL implementation of SSL....
+//	This was a lot of work to finally get going, though you wouldn't know it by the results!
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include <timer.h>
+
+//	Let's try grabbing some data from here:
+
+#define kHTTPS_DNS		"www.apache-ssl.org"
+#define kHTTPS_Port		443
+#define kHTTPS_URI		"/"
+
+
+//	Forward-declare this
+
+OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);
+
+//	My idle-wait callback.  Doesn't do much, does it?  Silly cooperative multitasking.
+
+OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
+{
+#pragma unused(inUserRefPtr)
+
+EventRecord		theEvent;
+	::EventAvail(everyEvent,&theEvent);
+	
+	CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
+	if (randomizer)
+		randomizer->PeriodicAction();
+
+	return(noErr);
+}
+
+
+//	Finally!
+
+void main(void)
+{
+	OSErr				errCode;
+	int					theSocket = -1;
+	int					theTimeout = 30;
+
+	SSL_CTX				*ssl_ctx = nil;
+	SSL					*ssl = nil;
+
+	char				tempString[256];
+	UnsignedWide		microTickCount;
+
+
+	CRandomizer randomizer;
+	
+	printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
+	
+	BailIfError(errCode = MacSocket_Startup());
+
+
+
+	//	Create a socket-like object
+	
+	BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
+
+	
+	//	Set up the connect string and try to connect
+	
+	CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString));
+	
+	printf("Connecting to %s....\n",tempString);
+
+	BailIfError(errCode = MacSocket_connect(theSocket,tempString));
+	
+	
+	//	Init SSL stuff
+	
+	SSL_load_error_strings();
+	
+	SSLeay_add_ssl_algorithms();
+	
+	
+	//	Pick the SSL method
+	
+//	ssl_ctx = SSL_CTX_new(SSLv2_client_method());
+	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+//	ssl_ctx = SSL_CTX_new(SSLv3_client_method());
+			
+
+	//	Create an SSL thingey and try to negotiate the connection
+	
+	ssl = SSL_new(ssl_ctx);
+	
+	SSL_set_fd(ssl,theSocket);
+	
+	errCode = SSL_connect(ssl);
+	
+	if (errCode < 0)
+	{
+		SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode);
+	}
+	
+	//	Request the URI from the host
+	
+	CopyCStrToCStr("GET ",tempString,sizeof(tempString));
+	ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString));
+	ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString));
+
+	
+	errCode = SSL_write(ssl,tempString,CStrLength(tempString));
+	
+	if (errCode < 0)
+	{
+		SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode);
+	}
+	
+
+	for (;;)
+	{
+	char	tempString[256];
+	int		bytesRead;
+		
+
+		//	Read some bytes and dump them to the console
+		
+		bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1);
+		
+		if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket))
+		{
+			break;
+		}
+		
+		else if (bytesRead < 0)
+		{
+			SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead);
+		}
+		
+		
+		tempString[bytesRead] = '\0';
+		
+		printf("%s", tempString);
+	}
+	
+	printf("\n\n\n");
+	
+	//	All done!
+	
+	errCode = noErr;
+	
+	
+EXITPOINT:
+
+	//	Clean up and go home
+	
+	if (theSocket >= 0)
+	{
+		MacSocket_close(theSocket);
+	}
+	
+	if (ssl != nil)
+	{
+		SSL_free(ssl);
+	}
+	
+	if (ssl_ctx != nil)
+	{
+		SSL_CTX_free(ssl_ctx);
+	}
+	
+	
+	if (errCode != noErr)
+	{
+		printf("An error occurred:\n");
+		
+		printf("%s",GetErrorMessage());
+	}
+	
+	
+	MacSocket_Shutdown();
+}

MacOS/GetHTTPS.src/MacSocket.h

@@ -0,0 +1,104 @@
+#pragma once
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum {
+    kMacSocket_TimeoutErr = -2
+};
+
+// Since MacSocket does busy waiting, I do a callback while waiting
+
+typedef OSErr(*MacSocket_IdleWaitCallback) (void *);
+
+// Call this before anything else!
+
+OSErr MacSocket_Startup(void);
+
+// Call this to cleanup before quitting
+
+OSErr MacSocket_Shutdown(void);
+
+// Call this to allocate a "socket" (reference number is returned in
+// outSocketNum)
+// Note that inDoThreadSwitching is pretty much irrelevant right now, since I
+// ignore it
+// The inTimeoutTicks parameter is applied during reads/writes of data
+// The inIdleWaitCallback parameter specifies a callback which is called
+// during busy-waiting periods
+// The inUserRefPtr parameter is passed back to the idle-wait callback
+
+OSErr MacSocket_socket(int *outSocketNum, const Boolean inDoThreadSwitching,
+                       const long inTimeoutTicks,
+                       MacSocket_IdleWaitCallback inIdleWaitCallback,
+                       void *inUserRefPtr);
+
+// Call this to connect to an IP/DNS address
+// Note that inTargetAddressAndPort is in "IP:port" format-- e.g.
+// 10.1.1.1:123
+
+OSErr MacSocket_connect(const int inSocketNum, char *inTargetAddressAndPort);
+
+// Call this to listen on a port
+// Since this a low-performance implementation, I allow a maximum of 1 (one!)
+// incoming request when I listen
+
+OSErr MacSocket_listen(const int inSocketNum, const int inPortNum);
+
+// Call this to close a socket
+
+OSErr MacSocket_close(const int inSocketNum);
+
+// Call this to receive data on a socket
+// Most parameters' purpose are obvious-- except maybe "inBlock" which
+// controls whether I wait for data or return immediately
+
+int MacSocket_recv(const int inSocketNum, void *outBuff, int outBuffLength,
+                   const Boolean inBlock);
+
+// Call this to send data on a socket
+
+int MacSocket_send(const int inSocketNum, const void *inBuff,
+                   int inBuffLength);
+
+// If zero bytes were read in a call to MacSocket_recv(), it may be that the
+// remote end has done a half-close
+// This function will let you check whether that's true or not
+
+Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);
+
+// Call this to see if the listen has completed after a call to
+// MacSocket_listen()
+
+Boolean MacSocket_ListenCompleted(const int inSocketNum);
+
+// These really aren't very useful anymore
+
+Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
+Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);
+
+// You may wish to change the userRefPtr for a socket callback-- use this to
+// do it
+
+void MacSocket_SetUserRefPtr(const int inSocketNum, void *inNewRefPtr);
+
+// Call these to get the socket's IP:port descriptor
+
+void MacSocket_GetLocalIPAndPort(const int inSocketNum, char *outIPAndPort,
+                                 const int inIPAndPortLength);
+void MacSocket_GetRemoteIPAndPort(const int inSocketNum, char *outIPAndPort,
+                                  const int inIPAndPortLength);
+
+// Call this to get error info from a socket
+
+void MacSocket_GetSocketErrorInfo(const int inSocketNum,
+                                  int *outSocketErrCode,
+                                  char *outSocketErrString,
+                                  const int inSocketErrStringMaxLength);
+
+
+#ifdef __cplusplus
+}
+#endif

MacOS/Randomizer.cpp

@@ -0,0 +1,476 @@
+/* 
+------- Strong random data generation on a Macintosh (pre - OS X) ------
+		
+--	GENERAL: We aim to generate unpredictable bits without explicit
+	user interaction. A general review of the problem may be found
+	in RFC 1750, "Randomness Recommendations for Security", and some
+	more discussion, of general and Mac-specific issues has appeared
+	in "Using and Creating Cryptographic- Quality Random Numbers" by
+	Jon Callas (www.merrymeet.com/jon/usingrandom.html).
+
+	The data and entropy estimates provided below are based on my
+	limited experimentation and estimates, rather than by any
+	rigorous study, and the entropy estimates tend to be optimistic.
+	They should not be considered absolute.
+
+	Some of the information being collected may be correlated in
+	subtle ways. That includes mouse positions, timings, and disk
+	size measurements. Some obvious correlations will be eliminated
+	by the programmer, but other, weaker ones may remain. The
+	reliability of the code depends on such correlations being
+	poorly understood, both by us and by potential interceptors.
+
+	This package has been planned to be used with OpenSSL, v. 0.9.5.
+	It requires the OpenSSL function RAND_add. 
+
+--	OTHER WORK: Some source code and other details have been
+	published elsewhere, but I haven't found any to be satisfactory
+	for the Mac per se:
+
+	* The Linux random number generator (by Theodore Ts'o, in
+	  drivers/char/random.c), is a carefully designed open-source
+	  crypto random number package. It collects data from a variety
+	  of sources, including mouse, keyboard and other interrupts.
+	  One nice feature is that it explicitly estimates the entropy
+	  of the data it collects. Some of its features (e.g. interrupt
+	  timing) cannot be reliably exported to the Mac without using
+	  undocumented APIs.
+
+	* Truerand by Don P. Mitchell and Matt Blaze uses variations
+	  between different timing mechanisms on the same system. This
+	  has not been tested on the Mac, but requires preemptive
+	  multitasking, and is hardware-dependent, and can't be relied
+	  on to work well if only one oscillator is present.
+
+	* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
+	  gathers a lot of information about the machine and system
+	  environment. Unfortunately, much of it is constant from one
+	  startup to the next. In other words, the random seed could be
+	  the same from one day to the next. Some of the APIs are
+	  hardware-dependent, and not all are compatible with Carbon (OS
+	  X). Incidentally, the EGD library is based on the UNIX entropy
+	  gathering methods in cryptlib, and isn't suitable for MacOS
+	  either.
+
+	* Mozilla (and perhaps earlier versions of Netscape) uses the
+	  time of day (in seconds) and an uninitialized local variable
+	  to seed the random number generator. The time of day is known
+	  to an outside interceptor (to within the accuracy of the
+	  system clock). The uninitialized variable could easily be
+	  identical between subsequent launches of an application, if it
+	  is reached through the same path.
+
+	* OpenSSL provides the function RAND_screen(), by G. van
+	  Oosten, which hashes the contents of the screen to generate a
+	  seed. This is not useful for an extension or for an
+	  application which launches at startup time, since the screen
+	  is likely to look identical from one launch to the next. This
+	  method is also rather slow.
+
+	* Using variations in disk drive seek times has been proposed
+	  (Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
+	  Jakobsson, Shriver, Hillyer and Juels,
+	  www.bell-labs.com/user/shriver/random.html). These variations
+	  appear to be due to air turbulence inside the disk drive
+	  mechanism, and are very strongly unpredictable. Unfortunately
+	  this technique is slow, and some implementations of it may be
+	  patented (see Shriver's page above.) It of course cannot be
+	  used with a RAM disk.
+
+--	TIMING: On the 601 PowerPC the time base register is guaranteed
+	to change at least once every 10 addi instructions, i.e. 10
+	cycles. On a 60 MHz machine (slowest PowerPC) this translates to
+	a resolution of 1/6 usec. Newer machines seem to be using a 10
+	cycle resolution as well.
+	
+	For 68K Macs, the Microseconds() call may be used. See Develop
+	issue 29 on the Apple developer site
+	(developer.apple.com/dev/techsupport/develop/issue29/minow.html)
+	for information on its accuracy and resolution. The code below
+	has been tested only on PowerPC based machines.
+
+	The time from machine startup to the launch of an application in
+	the startup folder has a variance of about 1.6 msec on a new G4
+	machine with a defragmented and optimized disk, most extensions
+	off and no icons on the desktop. This can be reasonably taken as
+	a lower bound on the variance. Most of this variation is likely
+	due to disk seek time variability. The distribution of startup
+	times is probably not entirely even or uncorrelated. This needs
+	to be investigated, but I am guessing that it not a majpor
+	problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
+	machine, ~16 bits for a 450 MHz machine.
+
+	User-launched application startup times will have a variance of
+	a second or more relative to machine startup time. Entropy >~22
+	bits.
+
+	Machine startup time is available with a 1-second resolution. It
+	is predictable to no better a minute or two, in the case of
+	people who show up punctually to work at the same time and
+	immediately start their computer. Using the scheduled startup
+	feature (when available) will cause the machine to start up at
+	the same time every day, making the value predictable. Entropy
+	>~7 bits, or 0 bits with scheduled startup.
+
+	The time of day is of course known to an outsider and thus has 0
+	entropy if the system clock is regularly calibrated.
+
+--	KEY TIMING: A  very fast typist (120 wpm) will have a typical
+	inter-key timing interval of 100 msec. We can assume a variance
+	of no less than 2 msec -- maybe. Do good typists have a constant
+	rhythm, like drummers? Since what we measure is not the
+	key-generated interrupt but the time at which the key event was
+	taken off the event queue, our resolution is roughly the time
+	between process switches, at best 1 tick (17 msec). I  therefore
+	consider this technique questionable and not very useful for
+	obtaining high entropy data on the Mac.
+
+--	MOUSE POSITION AND TIMING: The high bits of the mouse position
+	are far from arbitrary, since the mouse tends to stay in a few
+	limited areas of the screen. I am guessing that the position of
+	the mouse is arbitrary within a 6 pixel square. Since the mouse
+	stays still for long periods of time, it should be sampled only
+	after it was moved, to avoid correlated data. This gives an
+	entropy of log2(6*6) ~= 5 bits per measurement.
+
+	The time during which the mouse stays still can vary from zero
+	to, say, 5 seconds (occasionally longer). If the still time is
+	measured by sampling the mouse during null events, and null
+	events are received once per tick, its resolution is 1/60th of a
+	second, giving an entropy of log2 (60*5) ~= 8 bits per
+	measurement. Since the distribution of still times is uneven,
+	this estimate is on the high side.
+
+	For simplicity and compatibility across system versions, the
+	mouse is to be sampled explicitly (e.g. in the event loop),
+	rather than in a time manager task.
+
+--	STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
+	from one startup to the next, with 'minimal' computer use. Won't
+	vary at all if machine is started again immediately after
+	startup (unless virtual memory is on), but any application which
+	uses the web and caches information to disk is likely to cause
+	this much variation or more. The variation is probably not
+	random, but I don't know in what way. File sizes tend to be
+	divisible by 4 bytes since file format fields are often
+	long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
+	
+--	STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
+	gets fragmented this could be anywhere in principle. In a
+	perfectly unfragmented volume this will be strongly correlated
+	with the total file size on the disk. With more fragmentation
+	comes less certainty. I took the variation in this value to be
+	1/8 of the total file size on the volume.
+
+--	SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
+	(for Gestalt and Microseconds calls). All the calls used are
+	Carbon-compatible.
+*/
+
+/*------------------------------ Includes ----------------------------*/
+
+#include "Randomizer.h"
+
+// Mac OS API
+#include <Files.h>
+#include <Folders.h>
+#include <Events.h>
+#include <Processes.h>
+#include <Gestalt.h>
+#include <Resources.h>
+#include <LowMem.h>
+
+// Standard C library
+#include <stdlib.h>
+#include <math.h>
+
+/*---------------------- Function declarations -----------------------*/
+
+// declared in OpenSSL/crypto/rand/rand.h
+extern "C" void RAND_add (const void *buf, int num, double entropy);
+
+unsigned long GetPPCTimer (bool is601);	// Make it global if needed
+					// elsewhere
+
+/*---------------------------- Constants -----------------------------*/
+
+#define kMouseResolution 6		// Mouse position has to differ
+					// from the last one by this
+					// much to be entered
+#define kMousePositionEntropy 5.16	// log2 (kMouseResolution**2)
+#define kTypicalMouseIdleTicks 300.0	// I am guessing that a typical
+					// amount of time between mouse
+					// moves is 5 seconds
+#define kVolumeBytesEntropy 12.0	// about log2 (20000/4),
+					// assuming a variation of 20K
+					// in total file size and
+					// long-aligned file formats.
+#define kApplicationUpTimeEntropy 6.0	// Variance > 1 second, uptime
+					// in ticks  
+#define kSysStartupEntropy 7.0		// Entropy for machine startup
+					// time
+
+
+/*------------------------ Function definitions ----------------------*/
+
+CRandomizer::CRandomizer (void)
+{
+	long	result;
+	
+	mSupportsLargeVolumes =
+		(Gestalt(gestaltFSAttr, &result) == noErr) &&
+		((result & (1L << gestaltFSSupports2TBVols)) != 0);
+	
+	if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
+	{
+		mIsPowerPC = false;
+		mIs601 = false;
+	}
+	else
+	{
+		mIs601 = (result == gestaltCPU601);
+		mIsPowerPC = (result >= gestaltCPU601);
+	}
+	mLastMouse.h = mLastMouse.v = -10;	// First mouse will
+						// always be recorded
+	mLastPeriodicTicks = TickCount();
+	GetTimeBaseResolution ();
+	
+	// Add initial entropy
+	AddTimeSinceMachineStartup ();
+	AddAbsoluteSystemStartupTime ();
+	AddStartupVolumeInfo ();
+	AddFiller ();
+}
+
+void CRandomizer::PeriodicAction (void)
+{
+	AddCurrentMouse ();
+	AddNow (0.0);	// Should have a better entropy estimate here
+	mLastPeriodicTicks = TickCount();
+}
+
+/*------------------------- Private Methods --------------------------*/
+
+void CRandomizer::AddCurrentMouse (void)
+{
+	Point mouseLoc;
+	unsigned long lastCheck;	// Ticks since mouse was last
+					// sampled
+
+#if TARGET_API_MAC_CARBON
+	GetGlobalMouse (&mouseLoc);
+#else
+	mouseLoc = LMGetMouseLocation();
+#endif
+	
+	if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
+	    labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
+		AddBytes (&mouseLoc, sizeof (mouseLoc),
+				kMousePositionEntropy);
+	
+	if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
+		mMouseStill ++;
+	else
+	{
+		double entropy;
+		
+		// Mouse has moved. Add the number of measurements for
+		// which it's been still. If the resolution is too
+		// coarse, assume the entropy is 0.
+
+		lastCheck = TickCount() - mLastPeriodicTicks;
+		if (lastCheck <= 0)
+			lastCheck = 1;
+		entropy = log2l
+			(kTypicalMouseIdleTicks/(double)lastCheck);
+		if (entropy < 0.0)
+			entropy = 0.0;
+		AddBytes (&mMouseStill, sizeof (mMouseStill), entropy);
+		mMouseStill = 0;
+	}
+	mLastMouse = mouseLoc;
+}
+
+void CRandomizer::AddAbsoluteSystemStartupTime (void)
+{
+	unsigned long	now;		// Time in seconds since
+					// 1/1/1904
+	GetDateTime (&now);
+	now -= TickCount() / 60;	// Time in ticks since machine
+					// startup
+	AddBytes (&now, sizeof (now), kSysStartupEntropy);
+}
+
+void CRandomizer::AddTimeSinceMachineStartup (void)
+{
+	AddNow (1.5);			// Uncertainty in app startup
+					// time is > 1.5 msec (for
+					// automated app startup).
+}
+
+void CRandomizer::AddAppRunningTime (void)
+{
+	ProcessSerialNumber PSN;
+	ProcessInfoRec		ProcessInfo;
+	
+	ProcessInfo.processInfoLength = sizeof (ProcessInfoRec);
+	ProcessInfo.processName = nil;
+	ProcessInfo.processAppSpec = nil;
+	
+	GetCurrentProcess (&PSN);
+	GetProcessInformation (&PSN, &ProcessInfo);
+
+	// Now add the amount of time in ticks that the current process
+	// has been active
+
+	AddBytes (&ProcessInfo, sizeof (ProcessInfoRec),
+			kApplicationUpTimeEntropy);
+}
+
+void CRandomizer::AddStartupVolumeInfo (void)
+{
+	short			vRefNum;
+	long			dirID;
+	XVolumeParam	pb;
+	OSErr			err;
+	
+	if (!mSupportsLargeVolumes)
+		return;
+		
+	FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
+			&vRefNum, &dirID);
+	pb.ioVRefNum = vRefNum;
+	pb.ioCompletion = 0;
+	pb.ioNamePtr = 0;
+	pb.ioVolIndex = 0;
+	err = PBXGetVolInfoSync (&pb);
+	if (err != noErr)
+		return;
+		
+	// Base the entropy on the amount of space used on the disk and
+	// on the next available allocation block. A lot else might be
+	// unpredictable, so might as well toss the whole block in. See
+	// comments for entropy estimate justifications.
+
+	AddBytes (&pb, sizeof (pb),
+		kVolumeBytesEntropy +
+		log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
+				* 4294967296.0D +
+			(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
+				/ pb.ioVAlBlkSiz - 3.0));
+}
+
+/*
+	On a typical startup CRandomizer will come up with about 60
+	bits of good, unpredictable data. Assuming no more input will
+	be available, we'll need some more lower-quality data to give
+	OpenSSL the 128 bits of entropy it desires. AddFiller adds some
+	relatively predictable data into the soup.
+*/
+
+void CRandomizer::AddFiller (void)
+{
+	struct
+	{
+		ProcessSerialNumber psn;	// Front process serial
+						// number
+		RGBColor	hiliteRGBValue;	// User-selected
+						// highlight color
+		long		processCount;	// Number of active
+						// processes
+		long		cpuSpeed;	// Processor speed
+		long		totalMemory;	// Total logical memory
+						// (incl. virtual one)
+		long		systemVersion;	// OS version
+		short		resFile;	// Current resource file
+	} data;
+	
+	GetNextProcess ((ProcessSerialNumber*) kNoProcess);
+	while (GetNextProcess (&data.psn) == noErr)
+		data.processCount++;
+	GetFrontProcess (&data.psn);
+	LMGetHiliteRGB (&data.hiliteRGBValue);
+	Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
+	Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
+	Gestalt (gestaltSystemVersion, &data.systemVersion);
+	data.resFile = CurResFile ();
+	
+	// Here we pretend to feed the PRNG completely random data. This
+	// is of course false, as much of the above data is predictable
+	// by an outsider. At this point we don't have any more
+	// randomness to add, but with OpenSSL we must have a 128 bit
+	// seed before we can start. We just add what we can, without a
+	// real entropy estimate, and hope for the best.
+
+	AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
+	AddCurrentMouse ();
+	AddNow (1.0);
+}
+
+//-------------------  LOW LEVEL ---------------------
+
+void CRandomizer::AddBytes (void *data, long size, double entropy)
+{
+	RAND_add (data, size, entropy * 0.125);	// Convert entropy bits
+						// to bytes
+}
+
+void CRandomizer::AddNow (double millisecondUncertainty)
+{
+	long time = SysTimer();
+	AddBytes (&time, sizeof (time), log2l (millisecondUncertainty *
+			mTimebaseTicksPerMillisec));
+}
+
+//----------------- TIMING SUPPORT ------------------
+
+void CRandomizer::GetTimeBaseResolution (void)
+{	
+#ifdef __powerc
+	long speed;
+	
+	// gestaltProcClkSpeed available on System 7.5.2 and above
+	if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
+		// Only PowerPCs running pre-7.5.2 are 60-80 MHz
+		// machines.
+		mTimebaseTicksPerMillisec =  6000.0D;
+	// Assume 10 cycles per clock update, as in 601 spec. Seems true
+	// for later chips as well.
+	mTimebaseTicksPerMillisec = speed / 1.0e4D;
+#else
+	// 68K VIA-based machines (see Develop Magazine no. 29)
+	mTimebaseTicksPerMillisec = 783.360D;
+#endif
+}
+
+unsigned long CRandomizer::SysTimer (void)	// returns the lower 32
+						// bit of the chip timer
+{
+#ifdef __powerc
+	return GetPPCTimer (mIs601);
+#else
+	UnsignedWide usec;
+	Microseconds (&usec);
+	return usec.lo;
+#endif
+}
+
+#ifdef __powerc
+// The timebase is available through mfspr on 601, mftb on later chips.
+// Motorola recommends that an 601 implementation map mftb to mfspr
+// through an exception, but I haven't tested to see if MacOS actually
+// does this. We only sample the lower 32 bits of the timer (i.e. a
+// few minutes of resolution)
+
+asm unsigned long GetPPCTimer (register bool is601)
+{
+	cmplwi	is601, 0	// Check if 601
+	bne	_601		// if non-zero goto _601
+	mftb  	r3		// Available on 603 and later.
+	blr			// return with result in r3
+_601:
+	mfspr r3, spr5  	// Available on 601 only.
+				// blr inserted automatically
+}
+#endif

MacOS/Randomizer.h

@@ -0,0 +1,42 @@
+
+// Gathers unpredictable system data to be used for generating
+// random bits
+
+#include <MacTypes.h>
+
+class CRandomizer {
+ public:
+    CRandomizer(void);
+    void PeriodicAction(void);
+
+ private:
+
+    // Private calls
+
+    void AddTimeSinceMachineStartup(void);
+    void AddAbsoluteSystemStartupTime(void);
+    void AddAppRunningTime(void);
+    void AddStartupVolumeInfo(void);
+    void AddFiller(void);
+
+    void AddCurrentMouse(void);
+    void AddNow(double millisecondUncertainty);
+    void AddBytes(void *data, long size, double entropy);
+
+    void GetTimeBaseResolution(void);
+    unsigned long SysTimer(void);
+
+    // System Info
+    bool mSupportsLargeVolumes;
+    bool mIsPowerPC;
+    bool mIs601;
+
+    // Time info
+    double mTimebaseTicksPerMillisec;
+    unsigned long mLastPeriodicTicks;
+
+    // Mouse info
+    long mSamplePeriod;
+    Point mLastMouse;
+    long mMouseStill;
+};

MacOS/TODO

@@ -0,0 +1,18 @@
+-------------------------------------------------------------------
+Verify server certificate
+-------------------------------------------------------------------
+Currently omitted from the project:
+
+	crypto/tmdiff.c
+	crypto/bio/bss_conn.c
+	crypto/bio/b_sock.c
+	crypto/bio/bss_acpt.c
+	crypto/bio/bss_log.h
+
+-------------------------------------------------------------------
+Build libraries to link with...
+-------------------------------------------------------------------
+Port openssl application.
+-------------------------------------------------------------------
+BN optimizations (currently PPC version is compiled with BN_LLONG)
+-------------------------------------------------------------------

MacOS/_MWERKS_GUSI_prefix.h

@@ -0,0 +1,9 @@
+#include <MacHeaders.h>
+#define B_ENDIAN
+#ifdef __POWERPC__
+# pragma longlong on
+#endif
+#if 1
+# define MAC_OS_GUSI_SOURCE
+#endif
+#define MONOLITH

MacOS/_MWERKS_prefix.h

@@ -0,0 +1,9 @@
+#include <MacHeaders.h>
+#define B_ENDIAN
+#ifdef __POWERPC__
+# pragma longlong on
+#endif
+#if 0
+# define MAC_OS_GUSI_SOURCE
+#endif
+#define MONOLITH

MacOS/buildinf.h

@@ -0,0 +1,5 @@
+#ifndef MK1MF_BUILD
+# define CFLAGS        "-DB_ENDIAN"
+# define PLATFORM      "macos"
+# define DATE          "Sun Feb 27 19:44:16 MET 2000"
+#endif

MacOS/mklinks.as.hqx

@@ -0,0 +1,820 @@
+(This file must be converted with BinHex 4.0)
+
+:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J!
+!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C
+cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3)
+%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!!
+!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J)
+#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS
+#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!!
+!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9
+Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a
+X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8
+[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P
+d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'&
+dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!`
+!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0
+f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL
+KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m
+SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q
+JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m
+J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P*
+&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4
+!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ!
+J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J
+%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr
+m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr
+rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!(
+!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!!
+2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c
+-m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h
+`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph
+-h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$
+!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!`
+!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!!
+-$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$
+-hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh
+mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`!
+!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B!
+13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr
+r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`!
+2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h
+`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2!
+!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i
+Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a
+TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9
+KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b!
+!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M%
+`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!*
+X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X
+!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!!
+%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'&
+`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp
+XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j
+N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R-
+!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi
+!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X
+!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!"
+KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9
+XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!!
+!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!!
+!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC
+TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!!
+!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0
+dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0
+dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#!
+!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J!
+A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F
+!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa
+NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3!
+U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!!
+!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`!
+`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X
+!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R
+rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r
+Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3!
+!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0
+d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3!
+q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3
++rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri
+0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!&
+Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'&
+dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!!
+#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ!
+!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4
+SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%`
+!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9
+NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!!
+!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!!
+!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K
+P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`!
+"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T
+849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J"
+K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J"
+Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3!
+!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3
+0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
+XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3"
+U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0
+dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J!
+!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0
+cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8
+!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp
+UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3
+0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa
+'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8
+!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p
+XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J
+!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d
+!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3
+!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA)
+JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!"
+mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X
+!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0
+d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm
+!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3!
+#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j
+ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl`
+0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS
+U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q
+irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3#
+(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!)
+!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J#
+Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J
+!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq
+Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`!
+!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP"
+KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq
+U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!!
+Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8
+#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!!
+!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9
+bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R)
+!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi
+!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark-
++rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d
+!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb"
+dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j
+MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY
+[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ
+0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K
+[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
+dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$
+i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj
+Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![
+rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!!
+#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``!
+#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'&
+dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!)
+!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J!
+#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!
+!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q
+-!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS
+!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9
+bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T
+dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$
+6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8
+!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E
+rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!!
+"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`&
+2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l
+rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ!
+%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!!
+!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4
+S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip
+f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ!
+"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*
+3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![
+rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2
+rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$
+`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2-
++rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA
+rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$
+h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9
+LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$
+rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q`
+!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m
+!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR"
+KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J!
+!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33
+""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
+eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3
++B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T
+MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb!
+J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!&
+Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p
+C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J
+'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!%
+9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[
+r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3!
+!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF("
+KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp
+bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0
+X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3%
+J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh"
+PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J
+'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`)
+'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3!
+#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`!
+!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d
+",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
+NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!!
+!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!)
+#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J%
+d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2
+r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m
+!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!)
+Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J`
+"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`!
+"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8!
+"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!*
+2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4
+[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X
+!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&"
+KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS
+!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!*
+8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q,
+r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9
+NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im
+V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3
++CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh
+r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9
+YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J&
+B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!*
+l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
+"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3
+`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@)
++rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V
+r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`!
+%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm
+G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp
+XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N
+!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA!
+ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm
+B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V)
+#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ!
+!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!
+3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d
+"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ
+0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a
+X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q&
+XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC
+[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J
+!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d
+"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3!
+!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC
+[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!)
+"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!*
+b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!!
+3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`'
+0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh*
+PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3'
+4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!)
+d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3
+!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S
+"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3
+!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'&
+dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!(
+qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D)
+!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9
+b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![
+qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2
+qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3'
+S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX
++rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch
+ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ'
+[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4
+ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ
+,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!)
+$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!*
+L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4
+S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!!
+0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!'
+p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T
+KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0
+QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#!
+0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d
+!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC
+[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!)
+"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!*
+b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!!
+3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!(
+5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9
+X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ!
+"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!!
+!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa
+TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2
+qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi
++rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!!
+$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J
+!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB
+!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!&
+[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"
+KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl
+%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl
+#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd
+"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V
+q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k
+p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4
+P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3
+0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9
+fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ
+,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!)
+$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!*
+L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4
+S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J!
+!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J%
+#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
+eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3
++B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T
+MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb!
+J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!&
+Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T
+MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`!
+!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K%
+!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3
+`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3
+j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4
+S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9
+MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d
+#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3!
+#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j
+cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)
+H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk
+D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J!
+#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`!
+!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d
+#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
+NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!!
+!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4
+f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M%
+!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`!
+$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!&
+[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0
+66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!!
+%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX
+-!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!!
+"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md
+#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35
+X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4
+[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S
+!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'&
+dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",%
+%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj
+q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX
++rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T
+QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN
+#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA"
+3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93!
+#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6
+ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX
+!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K
+dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR-
+!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3!
+%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP
+ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3
+`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9
+b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3
+!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!)
+!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$!
+!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI
+qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8
+@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP
+`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!&
+[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!!
+$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ)
+!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B
+#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3*
+l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"
+PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!*
+Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8
+q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+
+"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!)
+#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9
+'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP
+`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS
+!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9
+X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ!
+"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!)
+d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T%
+!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS
+#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+
+9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9
+YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij
+(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+
+J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC
+[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!!
+!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@
+*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3
+!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2
+q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m
+!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@
+H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ`
+#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`!
+!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d
+#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`
+"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a
+TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp
+X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!
+BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+
+i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!!
+&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp
+X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+
+a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R)
+!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!""
+MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB
+-!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J
+!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0
+bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3,
++!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!)
+d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd
+!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi
+#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y%
+!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e
+`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX
+!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y`
+0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
+XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!!
+!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!)
+')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J,
+J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2
+q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m
+!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B
+h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ`
+#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!&
+[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!,
+Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ
+#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p
+QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`!
+&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&
+dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd
+'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri
+#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm
++rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T
+QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h
+p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e
+`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3
+!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3
+'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-
++!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!!
+)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV
+pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h
+e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3
++D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI%
+!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
+NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3!
+#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ
+!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!!
+8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[
+pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D
+l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0
+bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`!
+"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b-
+!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih
+Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@%
+'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d
+$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p
+`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`!
+#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF
+'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3-
+`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!)
+$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E
+b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP
+`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN
+!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA"
+3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!!
+(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F
+3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d,
+pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ!
+%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[
+pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9
+YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0
+*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F
+T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
+$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ
+!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB
+$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0
+9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h
+$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF%
+,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
+'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d
+$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP
+`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e(
+p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q`
+!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f-
+!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR"
+KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!)
+!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0
+S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"
+ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!!
+%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3
++BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"
+KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm
+J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30
+c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3!
+%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f
+[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d
+$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN
+!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H
+D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0
+[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp
+ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d
+$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p
+`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4
+S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m!
+(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!!
+0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K
+dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS
+$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!!
+$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j-
++rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr
+pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1
+A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y
+cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`!
+!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1
+F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3
+$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p
+QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J!
+%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4
+S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!!
+!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J
+-rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB
+$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9
+QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V
+pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC
+TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31
+a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&"
+KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!)
+$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2
+pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3!
+"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$!
+!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V
+pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e
+j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3
++D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8
+!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
+NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!!
+#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4
+L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![
+pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK
+R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q)
+!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J
+!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!!
+0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2
+6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T
+KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0
+QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#!
+0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!&
+Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3
++BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@-
+!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+)
+)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e
+D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F
++r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T
+QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L
+c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!!
+)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J!
+!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m
+!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&
+dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9!
+,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre
+2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d
+$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2
+p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M
+Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa
+eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!!
+%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J!
+)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M
+Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8
+!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8!
+%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3
+,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d
+p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X
+,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
+'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d
+%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0
+X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[
+p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33
+@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T
+KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0
+QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#!
+0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d
+!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0
+QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9
+b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0
+bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33
+Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!)
+d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N
+!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5!
+%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3!
+#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C
+[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B%
+*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`!
+$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N
+%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!!
+*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P
+ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ
+P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d
+!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!!
+*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!)
+%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!!
+!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd
+1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B
++r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp
+XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S
+!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a
+P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%`
++r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0
+cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!(
+p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!!
+*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R
+Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I
+mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ!
+%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R
+X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa
+NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS
+##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3!
+B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3
++DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j
+cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$!
+!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*
+3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!!
+!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B
+ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc
+U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'!
+!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
+3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV
+mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c
+N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
+PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3
++G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d
+%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S
++r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J
+!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0`
+"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i
+!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
+3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV
+meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c
+8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
+PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3
++G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d
+%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c
+2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!!
+4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-`
+%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!!
+%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*-
++r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6
+ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5
+A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G
+PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U
+Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E
+ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3!
+"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d
+!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X
+!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!!
+!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N
+0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J
+!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S
+!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35
+Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb
+Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!!
+U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA-
+!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4
+3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C
+[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9
+NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh*
+jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9
+bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p
+`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4
+SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib
+K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4
+[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!!
+#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c
+mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb
+!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3%
+q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43*
+5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30
+R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35
+Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'&
+QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV
+mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3
++BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4
+S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`!
+Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K
+[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
+dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!!
+H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C
+[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0
+cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS
+U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ!
+%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M!
+!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a
+k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3
+`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a
+a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9
+4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA
+Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[
+Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K
+B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp
+K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp
+K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
+K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!
+`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!
+Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!
+T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3!
+CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3!
+SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j
+2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@%
+!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!`
+!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
+!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
+!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
+!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'%
+!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!!
+Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9
+K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#`
+-!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T
+K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
+I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp
+K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T
+K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#"
+K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@!
+!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`!
+9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3!
+X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp
+I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp
+K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
+K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T
+K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m
+!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'%
+!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT
+K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B
+P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0
+2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N
+[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i
+[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
+!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
+!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
+!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-
+[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#%
+UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m
+!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!
+T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
+I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f%
+!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S
+[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!`
+!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q%
+!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K
+K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0
+K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0
+[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!!
+1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`!
+%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0
+VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf`
+Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp
+XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",%
+!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf`
+Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9
+cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa
+eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9
+b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3
+!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90
+139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#"
+'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6
+%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6
+,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p
+`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8
+!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e
+KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139!
+Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'&
+cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!#
+#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$
+LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!%
+UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!!
+!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!!
+!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!!
+!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH%
+i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!!
+!*4S:

MacOS/opensslconf.h

@@ -0,0 +1,126 @@
+/* MacOS/opensslconf.h */
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+# if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#  define OPENSSLDIR "/usr/local/ssl"
+# endif
+#endif
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+# define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+# define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+# define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+# if !defined(RC4_INT)
+/*
+ * using int types make the structure larger but make the code faster on most
+ * boxes I have tested - up to %20 faster.
+ */
+/*-
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#  define RC4_INT unsigned char
+# endif
+# if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#  define RC4_CHUNK unsigned long
+# endif
+#endif
+
+#if defined(HEADER_DES_H) && !defined(DES_LONG)
+/*
+ * If this is set to 'unsigned int' on a DEC Alpha, this gives about a %20
+ * speed up (longs are 8 bytes, int's are 4).
+ */
+# ifndef DES_LONG
+#  define DES_LONG unsigned long
+# endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+# define CONFIG_HEADER_BN_H
+# if __option(longlong)
+#  define BN_LLONG
+# else
+#  undef BN_LLONG
+# endif
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/*
+ * The prime number generation stuff may not work when EIGHT_BIT but I don't
+ * care since I've only used this mode for debuging the bignum libraries
+ */
+# undef SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# define THIRTY_TWO_BIT
+# undef SIXTEEN_BIT
+# undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+# define CONFIG_HEADER_RC4_LOCL_H
+/*
+ * if this is defined data[i] is used instead of *data, this is a %20 speedup
+ * on x86
+ */
+# undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+# define CONFIG_HEADER_BF_LOCL_H
+# define BF_PTR
+#endif                          /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+# define CONFIG_HEADER_DES_LOCL_H
+/*
+ * the following is tweaked from a config script, that is why it is a
+ * protected undef/define
+ */
+# ifndef DES_PTR
+#  define DES_PTR
+# endif
+
+/*
+ * This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers
+ */
+# ifndef DES_RISC1
+#  define DES_RISC1
+# endif
+
+# ifndef DES_RISC2
+#  undef DES_RISC2
+# endif
+
+# if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED ! !!!!
+# endif
+/*
+ * Unroll the inner loop, this sometimes helps, sometimes hinders. Very mucy
+ * CPU dependant
+ */
+# ifndef DES_UNROLL
+#  define DES_UNROLL
+# endif
+#endif                          /* HEADER_DES_LOCL_H */
+#ifndef __POWERPC__
+# define MD32_XARRAY
+#endif

Makefile.org

@@ -68,8 +68,6 @@ AR=ar $(ARFLAGS) r
 RANLIB= ranlib
 NM= nm
 PERL= perl
-#RM= echo --
-RM= rm -f
 TAR= tar
 TARFLAGS= --no-recursion
 MAKEDEPPROG=makedepend
@@ -114,6 +112,9 @@ LIBKRB5=
 ZLIB_INCLUDE=
 LIBZLIB=
 
+# TOP level FIPS install directory.
+FIPSDIR=
+
 # This is the location of fipscanister.o and friends.
 # The FIPS module build will place it $(INSTALLTOP)/lib
 # but since $(INSTALLTOP) can only take the default value
@@ -121,11 +122,12 @@ LIBZLIB=
 # $(INSTALLTOP) for this build may be different so hard
 # code the path.
 
-FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/
+FIPSLIBDIR=
 
 # The location of the library which contains fipscanister.o
-# normally it will be libcrypto. If not compiling in FIPS mode
-# at all this is empty making it a useful test for a FIPS compile.
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
 
 FIPSCANLIB=
 
@@ -183,18 +185,7 @@ WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
 
-# Directories created on install if they don't exist.
-INSTALLDIRS=	\
-		$(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+all: Makefile build_all
 
 # as we stick to -e, CLEARENV ensures that local variables in lower
 # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -232,7 +223,7 @@ BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
 		SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)'	\
 		PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'	\
 		CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)'	\
-		EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)'		\
+		EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' 	\
 		AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'	\
 		BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'	\
 		RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'	\
@@ -244,8 +235,8 @@ BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
 		ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'		\
 		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
 		FIPSLIBDIR='${FIPSLIBDIR}'			\
+		FIPSDIR='${FIPSDIR}'				\
 		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
-		FIPS_EX_OBJ='${FIPS_EX_OBJ}'	\
 		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
 # which in turn eliminates ambiguities in variable treatment with -e.
@@ -256,13 +247,13 @@ BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
 # This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
 # BUILD_ONE_CMD instead.
 #
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS).  It requires that the target
-# is given through the shell variable `target'.
-#
 # BUILD_ONE_CMD is a macro to build a given target in a given
 # subdirectory if that subdirectory is part of $(DIRS).  It requires
 # exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS).  It requires that the target
+# is given through the shell variable `target'.
 BUILD_CMD=  if [ -d "$$dir" ]; then \
 	    (	cd $$dir && echo "making $$target in $$dir..." && \
 		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
@@ -277,120 +268,46 @@ BUILD_ONE_CMD=\
 reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
 
-FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
-	../crypto/aes/aes_ecb.o \
-	../crypto/aes/aes_ofb.o \
-	../crypto/bn/bn_add.o \
-	../crypto/bn/bn_blind.o \
-	../crypto/bn/bn_ctx.o \
-	../crypto/bn/bn_div.o \
-	../crypto/bn/bn_exp2.o \
-	../crypto/bn/bn_exp.o \
-	../crypto/bn/bn_gcd.o \
-	../crypto/bn/bn_gf2m.o \
-	../crypto/bn/bn_lib.o \
-	../crypto/bn/bn_mod.o \
-	../crypto/bn/bn_mont.o \
-	../crypto/bn/bn_mul.o \
-	../crypto/bn/bn_nist.o \
-	../crypto/bn/bn_prime.o \
-	../crypto/bn/bn_rand.o \
-	../crypto/bn/bn_recp.o \
-	../crypto/bn/bn_shift.o \
-	../crypto/bn/bn_sqr.o \
-	../crypto/bn/bn_word.o \
-	../crypto/bn/bn_x931p.o \
-	../crypto/buffer/buf_str.o \
-	../crypto/cmac/cmac.o \
-	../crypto/cryptlib.o \
-	../crypto/des/cfb64ede.o \
-	../crypto/des/cfb64enc.o \
-	../crypto/des/cfb_enc.o \
-	../crypto/des/ecb3_enc.o \
-	../crypto/des/ofb64ede.o \
-	../crypto/des/fcrypt.o \
-	../crypto/des/set_key.o \
-	../crypto/dh/dh_check.o \
-	../crypto/dh/dh_gen.o \
-	../crypto/dh/dh_key.o \
-	../crypto/dsa/dsa_gen.o \
-	../crypto/dsa/dsa_key.o \
-	../crypto/dsa/dsa_ossl.o \
-	../crypto/ec/ec_curve.o \
-	../crypto/ec/ec_cvt.o \
-	../crypto/ec/ec_key.o \
-	../crypto/ec/ec_lib.o \
-	../crypto/ec/ecp_mont.o \
-	../crypto/ec/ec_mult.o \
-	../crypto/ec/ecp_nist.o \
-	../crypto/ec/ecp_smpl.o \
-	../crypto/ec/ec2_mult.o \
-	../crypto/ec/ec2_smpl.o \
-	../crypto/ecdh/ech_key.o \
-	../crypto/ecdh/ech_ossl.o \
-	../crypto/ecdsa/ecs_ossl.o \
-	../crypto/evp/e_aes.o \
-	../crypto/evp/e_des3.o \
-	../crypto/evp/e_null.o \
-	../crypto/evp/m_sha1.o \
-	../crypto/evp/m_dss1.o \
-	../crypto/evp/m_dss.o \
-	../crypto/evp/m_ecdsa.o \
-	../crypto/hmac/hmac.o \
-	../crypto/modes/cbc128.o \
-	../crypto/modes/ccm128.o \
-	../crypto/modes/cfb128.o \
-	../crypto/modes/ctr128.o \
-	../crypto/modes/gcm128.o \
-	../crypto/modes/ofb128.o \
-	../crypto/modes/xts128.o \
-	../crypto/rsa/rsa_eay.o \
-	../crypto/rsa/rsa_gen.o \
-	../crypto/rsa/rsa_crpt.o \
-	../crypto/rsa/rsa_none.o \
-	../crypto/rsa/rsa_oaep.o \
-	../crypto/rsa/rsa_pk1.o \
-	../crypto/rsa/rsa_pss.o \
-	../crypto/rsa/rsa_ssl.o \
-	../crypto/rsa/rsa_x931.o \
-	../crypto/rsa/rsa_x931g.o \
-	../crypto/sha/sha1dgst.o \
-	../crypto/sha/sha256.o \
-	../crypto/sha/sha512.o \
-	../crypto/thr_id.o \
-	../crypto/uid.o
-
 sub_all: build_all
-
 build_all: build_libs build_apps build_tests build_tools
 
-build_libs: build_crypto build_ssl build_engines
+build_libs: build_libcrypto build_libssl openssl.pc
+
+build_libcrypto: build_crypto build_engines libcrypto.pc
+build_libssl: build_ssl libssl.pc
 
 build_crypto:
 	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
+build_ssl:
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
-	@dir=engines; target=all; AS='$(CC) -c'; export AS; $(BUILD_ONE_CMD)
-
-build_apps: build_libs
+build_engines:
+	@dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps:
 	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
+build_tests:
 	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
+build_tools:
 	@dir=tools; target=all; $(BUILD_ONE_CMD)
 
 all_testapps: build_libs build_testapps
 build_testapps:
 	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
 
-libcrypto$(SHLIB_EXT): libcrypto.a
+fips_premain_dso$(EXE_EXT): libcrypto.a
+	[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
+		-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@  \
+		$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
+		libcrypto.a $(EX_LIBS)
+
+libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
-			FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
-			export CC FIPSLD_CC; \
+			FIPSLD_LIBCRYPTO=libcrypto.a ; \
+			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
+			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
 		fi; \
-		$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared; \
+		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
+		(touch -c fips_premain_dso$(EXE_EXT) || :); \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \
@@ -491,9 +408,8 @@ libclean:
 
 clean:	libclean
 	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
-	rm -rf *.bak certs/.0
 	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
-	rm -f $(LIBS) tags TAGS
+	rm -f $(LIBS)
 	rm -f openssl.pc libssl.pc libcrypto.pc
 	rm -f speed.* .pure
 	rm -f $(TARFILE)
@@ -520,6 +436,7 @@ gentests:
 	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
 
 dclean:
+	rm -rf *.bak include/openssl certs/.0
 	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
 
 rehash: rehash.time
@@ -543,18 +460,18 @@ tests: rehash
 report:
 	@$(PERL) util/selftest.pl
 
+update: errors stacks util/libeay.num util/ssleay.num TABLE
+	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
+
 depend:
 	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
 
 lint:
 	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
 
-tags TAGS: FORCE
-	rm -f TAGS tags
-	-ctags -R .
-	-etags -R .
-
-FORCE:
+tags:
+	rm -f TAGS
+	find . -name '[^.]*.[ch]' | xargs etags -a
 
 errors:
 	$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
@@ -570,26 +487,10 @@ util/libeay.num::
 util/ssleay.num::
 	$(PERL) util/mkdef.pl ssl update
 
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
-	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
-	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
-	$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
-
-apps/openssl-vms.cnf: apps/openssl.cnf
-	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
-	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
-
-
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE
 
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
-
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
 # would occur. Therefore the list of files is temporarily stored into a file
@@ -627,10 +528,15 @@ dist_pem_h:
 
 install: all install_docs install_sw
 
-uninstall: uninstall_sw uninstall_docs
-
 install_sw:
-	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALLDIRS)
+	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
 	do \
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
@@ -672,9 +578,9 @@ install_sw:
 						*ssl*)    i=ssleay32.dll;; \
 					esac; \
 					echo installing $$i; \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	 				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	 				chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	 				mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
 				fi; \
 			fi; \
 		done; \
@@ -695,45 +601,6 @@ install_sw:
 	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
 
-uninstall_sw:
-	cd include/openssl && files=* && cd $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl && $(RM) $$files
-	@for i in $(LIBS) ;\
-	do \
-		test -f "$$i" && \
-		echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i && \
-		$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-	done;
-	@if [ -n "$(SHARED_LIBS)" ]; then \
-		tmp="$(SHARED_LIBS)"; \
-		for i in $${tmp:-x}; \
-		do \
-			if [ -f "$$i" -o -f "$$i.a" ]; then \
-				if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
-					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
-					echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-					$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				else \
-					echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-					$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				fi; \
-				if expr $(PLATFORM) : 'mingw' > /dev/null; then \
-					case $$i in \
-						*crypto*) i=libeay32.dll;; \
-						*ssl*)    i=ssleay32.dll;; \
-					esac; \
-					echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-					$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-				fi; \
-			fi; \
-		done; \
-	fi
-	$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
-	$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
-	$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-	@target=uninstall; $(RECURSIVE_BUILD_CMD)
-
 install_html_docs:
 	here="`pwd`"; \
 	filecase=; \
@@ -741,13 +608,13 @@ install_html_docs:
 		filecase=-i; \
 	esac; \
 	for subdir in apps crypto ssl; do \
-		$(PERL) $(TOP)/util/mkdir-p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+		mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
 		for i in doc/$$subdir/*.pod; do \
 			fn=`basename $$i .pod`; \
 			echo "installing html/$$fn.$(HTMLSUFFIX)"; \
 			cat $$i \
 			| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
-			| pod2html --podroot=doc --htmlroot=.. --podpath=$$subdir:apps:crypto:ssl \
+			| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
 			| sed -r 's/<!DOCTYPE.*//g' \
 			> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
 			$(PERL) util/extract-names.pl < $$i | \
@@ -759,30 +626,13 @@ install_html_docs:
 		done; \
 	done
 
-uninstall_html_docs:
-	here="`pwd`"; \
-	filecase=; \
-	case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
-		filecase=-i; \
-	esac; \
-	for subdir in apps crypto ssl; do \
-		for i in doc/$$subdir/*.pod; do \
-			fn=`basename $$i .pod`; \
-			$(RM) $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
-			$(PERL) util/extract-names.pl < $$i | \
-				grep -v $$filecase "^$$fn\$$" | \
-				while read n; do \
-					$(RM) $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/"$$n".$(HTMLSUFFIX); \
-				done; \
-		done; \
-	done
-
 install_docs:
 	@$(PERL) $(TOP)/util/mkdir-p.pl \
 		$(INSTALL_PREFIX)$(MANDIR)/man1 \
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
+	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
 	here="`pwd`"; \
 	filecase=; \
 	case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
@@ -793,9 +643,9 @@ install_docs:
 		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
-		pod2man \
+		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`) \
+			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
 			(grep -v $$filecase "^$$fn\$$"; true) | \
@@ -810,9 +660,9 @@ install_docs:
 		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
-		pod2man \
+		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`) \
+			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
 			(grep -v $$filecase "^$$fn\$$"; true) | \
@@ -823,37 +673,4 @@ install_docs:
 			 done); \
 	done
 
-uninstall_docs:
-	@here="`pwd`"; \
-	filecase=; \
-	case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*) \
-		filecase=-i; \
-	esac; \
-	for i in doc/apps/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
-		echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			while read n; do \
-				echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-				$(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-			done; \
-	done; \
-	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
-		echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			while read n; do \
-				echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-				$(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-			done; \
-	done
-
 # DO NOT DELETE THIS LINE -- make depend depends on it.

Makefile.shared

@@ -170,6 +170,17 @@ link_a.gnu:
 link_app.gnu:
 	@ $(DO_GNU_APP); $(LINK_APP)
 
+DO_BEOS_SO=	SHLIB=lib$(LIBNAME).so; \
+	SHLIB_SUFFIX=; \
+	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SUFFIX"
+
+link_o.beos:
+	@ $(DO_BEOS_SO); $(LINK_SO_O)
+link_a.beos:
+	@ $(DO_BEOS_SO); $(LINK_SO_A)
+
 link_o.bsd:
 	@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
 	$(CALC_VERSIONS); \
@@ -544,10 +555,28 @@ link_app.aix:
 	LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
 	$(LINK_APP)
 
+link_o.reliantunix:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so; \
+	SHLIB_SUFFIX=; \
+	ALLSYMSFLAGS=; \
+	NOALLSYMSFLAGS=''; \
+	SHAREDFLAGS='$(CFLAGS) -G'; \
+	$(LINK_SO_O)
+link_a.reliantunix:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so; \
+	SHLIB_SUFFIX=; \
+	ALLSYMSFLAGS=; \
+	NOALLSYMSFLAGS=''; \
+	SHAREDFLAGS='$(CFLAGS) -G'; \
+	$(LINK_SO_A_UNPACKED)
+link_app.reliantunix:
+	$(LINK_APP)
 
 # Targets to build symbolic links when needed
 symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
-symlink.aix:
+symlink.aix symlink.reliantunix:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	$(SYMLINK_SO)
@@ -562,7 +591,7 @@ symlink.hpux:
 	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
 	$(SYMLINK_SO)
 # The following lines means those specific architectures do no symlinks
-symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
+symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath symlink.beos:
 
 # Compatibility targets
 link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
@@ -616,3 +645,11 @@ link_o.aix-shared: link_o.aix
 link_a.aix-shared: link_a.aix
 link_app.aix-shared: link_app.aix
 symlink.aix-shared: symlink.aix
+link_o.reliantunix-shared: link_o.reliantunix
+link_a.reliantunix-shared: link_a.reliantunix
+link_app.reliantunix-shared: link_app.reliantunix
+symlink.reliantunix-shared: symlink.reliantunix
+link_o.beos-shared: link_o.beos
+link_a.beos-shared: link_a.beos
+link_app.beos-shared: link_app.gnu
+symlink.beos-shared: symlink.beos

NEWS

@@ -5,7 +5,35 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.2 [in beta]:
+  Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
+
+      o Fix HMAC ABI incompatibility
+
+  Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
+
+      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+      o Race condition handling NewSessionTicket (CVE-2015-1791)
+
+  Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
+
+      o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
+      o Multiblock corrupted pointer fix (CVE-2015-0290)
+      o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
+      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+      o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
+      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+      o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+      o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+      o Empty CKE with client auth and DHE fix (CVE-2015-1787)
+      o Handshake with unseeded PRNG fix (CVE-2015-0285)
+      o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+      o Removed the export ciphers from the DEFAULT ciphers
+
+  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
 
       o Suite B support for TLS 1.2 and DTLS 1.2
       o Support for DTLS 1.2
@@ -16,6 +44,21 @@
       o ALPN support.
       o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
 
+  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+
+      o Build fixes for the Windows and OpenVMS platforms
+
+  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
+
+      o Fix for CVE-2014-3571
+      o Fix for CVE-2015-0206
+      o Fix for CVE-2014-3569
+      o Fix for CVE-2014-3572
+      o Fix for CVE-2015-0204
+      o Fix for CVE-2015-0205
+      o Fix for CVE-2014-8275
+      o Fix for CVE-2014-3570
+
   Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
 
       o Fix for CVE-2014-3513
@@ -39,6 +82,7 @@
 
       o Fix for CVE-2014-0224
       o Fix for CVE-2014-0221
+      o Fix for CVE-2014-0198
       o Fix for CVE-2014-0195
       o Fix for CVE-2014-3470
       o Fix for CVE-2010-5298
@@ -98,23 +142,6 @@
       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
       o SRP support.
 
-  Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014]
-
-      o Fix for DTLS retransmission bug CVE-2013-6450
-
-  Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
-
-      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
-      o Fix OCSP bad key DoS attack CVE-2013-0166
-
-  Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
-
-      o Fix DTLS record length checking bug CVE-2012-2333
-
-  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
-
-      o Fix for ASN1 overflow bug CVE-2012-2110
-
   Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
 
       o Fix for CMS/PKCS#7 MMA CVE-2012-0884
@@ -187,72 +214,6 @@
       o Opaque PRF Input TLS extension support.
       o Updated time routines to avoid OS limitations.
 
-  Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
-
-      o Fix for CVE-2014-0224
-      o Fix for CVE-2014-0221
-      o Fix for CVE-2014-0195
-      o Fix for CVE-2014-3470
-      o Fix for CVE-2014-0076
-      o Fix for CVE-2010-5298
-      o Fix to TLS alert handling.
-
-  Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
-
-      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
-      o Fix OCSP bad key DoS attack CVE-2013-0166
-
-  Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
-
-      o Fix DTLS record length checking bug CVE-2012-2333
-
-  Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
-
-      o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
-
-  Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
-
-      o Fix for ASN1 overflow bug CVE-2012-2110
-
-  Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
-
-      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
-      o Corrected fix for CVE-2011-4619
-      o Various DTLS fixes.
-
-  Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
-
-      o Fix for DTLS DoS issue CVE-2012-0050
-
-  Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
-
-      o Fix for DTLS plaintext recovery attack CVE-2011-4108
-      o Fix policy check double free error CVE-2011-4109
-      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
-      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
-      o Check for malformed RFC3779 data CVE-2011-4577
-
-  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
-
-      o Fix for security issue CVE-2011-0014
-
-  Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
-
-      o Fix for security issue CVE-2010-4180
-      o Fix for CVE-2010-4252
-
-  Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
-
-      o Fix for security issue CVE-2010-3864.
-
-  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
-
-      o Fix for security issue CVE-2010-0742.
-      o Various DTLS fixes.
-      o Recognise SHA2 certificates if only SSL algorithms added.
-      o Fix for no-rc4 compilation.
-      o Chil ENGINE unload workaround.
-
   Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
 
       o CFB cipher definition fixes.

Netware/do_tests.pl

@@ -270,6 +270,22 @@ sub ssl_tests
    print( OUT "\n========================================================\n");
    print( OUT "SSL TESTS:\n\n");
 
+   system("ssltest -ssl2 (CLIB_OPT)/>$outFile");
+   log_desc("Testing sslv2:");
+   log_output("ssltest -ssl2", $outFile);
+
+   system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile");
+   log_desc("Testing sslv2 with server authentication:");
+   log_output("$ssltest -ssl2 -server_auth", $outFile);
+
+   system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile");
+   log_desc("Testing sslv2 with client authentication:");
+   log_output("$ssltest -ssl2 -client_auth", $outFile);
+
+   system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   log_desc("Testing sslv2 with both client and server authentication:");
+   log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);
+
    system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv3:");
    log_output("ssltest -ssl3", $outFile);
@@ -302,10 +318,26 @@ sub ssl_tests
    log_desc("Testing sslv2/sslv3 with both client and server authentication:");
    log_output("$ssltest -server_auth -client_auth", $outFile);
 
+   system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile");
+   log_desc("Testing sslv2 via BIO pair:");
+   log_output("ssltest -bio_pair -ssl2", $outFile);
+
    system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
    log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
 
+   system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile");
+   log_desc("Testing sslv2 with server authentication via BIO pair:");
+   log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);
+
+   system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile");
+   log_desc("Testing sslv2 with client authentication via BIO pair:");
+   log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);
+
+   system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
+   log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);
+
    system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv3 via BIO pair:");
    log_output("ssltest -bio_pair -ssl3", $outFile);

Netware/globals.txt

@@ -66,7 +66,7 @@ static LHASH *error_hash=NULL;
 static LHASH *thread_hash=NULL;
 
 several files have routines with static "init" to track if error strings
-   have been loaded ( may not want separate error strings for each process )
+   have been loaded ( may not want seperate error strings for each process )
    The "init" variable can't be left "global" because the error has is a ptr
    that is malloc'ed.  The malloc'ed error has is dependant on the "init"
    vars.

README

@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.0-dev
+ OpenSSL 1.0.2c 12 Jun 2015
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

README.ECC

@@ -1,61 +0,0 @@
-NOTE: The OpenSSL Software Foundation has executed a sublicense agreement
-entitled "Elliptic Curve Cryptography Patent License Agreement" with the
-National Security Agency/ Central Security Service Commercial Solutions
-Center (NCSC) dated 2010-11-04. That agreement permits implementation and
-distribution of software containing features covered by any or all of the
-following patents:
-
-1.) U.S. Pat. No. 5,761,305 entitled "Key Agreement and Transport Protocol 
-    with Implicit Signatures" issued on June 2, 1998;
-2.) Can. Pat. Appl. Ser. No. 2176972 entitled "Key Agreement and Transport 
-    Protocol with Implicit Signature and Reduced Bandwidth" filed on May 
-    16, 1996;
-3.) U.S. Pat. No. 5,889,865 entitled "Key Agreement and Transport Protocol 
-    with Implicit Signatures" issued on March 30, 1999;
-4.) U.S. Pat. No. 5,896,455 entitled "Key Agreement and Transport Protocol 
-    with Implicit Signatures" issued on April 20, 1999;
-5.) U.S. Pat. No. 5,933,504 entitled "Strengthened Public Key Protocol" 
-    issued on August 3, 1999;
-6.) Can. Pat. Appl. Ser. No. 2176866 entitled "Strengthened Public Key 
-    Protocol" filed on May 17, 1996;
-7.) E.P. Pat. Appl. Ser. No. 96201322.3 entitled "Strengthened Public Key 
-    Protocol" filed on May 17, 1996;
-8.) U.S. Pat. No. 5,999,626 entitled "Digital Signatures on a Smartcard" 
-    issued on December 7, 1999;
-9.) Can. Pat. Appl. Ser. No. 2202566 entitled "Digital Signatures on a 
-    Smartcard" filed on April 14, 1997;
-10.) E.P. Pat. Appl. No. 97106114.8 entitled "Digital Signatures on a 
-     Smartcard" filed on April 15, 1997;
-11.) U.S Pat. No. 6,122,736 entitled "Key Agreement and Transport Protocol 
-     with Implicit Signatures" issued on September 19, 2000;
-12.) Can. Pat. Appl. Ser. No. 2174261 entitled "Key Agreement and Transport 
-     Protocol with Implicit Signatures" filed on April 16, 1996;
-13.) E.P. Pat. Appl. Ser. No. 96105920.1 entitled "Key Agreement and 
-     Transport Protocol with Implicit Signatures" filed on April 16, 1996;
-14.) U.S. Pat. No. 6,141,420 entitled "Elliptic Curve Encryption Systems" 
-     issued on October 31, 2000;
-15.) Can. Pat. Appl. Ser. No. 2155038 entitled "Elliptic Curve Encryption 
-     Systems" filed on July 31, 1995;
-16.) E.P. Pat. Appl. Ser. No. 95926348.4 entitled "Elliptic Curve Encryption 
-     Systems" filed on July 31, 1995;
-17.) U.S. Pat. No. 6,336,188 entitled "Authenticated Key Agreement" issued 
-     on January 1, 2002;
-18.) U.S. Pat. No. 6,487,661 entitled "Key Agreement and Transport Protocol" 
-     issued on November 26, 2002;
-19.) Can. Pat. Appl. Ser. No. 2174260 entitled "Key Agreement and Transport 
-     Protocol" filed on April 16, 1996;
-20.) E.P. Pat. Appl. Ser. No. 96105921.9 entitled "Key Agreement and 
-     Transport Protocol" filed on April 21, 1996;
-21.) U.S. Pat. No. 6,563,928 entitled "Strengthened Public Key Protocol" 
-     issued on May 13, 2003;
-22.) U.S. Pat. No. 6,618,483 entitled "Elliptic Curve Encryption Systems" 
-     issued September 9, 2003;
-23.) U.S. Pat. Appl. Ser. No. 09/434,247 entitled "Digital Signatures on a 
-     Smartcard" filed on November 5, 1999;
-24.) U.S. Pat. Appl. Ser. No. 09/558,256 entitled "Key Agreement and 
-     Transport Protocol with Implicit Signatures" filed on April 25, 2000;
-25.) U.S. Pat. Appl. Ser. No. 09/942,492 entitled "Digital Signatures on a 
-     Smartcard" filed on August 29, 2001 and published on July 18, 2002; and,
-26.) U.S. Pat. Appl. Ser. No. 10/185,735 entitled "Strengthened Public Key 
-     Protocol" filed on July 1, 2000.
-

README.FIPS

@@ -1,130 +0,0 @@
-Preliminary status and build information for FIPS module v2.0
-
-NB: if you are cross compiling you now need to use the latest "incore" script
-this can be found at util/incore in the tarballs.
-
-If you have any object files from a previous build do:
-
-make clean
-
-To build the module do:
-
-./config fipscanisteronly
-make
-
-Build should complete without errors.
-
-Build test utilities:
-
-make build_tests
-
-Run test suite:
-
-test/fips_test_suite
-
-again should complete without errors.
-
-Run test vectors: 
-
-1. Download an appropriate set of testvectors from www.openssl.org/docs/fips
-   only the fips-2.0 testvector files are usable for complete tests.
-
-2. Extract the files to a suitable directory.
-
-3. Run the test vector perl script, for example:
-
-   cd fips
-   perl fipsalgtest.pl --dir=/wherever/stuff/was/extracted
-
-4. It should say "passed all tests" at the end. Report full details of any
-   failures.
-
-If you wish to use the older 1.2.x testvectors (for example those from 2007)
-you need the command line switch --disable-v2 to fipsalgtest.pl
-
-Examine the external symbols in fips/fipscanister.o they should all begin
-with FIPS or fips. One way to check with GNU nm is:
-
-	nm -g --defined-only fips/fipscanister.o | grep -v -i fips
-
-If you get *any* output at all from this test (i.e. symbols not starting with
-fips or FIPS) please report it.
-
-Restricted tarball tests.
-
-The validated module will have its own tarball containing sufficient code to
-build fipscanister.o and the associated algorithm tests. You can create a
-similar tarball yourself for testing purposes using the commands below.
-
-Standard restricted tarball:
-
-make -f Makefile.fips dist
-
-Prime field field only ECC tarball:
-
-make NOEC2M=1 -f Makefile.fips dist
-
-Once you've created the tarball extract into a fresh directory and do:
-
-./config
-make
-
-You can then run the algorithm tests as above. This build automatically uses
-fipscanisterbuild and no-ec2m as appropriate.
-
-FIPS capable OpenSSL test: WARNING PRELIMINARY INSTRUCTIONS, SUBJECT TO CHANGE.
-
-At least initially the test module and FIPS capable OpenSSL may change and
-by out of sync. You are advised to check for any changes and pull the latest
-source from CVS if you have problems. See anon CVS and rsync instructions at:
-
-http://www.openssl.org/source/repos.html
-
-Make or download a restricted tarball from ftp://ftp.openssl.org/snapshot/
-
-If required set the environment variable FIPSDIR to an appropriate location
-to install the test module. If cross compiling set other environment
-variables too.
-
-In this restricted tarball on a Linux or U*ix like system run:
-
-./config
-make
-make install
-
-On Windows from a VC++ environment do:
-
-ms\do_fips
-
-This will build and install the test module and some associated files.
-
-Now download the latest version of the OpenSSL 1.0.1 branch from either a
-snapshot or preferably CVS. For Linux do:
-
-./config fips [other args]
-make
-
-For Windows:
-
-perl Configure VC-WIN32 fips [other args]
-ms\do_nasm
-nmake -f ms\ntdll.mak
-
-(or ms\nt.mak for a static build).
-
-Where [other args] can be any other arguments you use for an OpenSSL build
-such as "shared" or "zlib".
-
-This will build the fips capable OpenSSL and link it to the test module. You
-can now try linking and testing applications against the FIPS capable OpenSSL.
-
-Please report any problems to either the openssl-dev mailing list or directly
-to me steve@openssl.org . Check the mailing lists regularly to avoid duplicate
-reports.
-
-Known issues:
-
-Code needs extensively reviewing to ensure it builds correctly on 
-supported platforms and is compliant with FIPS 140-2.
-The "FIPS capable OpenSSL" is still largely untested, it builds and runs
-some simple tests OK on some systems but needs far more "real world" testing.

apps/.cvsignore

@@ -0,0 +1,8 @@
+openssl
+Makefile.save
+der_chop
+der_chop.bak
+CA.pl
+*.flc
+semantic.cache
+*.dll

apps/CA.pl.in

@@ -1,10 +1,37 @@
 #!/usr/local/bin/perl
 #
-# CA - wrapper around ca to make it easier to use
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+#      some setup stuff to be done before you can use it and this makes
+#      things easier between now and when Eric is convinced to fix it :-)
 #
 # CA -newca ... will setup the right stuff
 # CA -newreq[-nodes] ... will generate a certificate request 
 # CA -sign ... will sign the generated request and output 
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh    Added more things ... including CA -signcert which
+#                  converts a certificate to a request and then signs it.
+# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+#		   environment variable so this can be driven from
+#		   a script.
+# 25-Jul-96 eay    Cleaned up filenames some more.
+# 11-Jun-96 eay    Fixed a few filename missmatches.
+# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh    Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson@bigfoot.com
 
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
@@ -30,7 +57,6 @@ $CATOP="./demoCA";
 $CAKEY="cakey.pem";
 $CAREQ="careq.pem";
 $CACERT="cacert.pem";
-$CACRL="crl.pem";
 
 $DIRMODE = 0777;
 
@@ -39,7 +65,6 @@ $RET = 0;
 foreach (@ARGV) {
 	if ( /^(-\?|-h|-help)$/ ) {
 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-	    print STDERR "       CA -crl|-revoke cert-filename [reason]\n";
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
@@ -135,50 +160,17 @@ foreach (@ARGV) {
 	    } else {
 		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
 		    $RET=$?;
-		    exit $RET;
+	    	    exit 0;
 	    }
-	} elsif (/^-crl$/) {
-		system ("$CA -gencrl -out $CATOP/crl/$CACRL");
-		$RET=$?;
-		print "Generated CRL is in $CATOP/crl/$CACRL\n" if (!$RET);
-	} elsif (/^-revoke$/) {
-		my $cname = $ARGV[1];
-		if (!defined $cname) {
-			print "Certificate filename is required; reason optional.\n";
-			exit 1;
-		}
-		my $reason = $ARGV[2];
-		$reason = " -crl_reason $reason"
-			if defined $reason && crl_reason_ok($reason);
-		my $cmd = "$CA -revoke \"$cname\"".$reason;
-		system ($cmd);
-		$RET=$?;
-		exit $RET;
 	} else {
 	    print STDERR "Unknown arg $_\n";
 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-	    print STDERR "       CA -crl|-revoke cert-filename [reason]\n";
 	    exit 1;
 	}
 }
 
 exit $RET;
 
-sub crl_reason_ok {
-	my ($r) = shift;
-	if ($r eq 'unspecified' || $r eq 'keyCompromise' ||
-	$r eq 'CACompromise' || $r eq 'affiliationChanged' ||
-	$r eq 'superseded' || $r eq 'cessationOfOperation' ||
-	$r eq 'certificateHold' || $r eq 'removeFromCRL') {
-		return 1;
-	}
-	print STDERR "Invalid CRL reason; must be one of:\n";
-	print STDERR "    unspecified, keyCompromise, CACompromise,\n";
-	print STDERR "    affiliationChanged, superseded, cessationOfOperation\n";
-	print STDERR "    certificateHold, removeFromCRL";
-	exit 1;
-}
-
 sub cp_pem {
 my ($infile, $outfile, $bound) = @_;
 open IN, $infile;

apps/Makefile

@@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 
+openssl-vms.cnf: openssl.cnf
+	$(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
+
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 
@@ -117,19 +120,6 @@ install:
 	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
 	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 
-uninstall:
-	@set -e; for i in $(EXE); \
-	do  \
-		echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-		$(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-	done;
-	@set -e; for i in $(SCRIPTS); \
-	do  \
-		echo $(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
-		$(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
-	done
-	$(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
-
 tags:
 	ctags $(SRC)
 
@@ -140,31 +130,34 @@ links:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
-depend:
-	@if [ -z "$(THIS)" ]; then \
-	    $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
-	else \
-	    $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
-	fi
+update: openssl-vms.cnf local_depend
+
+depend: local_depend
+	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+local_depend:
+	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
+	rm -f CA.pl
 
 clean:
 	rm -f *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
 	rm -f req
 
 $(DLIBSSL):
-	(cd ..; $(MAKE) DIRS=ssl all)
+	(cd ..; $(MAKE) build_libssl)
 
 $(DLIBCRYPTO):
-	(cd ..; $(MAKE) DIRS=crypto all)
+	(cd ..; $(MAKE) build_libcrypto)
 
 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
+	elif [ -n "$(FIPSCANLIB)" ]; then \
+	  FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; export CC FIPSLD_CC; \
 	fi; \
 	LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
 	$(MAKE) -f $(TOP)/Makefile.shared -e \
@@ -362,18 +355,20 @@ dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c
 dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-dsaparam.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-dsaparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 dsaparam.o: dsaparam.c
 ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
@@ -468,20 +463,22 @@ errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
 gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
-gendh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-gendh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
 gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
+gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+gendh.o: gendh.c
 gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -518,6 +515,7 @@ genpkey.o: genpkey.c
 genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
@@ -530,8 +528,9 @@ genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
 genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
+genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+genrsa.o: genrsa.c
 nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -736,20 +735,21 @@ rand.o: ../include/openssl/x509v3.h apps.h rand.c
 req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-req.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-req.o: ../include/openssl/err.h ../include/openssl/evp.h
-req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 req.o: ../include/openssl/sha.h ../include/openssl/stack.h
 req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-req.o: ../include/openssl/x509v3.h apps.h req.c
+req.o: ../include/openssl/ui.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -783,9 +783,8 @@ rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c
 s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_cb.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+s_cb.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 s_cb.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
 s_cb.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
@@ -832,47 +831,48 @@ s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_server.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s_server.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s_server.o: ../include/openssl/sha.h ../include/openssl/srp.h
-s_server.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_server.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_server.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_server.o: ../include/openssl/srp.h ../include/openssl/srtp.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
 s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 s_server.o: s_apps.h s_server.c timeouts.h
-s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_socket.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_socket.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-s_socket.o: s_apps.h s_socket.c
+s_socket.o: ../e_os.h ../e_os2.h ../include/openssl/asn1.h
+s_socket.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+s_socket.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c
 s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h

apps/apps.c

@@ -273,8 +273,6 @@ int str2fmt(char *s)
         return (FORMAT_ASN1);
     else if ((*s == 'T') || (*s == 't'))
         return (FORMAT_TEXT);
-    else if ((strcmp(s, "NSS") == 0) || (strcmp(s, "nss") == 0))
-        return (FORMAT_NSS);
     else if ((*s == 'N') || (*s == 'n'))
         return (FORMAT_NETSCAPE);
     else if ((*s == 'S') || (*s == 's'))
@@ -298,7 +296,7 @@ int str2fmt(char *s)
         return (FORMAT_UNDEF);
 }
 
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
 void program_name(char *in, char *out, int size)
 {
     int i, n;
@@ -576,6 +574,11 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
         char *prompt = NULL;
 
         prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+        if (!prompt) {
+            BIO_printf(bio_err, "Out of memory\n");
+            UI_free(ui);
+            return 0;
+        }
 
         ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
         UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
@@ -585,6 +588,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
                                      PW_MIN_LENGTH, bufsiz - 1);
         if (ok >= 0 && verify) {
             buff = (char *)OPENSSL_malloc(bufsiz);
+            if (!buff) {
+                BIO_printf(bio_err, "Out of memory\n");
+                UI_free(ui);
+                OPENSSL_free(prompt);
+                return 0;
+            }
             ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
                                       PW_MIN_LENGTH, bufsiz - 1, buf);
         }
@@ -2254,7 +2263,6 @@ int args_verify(char ***pargs, int *pargc,
     int purpose = 0, depth = -1;
     char **oldargs = *pargs;
     char *arg = **pargs, *argn = (*pargs)[1];
-    const X509_VERIFY_PARAM *vpm = NULL;
     time_t at_time = 0;
     char *hostname = NULL;
     char *email = NULL;
@@ -2285,17 +2293,6 @@ int args_verify(char ***pargs, int *pargc,
             }
         }
         (*pargs)++;
-    } else if (strcmp(arg, "-verify_name") == 0) {
-        if (!argn)
-            *badarg = 1;
-        else {
-            vpm = X509_VERIFY_PARAM_lookup(argn);
-            if (!vpm) {
-                BIO_printf(err, "unrecognized verify name\n");
-                *badarg = 1;
-            }
-        }
-        (*pargs)++;
     } else if (strcmp(arg, "-verify_depth") == 0) {
         if (!argn)
             *badarg = 1;
@@ -2374,6 +2371,8 @@ int args_verify(char ***pargs, int *pargc,
         flags |= X509_V_FLAG_SUITEB_192_LOS;
     else if (!strcmp(arg, "-partial_chain"))
         flags |= X509_V_FLAG_PARTIAL_CHAIN;
+    else if (!strcmp(arg, "-no_alt_chains"))
+        flags |= X509_V_FLAG_NO_ALT_CHAINS;
     else
         return 0;
 
@@ -2389,9 +2388,6 @@ int args_verify(char ***pargs, int *pargc,
         goto end;
     }
 
-    if (vpm)
-        X509_VERIFY_PARAM_set1(*pm, vpm);
-
     if (otmp)
         X509_VERIFY_PARAM_add0_policy(*pm, otmp);
     if (flags)
@@ -2792,7 +2788,7 @@ void print_cert_checks(BIO *bio, X509 *x,
         return;
     if (checkhost) {
         BIO_printf(bio, "Hostname %s does%s match certificate\n",
-                   checkhost, X509_check_host(x, checkhost, 0, 0, NULL)
+                   checkhost, X509_check_host(x, checkhost, 0, 0, NULL) == 1
                    ? "" : " NOT");
     }
 

apps/apps.h

@@ -363,7 +363,6 @@ void store_setup_crl_download(X509_STORE *st);
 # define FORMAT_MSBLOB   11     /* MS Key blob format */
 # define FORMAT_PVK      12     /* MS PVK file format */
 # define FORMAT_HTTP     13     /* Download using HTTP */
-# define FORMAT_NSS      14     /* NSS keylog format */
 
 # define EXT_COPY_NONE   0
 # define EXT_COPY_ADD    1

apps/asn1pars.c

@@ -92,9 +92,8 @@ int MAIN(int argc, char **argv)
     unsigned int length = 0;
     long num, tmplen;
     BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
-    int informat, indent = 0, noout = 0, dump = 0, strictpem = 0;
-    char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile =
-        NULL, *name = NULL, *header = NULL;
+    int informat, indent = 0, noout = 0, dump = 0;
+    char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile = NULL;
     char *genstr = NULL, *genconf = NULL;
     unsigned char *tmpbuf;
     const unsigned char *ctmpbuf;
@@ -171,9 +170,6 @@ int MAIN(int argc, char **argv)
             if (--argc < 1)
                 goto bad;
             genconf = *(++argv);
-        } else if (strcmp(*argv, "-strictpem") == 0) {
-            strictpem = 1;
-            informat = FORMAT_PEM;
         } else {
             BIO_printf(bio_err, "unknown option %s\n", *argv);
             badops = 1;
@@ -207,9 +203,6 @@ int MAIN(int argc, char **argv)
                    " -genstr str   string to generate ASN1 structure from\n");
         BIO_printf(bio_err,
                    " -genconf file file to generate ASN1 structure from\n");
-        BIO_printf(bio_err,
-                   " -strictpem    do not attempt base64 decode outside PEM markers (-inform \n");
-        BIO_printf(bio_err, "               will be ignored)\n");
         goto end;
     }
 
@@ -255,55 +248,44 @@ int MAIN(int argc, char **argv)
         }
     }
 
-    if (strictpem) {
-        if (PEM_read_bio(in, &name, &header, (unsigned char **)&str, &num) !=
-            1) {
-            BIO_printf(bio_err, "Error reading PEM file\n");
+    if ((buf = BUF_MEM_new()) == NULL)
+        goto end;
+    if (!BUF_MEM_grow(buf, BUFSIZ * 8))
+        goto end;               /* Pre-allocate :-) */
+
+    if (genstr || genconf) {
+        num = do_generate(bio_err, genstr, genconf, buf);
+        if (num < 0) {
             ERR_print_errors(bio_err);
             goto end;
         }
-    } else {
-
-        if ((buf = BUF_MEM_new()) == NULL)
-            goto end;
-        if (!BUF_MEM_grow(buf, BUFSIZ * 8))
-            goto end;           /* Pre-allocate :-) */
-
-        if (genstr || genconf) {
-            num = do_generate(bio_err, genstr, genconf, buf);
-            if (num < 0) {
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-        }
-
-        else {
-
-            if (informat == FORMAT_PEM) {
-                BIO *tmp;
-
-                if ((b64 = BIO_new(BIO_f_base64())) == NULL)
-                    goto end;
-                BIO_push(b64, in);
-                tmp = in;
-                in = b64;
-                b64 = tmp;
-            }
-
-            num = 0;
-            for (;;) {
-                if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
-                    goto end;
-                i = BIO_read(in, &(buf->data[num]), BUFSIZ);
-                if (i <= 0)
-                    break;
-                num += i;
-            }
-        }
-        str = buf->data;
-
     }
 
+    else {
+
+        if (informat == FORMAT_PEM) {
+            BIO *tmp;
+
+            if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+                goto end;
+            BIO_push(b64, in);
+            tmp = in;
+            in = b64;
+            b64 = tmp;
+        }
+
+        num = 0;
+        for (;;) {
+            if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
+                goto end;
+            i = BIO_read(in, &(buf->data[num]), BUFSIZ);
+            if (i <= 0)
+                break;
+            num += i;
+        }
+    }
+    str = buf->data;
+
     /* If any structs to parse go through in sequence */
 
     if (sk_OPENSSL_STRING_num(osk)) {
@@ -380,12 +362,6 @@ int MAIN(int argc, char **argv)
         ERR_print_errors(bio_err);
     if (buf != NULL)
         BUF_MEM_free(buf);
-    if (name != NULL)
-        OPENSSL_free(name);
-    if (header != NULL)
-        OPENSSL_free(header);
-    if (strictpem && str != NULL)
-        OPENSSL_free(str);
     if (at != NULL)
         ASN1_TYPE_free(at);
     if (osk != NULL)
@@ -399,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
 {
     CONF *cnf = NULL;
     int len;
-    long errline;
+    long errline = 0;
     unsigned char *p;
     ASN1_TYPE *atyp = NULL;
 

apps/ca.c

@@ -148,7 +148,7 @@
 static const char *ca_usage[] = {
     "usage: ca args\n",
     "\n",
-    " -verbose        - Talk a lot while doing things\n",
+    " -verbose        - Talk alot while doing things\n",
     " -config file    - A config file\n",
     " -name arg       - The particular CA definition to use\n",
     " -gencrl         - Generate a new CRL\n",
@@ -179,7 +179,7 @@ static const char *ca_usage[] = {
     " -utf8           - input characters are UTF8 (default ASCII)\n",
     " -multivalue-rdn - enable support for multivalued RDNs\n",
     " -extensions ..  - Extension section (override value in config file)\n",
-    " -extfile file   - Configuration file with X509v3 extensions to add\n",
+    " -extfile file   - Configuration file with X509v3 extentions to add\n",
     " -crlexts ..     - CRL extension section (override value in config file)\n",
 #ifndef OPENSSL_NO_ENGINE
     " -engine e       - use engine e, possibly a hardware device.\n",
@@ -563,10 +563,18 @@ int MAIN(int argc, char **argv)
 #ifdef OPENSSL_SYS_VMS
         len = strlen(s) + sizeof(CONFIG_FILE);
         tofree = OPENSSL_malloc(len);
+        if (!tofree) {
+            BIO_printf(bio_err, "Out of memory\n");
+            goto err;
+        }
         strcpy(tofree, s);
 #else
         len = strlen(s) + sizeof(CONFIG_FILE) + 1;
         tofree = OPENSSL_malloc(len);
+        if (!tofree) {
+            BIO_printf(bio_err, "Out of memory\n");
+            goto err;
+        }
         BUF_strlcpy(tofree, s, len);
         BUF_strlcat(tofree, "/", len);
 #endif
@@ -927,7 +935,7 @@ int MAIN(int argc, char **argv)
     }
 
         /*****************************************************************/
-    /* Read extensions config file                                   */
+    /* Read extentions config file                                   */
     if (extfile) {
         extconf = NCONF_new(NULL);
         if (NCONF_load(extconf, extfile, &errorline) <= 0) {
@@ -2813,6 +2821,11 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
     ASN1_GENERALIZEDTIME *comp_time = NULL;
     tmp = BUF_strdup(str);
 
+    if (!tmp) {
+        BIO_printf(bio_err, "memory allocation failure\n");
+        goto err;
+    }
+
     p = strchr(tmp, ',');
 
     rtime_str = tmp;
@@ -2830,6 +2843,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 
     if (prevtm) {
         *prevtm = ASN1_UTCTIME_new();
+        if (!*prevtm) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto err;
+        }
         if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
             BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
             goto err;
@@ -2870,6 +2887,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
                 goto err;
             }
             comp_time = ASN1_GENERALIZEDTIME_new();
+            if (!comp_time) {
+                BIO_printf(bio_err, "memory allocation failure\n");
+                goto err;
+            }
             if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
                 BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
                 goto err;

apps/ciphers.c

@@ -59,6 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
 #include "apps.h"
 #include <openssl/err.h>
 #include <openssl/ssl.h>
@@ -70,6 +73,7 @@ static const char *ciphers_usage[] = {
     "usage: ciphers args\n",
     " -v          - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
     " -V          - even more verbose\n",
+    " -ssl2       - SSL2 mode\n",
     " -ssl3       - SSL3 mode\n",
     " -tls1       - TLS1 mode\n",
     NULL
@@ -81,7 +85,6 @@ int MAIN(int argc, char **argv)
 {
     int ret = 1, i;
     int verbose = 0, Verbose = 0;
-    int use_supported = 0;
 #ifndef OPENSSL_NO_SSL_TRACE
     int stdname = 0;
 #endif
@@ -92,7 +95,7 @@ int MAIN(int argc, char **argv)
     SSL *ssl = NULL;
     char *ciphers = NULL;
     const SSL_METHOD *meth = NULL;
-    STACK_OF(SSL_CIPHER) *sk = NULL;
+    STACK_OF(SSL_CIPHER) *sk;
     char buf[512];
     BIO *STDout = NULL;
 
@@ -119,12 +122,14 @@ int MAIN(int argc, char **argv)
             verbose = 1;
         else if (strcmp(*argv, "-V") == 0)
             verbose = Verbose = 1;
-        else if (strcmp(*argv, "-s") == 0)
-            use_supported = 1;
 #ifndef OPENSSL_NO_SSL_TRACE
         else if (strcmp(*argv, "-stdname") == 0)
             stdname = verbose = 1;
 #endif
+#ifndef OPENSSL_NO_SSL2
+        else if (strcmp(*argv, "-ssl2") == 0)
+            meth = SSLv2_client_method();
+#endif
 #ifndef OPENSSL_NO_SSL3
         else if (strcmp(*argv, "-ssl3") == 0)
             meth = SSLv3_client_method();
@@ -164,15 +169,9 @@ int MAIN(int argc, char **argv)
     if (ssl == NULL)
         goto err;
 
-    if (use_supported)
-        sk = SSL_get1_supported_ciphers(ssl);
-    else
-        sk = SSL_get_ciphers(ssl);
-
     if (!verbose) {
-        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-            SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
-            p = SSL_CIPHER_get_name(c);
+        for (i = 0;; i++) {
+            p = SSL_get_cipher_list(ssl, i);
             if (p == NULL)
                 break;
             if (i != 0)
@@ -182,6 +181,8 @@ int MAIN(int argc, char **argv)
         BIO_printf(STDout, "\n");
     } else {                    /* verbose */
 
+        sk = SSL_get_ciphers(ssl);
+
         for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
             SSL_CIPHER *c;
 
@@ -194,7 +195,11 @@ int MAIN(int argc, char **argv)
                 int id2 = (int)((id >> 8) & 0xffL);
                 int id3 = (int)(id & 0xffL);
 
-                if ((id & 0xff000000L) == 0x03000000L) {
+                if ((id & 0xff000000L) == 0x02000000L) {
+                    /* SSL2 cipher */
+                    BIO_printf(STDout, "     0x%02X,0x%02X,0x%02X - ", id1,
+                               id2, id3);
+                } else if ((id & 0xff000000L) == 0x03000000L) {
                     /* SSL3 cipher */
                     BIO_printf(STDout, "          0x%02X,0x%02X - ", id2,
                                id3);
@@ -223,8 +228,6 @@ int MAIN(int argc, char **argv)
         ERR_print_errors(bio_err);
     }
  end:
-    if (use_supported && sk)
-        sk_SSL_CIPHER_free(sk);
     if (ctx != NULL)
         SSL_CTX_free(ctx);
     if (ssl != NULL)

apps/cms.c

@@ -254,8 +254,6 @@ int MAIN(int argc, char **argv)
             flags |= CMS_DEBUG_DECRYPT;
         else if (!strcmp(*args, "-text"))
             flags |= CMS_TEXT;
-        else if (!strcmp(*args, "-asciicrlf"))
-            flags |= CMS_ASCIICRLF;
         else if (!strcmp(*args, "-nointern"))
             flags |= CMS_NOINTERN;
         else if (!strcmp(*args, "-noverify")
@@ -465,6 +463,10 @@ int MAIN(int argc, char **argv)
             if (key_param == NULL || key_param->idx != keyidx) {
                 cms_key_param *nparam;
                 nparam = OPENSSL_malloc(sizeof(cms_key_param));
+                if (!nparam) {
+                    BIO_printf(bio_err, "Out of memory\n");
+                    goto argerr;
+                }
                 nparam->idx = keyidx;
                 nparam->param = sk_OPENSSL_STRING_new_null();
                 nparam->next = NULL;
@@ -644,7 +646,7 @@ int MAIN(int argc, char **argv)
                    "-CApath dir    trusted certificates directory\n");
         BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
         BIO_printf(bio_err,
-                   "-trusted_first use locally trusted certificates first when building trust chain\n");
+                   "-no_alt_chains only ever use the first certificate chain found\n");
         BIO_printf(bio_err,
                    "-crl_check     check revocation status of signer's certificate using CRLs\n");
         BIO_printf(bio_err,

apps/dgst.c

@@ -293,6 +293,11 @@ int MAIN(int argc, char **argv)
 
     in = BIO_new(BIO_s_file());
     bmd = BIO_new(BIO_f_md());
+    if ((in == NULL) || (bmd == NULL)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
     if (debug) {
         BIO_set_callback(in, BIO_debug_callback);
         /* needed for windows 3.1 */
@@ -304,11 +309,6 @@ int MAIN(int argc, char **argv)
         goto end;
     }
 
-    if ((in == NULL) || (bmd == NULL)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
     if (out_bin == -1) {
         if (keyfile)
             out_bin = 1;
@@ -460,6 +460,11 @@ int MAIN(int argc, char **argv)
             ERR_print_errors(bio_err);
             goto end;
         }
+        if (!sigbuf) {
+            BIO_printf(bio_err, "Out of memory\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
         siglen = BIO_read(sigbio, sigbuf, siglen);
         BIO_free(sigbio);
         if (siglen <= 0) {

apps/dhparam.c

@@ -144,7 +144,7 @@
  * -C
  */
 
-static int dh_cb(int p, int n, BN_GENCB *cb);
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
 
 int MAIN(int, char **);
 
@@ -294,14 +294,8 @@ int MAIN(int argc, char **argv)
 
     if (num) {
 
-        BN_GENCB *cb;
-        cb = BN_GENCB_new();
-        if (!cb) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-
-        BN_GENCB_set(cb, dh_cb, bio_err);
+        BN_GENCB cb;
+        BN_GENCB_set(&cb, dh_cb, bio_err);
         if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
             BIO_printf(bio_err,
                        "warning, not much extra random data, consider using the -rand option\n");
@@ -318,10 +312,9 @@ int MAIN(int argc, char **argv)
                        "Generating DSA parameters, %d bit long prime\n", num);
             if (!dsa
                 || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
-                                               cb)) {
+                                               &cb)) {
                 if (dsa)
                     DSA_free(dsa);
-                BN_GENCB_free(cb);
                 ERR_print_errors(bio_err);
                 goto end;
             }
@@ -329,7 +322,6 @@ int MAIN(int argc, char **argv)
             dh = DSA_dup_DH(dsa);
             DSA_free(dsa);
             if (dh == NULL) {
-                BN_GENCB_free(cb);
                 ERR_print_errors(bio_err);
                 goto end;
             }
@@ -341,14 +333,12 @@ int MAIN(int argc, char **argv)
                        "Generating DH parameters, %d bit long safe prime, generator %d\n",
                        num, g);
             BIO_printf(bio_err, "This is going to take a long time\n");
-            if (!dh || !DH_generate_parameters_ex(dh, num, g, cb)) {
-                BN_GENCB_free(cb);
+            if (!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) {
                 ERR_print_errors(bio_err);
                 goto end;
             }
         }
 
-        BN_GENCB_free(cb);
         app_RAND_write_file(NULL, bio_err);
     } else {
 
@@ -527,7 +517,7 @@ int MAIN(int argc, char **argv)
 }
 
 /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
-static int dh_cb(int p, int n, BN_GENCB *cb)
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
 {
     char c = '*';
 
@@ -539,8 +529,11 @@ static int dh_cb(int p, int n, BN_GENCB *cb)
         c = '*';
     if (p == 3)
         c = '\n';
-    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
-    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    BIO_write(cb->arg, &c, 1);
+    (void)BIO_flush(cb->arg);
+# ifdef LINT
+    p = n;
+# endif
     return 1;
 }
 

apps/dsaparam.c

@@ -57,6 +57,13 @@
  */
 
 #include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
 
 #ifndef OPENSSL_NO_DSA
 # include <assert.h>
@@ -101,7 +108,7 @@ static void timebomb_sigalarm(int foo)
 
 # endif
 
-static int dsa_cb(int p, int n, BN_GENCB *cb);
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
 
 int MAIN(int, char **);
 
@@ -114,8 +121,6 @@ int MAIN(int argc, char **argv)
     char *infile, *outfile, *prog, *inrand = NULL;
     int numbits = -1, num, genkey = 0;
     int need_rand = 0;
-    int non_fips_allow = 0;
-    BN_GENCB *cb = NULL;
 # ifndef OPENSSL_NO_ENGINE
     char *engine = NULL;
 # endif
@@ -186,8 +191,6 @@ int MAIN(int argc, char **argv)
             need_rand = 1;
         } else if (strcmp(*argv, "-noout") == 0)
             noout = 1;
-        else if (strcmp(*argv, "-non-fips-allow") == 0)
-            non_fips_allow = 1;
         else if (sscanf(*argv, "%d", &num) == 1) {
             /* generate a key */
             numbits = num;
@@ -272,20 +275,14 @@ int MAIN(int argc, char **argv)
     }
 
     if (numbits > 0) {
-        cb = BN_GENCB_new();
-        if (!cb) {
-            BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
-            goto end;
-        }
-        BN_GENCB_set(cb, dsa_cb, bio_err);
+        BN_GENCB cb;
+        BN_GENCB_set(&cb, dsa_cb, bio_err);
         assert(need_rand);
         dsa = DSA_new();
         if (!dsa) {
             BIO_printf(bio_err, "Error allocating DSA object\n");
             goto end;
         }
-        if (non_fips_allow)
-            dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW;
         BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
                    num);
         BIO_printf(bio_err, "This could take some time\n");
@@ -304,7 +301,7 @@ int MAIN(int argc, char **argv)
             alarm(timebomb);
         }
 # endif
-        if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) {
+        if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, &cb)) {
 # ifdef GENCB_TEST
             if (stop_keygen_flag) {
                 BIO_printf(bio_err, "DSA key generation time-stopped\n");
@@ -409,8 +406,6 @@ int MAIN(int argc, char **argv)
         assert(need_rand);
         if ((dsakey = DSAparams_dup(dsa)) == NULL)
             goto end;
-        if (non_fips_allow)
-            dsakey->flags |= DSA_FLAG_NON_FIPS_ALLOW;
         if (!DSA_generate_key(dsakey)) {
             ERR_print_errors(bio_err);
             DSA_free(dsakey);
@@ -432,8 +427,6 @@ int MAIN(int argc, char **argv)
         app_RAND_write_file(NULL, bio_err);
     ret = 0;
  end:
-    if (cb != NULL)
-        BN_GENCB_free(cb);
     if (in != NULL)
         BIO_free(in);
     if (out != NULL)
@@ -444,7 +437,7 @@ int MAIN(int argc, char **argv)
     OPENSSL_EXIT(ret);
 }
 
-static int dsa_cb(int p, int n, BN_GENCB *cb)
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
 {
     char c = '*';
 
@@ -456,8 +449,11 @@ static int dsa_cb(int p, int n, BN_GENCB *cb)
         c = '*';
     if (p == 3)
         c = '\n';
-    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
-    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    BIO_write(cb->arg, &c, 1);
+    (void)BIO_flush(cb->arg);
+# ifdef LINT
+    p = n;
+# endif
 # ifdef GENCB_TEST
     if (stop_keygen_flag)
         return 0;

apps/enc.c

@@ -537,12 +537,8 @@ int MAIN(int argc, char **argv)
                 sptr = salt;
             }
 
-            if (!EVP_BytesToKey(cipher, dgst, sptr,
-                                (unsigned char *)str,
-                                strlen(str), 1, key, iv)) {
-                BIO_printf(bio_err, "EVP_BytesToKey failed\n");
-                goto end;
-            }
+            EVP_BytesToKey(cipher, dgst, sptr,
+                           (unsigned char *)str, strlen(str), 1, key, iv);
             /*
              * zero the complete buffer or the string passed from the command
              * line bug picked up by Larry J. Hughes Jr. <hughes@indiana.edu>
@@ -552,9 +548,14 @@ int MAIN(int argc, char **argv)
             else
                 OPENSSL_cleanse(str, strlen(str));
         }
-        if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
-            BIO_printf(bio_err, "invalid hex iv value\n");
-            goto end;
+        if (hiv != NULL) {
+            int siz = EVP_CIPHER_iv_length(cipher);
+            if (siz == 0) {
+                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
+            } else if (!set_hex(hiv, iv, sizeof iv)) {
+                BIO_printf(bio_err, "invalid hex iv value\n");
+                goto end;
+            }
         }
         if ((hiv == NULL) && (str == NULL)
             && EVP_CIPHER_iv_length(cipher) != 0) {
@@ -566,7 +567,7 @@ int MAIN(int argc, char **argv)
             BIO_printf(bio_err, "iv undefined\n");
             goto end;
         }
-        if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
+        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
             BIO_printf(bio_err, "invalid hex key value\n");
             goto end;
         }

apps/engine.c

@@ -60,6 +60,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
 #include "apps.h"
 #include <openssl/err.h>
 #ifndef OPENSSL_NO_ENGINE

apps/gendh.c

@@ -58,6 +58,13 @@
  */
 
 #include <openssl/opensslconf.h>
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
 
 #ifndef OPENSSL_NO_DH
 # include <stdio.h>
@@ -77,13 +84,13 @@
 # undef PROG
 # define PROG gendh_main
 
-static int dh_cb(int p, int n, BN_GENCB *cb);
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
-    BN_GENCB *cb = NULL;
+    BN_GENCB cb;
     DH *dh = NULL;
     int ret = 1, num = DEFBITS;
     int g = 2;
@@ -96,16 +103,11 @@ int MAIN(int argc, char **argv)
 
     apps_startup();
 
+    BN_GENCB_set(&cb, dh_cb, bio_err);
     if (bio_err == NULL)
         if ((bio_err = BIO_new(BIO_s_file())) != NULL)
             BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
 
-    cb = BN_GENCB_new();
-    if (!cb)
-        goto end;
-
-    BN_GENCB_set(cb, dh_cb, bio_err);
-
     if (!load_config(bio_err, NULL))
         goto end;
 
@@ -199,7 +201,7 @@ int MAIN(int argc, char **argv)
     BIO_printf(bio_err, "This is going to take a long time\n");
 
     if (((dh = DH_new()) == NULL)
-        || !DH_generate_parameters_ex(dh, num, g, cb))
+        || !DH_generate_parameters_ex(dh, num, g, &cb))
         goto end;
 
     app_RAND_write_file(NULL, bio_err);
@@ -214,13 +216,11 @@ int MAIN(int argc, char **argv)
         BIO_free_all(out);
     if (dh != NULL)
         DH_free(dh);
-    if (cb != NULL)
-        BN_GENCB_free(cb);
     apps_shutdown();
     OPENSSL_EXIT(ret);
 }
 
-static int dh_cb(int p, int n, BN_GENCB *cb)
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
 {
     char c = '*';
 
@@ -232,8 +232,11 @@ static int dh_cb(int p, int n, BN_GENCB *cb)
         c = '*';
     if (p == 3)
         c = '\n';
-    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
-    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    BIO_write(cb->arg, &c, 1);
+    (void)BIO_flush(cb->arg);
+# ifdef LINT
+    p = n;
+# endif
     return 1;
 }
 #else                           /* !OPENSSL_NO_DH */

apps/genpkey.c

@@ -398,5 +398,8 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
         c = '\n';
     BIO_write(b, &c, 1);
     (void)BIO_flush(b);
+#ifdef LINT
+    p = n;
+#endif
     return 1;
 }

apps/genrsa.c

@@ -57,6 +57,13 @@
  */
 
 #include <openssl/opensslconf.h>
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
 
 #ifndef OPENSSL_NO_RSA
 # include <stdio.h>
@@ -77,24 +84,23 @@
 # undef PROG
 # define PROG genrsa_main
 
-static int genrsa_cb(int p, int n, BN_GENCB *cb);
+static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
-    BN_GENCB *cb = NULL;
+    BN_GENCB cb;
 # ifndef OPENSSL_NO_ENGINE
     ENGINE *e = NULL;
 # endif
     int ret = 1;
-    int non_fips_allow = 0;
-    int num = DEFBITS;
+    int i, num = DEFBITS;
+    long l;
     const EVP_CIPHER *enc = NULL;
     unsigned long f4 = RSA_F4;
     char *outfile = NULL;
     char *passargout = NULL, *passout = NULL;
-    char *hexe, *dece;
 # ifndef OPENSSL_NO_ENGINE
     char *engine = NULL;
 # endif
@@ -102,16 +108,12 @@ int MAIN(int argc, char **argv)
     BIO *out = NULL;
     BIGNUM *bn = BN_new();
     RSA *rsa = NULL;
+
     if (!bn)
         goto err;
 
-    cb = BN_GENCB_new();
-    if (!cb)
-        goto err;
-
     apps_startup();
-
-    BN_GENCB_set(cb, genrsa_cb, bio_err);
+    BN_GENCB_set(&cb, genrsa_cb, bio_err);
 
     if (bio_err == NULL)
         if ((bio_err = BIO_new(BIO_s_file())) != NULL)
@@ -183,9 +185,7 @@ int MAIN(int argc, char **argv)
             if (--argc < 1)
                 goto bad;
             passargout = *(++argv);
-        } else if (strcmp(*argv, "-non-fips-allow") == 0)
-            non_fips_allow = 1;
-        else
+        } else
             break;
         argv++;
         argc--;
@@ -278,23 +278,24 @@ int MAIN(int argc, char **argv)
     if (!rsa)
         goto err;
 
-    if (non_fips_allow)
-        rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW;
-
-    if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb))
+    if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
         goto err;
 
     app_RAND_write_file(NULL, bio_err);
 
-    hexe = BN_bn2hex(rsa->e);
-    dece = BN_bn2dec(rsa->e);
-    if (hexe && dece) {
-        BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
+    /*
+     * We need to do the following for when the base number size is < long,
+     * esp windows 3.1 :-(.
+     */
+    l = 0L;
+    for (i = 0; i < rsa->e->top; i++) {
+# ifndef SIXTY_FOUR_BIT
+        l <<= BN_BITS4;
+        l <<= BN_BITS4;
+# endif
+        l += rsa->e->d[i];
     }
-    if (hexe)
-        OPENSSL_free(hexe);
-    if (dece)
-        OPENSSL_free(dece);
+    BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l);
     {
         PW_CB_DATA cb_data;
         cb_data.password = passout;
@@ -309,8 +310,6 @@ int MAIN(int argc, char **argv)
  err:
     if (bn)
         BN_free(bn);
-    if (cb)
-        BN_GENCB_free(cb);
     if (rsa)
         RSA_free(rsa);
     if (out)
@@ -323,7 +322,7 @@ int MAIN(int argc, char **argv)
     OPENSSL_EXIT(ret);
 }
 
-static int genrsa_cb(int p, int n, BN_GENCB *cb)
+static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
 {
     char c = '*';
 
@@ -335,8 +334,11 @@ static int genrsa_cb(int p, int n, BN_GENCB *cb)
         c = '*';
     if (p == 3)
         c = '\n';
-    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
-    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    BIO_write(cb->arg, &c, 1);
+    (void)BIO_flush(cb->arg);
+# ifdef LINT
+    p = n;
+# endif
     return 1;
 }
 #else                           /* !OPENSSL_NO_RSA */

apps/makeapps.com

@@ -773,9 +773,12 @@ $ CCDEFS = "MONOLITH"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$ CCDISABLEWARNINGS = "" !!! "MAYLOSEDATA3" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. ""
+$ THEN
+$     IF CCDISABLEWARNINGS .NES. THEN CCDISABLEWARNINGS = CCDISABLEWARNINGS + ","
+$     CCDISABLEWARNINGS = CCDISABLEWARNINGS + USER_CCDISABLEWARNINGS
+$ ENDIF
 $!
 $! Check To See If We Have A ZLIB Option.
 $!
@@ -1064,6 +1067,18 @@ $! Finish up the definition of CC.
 $!
 $ IF COMPILER .EQS. "DECC"
 $ THEN
+$!  Not all compiler versions support MAYLOSEDATA3.
+$   OPT_TEST = "MAYLOSEDATA3"
+$   DEFINE /USER_MODE SYS$ERROR NL:
+$   DEFINE /USER_MODE SYS$OUTPUT NL:
+$   'CC' /NOCROSS_REFERENCE /NOLIST /NOOBJECT -
+      /WARNINGS = DISABLE = ('OPT_TEST', EMPTYFILE) NL:
+$   IF ($SEVERITY)
+$   THEN
+$     IF CCDISABLEWARNINGS .NES. "" THEN -
+        CCDISABLEWARNINGS = CCDISABLEWARNINGS+ ","
+$     CCDISABLEWARNINGS = CCDISABLEWARNINGS+ OPT_TEST
+$   ENDIF
 $   IF CCDISABLEWARNINGS .NES. ""
 $   THEN
 $     CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"

apps/ocsp.c

@@ -536,7 +536,7 @@ int MAIN(int argc, char **argv)
         BIO_printf(bio_err,
                    "-CAfile file         trusted certificates file\n");
         BIO_printf(bio_err,
-                   "-trusted_first       use locally trusted CA's first when building trust chain\n");
+                   "-no_alt_chains       only ever use the first certificate chain found\n");
         BIO_printf(bio_err,
                    "-VAfile file         validator certificates file\n");
         BIO_printf(bio_err,

apps/openssl-vms.cnf

@@ -44,7 +44,7 @@ certs		= $dir.certs]		# Where the issued certs are kept
 crl_dir		= $dir.crl]		# Where the issued crl are kept
 database	= $dir]index.txt	# database index file.
 #unique_subject	= no			# Set to 'no' to allow creation of
-					# several certs with same subject.
+					# several ctificates with same subject.
 new_certs_dir	= $dir.newcerts]		# default place for new certs.
 
 certificate	= $dir]cacert.pem 	# The CA certificate
@@ -55,7 +55,7 @@ crl		= $dir]crl.pem 		# The current CRL
 private_key	= $dir.private]cakey.pem# The private key
 RANDFILE	= $dir.private].rand	# private random number file
 
-x509_extensions	= usr_cert		# The extensions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
 
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@@ -107,7 +107,7 @@ default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret

apps/openssl.c

@@ -428,10 +428,6 @@ int main(int Argc, char *ARGV[])
     if (arg.data != NULL)
         OPENSSL_free(arg.data);
 
-    if (bio_err != NULL) {
-        BIO_free(bio_err);
-        bio_err = NULL;
-    }
 #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
     /* Free any duplicate Argv[] storage. */
     if (free_Argv) {
@@ -440,6 +436,10 @@ int main(int Argc, char *ARGV[])
 #endif
     apps_shutdown();
     CRYPTO_mem_leaks(bio_err);
+    if (bio_err != NULL) {
+        BIO_free(bio_err);
+        bio_err = NULL;
+    }
 
     OPENSSL_EXIT(ret);
 }
@@ -663,14 +663,14 @@ static void list_md(BIO *out)
     EVP_MD_do_all_sorted(list_md_fn, out);
 }
 
-static int function_cmp(const FUNCTION * a, const FUNCTION * b)
+static int MS_CALLBACK function_cmp(const FUNCTION * a, const FUNCTION * b)
 {
     return strncmp(a->name, b->name, 8);
 }
 
 static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION)
 
-static unsigned long function_hash(const FUNCTION * a)
+static unsigned long MS_CALLBACK function_hash(const FUNCTION * a)
 {
     return lh_strhash(a->name);
 }

apps/openssl.cnf

@@ -44,7 +44,7 @@ certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 #unique_subject	= no			# Set to 'no' to allow creation of
-					# several certs with same subject.
+					# several ctificates with same subject.
 new_certs_dir	= $dir/newcerts		# default place for new certs.
 
 certificate	= $dir/cacert.pem 	# The CA certificate
@@ -55,7 +55,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
 
-x509_extensions	= usr_cert		# The extensions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
 
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@@ -107,7 +107,7 @@ default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret

apps/pkcs12.c

@@ -116,7 +116,7 @@ int MAIN(int argc, char **argv)
     int maciter = PKCS12_DEFAULT_ITER;
     int twopass = 0;
     int keytype = 0;
-    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+    int cert_pbe;
     int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
     int ret = 1;
     int macver = 1;
@@ -134,6 +134,13 @@ int MAIN(int argc, char **argv)
 
     apps_startup();
 
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    else
+# endif
+        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL)
         bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

apps/pkcs7.c

@@ -189,11 +189,11 @@ int MAIN(int argc, char **argv)
     if (infile == NULL)
         BIO_set_fp(in, stdin, BIO_NOCLOSE);
     else {
-        if (BIO_read_filename(in, infile) <= 0)
-            if (in == NULL) {
-                perror(infile);
-                goto end;
-            }
+        if (BIO_read_filename(in, infile) <= 0) {
+            BIO_printf(bio_err, "unable to load input file\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
     }
 
     if (informat == FORMAT_ASN1)

apps/pkcs8.c

@@ -57,7 +57,6 @@
  *
  */
 #include <stdio.h>
-#include <stdlib.h>
 #include <string.h>
 #include "apps.h"
 #include <openssl/pem.h>
@@ -151,14 +150,7 @@ int MAIN(int argc, char **argv)
             topk8 = 1;
         else if (!strcmp(*args, "-noiter"))
             iter = 1;
-        else if (!strcmp(*args, "-iter")) {
-            if (args[1]) {
-                iter = atoi(*(++args));
-                if (iter <= 0)
-                    badarg = 1;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-nocrypt"))
+        else if (!strcmp(*args, "-nocrypt"))
             nocrypt = 1;
         else if (!strcmp(*args, "-nooct"))
             p8_broken = PKCS8_NO_OCTET;
@@ -167,22 +159,19 @@ int MAIN(int argc, char **argv)
         else if (!strcmp(*args, "-embed"))
             p8_broken = PKCS8_EMBEDDED_PARAM;
         else if (!strcmp(*args, "-passin")) {
-            if (args[1])
-                passargin = *(++args);
-            else
-                badarg = 1;
+            if (!args[1])
+                goto bad;
+            passargin = *(++args);
         } else if (!strcmp(*args, "-passout")) {
-            if (args[1])
-                passargout = *(++args);
-            else
-                badarg = 1;
+            if (!args[1])
+                goto bad;
+            passargout = *(++args);
         }
 #ifndef OPENSSL_NO_ENGINE
         else if (strcmp(*args, "-engine") == 0) {
-            if (args[1])
-                engine = *(++args);
-            else
-                badarg = 1;
+            if (!args[1])
+                goto bad;
+            engine = *(++args);
         }
 #endif
         else if (!strcmp(*args, "-in")) {
@@ -203,6 +192,7 @@ int MAIN(int argc, char **argv)
     }
 
     if (badarg) {
+ bad:
         BIO_printf(bio_err, "Usage pkcs8 [options]\n");
         BIO_printf(bio_err, "where options are\n");
         BIO_printf(bio_err, "-in file        input file\n");
@@ -220,7 +210,6 @@ int MAIN(int argc, char **argv)
                    "-embed          use (nonstandard) embedded DSA parameters format\n");
         BIO_printf(bio_err,
                    "-nsdb           use (nonstandard) DSA Netscape DB format\n");
-        BIO_printf(bio_err, "-iter count     use count as iteration count\n");
         BIO_printf(bio_err, "-noiter         use 1 as iteration count\n");
         BIO_printf(bio_err,
                    "-nocrypt        use or expect unencrypted private key\n");

apps/privkey.pem

@@ -1,16 +1,18 @@
------BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMo7DFNMqywUA1O/
-qvWqCOm6rGrUAcR+dKsSXw6y2qiKO7APDDyotc0b4Mxwqjga98npex2RBIwUoCGJ
-iEmMXo/a8RbXVUZ+ZwcAX7PC+XeXVC5qoajaBBkd2MvYmib/2PqnNrgvhHsUL5dO
-xhC7cRqxLM/g45k3Yyw+nGa+WkTdAgMBAAECgYBMBT5w4dVG0I8foGFnz+9hzWab
-Ee9IKjE5TcKmB93ilXQyjrWO5+zPmbc7ou6aAKk9IaPCTY1kCyzW7pho7Xdt+RFq
-TgVXGZZfqtixO7f2/5oqZAkd00eOn9ZrhBpVMu4yXbbDvhDyFe4/oy0HGDjRUhxa
-Lf6ZlBuTherxm4eFkQJBAPBQwRs9UtqaMAQlagA9pV5UsQjV1WT4IxDURMPfXgCd
-ETNkB6pP0SmxQm5xhv9N2HY1UtoWpug9s0OU5IJB15sCQQDXbfbjiujNbuOxCFNw
-68JZaCFVdNovyOWORkpenQLNEjVkmTCS9OayK09ADEYtsdpUGKeF+2EYBNkFr5px
-CajnAkBMYI4PNz1HBuwt1SpMa0tMoMQnV7bbwVV7usskKbC5pzHZUHhzM6z5gEHp
-0iEisT4Ty7zKXZqsgzefSgoaMAzzAkEAoCIaUhtwXzwdPfvNYnOs3J6doJMimECB
-+lbfcyLM8TimvadtRt+KGEg/OYGmLNM2UiqdY+duzdbUpvhYGcwvYwJAQvaoi9z2
-CkiwSs/PFrLaNlfLJmXRsUBzmiWYoh6+IQJJorEXz7ewI72ee9RBO4s746cgUFwH
-Ri+qO+HhZFUBqQ==
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF
+
+6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9
+Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo
+F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3
+XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE
+jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy
+vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh
+JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf
+PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM
+POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS
+gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz
+8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v
+Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC
+dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==
+-----END RSA PRIVATE KEY-----

apps/progs.h

@@ -172,18 +172,6 @@ FUNCTION functions[] = {
 #ifndef OPENSSL_NO_RMD160
     {FUNC_TYPE_MD, "rmd160", dgst_main},
 #endif
-#ifndef OPENSSL_NO_SHA224
-    {FUNC_TYPE_MD, "sha224", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA256
-    {FUNC_TYPE_MD, "sha256", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA384
-    {FUNC_TYPE_MD, "sha384", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA512
-    {FUNC_TYPE_MD, "sha512", dgst_main},
-#endif
 #ifndef OPENSSL_NO_AES
     {FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main},
 #endif

apps/progs.pl

@@ -57,7 +57,7 @@ foreach (@ARGV)
 		{ print $str; }
 	}
 
-foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160","sha224","sha256","sha384","sha512")
+foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
 	{
 	push(@files,$_);
 	printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";

apps/req.c

@@ -56,10 +56,21 @@
  * [including the GNU Public Licence.]
  */
 
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
 #include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
@@ -844,7 +855,7 @@ int MAIN(int argc, char **argv)
     }
 
     if (subj && x509) {
-        BIO_printf(bio_err, "Cannot modify certificate subject\n");
+        BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
         goto end;
     }
 
@@ -1079,13 +1090,15 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
     if (!X509_REQ_set_version(req, 0L))
         goto err;               /* version 1 */
 
-    if (subj)
-        i = build_subject(req, subj, chtype, multirdn);
-    else if (no_prompt)
+    if (no_prompt)
         i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
-    else
-        i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs,
-                        chtype);
+    else {
+        if (subj)
+            i = build_subject(req, subj, chtype, multirdn);
+        else
+            i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs,
+                            chtype);
+    }
     if (!i)
         goto err;
 
@@ -1654,6 +1667,9 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
         c = '\n';
     BIO_write(b, &c, 1);
     (void)BIO_flush(b);
+#ifdef LINT
+    p = n;
+#endif
     return 1;
 }
 

apps/rsautl.c

@@ -268,6 +268,11 @@ int MAIN(int argc, char **argv)
 
     rsa_in = OPENSSL_malloc(keysize * 2);
     rsa_out = OPENSSL_malloc(keysize);
+    if (!rsa_in || !rsa_out) {
+        BIO_printf(bio_err, "Out of memory\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
 
     /* Read the input data */
     rsa_inlen = BIO_read(in, rsa_in, keysize * 2);

apps/s_apps.h

@@ -155,14 +155,8 @@ int do_server(int port, int type, int *ret,
               int (*cb) (char *hostname, int s, int stype,
                          unsigned char *context), unsigned char *context,
               int naccept);
-#ifndef NO_SYS_UN_H
-int do_server_unix(const char *path, int *ret,
-                   int (*cb) (char *hostname, int s, int stype,
-                              unsigned char *context), unsigned char *context,
-                   int naccept);
-#endif
 #ifdef HEADER_X509_H
-int verify_callback(int ok, X509_STORE_CTX *ctx);
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #endif
 #ifdef HEADER_SSL_H
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
@@ -173,30 +167,27 @@ int ssl_print_point_formats(BIO *out, SSL *s);
 int ssl_print_curves(BIO *out, SSL *s, int noshared);
 #endif
 int ssl_print_tmp_key(BIO *out, SSL *s);
-int init_client(int *sock, const char *server, int port, int type);
-#ifndef NO_SYS_UN_H
-int init_client_unix(int *sock, const char *server);
-#endif
+int init_client(int *sock, char *server, int port, int type);
 int should_retry(int i);
-int extract_port(const char *str, short *port_ptr);
+int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
                       short *p);
 
-long bio_dump_callback(BIO *bio, int cmd, const char *argp,
-                       int argi, long argl, long ret);
+long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+                                   int argi, long argl, long ret);
 
 #ifdef HEADER_SSL_H
-void apps_ssl_info_callback(const SSL *s, int where, int ret);
-void msg_cb(int write_p, int version, int content_type, const void *buf,
-            size_t len, SSL *ssl, void *arg);
-void tlsext_cb(SSL *s, int client_server, int type, unsigned char *data,
-               int len, void *arg);
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
+                        const void *buf, size_t len, SSL *ssl, void *arg);
+void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
+                           unsigned char *data, int len, void *arg);
 #endif
 
-int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
-                             unsigned int *cookie_len);
-int verify_cookie_callback(SSL *ssl, unsigned char *cookie,
-                           unsigned int cookie_len);
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+                                         unsigned int *cookie_len);
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
+                                       unsigned int cookie_len);
 
 typedef struct ssl_excert_st SSL_EXCERT;
 
@@ -217,5 +208,4 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
                     const char *vfyCAfile, const char *chCApath,
                     const char *chCAfile, STACK_OF(X509_CRL) *crls,
                     int crl_download);
-void ssl_ctx_security_debug(SSL_CTX *ctx, BIO *out, int verbose);
 #endif

apps/s_cb.c

@@ -111,6 +111,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h> /* for memcpy() and strcmp() */
 #define USE_SOCKETS
 #define NON_MAIN
 #include "apps.h"
@@ -120,10 +121,6 @@
 #include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
 #include "s_apps.h"
 
 #define COOKIE_SECRET_LENGTH    16
@@ -135,7 +132,7 @@ int verify_return_error = 0;
 unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
 int cookie_initialized = 0;
 
-int verify_callback(int ok, X509_STORE_CTX *ctx)
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 {
     X509 *err_cert;
     int err, depth;
@@ -460,8 +457,13 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared)
     if (ncurves <= 0)
         return 1;
     curves = OPENSSL_malloc(ncurves * sizeof(int));
+    if (!curves) {
+        BIO_puts(out, "Malloc error getting supported curves\n");
+        return 0;
+    }
     SSL_get1_curves(s, curves);
 
+
     BIO_puts(out, "Supported Elliptic Curves: ");
     for (i = 0; i < ncurves; i++) {
         if (i)
@@ -535,8 +537,8 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
     return 1;
 }
 
-long bio_dump_callback(BIO *bio, int cmd, const char *argp,
-                       int argi, long argl, long ret)
+long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+                                   int argi, long argl, long ret)
 {
     BIO *out;
 
@@ -557,7 +559,7 @@ long bio_dump_callback(BIO *bio, int cmd, const char *argp,
     return (ret);
 }
 
-void apps_ssl_info_callback(const SSL *s, int where, int ret)
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
 {
     const char *str;
     int w;
@@ -590,28 +592,8 @@ void apps_ssl_info_callback(const SSL *s, int where, int ret)
     }
 }
 
-static const char *ssl_version_str(int version)
-{
-    switch (version) {
-    case SSL3_VERSION:
-        return "SSL 3.0";
-    case TLS1_VERSION:
-        return "TLS 1.0";
-    case TLS1_1_VERSION:
-        return "TLS 1.1";
-    case TLS1_2_VERSION:
-        return "TLS 1.2";
-    case DTLS1_VERSION:
-        return "DTLS 1.0";
-    case DTLS1_BAD_VER:
-        return "DTLS 1.0 (bad)";
-    default:
-        return "???";
-    }
-}
-
-void msg_cb(int write_p, int version, int content_type, const void *buf,
-            size_t len, SSL *ssl, void *arg)
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
+                        const void *buf, size_t len, SSL *ssl, void *arg)
 {
     BIO *bio = arg;
     const char *str_write_p, *str_version, *str_content_type =
@@ -619,7 +601,89 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
 
     str_write_p = write_p ? ">>>" : "<<<";
 
-    str_version = ssl_version_str(version);
+    switch (version) {
+    case SSL2_VERSION:
+        str_version = "SSL 2.0";
+        break;
+    case SSL3_VERSION:
+        str_version = "SSL 3.0 ";
+        break;
+    case TLS1_VERSION:
+        str_version = "TLS 1.0 ";
+        break;
+    case TLS1_1_VERSION:
+        str_version = "TLS 1.1 ";
+        break;
+    case TLS1_2_VERSION:
+        str_version = "TLS 1.2 ";
+        break;
+    case DTLS1_VERSION:
+        str_version = "DTLS 1.0 ";
+        break;
+    case DTLS1_BAD_VER:
+        str_version = "DTLS 1.0 (bad) ";
+        break;
+    default:
+        str_version = "???";
+    }
+
+    if (version == SSL2_VERSION) {
+        str_details1 = "???";
+
+        if (len > 0) {
+            switch (((const unsigned char *)buf)[0]) {
+            case 0:
+                str_details1 = ", ERROR:";
+                str_details2 = " ???";
+                if (len >= 3) {
+                    unsigned err =
+                        (((const unsigned char *)buf)[1] << 8) +
+                        ((const unsigned char *)buf)[2];
+
+                    switch (err) {
+                    case 0x0001:
+                        str_details2 = " NO-CIPHER-ERROR";
+                        break;
+                    case 0x0002:
+                        str_details2 = " NO-CERTIFICATE-ERROR";
+                        break;
+                    case 0x0004:
+                        str_details2 = " BAD-CERTIFICATE-ERROR";
+                        break;
+                    case 0x0006:
+                        str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
+                        break;
+                    }
+                }
+
+                break;
+            case 1:
+                str_details1 = ", CLIENT-HELLO";
+                break;
+            case 2:
+                str_details1 = ", CLIENT-MASTER-KEY";
+                break;
+            case 3:
+                str_details1 = ", CLIENT-FINISHED";
+                break;
+            case 4:
+                str_details1 = ", SERVER-HELLO";
+                break;
+            case 5:
+                str_details1 = ", SERVER-VERIFY";
+                break;
+            case 6:
+                str_details1 = ", SERVER-FINISHED";
+                break;
+            case 7:
+                str_details1 = ", REQUEST-CERTIFICATE";
+                break;
+            case 8:
+                str_details1 = ", CLIENT-CERTIFICATE";
+                break;
+            }
+        }
+    }
 
     if (version == SSL3_VERSION ||
         version == TLS1_VERSION ||
@@ -828,8 +892,8 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
     (void)BIO_flush(bio);
 }
 
-void tlsext_cb(SSL *s, int client_server, int type,
-               unsigned char *data, int len, void *arg)
+void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
+                           unsigned char *data, int len, void *arg)
 {
     BIO *bio = arg;
     char *extname;
@@ -917,11 +981,7 @@ void tlsext_cb(SSL *s, int client_server, int type,
         extname = "next protocol";
         break;
 #endif
-#ifdef TLSEXT_TYPE_encrypt_then_mac
-    case TLSEXT_TYPE_encrypt_then_mac:
-        extname = "encrypt-then-mac";
-        break;
-#endif
+
     case TLSEXT_TYPE_padding:
         extname = "TLS padding";
         break;
@@ -938,8 +998,8 @@ void tlsext_cb(SSL *s, int client_server, int type,
     (void)BIO_flush(bio);
 }
 
-int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
-                             unsigned int *cookie_len)
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+                                         unsigned int *cookie_len)
 {
     unsigned char *buffer, result[EVP_MAX_MD_SIZE];
     unsigned int length, resultlength;
@@ -953,7 +1013,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
 
     /* Initialize a random secret */
     if (!cookie_initialized) {
-        if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
+        if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
             BIO_printf(bio_err, "error setting random cookie secret\n");
             return 0;
         }
@@ -1016,8 +1076,8 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
     return 1;
 }
 
-int verify_cookie_callback(SSL *ssl, unsigned char *cookie,
-                           unsigned int cookie_len)
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
+                                       unsigned int cookie_len)
 {
     unsigned char *buffer, result[EVP_MAX_MD_SIZE];
     unsigned int length, resultlength;
@@ -1590,186 +1650,3 @@ int ssl_load_stores(SSL_CTX *ctx,
         X509_STORE_free(ch);
     return rv;
 }
-
-/* Verbose print out of security callback */
-
-typedef struct {
-    BIO *out;
-    int verbose;
-    int (*old_cb) (SSL *s, SSL_CTX *ctx, int op, int bits, int nid,
-                   void *other, void *ex);
-} security_debug_ex;
-
-static int security_callback_debug(SSL *s, SSL_CTX *ctx,
-                                   int op, int bits, int nid,
-                                   void *other, void *ex)
-{
-    security_debug_ex *sdb = ex;
-    int rv, show_bits = 1, cert_md = 0;
-    const char *nm;
-    rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex);
-    if (rv == 1 && sdb->verbose < 2)
-        return 1;
-    BIO_puts(sdb->out, "Security callback: ");
-
-    switch (op) {
-    case SSL_SECOP_CIPHER_SUPPORTED:
-        nm = "Supported Ciphersuite";
-        break;
-    case SSL_SECOP_CIPHER_SHARED:
-        nm = "Shared Ciphersuite";
-        break;
-    case SSL_SECOP_CIPHER_CHECK:
-        nm = "Check Ciphersuite";
-        break;
-    case SSL_SECOP_TICKET:
-        BIO_puts(sdb->out, "Session ticket");
-        show_bits = 0;
-        nm = NULL;
-        break;
-    case SSL_SECOP_COMPRESSION:
-        BIO_puts(sdb->out, "SSL compression");
-        show_bits = 0;
-        nm = NULL;
-        break;
-#ifndef OPENSSL_NO_DH
-    case SSL_SECOP_TMP_DH:
-        nm = "Temp DH key bits";
-        break;
-#endif
-    case SSL_SECOP_CURVE_SUPPORTED:
-        nm = "Supported Curve";
-        break;
-    case SSL_SECOP_CURVE_SHARED:
-        nm = "Shared Curve";
-        break;
-    case SSL_SECOP_CURVE_CHECK:
-        nm = "Check Curve";
-        break;
-    case SSL_SECOP_VERSION:
-        BIO_printf(sdb->out, "Version=%s", ssl_version_str(nid));
-        show_bits = 0;
-        nm = NULL;
-        break;
-    case SSL_SECOP_SIGALG_SUPPORTED:
-        nm = "Supported Signature Algorithm digest";
-        break;
-    case SSL_SECOP_SIGALG_SHARED:
-        nm = "Shared Signature Algorithm digest";
-        break;
-    case SSL_SECOP_SIGALG_CHECK:
-        nm = "Check Signature Algorithm digest";
-        break;
-    case SSL_SECOP_SIGALG_MASK:
-        nm = "Signature Algorithm mask";
-        break;
-    case SSL_SECOP_EE_KEY:
-        nm = "Certificate chain EE key";
-        break;
-    case SSL_SECOP_CA_KEY:
-        nm = "Certificate chain CA key";
-        break;
-    case SSL_SECOP_CA_MD:
-        cert_md = 1;
-        nm = "Certificate chain CA digest";
-        break;
-    case SSL_SECOP_PEER_EE_KEY:
-        nm = "Peer Chain EE key";
-        break;
-    case SSL_SECOP_PEER_CA_KEY:
-        nm = "Peer Chain CA key";
-        break;
-    case SSL_SECOP_PEER_CA_MD:
-        cert_md = 1;
-        nm = "Peer chain CA digest";
-        break;
-    default:
-        nm = NULL;
-    }
-    if (nm)
-        BIO_printf(sdb->out, "%s=", nm);
-
-    switch (op & SSL_SECOP_OTHER_TYPE) {
-
-    case SSL_SECOP_OTHER_CIPHER:
-        BIO_puts(sdb->out, SSL_CIPHER_get_name(other));
-        break;
-
-#ifndef OPENSSL_NO_EC
-    case SSL_SECOP_OTHER_CURVE:
-        {
-            const char *cname;
-            cname = EC_curve_nid2nist(nid);
-            if (cname == NULL)
-                cname = OBJ_nid2sn(nid);
-            BIO_puts(sdb->out, cname);
-        }
-        break;
-#endif
-
-    case SSL_SECOP_OTHER_DH:
-        {
-            DH *dh = other;
-            BIO_printf(sdb->out, "%d", BN_num_bits(dh->p));
-            break;
-        }
-    case SSL_SECOP_OTHER_CERT:
-        {
-            if (cert_md) {
-                int sig_nid = X509_get_signature_nid(other);
-                BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
-            } else {
-                EVP_PKEY *pkey = X509_get_pubkey(other);
-                const char *algname = "";
-                EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
-                                        &algname, EVP_PKEY_get0_asn1(pkey));
-                BIO_printf(sdb->out, "%s, bits=%d",
-                           algname, EVP_PKEY_bits(pkey));
-                EVP_PKEY_free(pkey);
-            }
-            break;
-        }
-    case SSL_SECOP_OTHER_SIGALG:
-        {
-            const unsigned char *salg = other;
-            const char *sname = NULL;
-            switch (salg[1]) {
-            case TLSEXT_signature_anonymous:
-                sname = "anonymous";
-                break;
-            case TLSEXT_signature_rsa:
-                sname = "RSA";
-                break;
-            case TLSEXT_signature_dsa:
-                sname = "DSA";
-                break;
-            case TLSEXT_signature_ecdsa:
-                sname = "ECDSA";
-                break;
-            }
-
-            BIO_puts(sdb->out, OBJ_nid2sn(nid));
-            if (sname)
-                BIO_printf(sdb->out, ", algorithm=%s", sname);
-            else
-                BIO_printf(sdb->out, ", algid=%d", salg[1]);
-            break;
-        }
-
-    }
-
-    if (show_bits)
-        BIO_printf(sdb->out, ", security bits=%d", bits);
-    BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no");
-    return rv;
-}
-
-void ssl_ctx_security_debug(SSL_CTX *ctx, BIO *out, int verbose)
-{
-    static security_debug_ex sdb;
-    sdb.out = out;
-    sdb.verbose = verbose;
-    sdb.old_cb = SSL_CTX_get_security_callback(ctx);
-    SSL_CTX_set_security_callback(ctx, security_callback_debug);
-    SSL_CTX_set0_security_ex_data(ctx, &sdb);
-}

apps/s_client.c

@@ -141,6 +141,10 @@
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+
 /*
  * With IPv6, it looks like Digital has mixed up the proper order of
  * recursive header file inclusion, resulting in the compiler complaining
@@ -172,6 +176,10 @@ typedef unsigned int u_int;
 # undef FIONBIO
 #endif
 
+#if defined(OPENSSL_SYS_BEOS_R5)
+# include <fcntl.h>
+#endif
+
 #undef PROG
 #define PROG    s_client_main
 
@@ -297,10 +305,15 @@ static void sc_usage(void)
     BIO_printf(bio_err, " -host host     - use -connect instead\n");
     BIO_printf(bio_err, " -port port     - use -connect instead\n");
     BIO_printf(bio_err,
-               " -connect host:port - connect over TCP/IP (default is %s:%s)\n",
+               " -connect host:port - who to connect to (default is %s:%s)\n",
                SSL_HOST_NAME, PORT_STR);
     BIO_printf(bio_err,
-               " -unix path    - connect over unix domain sockets\n");
+               " -verify_host host - check peer certificate matches \"host\"\n");
+    BIO_printf(bio_err,
+               " -verify_email email - check peer certificate matches \"email\"\n");
+    BIO_printf(bio_err,
+               " -verify_ip ipaddr - check peer certificate matches \"ipaddr\"\n");
+
     BIO_printf(bio_err,
                " -verify arg   - turn on peer certificate verification\n");
     BIO_printf(bio_err,
@@ -319,7 +332,7 @@ static void sc_usage(void)
     BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
     BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
     BIO_printf(bio_err,
-               " -trusted_first - Use local CA's first when building trust chain\n");
+               " -no_alt_chains - only ever use the first certificate chain found\n");
     BIO_printf(bio_err,
                " -reconnect    - Drop and re-make the connection with the same Session-ID\n");
     BIO_printf(bio_err,
@@ -363,6 +376,7 @@ static void sc_usage(void)
                " -srp_strength int - minimal length in bits for N (default %d).\n",
                SRP_MINIMAL_N);
 #endif
+    BIO_printf(bio_err, " -ssl2         - just use SSLv2\n");
 #ifndef OPENSSL_NO_SSL3_METHOD
     BIO_printf(bio_err, " -ssl3         - just use SSLv3\n");
 #endif
@@ -373,9 +387,11 @@ static void sc_usage(void)
     BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n");
     BIO_printf(bio_err, " -mtu          - set the link layer MTU\n");
     BIO_printf(bio_err,
-               " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3 - turn off that protocol\n");
+               " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
     BIO_printf(bio_err,
                " -bugs         - Switch on all SSL implementation bug workarounds\n");
+    BIO_printf(bio_err,
+               " -serverpref   - Use server's cipher preferences (only SSLv2)\n");
     BIO_printf(bio_err,
                " -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
     BIO_printf(bio_err,
@@ -389,8 +405,6 @@ static void sc_usage(void)
     BIO_printf(bio_err,
                "                 only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
     BIO_printf(bio_err, "                 are supported.\n");
-    BIO_printf(bio_err,
-               " -xmpphost host - When used with \"-starttls xmpp\" specifies the virtual host.\n");
 #ifndef OPENSSL_NO_ENGINE
     BIO_printf(bio_err,
                " -engine id    - Initialise and use the specified engine\n");
@@ -410,13 +424,13 @@ static void sc_usage(void)
                " -no_ticket        - disable use of RFC4507bis session tickets\n");
     BIO_printf(bio_err,
                " -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n");
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
     BIO_printf(bio_err,
                " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
-# endif
+#endif
     BIO_printf(bio_err,
                " -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
-#endif
     BIO_printf(bio_err,
                " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #ifndef OPENSSL_NO_SRTP
@@ -437,7 +451,7 @@ typedef struct tlsextctx_st {
     int ack;
 } tlsextctx;
 
-static int ssl_servername_cb(SSL *s, int *ad, void *arg)
+static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
 {
     tlsextctx *p = (tlsextctx *) arg;
     const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
@@ -463,7 +477,7 @@ typedef struct srp_arg_st {
 
 #  define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
 
-static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
+static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g)
 {
     BN_CTX *bn_ctx = BN_CTX_new();
     BIGNUM *p = BN_new();
@@ -504,7 +518,7 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
  * primality tests are rather cpu consuming.
  */
 
-static int ssl_srp_verify_param_cb(SSL *s, void *arg)
+static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg)
 {
     SRP_ARG *srp_arg = (SRP_ARG *)arg;
     BIGNUM *N = NULL, *g = NULL;
@@ -541,13 +555,18 @@ static int ssl_srp_verify_param_cb(SSL *s, void *arg)
 
 #  define PWD_STRLEN 1024
 
-static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
+static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
 {
     SRP_ARG *srp_arg = (SRP_ARG *)arg;
     char *pass = (char *)OPENSSL_malloc(PWD_STRLEN + 1);
     PW_CB_DATA cb_tmp;
     int l;
 
+    if (!pass) {
+        BIO_printf(bio_err, "Malloc failure\n");
+        return NULL;
+    }
+
     cb_tmp.password = (char *)srp_arg->srppassin;
     cb_tmp.prompt_info = "SRP user";
     if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
@@ -648,8 +667,6 @@ int MAIN(int argc, char **argv)
     short port = PORT;
     int full_log = 1;
     char *host = SSL_HOST_NAME;
-    const char *unix_path = NULL;
-    char *xmpphost = NULL;
     char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
     int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
     char *passarg = NULL, *pass = NULL;
@@ -680,8 +697,11 @@ int MAIN(int argc, char **argv)
     ENGINE *ssl_client_engine = NULL;
 #endif
     ENGINE *e = NULL;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
     struct timeval tv;
+# if defined(OPENSSL_SYS_BEOS_R5)
+    int stdin_set = 0;
+# endif
 #endif
 #ifndef OPENSSL_NO_TLSEXT
     char *servername = NULL;
@@ -721,7 +741,6 @@ int MAIN(int argc, char **argv)
     int crl_format = FORMAT_PEM;
     int crl_download = 0;
     STACK_OF(X509_CRL) *crls = NULL;
-    int sdebug = 0;
 
     meth = SSLv23_client_method();
 
@@ -738,6 +757,7 @@ int MAIN(int argc, char **argv)
 
     if (!load_config(bio_err, NULL))
         goto end;
+
     cctx = SSL_CONF_CTX_new();
     if (!cctx)
         goto end;
@@ -775,14 +795,6 @@ int MAIN(int argc, char **argv)
                 goto bad;
             if (!extract_host_port(*(++argv), &host, NULL, &port))
                 goto bad;
-        } else if (strcmp(*argv, "-unix") == 0) {
-            if (--argc < 1)
-                goto bad;
-            unix_path = *(++argv);
-        } else if (strcmp(*argv, "-xmpphost") == 0) {
-            if (--argc < 1)
-                goto bad;
-            xmpphost = *(++argv);
         } else if (strcmp(*argv, "-verify") == 0) {
             verify = SSL_VERIFY_PEER;
             if (--argc < 1)
@@ -872,11 +884,7 @@ int MAIN(int argc, char **argv)
         else if (strcmp(*argv, "-trace") == 0)
             c_msg = 2;
 #endif
-        else if (strcmp(*argv, "-security_debug") == 0) {
-            sdebug = 1;
-        } else if (strcmp(*argv, "-security_debug_verbose") == 0) {
-            sdebug = 2;
-        } else if (strcmp(*argv, "-showcerts") == 0)
+        else if (strcmp(*argv, "-showcerts") == 0)
             c_showcerts = 1;
         else if (strcmp(*argv, "-nbio_test") == 0)
             nbio_test = 1;
@@ -927,6 +935,10 @@ int MAIN(int argc, char **argv)
             meth = TLSv1_client_method();
         }
 #endif
+#ifndef OPENSSL_NO_SSL2
+        else if (strcmp(*argv, "-ssl2") == 0)
+            meth = SSLv2_client_method();
+#endif
 #ifndef OPENSSL_NO_SSL3_METHOD
         else if (strcmp(*argv, "-ssl3") == 0)
             meth = SSLv3_client_method();
@@ -1121,12 +1133,6 @@ int MAIN(int argc, char **argv)
         sc_usage();
         goto end;
     }
-
-    if (unix_path && (socket_type != SOCK_STREAM)) {
-        BIO_printf(bio_err,
-                   "Can't use unix sockets and datagrams together\n");
-        goto end;
-    }
 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
     if (jpake_secret) {
         if (psk_key) {
@@ -1251,9 +1257,6 @@ int MAIN(int argc, char **argv)
         goto end;
     }
 
-    if (sdebug)
-        ssl_ctx_security_debug(ctx, bio_err, sdebug);
-
     if (vpm)
         SSL_CTX_set1_param(ctx, vpm);
 
@@ -1299,12 +1302,6 @@ int MAIN(int argc, char **argv)
 #endif
     if (exc)
         ssl_ctx_set_excert(ctx, exc);
-    /*
-     * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
-     * read ahead solves this problem.
-     */
-    if (socket_type == SOCK_DGRAM)
-        SSL_CTX_set_read_ahead(ctx, 1);
 
 #if !defined(OPENSSL_NO_TLSEXT)
 # if !defined(OPENSSL_NO_NEXTPROTONEG)
@@ -1341,17 +1338,15 @@ int MAIN(int argc, char **argv)
 
     SSL_CTX_set_verify(ctx, verify, verify_callback);
 
-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(ctx))) {
-        /*
-         * BIO_printf(bio_err,"error setting default verify locations\n");
-         */
+    if ((CAfile || CApath)
+        && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
+        ERR_print_errors(bio_err);
+    }
+    if (!SSL_CTX_set_default_verify_paths(ctx)) {
         ERR_print_errors(bio_err);
-        /* goto end; */
     }
 
     ssl_ctx_add_crls(ctx, crls, crl_download);
-
     if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain))
         goto end;
 
@@ -1425,13 +1420,8 @@ int MAIN(int argc, char **argv)
 #endif
 
  re_start:
-#ifdef NO_SYS_UN_H
-    if (init_client(&s, host, port, socket_type) == 0)
-#else
-    if ((!unix_path && (init_client(&s, host, port, socket_type) == 0)) ||
-        (unix_path && (init_client_unix(&s, unix_path) == 0)))
-#endif
-    {
+
+    if (init_client(&s, host, port, socket_type) == 0) {
         BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
         SHUTDOWN(s);
         goto end;
@@ -1639,20 +1629,14 @@ int MAIN(int argc, char **argv)
         int seen = 0;
         BIO_printf(sbio, "<stream:stream "
                    "xmlns:stream='http://etherx.jabber.org/streams' "
-                   "xmlns='jabber:client' to='%s' version='1.0'>", xmpphost ?
-                   xmpphost : host);
+                   "xmlns='jabber:client' to='%s' version='1.0'>", host);
         seen = BIO_read(sbio, mbuf, BUFSIZZ);
         mbuf[seen] = 0;
         while (!strstr
-               (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")
-               && !strstr(mbuf,
-                          "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
-        {
-            seen = BIO_read(sbio, mbuf, BUFSIZZ);
-
-            if (seen <= 0)
+               (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) {
+            if (strstr(mbuf, "/stream:features>"))
                 goto shut;
-
+            seen = BIO_read(sbio, mbuf, BUFSIZZ);
             mbuf[seen] = 0;
         }
         BIO_printf(sbio,
@@ -1730,7 +1714,7 @@ int MAIN(int argc, char **argv)
         ssl_pending = read_ssl && SSL_pending(con);
 
         if (!ssl_pending) {
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5)
             if (tty_on) {
                 if (read_tty)
                     openssl_fdset(fileno(stdin), &readfds);
@@ -1801,6 +1785,26 @@ int MAIN(int argc, char **argv)
                     i = select(width, (void *)&readfds, (void *)&writefds,
                                NULL, timeoutp);
             }
+#elif defined(OPENSSL_SYS_BEOS_R5)
+            /* Under BeOS-R5 the situation is similar to DOS */
+            i = 0;
+            stdin_set = 0;
+            (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
+            if (!write_tty) {
+                if (read_tty) {
+                    tv.tv_sec = 1;
+                    tv.tv_usec = 0;
+                    i = select(width, (void *)&readfds, (void *)&writefds,
+                               NULL, &tv);
+                    if (read(fileno(stdin), sbuf, 0) >= 0)
+                        stdin_set = 1;
+                    if (!i && (stdin_set != 1 || !read_tty))
+                        continue;
+                } else
+                    i = select(width, (void *)&readfds, (void *)&writefds,
+                               NULL, timeoutp);
+            }
+            (void)fcntl(fileno(stdin), F_SETFL, 0);
 #else
             i = select(width, (void *)&readfds, (void *)&writefds,
                        NULL, timeoutp);
@@ -1815,7 +1819,7 @@ int MAIN(int argc, char **argv)
 
         if ((SSL_version(con) == DTLS1_VERSION)
             && DTLSv1_handle_timeout(con) > 0) {
-            BIO_printf(bio_err, "TIMEOUT occurred\n");
+            BIO_printf(bio_err, "TIMEOUT occured\n");
         }
 
         if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
@@ -1876,7 +1880,7 @@ int MAIN(int argc, char **argv)
                 goto shut;
             }
         }
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
         /* Assume Windows/DOS/BeOS can always write */
         else if (!ssl_pending && write_tty)
 #else
@@ -1975,6 +1979,8 @@ int MAIN(int argc, char **argv)
 # endif
 #elif defined (OPENSSL_SYS_NETWARE)
         else if (_kbhit())
+#elif defined(OPENSSL_SYS_BEOS_R5)
+        else if (stdin_set)
 #else
         else if (FD_ISSET(fileno(stdin), &readfds))
 #endif
@@ -2097,12 +2103,14 @@ int MAIN(int argc, char **argv)
 static void print_stuff(BIO *bio, SSL *s, int full)
 {
     X509 *peer = NULL;
+    char *p;
+    static const char *space = "                ";
     char buf[BUFSIZ];
     STACK_OF(X509) *sk;
     STACK_OF(X509_NAME) *sk2;
     const SSL_CIPHER *c;
     X509_NAME *xn;
-    int i;
+    int j, i;
 #ifndef OPENSSL_NO_COMP
     const COMP_METHOD *comp, *expansion;
 #endif
@@ -2155,6 +2163,31 @@ static void print_stuff(BIO *bio, SSL *s, int full)
         } else {
             BIO_printf(bio, "---\nNo client certificate CA names sent\n");
         }
+        p = SSL_get_shared_ciphers(s, buf, sizeof buf);
+        if (p != NULL) {
+            /*
+             * This works only for SSL 2.  In later protocol versions, the
+             * client does not know what other ciphers (in addition to the
+             * one to be used in the current connection) the server supports.
+             */
+
+            BIO_printf(bio,
+                       "---\nCiphers common between both SSL endpoints:\n");
+            j = i = 0;
+            while (*p) {
+                if (*p == ':') {
+                    BIO_write(bio, space, 15 - j % 25);
+                    i++;
+                    j = 0;
+                    BIO_write(bio, ((i % 3) ? " " : "\n"), 1);
+                } else {
+                    BIO_write(bio, p, 1);
+                    j++;
+                }
+                p++;
+            }
+            BIO_write(bio, "\n", 1);
+        }
 
         ssl_print_sigalgs(bio, s);
         ssl_print_tmp_key(bio, s);

apps/s_server.c

@@ -140,6 +140,14 @@
  * OTHERWISE.
  */
 
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
 #include <assert.h>
 #include <ctype.h>
 #include <stdio.h>
@@ -147,6 +155,9 @@
 #include <string.h>
 
 #include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
 
 /* conflicts with winsock2 stuff on netware */
 #if !defined(OPENSSL_SYS_NETWARE)
@@ -191,10 +202,13 @@ typedef unsigned int u_int;
 # undef FIONBIO
 #endif
 
-#ifndef OPENSSL_NO_RSA
-static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
+#if defined(OPENSSL_SYS_BEOS_R5)
+# include <fcntl.h>
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
 #endif
-static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
 static int sv_body(char *hostname, int s, int stype, unsigned char *context);
 static int www_body(char *hostname, int s, int stype, unsigned char *context);
 static int rev_body(char *hostname, int s, int stype, unsigned char *context);
@@ -208,12 +222,59 @@ static void init_session_cache_ctx(SSL_CTX *sctx);
 static void free_sessions(void);
 #ifndef OPENSSL_NO_DH
 static DH *load_dh_param(const char *dhfile);
+static DH *get_dh2048(void);
 #endif
 
 #ifdef MONOLITH
 static void s_server_init(void);
 #endif
 
+#ifndef OPENSSL_NO_DH
+static unsigned char dh2048_p[] = {
+    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
+    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
+    0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
+    0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
+    0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
+    0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
+    0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
+    0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
+    0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
+    0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
+    0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
+    0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
+    0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
+    0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
+    0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
+    0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
+    0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
+    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
+    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
+    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
+    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
+    0xE9,0x32,0x0B,0x3B,
+};
+
+static unsigned char dh2048_g[] = {
+    0x02,
+};
+
+DH *get_dh2048()
+{
+    DH *dh;
+
+    if ((dh = DH_new()) == NULL)
+        return NULL;
+    dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+    dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+    if (dh->p == NULL || dh->g == NULL) {
+        DH_free(dh);
+        return NULL;
+    }
+    return dh;
+}
+#endif
+
 /* static int load_CA(SSL_CTX *ctx, char *file);*/
 
 #undef BUFSIZZ
@@ -304,7 +365,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
     }
     if (s_debug)
         BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
-                   identity ? (int)strlen(identity) : 0, identity);
+                   (int)strlen(identity), identity);
 
     /* here we could lookup the given identity e.g. from a database */
     if (strcmp(identity, psk_identity) != 0) {
@@ -365,7 +426,7 @@ typedef struct srpsrvparm_st {
  * (which would normally occur after a worker has finished) and we set the
  * user parameters.
  */
-static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
+static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
 {
     srpsrvparm *p = (srpsrvparm *) arg;
     if (p->login == NULL && p->user == NULL) {
@@ -435,11 +496,13 @@ static void sv_usage(void)
     BIO_printf(bio_err, "usage: s_server [args ...]\n");
     BIO_printf(bio_err, "\n");
     BIO_printf(bio_err,
-               " -accept port  - TCP/IP port to accept on (default is %d)\n",
-               PORT);
-    BIO_printf(bio_err, " -unix path    - unix domain socket to accept on\n");
+               " -accept arg   - port to accept on (default is %d)\n", PORT);
     BIO_printf(bio_err,
-               " -unlink       - for -unix, unlink existing socket first\n");
+               " -verify_host host - check peer certificate matches \"host\"\n");
+    BIO_printf(bio_err,
+               " -verify_email email - check peer certificate matches \"email\"\n");
+    BIO_printf(bio_err,
+               " -verify_ip ipaddr - check peer certificate matches \"ipaddr\"\n");
     BIO_printf(bio_err, " -context arg  - set session ID context\n");
     BIO_printf(bio_err,
                " -verify arg   - turn on peer certificate verification\n");
@@ -449,11 +512,13 @@ static void sv_usage(void)
                " -verify_return_error - return verification errors\n");
     BIO_printf(bio_err, " -cert arg     - certificate file to use\n");
     BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT);
-    BIO_printf(bio_err,
-               " -naccept arg  - terminate after 'arg' connections\n");
 #ifndef OPENSSL_NO_TLSEXT
     BIO_printf(bio_err,
                " -serverinfo arg - PEM serverinfo file for certificate\n");
+    BIO_printf(bio_err,
+               " -auth               - send and receive RFC 5878 TLS auth extensions and supplemental data\n");
+    BIO_printf(bio_err,
+               " -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n");
 #endif
     BIO_printf(bio_err,
                " -no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag\n");
@@ -507,7 +572,7 @@ static void sv_usage(void)
     BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
     BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
     BIO_printf(bio_err,
-               " -trusted_first - Use locally trusted CA's first when building trust chain\n");
+               " -no_alt_chains - only ever use the first certificate chain found\n");
     BIO_printf(bio_err,
                " -nocert       - Don't use any certificates (Anon-DH)\n");
     BIO_printf(bio_err,
@@ -527,6 +592,7 @@ static void sv_usage(void)
     BIO_printf(bio_err,
                " -srpuserseed string - A seed string for a default user salt.\n");
 #endif
+    BIO_printf(bio_err, " -ssl2         - Just talk SSLv2\n");
 #ifndef OPENSSL_NO_SSL3_METHOD
     BIO_printf(bio_err, " -ssl3         - Just talk SSLv3\n");
 #endif
@@ -538,6 +604,7 @@ static void sv_usage(void)
     BIO_printf(bio_err, " -timeout      - Enable timeouts\n");
     BIO_printf(bio_err, " -mtu          - Set link layer MTU\n");
     BIO_printf(bio_err, " -chain        - Read a certificate chain\n");
+    BIO_printf(bio_err, " -no_ssl2      - Just disable SSLv2\n");
     BIO_printf(bio_err, " -no_ssl3      - Just disable SSLv3\n");
     BIO_printf(bio_err, " -no_tls1      - Just disable TLSv1\n");
     BIO_printf(bio_err, " -no_tls1_1    - Just disable TLSv1.1\n");
@@ -548,8 +615,6 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_ECDH
     BIO_printf(bio_err, " -no_ecdhe     - Disable ephemeral ECDH\n");
 #endif
-    BIO_printf(bio_err,
-               "-no_resume_ephemeral - Disable caching and tickets if ephemeral (EC)DH is used\n");
     BIO_printf(bio_err, " -bugs         - Turn on SSL bug compatibility\n");
     BIO_printf(bio_err,
                " -hack         - workaround for early Netscape code\n");
@@ -651,6 +716,8 @@ static int ebcdic_new(BIO *bi)
     EBCDIC_OUTBUFF *wbuf;
 
     wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+    if (!wbuf)
+        return 0;
     wbuf->alloced = 1024;
     wbuf->buff[0] = '\0';
 
@@ -705,9 +772,11 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
         num = num + num;        /* double the size */
         if (num < inl)
             num = inl;
-        OPENSSL_free(wbuf);
         wbuf =
             (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
+        if (!wbuf)
+            return 0;
+        OPENSSL_free(b->ptr);
 
         wbuf->alloced = num;
         wbuf->buff[0] = '\0';
@@ -776,7 +845,7 @@ typedef struct tlsextctx_st {
     int extension_error;
 } tlsextctx;
 
-static int ssl_servername_cb(SSL *s, int *ad, void *arg)
+static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
 {
     tlsextctx *p = (tlsextctx *) arg;
     const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
@@ -993,12 +1062,6 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
 }
 #endif                          /* ndef OPENSSL_NO_TLSEXT */
 
-static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
-{
-    /* disable resumption for sessions with forward secure ciphers */
-    return is_forward_secure;
-}
-
 int MAIN(int, char **);
 
 #ifndef OPENSSL_NO_JPAKE
@@ -1019,12 +1082,6 @@ int MAIN(int argc, char *argv[])
     X509_VERIFY_PARAM *vpm = NULL;
     int badarg = 0;
     short port = PORT;
-    const char *unix_path = NULL;
-#ifndef NO_SYS_UN_H
-    int unlink_unix_path = 0;
-#endif
-    int (*server_cb) (char *hostname, int s, int stype,
-                      unsigned char *context);
     char *CApath = NULL, *CAfile = NULL;
     char *chCApath = NULL, *chCAfile = NULL;
     char *vfyCApath = NULL, *vfyCAfile = NULL;
@@ -1048,7 +1105,6 @@ int MAIN(int argc, char *argv[])
     EVP_PKEY *s_key = NULL, *s_dkey = NULL;
     int no_cache = 0, ext_cache = 0;
     int rev = 0, naccept = -1;
-    int sdebug = 0;
 #ifndef OPENSSL_NO_TLSEXT
     EVP_PKEY *s_key2 = NULL;
     X509 *s_cert2 = NULL;
@@ -1114,22 +1170,6 @@ int MAIN(int argc, char *argv[])
                 goto bad;
             if (!extract_port(*(++argv), &port))
                 goto bad;
-        } else if (strcmp(*argv, "-unix") == 0) {
-#ifdef NO_SYS_UN_H
-            BIO_printf(bio_err, "unix domain sockets unsupported\n");
-            goto bad;
-#else
-            if (--argc < 1)
-                goto bad;
-            unix_path = *(++argv);
-#endif
-        } else if (strcmp(*argv, "-unlink") == 0) {
-#ifdef NO_SYS_UN_H
-            BIO_printf(bio_err, "unix domain sockets unsupported\n");
-            goto bad;
-#else
-            unlink_unix_path = 1;
-#endif
         } else if (strcmp(*argv, "-naccept") == 0) {
             if (--argc < 1)
                 goto bad;
@@ -1333,11 +1373,7 @@ int MAIN(int argc, char *argv[])
             s_msg = 2;
         }
 #endif
-        else if (strcmp(*argv, "-security_debug") == 0) {
-            sdebug = 1;
-        } else if (strcmp(*argv, "-security_debug_verbose") == 0) {
-            sdebug = 2;
-        } else if (strcmp(*argv, "-hack") == 0) {
+        else if (strcmp(*argv, "-hack") == 0) {
             hack = 1;
         } else if (strcmp(*argv, "-state") == 0) {
             state = 1;
@@ -1399,6 +1435,12 @@ int MAIN(int argc, char *argv[])
         } else if (strcmp(*argv, "-HTTP") == 0) {
             www = 3;
         }
+#ifndef OPENSSL_NO_SSL2
+        else if (strcmp(*argv, "-ssl2") == 0) {
+            no_ecdhe = 1;
+            meth = SSLv2_server_method();
+        }
+#endif
 #ifndef OPENSSL_NO_SSL3_METHOD
         else if (strcmp(*argv, "-ssl3") == 0) {
             meth = SSLv3_server_method();
@@ -1522,11 +1564,6 @@ int MAIN(int argc, char *argv[])
     }
 #endif
 
-    if (unix_path && (socket_type != SOCK_STREAM)) {
-        BIO_printf(bio_err,
-                   "Can't use unix sockets and datagrams together\n");
-        goto end;
-    }
 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
     if (jpake_secret) {
         if (psk_key) {
@@ -1700,8 +1737,6 @@ int MAIN(int argc, char *argv[])
     }
 
     ctx = SSL_CTX_new(meth);
-    if (sdebug)
-        ssl_ctx_security_debug(ctx, bio_err, sdebug);
     if (ctx == NULL) {
         ERR_print_errors(bio_err);
         goto end;
@@ -1710,6 +1745,9 @@ int MAIN(int argc, char *argv[])
         if (strlen(session_id_prefix) >= 32)
             BIO_printf(bio_err,
                        "warning: id_prefix is too long, only one new session will be possible\n");
+        else if (strlen(session_id_prefix) >= 16)
+            BIO_printf(bio_err,
+                       "warning: id_prefix is too long if you use SSLv2\n");
         if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
             BIO_printf(bio_err, "error setting 'id_prefix'\n");
             ERR_print_errors(bio_err);
@@ -1722,12 +1760,6 @@ int MAIN(int argc, char *argv[])
         SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
     if (exc)
         ssl_ctx_set_excert(ctx, exc);
-    /*
-     * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
-     * read ahead solves this problem.
-     */
-    if (socket_type == SOCK_DGRAM)
-        SSL_CTX_set_read_ahead(ctx, 1);
 
     if (state)
         SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
@@ -1766,6 +1798,7 @@ int MAIN(int argc, char *argv[])
         SSL_CTX_set1_param(ctx, vpm);
 
     ssl_ctx_add_crls(ctx, crls, 0);
+
     if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
         goto end;
 
@@ -1787,13 +1820,13 @@ int MAIN(int argc, char *argv[])
     if (ctx2) {
         BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
 
-        if (sdebug)
-            ssl_ctx_security_debug(ctx, bio_err, sdebug);
-
         if (session_id_prefix) {
             if (strlen(session_id_prefix) >= 32)
                 BIO_printf(bio_err,
                            "warning: id_prefix is too long, only one new session will be possible\n");
+            else if (strlen(session_id_prefix) >= 16)
+                BIO_printf(bio_err,
+                           "warning: id_prefix is too long if you use SSLv2\n");
             if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
                 BIO_printf(bio_err, "error setting 'id_prefix'\n");
                 ERR_print_errors(bio_err);
@@ -1806,12 +1839,6 @@ int MAIN(int argc, char *argv[])
             SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
         if (exc)
             ssl_ctx_set_excert(ctx2, exc);
-        /*
-         * DTLS: partial reads end up discarding unread UDP bytes :-(
-         * Setting read ahead solves this problem.
-         */
-        if (socket_type == SOCK_DGRAM)
-            SSL_CTX_set_read_ahead(ctx2, 1);
 
         if (state)
             SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
@@ -1831,8 +1858,10 @@ int MAIN(int argc, char *argv[])
             SSL_CTX_set1_param(ctx2, vpm);
 
         ssl_ctx_add_crls(ctx2, crls, 0);
+
         if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
             goto end;
+
     }
 # ifndef OPENSSL_NO_NEXTPROTONEG
     if (next_proto.data)
@@ -1856,17 +1885,15 @@ int MAIN(int argc, char *argv[])
             BIO_printf(bio_s_out, "Setting temp DH parameters\n");
         } else {
             BIO_printf(bio_s_out, "Using default temp DH parameters\n");
+            dh = get_dh2048();
+            if (dh == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
         }
         (void)BIO_flush(bio_s_out);
 
-        if (dh == NULL)
-            SSL_CTX_set_dh_auto(ctx, 1);
-        else if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
-            BIO_puts(bio_err, "Error setting temp DH parameters\n");
-            ERR_print_errors(bio_err);
-            DH_free(dh);
-            goto end;
-        }
+        SSL_CTX_set_tmp_dh(ctx, dh);
 # ifndef OPENSSL_NO_TLSEXT
         if (ctx2) {
             if (!dhfile) {
@@ -1879,14 +1906,7 @@ int MAIN(int argc, char *argv[])
                     dh = dh2;
                 }
             }
-            if (dh == NULL)
-                SSL_CTX_set_dh_auto(ctx2, 1);
-            else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) {
-                BIO_puts(bio_err, "Error setting temp DH parameters\n");
-                ERR_print_errors(bio_err);
-                DH_free(dh);
-                goto end;
-            }
+            SSL_CTX_set_tmp_dh(ctx2, dh);
         }
 # endif
         DH_free(dh);
@@ -1946,15 +1966,6 @@ int MAIN(int argc, char *argv[])
 # endif
 #endif
 
-    if (no_resume_ephemeral) {
-        SSL_CTX_set_not_resumable_session_callback(ctx,
-                                                   not_resumable_sess_cb);
-#ifndef OPENSSL_NO_TLSEXT
-        if (ctx2)
-            SSL_CTX_set_not_resumable_session_callback(ctx2,
-                                                       not_resumable_sess_cb);
-#endif
-    }
 #ifndef OPENSSL_NO_PSK
 # ifdef OPENSSL_NO_JPAKE
     if (psk_key != NULL)
@@ -2027,20 +2038,13 @@ int MAIN(int argc, char *argv[])
     BIO_printf(bio_s_out, "ACCEPT\n");
     (void)BIO_flush(bio_s_out);
     if (rev)
-        server_cb = rev_body;
+        do_server(port, socket_type, &accept_socket, rev_body, context,
+                  naccept);
     else if (www)
-        server_cb = www_body;
+        do_server(port, socket_type, &accept_socket, www_body, context,
+                  naccept);
     else
-        server_cb = sv_body;
-#ifndef NO_SYS_UN_H
-    if (unix_path) {
-        if (unlink_unix_path)
-            unlink(unix_path);
-        do_server_unix(unix_path, &accept_socket, server_cb, context,
-                       naccept);
-    } else
-#endif
-        do_server(port, socket_type, &accept_socket, server_cb, context,
+        do_server(port, socket_type, &accept_socket, sv_body, context,
                   naccept);
     print_stats(bio_s_out, ctx);
     ret = 0;
@@ -2152,7 +2156,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
     KSSL_CTX *kctx;
 #endif
     struct timeval timeout;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
     struct timeval tv;
 #else
     struct timeval *timeoutp;
@@ -2287,7 +2291,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
 
         if (!read_from_sslcon) {
             FD_ZERO(&readfds);
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5)
             openssl_fdset(fileno(stdin), &readfds);
 #endif
             openssl_fdset(s, &readfds);
@@ -2312,6 +2316,17 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
                 continue;
             if (_kbhit())
                 read_from_terminal = 1;
+#elif defined(OPENSSL_SYS_BEOS_R5)
+            /* Under BeOS-R5 the situation is similar to DOS */
+            tv.tv_sec = 1;
+            tv.tv_usec = 0;
+            (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
+            i = select(width, (void *)&readfds, NULL, NULL, &tv);
+            if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0))
+                continue;
+            if (read(fileno(stdin), buf, 0) >= 0)
+                read_from_terminal = 1;
+            (void)fcntl(fileno(stdin), F_SETFL, 0);
 #else
             if ((SSL_version(con) == DTLS1_VERSION) &&
                 DTLSv1_get_timeout(con, &timeout))
@@ -2323,7 +2338,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
 
             if ((SSL_version(con) == DTLS1_VERSION)
                 && DTLSv1_handle_timeout(con) > 0) {
-                BIO_printf(bio_err, "TIMEOUT occurred\n");
+                BIO_printf(bio_err, "TIMEOUT occured\n");
             }
 
             if (i <= 0)
@@ -2462,8 +2477,10 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
                     ret = 1;
                     goto err;
                 }
-                l += k;
-                i -= k;
+                if (k > 0) {
+                    l += k;
+                    i -= k;
+                }
                 if (i <= 0)
                     break;
             }
@@ -2709,6 +2726,9 @@ static DH *load_dh_param(const char *dhfile)
     return (ret);
 }
 #endif
+#ifndef OPENSSL_NO_KRB5
+char *client_princ;
+#endif
 
 #if 0
 static int load_CA(SSL_CTX *ctx, char *file)
@@ -2863,7 +2883,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
                 BIO_printf(bio_s_out, "read R BLOCK\n");
 #if defined(OPENSSL_SYS_NETWARE)
                 delay(1000);
-#elif !defined(OPENSSL_SYS_MSDOS)
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
                 sleep(1);
 #endif
                 continue;
@@ -2875,38 +2895,12 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
 
         /* else we have data */
         if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
-            ((www == 2) && (strncmp("GET /stats ", buf, 10) == 0))) {
+            ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
             char *p;
             X509 *peer;
             STACK_OF(SSL_CIPHER) *sk;
             static const char *space = "                          ";
 
-            if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) {
-                if (strncmp("GET /renegcert", buf, 14) == 0)
-                    SSL_set_verify(con,
-                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
-                                   NULL);
-                i = SSL_renegotiate(con);
-                BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i);
-                i = SSL_do_handshake(con);
-                if (i <= 0) {
-                    BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
-                               SSL_get_error(con, i));
-                    ERR_print_errors(bio_err);
-                    goto err;
-                }
-                /* EVIL HACK! */
-                SSL_set_state(con, SSL_ST_ACCEPT);
-                i = SSL_do_handshake(con);
-                BIO_printf(bio_s_out, "SSL_do_handshake -> %d\n", i);
-                if (i <= 0) {
-                    BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
-                               SSL_get_error(con, i));
-                    ERR_print_errors(bio_err);
-                    goto err;
-                }
-            }
-
             BIO_puts(io,
                      "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
             BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
@@ -3232,7 +3226,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
                 BIO_printf(bio_s_out, "read R BLOCK\n");
 #if defined(OPENSSL_SYS_NETWARE)
                 delay(1000);
-#elif !defined(OPENSSL_SYS_MSDOS)
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
                 sleep(1);
 #endif
                 continue;
@@ -3278,7 +3272,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
 }
 
 #ifndef OPENSSL_NO_RSA
-static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 {
     BIGNUM *bn = NULL;
     static RSA *rsa_tmp = NULL;
@@ -3313,7 +3307,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
 {
     unsigned int count = 0;
     do {
-        RAND_pseudo_bytes(id, *id_len);
+        if (RAND_pseudo_bytes(id, *id_len) < 0)
+            return 0;
         /*
          * Prefix the session_id with the required prefix. NB: If our prefix
          * is too long, clip it - but there will be worse effects anyway, eg.
@@ -3355,6 +3350,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session)
     unsigned char *p;
 
     sess = OPENSSL_malloc(sizeof(simple_ssl_session));
+    if (!sess) {
+        BIO_printf(bio_err, "Out of memory adding session to external cache\n");
+        return 0;
+    }
 
     SSL_SESSION_get_id(session, &sess->idlen);
     sess->derlen = i2d_SSL_SESSION(session, NULL);
@@ -3362,6 +3361,16 @@ static int add_session(SSL *ssl, SSL_SESSION *session)
     sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
 
     sess->der = OPENSSL_malloc(sess->derlen);
+    if (!sess->id || !sess->der) {
+        BIO_printf(bio_err, "Out of memory adding session to external cache\n");
+
+        if (sess->id)
+            OPENSSL_free(sess->id);
+        if (sess->der)
+            OPENSSL_free(sess->der);
+        OPENSSL_free(sess);
+        return 0;
+    }
     p = sess->der;
     i2d_SSL_SESSION(session, &p);
 

apps/s_socket.c

@@ -64,6 +64,12 @@
 #include <errno.h>
 #include <signal.h>
 
+#ifdef FLAT_INC
+# include "e_os2.h"
+#else
+# include "../e_os2.h"
+#endif
+
 /*
  * With IPv6, it looks like Digital has mixed up the proper order of
  * recursive header file inclusion, resulting in the compiler complaining
@@ -95,20 +101,21 @@ typedef unsigned int u_int;
 #  include "netdb.h"
 # endif
 
-static struct hostent *GetHostByName(const char *name);
+static struct hostent *GetHostByName(char *name);
 # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
 static void ssl_sock_cleanup(void);
 # endif
 static int ssl_sock_init(void);
-static int init_client_ip(int *sock, const unsigned char ip[4], int port,
-                          int type);
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
 static int init_server(int *sock, int port, int type);
 static int init_server_long(int *sock, int port, char *ip, int type);
 static int do_accept(int acc_sock, int *sock, char **host);
-static int host_ip(const char *str, unsigned char ip[4]);
-# ifndef NO_SYS_UN_H
-static int init_server_unix(int *sock, const char *path);
-static int do_accept_unix(int acc_sock, int *sock);
+static int host_ip(char *str, unsigned char ip[4]);
+
+# ifdef OPENSSL_SYS_WIN16
+#  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
+# else
+#  define SOCKET_PROTOCOL IPPROTO_TCP
 # endif
 
 # if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
@@ -119,6 +126,34 @@ static int wsa_init_done = 0;
 static struct WSAData wsa_state;
 static int wsa_init_done = 0;
 
+#  ifdef OPENSSL_SYS_WIN16
+static HWND topWnd = 0;
+static FARPROC lpTopWndProc = NULL;
+static FARPROC lpTopHookProc = NULL;
+extern HINSTANCE _hInstance;    /* nice global CRT provides */
+
+static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
+                                   LPARAM lParam)
+{
+    if (hwnd == topWnd) {
+        switch (message) {
+        case WM_DESTROY:
+        case WM_CLOSE:
+            SetWindowLong(topWnd, GWL_WNDPROC, (LONG) lpTopWndProc);
+            ssl_sock_cleanup();
+            break;
+        }
+    }
+    return CallWindowProc(lpTopWndProc, hwnd, message, wParam, lParam);
+}
+
+static BOOL CALLBACK enumproc(HWND hwnd, LPARAM lParam)
+{
+    topWnd = hwnd;
+    return (FALSE);
+}
+
+#  endif                        /* OPENSSL_SYS_WIN32 */
 # endif                         /* OPENSSL_SYS_WINDOWS */
 
 # ifdef OPENSSL_SYS_WINDOWS
@@ -164,6 +199,13 @@ static int ssl_sock_init(void)
                        err);
             return (0);
         }
+#  ifdef OPENSSL_SYS_WIN16
+        EnumTaskWindows(GetCurrentTask(), enumproc, 0L);
+        lpTopWndProc = (FARPROC) GetWindowLong(topWnd, GWL_WNDPROC);
+        lpTopHookProc = MakeProcInstance((FARPROC) topHookProc, _hInstance);
+
+        SetWindowLong(topWnd, GWL_WNDPROC, (LONG) lpTopHookProc);
+#  endif                        /* OPENSSL_SYS_WIN16 */
     }
 # elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
     WORD wVerReq;
@@ -189,18 +231,17 @@ static int ssl_sock_init(void)
     return (1);
 }
 
-int init_client(int *sock, const char *host, int port, int type)
+int init_client(int *sock, char *host, int port, int type)
 {
     unsigned char ip[4];
 
-    ip[0] = ip[1] = ip[2] = ip[3] = 0;
+    memset(ip, '\0', sizeof ip);
     if (!host_ip(host, &(ip[0])))
         return 0;
     return init_client_ip(sock, ip, port, type);
 }
 
-static int init_client_ip(int *sock, const unsigned char ip[4], int port,
-                          int type)
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 {
     unsigned long addr;
     struct sockaddr_in them;
@@ -219,7 +260,7 @@ static int init_client_ip(int *sock, const unsigned char ip[4], int port,
     them.sin_addr.s_addr = htonl(addr);
 
     if (type == SOCK_STREAM)
-        s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
     else                        /* ( type == SOCK_DGRAM) */
         s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
 
@@ -227,7 +268,7 @@ static int init_client_ip(int *sock, const unsigned char ip[4], int port,
         perror("socket");
         return (0);
     }
-# if defined(SO_KEEPALIVE)
+# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
     if (type == SOCK_STREAM) {
         i = 0;
         i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i));
@@ -248,37 +289,6 @@ static int init_client_ip(int *sock, const unsigned char ip[4], int port,
     return (1);
 }
 
-# ifndef NO_SYS_UN_H
-int init_client_unix(int *sock, const char *server)
-{
-    struct sockaddr_un them;
-    int s;
-
-    if (strlen(server) > (UNIX_PATH_MAX + 1))
-        return (0);
-    if (!ssl_sock_init())
-        return (0);
-
-    s = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (s == INVALID_SOCKET) {
-        perror("socket");
-        return (0);
-    }
-
-    memset((char *)&them, 0, sizeof(them));
-    them.sun_family = AF_UNIX;
-    strcpy(them.sun_path, server);
-
-    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
-        closesocket(s);
-        perror("connect");
-        return (0);
-    }
-    *sock = s;
-    return (1);
-}
-# endif
-
 int do_server(int port, int type, int *ret,
               int (*cb) (char *hostname, int s, int stype,
                          unsigned char *context), unsigned char *context,
@@ -298,12 +308,7 @@ int do_server(int port, int type, int *ret,
     }
     for (;;) {
         if (type == SOCK_STREAM) {
-# ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-            if (do_accept(accept_socket, &sock, NULL) == 0)
-# else
-            if (do_accept(accept_socket, &sock, &name) == 0)
-# endif
-            {
+            if (do_accept(accept_socket, &sock, &name) == 0) {
                 SHUTDOWN(accept_socket);
                 return (0);
             }
@@ -323,42 +328,6 @@ int do_server(int port, int type, int *ret,
     }
 }
 
-# ifndef NO_SYS_UN_H
-int do_server_unix(const char *path, int *ret,
-                   int (*cb) (char *hostname, int s, int stype,
-                              unsigned char *context), unsigned char *context,
-                   int naccept)
-{
-    int sock;
-    int accept_socket = 0;
-    int i;
-
-    if (!init_server_unix(&accept_socket, path))
-        return (0);
-
-    if (ret != NULL)
-        *ret = accept_socket;
-    for (;;) {
-        if (do_accept_unix(accept_socket, &sock) == 0) {
-            SHUTDOWN(accept_socket);
-            i = 0;
-            goto out;
-        }
-        i = (*cb) (NULL, sock, 0, context);
-        SHUTDOWN2(sock);
-        if (naccept != -1)
-            naccept--;
-        if (i < 0 || naccept == 0) {
-            SHUTDOWN2(accept_socket);
-            goto out;
-        }
-    }
- out:
-    unlink(path);
-    return (i);
-}
-# endif
-
 static int init_server_long(int *sock, int port, char *ip, int type)
 {
     int ret = 0;
@@ -382,7 +351,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 # endif
 
     if (type == SOCK_STREAM)
-        s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
     else                        /* type == SOCK_DGRAM */
         s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
 
@@ -417,50 +386,6 @@ static int init_server(int *sock, int port, int type)
     return (init_server_long(sock, port, NULL, type));
 }
 
-# ifndef NO_SYS_UN_H
-static int init_server_unix(int *sock, const char *path)
-{
-    int ret = 0;
-    struct sockaddr_un server;
-    int s = -1;
-
-    if (strlen(path) > (UNIX_PATH_MAX + 1))
-        return (0);
-    if (!ssl_sock_init())
-        return (0);
-
-    s = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (s == INVALID_SOCKET)
-        goto err;
-
-    memset((char *)&server, 0, sizeof(server));
-    server.sun_family = AF_UNIX;
-    strcpy(server.sun_path, path);
-
-    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
-#  ifndef OPENSSL_SYS_WINDOWS
-        perror("bind");
-#  endif
-        goto err;
-    }
-    /* Make it 128 for linux */
-    if (listen(s, 128) == -1) {
-#  ifndef OPENSSL_SYS_WINDOWS
-        perror("listen");
-#  endif
-        unlink(path);
-        goto err;
-    }
-    *sock = s;
-    ret = 1;
- err:
-    if ((ret == 0) && (s != -1)) {
-        SHUTDOWN(s);
-    }
-    return (ret);
-}
-# endif
-
 static int do_accept(int acc_sock, int *sock, char **host)
 {
     int ret;
@@ -552,33 +477,6 @@ static int do_accept(int acc_sock, int *sock, char **host)
     return (1);
 }
 
-# ifndef NO_SYS_UN_H
-static int do_accept_unix(int acc_sock, int *sock)
-{
-    int ret;
-
-    if (!ssl_sock_init())
-        return (0);
-
- redoit:
-    ret = accept(acc_sock, NULL, NULL);
-    if (ret == INVALID_SOCKET) {
-        if (errno == EINTR) {
-            /*
-             * check_timeout();
-             */
-            goto redoit;
-        }
-        fprintf(stderr, "errno=%d ", errno);
-        perror("accept");
-        return (0);
-    }
-
-    *sock = ret;
-    return (1);
-}
-# endif
-
 int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
                       short *port_ptr)
 {
@@ -604,7 +502,7 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
     return (0);
 }
 
-static int host_ip(const char *str, unsigned char ip[4])
+static int host_ip(char *str, unsigned char ip[4])
 {
     unsigned int in[4];
     int i;
@@ -631,7 +529,8 @@ static int host_ip(const char *str, unsigned char ip[4])
             BIO_printf(bio_err, "gethostbyname failure\n");
             goto err;
         }
-        if (he->h_addrtype != AF_INET) {
+        /* cast to short because of win16 winsock definition */
+        if ((short)he->h_addrtype != AF_INET) {
             BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
             return (0);
         }
@@ -645,7 +544,7 @@ static int host_ip(const char *str, unsigned char ip[4])
     return (0);
 }
 
-int extract_port(const char *str, short *port_ptr)
+int extract_port(char *str, short *port_ptr)
 {
     int i;
     struct servent *s;
@@ -674,7 +573,7 @@ static struct ghbn_cache_st {
 static unsigned long ghbn_hits = 0L;
 static unsigned long ghbn_miss = 0L;
 
-static struct hostent *GetHostByName(const char *name)
+static struct hostent *GetHostByName(char *name)
 {
     struct hostent *ret;
     int i, lowi = 0;

apps/s_time.c

@@ -69,6 +69,9 @@
 
 #define USE_SOCKETS
 #include "apps.h"
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/pem.h>
@@ -187,6 +190,7 @@ static void s_time_usage(void)
            SSL_CONNECT_NAME);
 #ifdef FIONBIO
     printf("-nbio         - Run with non-blocking IO\n");
+    printf("-ssl2         - Just use SSLv2\n");
     printf("-ssl3         - Just use SSLv3\n");
     printf("-bugs         - Turn on SSL bug compatibility\n");
     printf("-new          - Just time new connections\n");
@@ -285,6 +289,10 @@ static int parseArgs(int argc, char **argv)
             }
         } else if (strcmp(*argv, "-bugs") == 0)
             st_bugs = 1;
+#ifndef OPENSSL_NO_SSL2
+        else if (strcmp(*argv, "-ssl2") == 0)
+            s_time_meth = SSLv2_client_method();
+#endif
 #ifndef OPENSSL_NO_SSL3
         else if (strcmp(*argv, "-ssl3") == 0)
             s_time_meth = SSLv3_client_method();
@@ -294,6 +302,10 @@ static int parseArgs(int argc, char **argv)
             if (--argc < 1)
                 goto bad;
             maxTime = atoi(*(++argv));
+            if (maxTime <= 0) {
+                BIO_printf(bio_err, "time must be > 0\n");
+                badop = 1;
+            }
         } else {
             BIO_printf(bio_err, "unknown option %s\n", *argv);
             badop = 1;
@@ -432,6 +444,8 @@ int MAIN(int argc, char **argv)
                 ver = 't';
             else if (ver == SSL3_VERSION)
                 ver = '3';
+            else if (ver == SSL2_VERSION)
+                ver = '2';
             else
                 ver = '*';
         }
@@ -525,6 +539,8 @@ int MAIN(int argc, char **argv)
                 ver = 't';
             else if (ver == SSL3_VERSION)
                 ver = '3';
+            else if (ver == SSL2_VERSION)
+                ver = '2';
             else
                 ver = '*';
         }
@@ -538,7 +554,8 @@ int MAIN(int argc, char **argv)
          nConn, totalTime, ((double)nConn / totalTime), bytes_read);
     printf
         ("%d connections in %ld real seconds, %ld bytes read per connection\n",
-         nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
+         nConn, (long)time(NULL) - finishtime + maxTime,
+         bytes_read / (nConn?nConn:1));
 
     ret = 0;
  end:

apps/sess_id.c

@@ -73,12 +73,12 @@ static const char *sess_id_usage[] = {
     "usage: sess_id args\n",
     "\n",
     " -inform arg     - input format - default PEM (DER or PEM)\n",
-    " -outform arg    - output format - default PEM (PEM, DER or NSS)\n",
+    " -outform arg    - output format - default PEM\n",
     " -in arg         - input file - default stdin\n",
     " -out arg        - output file - default stdout\n",
     " -text           - print ssl session id details\n",
     " -cert           - output certificate \n",
-    " -noout          - no output of encoded session info\n",
+    " -noout          - no CRL output\n",
     " -context arg    - set the session ID context\n",
     NULL
 };
@@ -228,8 +228,6 @@ int MAIN(int argc, char **argv)
             i = i2d_SSL_SESSION_bio(out, x);
         else if (outformat == FORMAT_PEM)
             i = PEM_write_bio_SSL_SESSION(out, x);
-        else if (outformat == FORMAT_NSS)
-            i = SSL_SESSION_print_keylog(out, x);
         else {
             BIO_printf(bio_err, "bad output format specified for outfile\n");
             goto end;

apps/smime.c

@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
                    "-CApath dir    trusted certificates directory\n");
         BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
         BIO_printf(bio_err,
-                   "-trusted_first use locally trusted CA's first when building trust chain\n");
+                   "-no_alt_chains only ever use the first certificate chain found\n");
         BIO_printf(bio_err,
                    "-crl_check     check revocation status of signer's certificate using CRLs\n");
         BIO_printf(bio_err,

apps/speed.c

@@ -74,10 +74,9 @@
 #ifndef OPENSSL_NO_SPEED
 
 # undef SECONDS
-# define SECONDS                 3
-# define PRIME_SECONDS   10
-# define RSA_SECONDS             10
-# define DSA_SECONDS             10
+# define SECONDS         3
+# define RSA_SECONDS     10
+# define DSA_SECONDS     10
 # define ECDSA_SECONDS   10
 # define ECDH_SECONDS    10
 
@@ -93,6 +92,9 @@
 # include <string.h>
 # include <math.h>
 # include "apps.h"
+# ifdef OPENSSL_NO_STDIO
+#  define APPS_WIN16
+# endif
 # include <openssl/crypto.h>
 # include <openssl/rand.h>
 # include <openssl/err.h>
@@ -147,7 +149,7 @@
 # ifndef OPENSSL_NO_SHA
 #  include <openssl/sha.h>
 # endif
-# ifndef OPENSSL_NO_RMD160
+# ifndef OPENSSL_NO_RIPEMD
 #  include <openssl/ripemd.h>
 # endif
 # ifndef OPENSSL_NO_WHIRLPOOL
@@ -191,10 +193,26 @@
 # endif
 # include <openssl/modes.h>
 
-# include <openssl/bn.h>
+# ifdef OPENSSL_FIPS
+#  ifdef OPENSSL_DOING_MAKEDEPEND
+#   undef AES_set_encrypt_key
+#   undef AES_set_decrypt_key
+#   undef DES_set_key_unchecked
+#  endif
+#  define BF_set_key      private_BF_set_key
+#  define CAST_set_key    private_CAST_set_key
+#  define idea_set_encrypt_key    private_idea_set_encrypt_key
+#  define SEED_set_key    private_SEED_set_key
+#  define RC2_set_key     private_RC2_set_key
+#  define RC4_set_key     private_RC4_set_key
+#  define DES_set_key_unchecked   private_DES_set_key_unchecked
+#  define AES_set_encrypt_key     private_AES_set_encrypt_key
+#  define AES_set_decrypt_key     private_AES_set_decrypt_key
+#  define Camellia_set_key        private_Camellia_set_key
+# endif
 
 # ifndef HAVE_FORK
-#  if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
+#  if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
 #   define HAVE_FORK 0
 #  else
 #   define HAVE_FORK 1
@@ -208,9 +226,7 @@
 # endif
 
 # undef BUFSIZE
-# define BUFSIZE (1024*8+1)
-# define MAX_MISALIGNMENT 63
-
+# define BUFSIZE ((long)1024*8+1)
 static volatile int run = 0;
 
 static int mr = 0;
@@ -227,8 +243,7 @@ static int do_multi(int multi);
 
 # define ALGOR_NUM       30
 # define SIZE_NUM        5
-# define PRIME_NUM       3
-# define RSA_NUM         7
+# define RSA_NUM         4
 # define DSA_NUM         3
 
 # define EC_NUM       16
@@ -278,6 +293,9 @@ static SIGRETTYPE sig_done(int sig)
 {
     signal(SIGALRM, sig_done);
     run = 0;
+#  ifdef LINT
+    sig = sig;
+#  endif
 }
 # endif
 
@@ -307,10 +325,8 @@ static DWORD WINAPI sleepy(VOID * arg)
 
 static double Time_F(int s)
 {
-    double ret;
-    static HANDLE thr;
-
     if (s == START) {
+        HANDLE thr;
         schlock = 0;
         thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
         if (thr == NULL) {
@@ -318,26 +334,18 @@ static double Time_F(int s)
             BIO_printf(bio_err, "unable to CreateThread (%d)", ret);
             ExitProcess(ret);
         }
+        CloseHandle(thr);       /* detach the thread */
         while (!schlock)
             Sleep(0);           /* scheduler spinlock */
-        ret = app_tminterval(s, usertime);
-    } else {
-        ret = app_tminterval(s, usertime);
-        if (run)
-            TerminateThread(thr, 0);
-        CloseHandle(thr);
     }
 
-    return ret;
+    return app_tminterval(s, usertime);
 }
 # else
 
 static double Time_F(int s)
 {
-    double ret = app_tminterval(s, usertime);
-    if (s == STOP)
-        alarm(0);
-    return ret;
+    return app_tminterval(s, usertime);
 }
 # endif
 
@@ -364,7 +372,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
-    unsigned char *buf_malloc = NULL, *buf2_malloc = NULL;
     unsigned char *buf = NULL, *buf2 = NULL;
     int mret = 1;
     long count = 0, save_count = 0;
@@ -401,7 +408,7 @@ int MAIN(int argc, char **argv)
 # ifndef OPENSSL_NO_WHIRLPOOL
     unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
 # endif
-# ifndef OPENSSL_NO_RMD160
+# ifndef OPENSSL_NO_RIPEMD
     unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
 # endif
 # ifndef OPENSSL_NO_RC4
@@ -511,19 +518,13 @@ int MAIN(int argc, char **argv)
 # define D_GHASH         29
     double d = 0.0;
     long c[ALGOR_NUM][SIZE_NUM];
-
-# ifndef OPENSSL_SYS_WIN32
-# endif
 # define R_DSA_512       0
 # define R_DSA_1024      1
 # define R_DSA_2048      2
 # define R_RSA_512       0
 # define R_RSA_1024      1
 # define R_RSA_2048      2
-# define R_RSA_3072      3
-# define R_RSA_4096      4
-# define R_RSA_7680      5
-# define R_RSA_15360     6
+# define R_RSA_4096      3
 
 # define R_EC_P160    0
 # define R_EC_P192    1
@@ -546,16 +547,14 @@ int MAIN(int argc, char **argv)
     RSA *rsa_key[RSA_NUM];
     long rsa_c[RSA_NUM][2];
     static unsigned int rsa_bits[RSA_NUM] = {
-        512, 1024, 2048, 3072, 4096, 7680, 15360
+        512, 1024, 2048, 4096
     };
     static unsigned char *rsa_data[RSA_NUM] = {
-        test512, test1024, test2048, test3072, test4096, test7680, test15360
+        test512, test1024, test2048, test4096
     };
     static int rsa_data_length[RSA_NUM] = {
         sizeof(test512), sizeof(test1024),
-        sizeof(test2048), sizeof(test3072),
-        sizeof(test4096), sizeof(test7680),
-        sizeof(test15360)
+        sizeof(test2048), sizeof(test4096)
     };
 # endif
 # ifndef OPENSSL_NO_DSA
@@ -650,7 +649,6 @@ int MAIN(int argc, char **argv)
     int multi = 0;
 # endif
     int multiblock = 0;
-    int misalign = MAX_MISALIGNMENT + 1;
 
 # ifndef TIMES
     usertime = -1;
@@ -685,22 +683,15 @@ int MAIN(int argc, char **argv)
         rsa_key[i] = NULL;
 # endif
 
-    if ((buf_malloc =
-         (unsigned char *)OPENSSL_malloc(BUFSIZE + misalign)) == NULL) {
+    if ((buf = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
         BIO_printf(bio_err, "out of memory\n");
         goto end;
     }
-    if ((buf2_malloc =
-         (unsigned char *)OPENSSL_malloc(BUFSIZE + misalign)) == NULL) {
+    if ((buf2 = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
         BIO_printf(bio_err, "out of memory\n");
         goto end;
     }
 
-    misalign = 0;               /* set later and buf/buf2 are adjusted
-                                 * accordingly */
-    buf = buf_malloc;
-    buf2 = buf2_malloc;
-
     memset(c, 0, sizeof(c));
     memset(DES_iv, 0, sizeof(DES_iv));
     memset(iv, 0, sizeof(iv));
@@ -791,23 +782,6 @@ int MAIN(int argc, char **argv)
         } else if (argc > 0 && !strcmp(*argv, "-mb")) {
             multiblock = 1;
             j--;
-        } else if (argc > 0 && !strcmp(*argv, "-misalign")) {
-            argc--;
-            argv++;
-            if (argc == 0) {
-                BIO_printf(bio_err, "no misalignment given\n");
-                goto end;
-            }
-            misalign = atoi(argv[0]);
-            if (misalign < 0 || misalign > MAX_MISALIGNMENT) {
-                BIO_printf(bio_err,
-                           "misalignment is outsize permitted range 0-%d\n",
-                           MAX_MISALIGNMENT);
-                goto end;
-            }
-            buf = buf_malloc + misalign;
-            buf2 = buf2_malloc + misalign;
-            j--;
         } else
 # ifndef OPENSSL_NO_MD2
         if (strcmp(*argv, "md2") == 0)
@@ -856,7 +830,7 @@ int MAIN(int argc, char **argv)
             doit[D_WHIRLPOOL] = 1;
         else
 # endif
-# ifndef OPENSSL_NO_RMD160
+# ifndef OPENSSL_NO_RIPEMD
         if (strcmp(*argv, "ripemd") == 0)
             doit[D_RMD160] = 1;
         else if (strcmp(*argv, "rmd160") == 0)
@@ -927,14 +901,8 @@ int MAIN(int argc, char **argv)
             rsa_doit[R_RSA_1024] = 2;
         else if (strcmp(*argv, "rsa2048") == 0)
             rsa_doit[R_RSA_2048] = 2;
-        else if (strcmp(*argv, "rsa3072") == 0)
-            rsa_doit[R_RSA_3072] = 2;
         else if (strcmp(*argv, "rsa4096") == 0)
             rsa_doit[R_RSA_4096] = 2;
-        else if (strcmp(*argv, "rsa7680") == 0)
-            rsa_doit[R_RSA_7680] = 2;
-        else if (strcmp(*argv, "rsa15360") == 0)
-            rsa_doit[R_RSA_15360] = 2;
         else
 # ifndef OPENSSL_NO_RC2
         if (strcmp(*argv, "rc2-cbc") == 0)
@@ -1009,10 +977,7 @@ int MAIN(int argc, char **argv)
             rsa_doit[R_RSA_512] = 1;
             rsa_doit[R_RSA_1024] = 1;
             rsa_doit[R_RSA_2048] = 1;
-            rsa_doit[R_RSA_3072] = 1;
             rsa_doit[R_RSA_4096] = 1;
-            rsa_doit[R_RSA_7680] = 1;
-            rsa_doit[R_RSA_15360] = 1;
         } else
 # endif
 # ifndef OPENSSL_NO_DSA
@@ -1129,12 +1094,12 @@ int MAIN(int argc, char **argv)
 # ifndef OPENSSL_NO_WHIRLPOOL
             BIO_printf(bio_err, "whirlpool");
 # endif
-# ifndef OPENSSL_NO_RMD160
+# ifndef OPENSSL_NO_RIPEMD160
             BIO_printf(bio_err, "rmd160");
 # endif
 # if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
     !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
-    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RMD160) || \
+    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
     !defined(OPENSSL_NO_WHIRLPOOL)
             BIO_printf(bio_err, "\n");
 # endif
@@ -1176,9 +1141,7 @@ int MAIN(int argc, char **argv)
             BIO_printf(bio_err, "\n");
 
 # ifndef OPENSSL_NO_RSA
-            BIO_printf(bio_err,
-                       "rsa512   rsa1024  rsa2048  rsa3072  rsa4096\n");
-            BIO_printf(bio_err, "rsa7680  rsa15360\n");
+            BIO_printf(bio_err, "rsa512   rsa1024  rsa2048  rsa4096\n");
 # endif
 
 # ifndef OPENSSL_NO_DSA
@@ -1252,12 +1215,6 @@ int MAIN(int argc, char **argv)
             BIO_printf(bio_err,
                        "-mr             "
                        "produce machine readable output.\n");
-            BIO_printf(bio_err,
-                       "-mb             "
-                       "perform multi-block benchmark (for specific ciphers)\n");
-            BIO_printf(bio_err,
-                       "-misalign n     "
-                       "perform benchmark with misaligned data\n");
 # ifndef NO_FORK
             BIO_printf(bio_err,
                        "-multi n        " "run n benchmarks in parallel.\n");
@@ -1414,25 +1371,23 @@ int MAIN(int argc, char **argv)
     c[D_IGE_256_AES][0] = count;
     c[D_GHASH][0] = count;
 
+    for (i = 1; i < SIZE_NUM; i++) {
+        c[D_MD2][i] = c[D_MD2][0] * 4 * lengths[0] / lengths[i];
+        c[D_MDC2][i] = c[D_MDC2][0] * 4 * lengths[0] / lengths[i];
+        c[D_MD4][i] = c[D_MD4][0] * 4 * lengths[0] / lengths[i];
+        c[D_MD5][i] = c[D_MD5][0] * 4 * lengths[0] / lengths[i];
+        c[D_HMAC][i] = c[D_HMAC][0] * 4 * lengths[0] / lengths[i];
+        c[D_SHA1][i] = c[D_SHA1][0] * 4 * lengths[0] / lengths[i];
+        c[D_RMD160][i] = c[D_RMD160][0] * 4 * lengths[0] / lengths[i];
+        c[D_SHA256][i] = c[D_SHA256][0] * 4 * lengths[0] / lengths[i];
+        c[D_SHA512][i] = c[D_SHA512][0] * 4 * lengths[0] / lengths[i];
+        c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * lengths[0] / lengths[i];
+    }
     for (i = 1; i < SIZE_NUM; i++) {
         long l0, l1;
 
-        l0 = (long)lengths[0];
-        l1 = (long)lengths[i];
-
-        c[D_MD2][i] = c[D_MD2][0] * 4 * l0 / l1;
-        c[D_MDC2][i] = c[D_MDC2][0] * 4 * l0 / l1;
-        c[D_MD4][i] = c[D_MD4][0] * 4 * l0 / l1;
-        c[D_MD5][i] = c[D_MD5][0] * 4 * l0 / l1;
-        c[D_HMAC][i] = c[D_HMAC][0] * 4 * l0 / l1;
-        c[D_SHA1][i] = c[D_SHA1][0] * 4 * l0 / l1;
-        c[D_RMD160][i] = c[D_RMD160][0] * 4 * l0 / l1;
-        c[D_SHA256][i] = c[D_SHA256][0] * 4 * l0 / l1;
-        c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1;
-        c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1;
-
         l0 = (long)lengths[i - 1];
-
+        l1 = (long)lengths[i];
         c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
         c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
         c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
@@ -1452,7 +1407,6 @@ int MAIN(int argc, char **argv)
         c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
         c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
     }
-
 #   ifndef OPENSSL_NO_RSA
     rsa_c[R_RSA_512][0] = count / 2000;
     rsa_c[R_RSA_512][1] = count / 400;
@@ -1638,7 +1592,8 @@ int MAIN(int argc, char **argv)
             print_message(names[D_MD5], c[D_MD5][j], lengths[j]);
             Time_F(START);
             for (count = 0, run = 1; COND(c[D_MD5][j]); count++)
-                MD5(buf, lengths[j], md5);
+                EVP_Digest(&(buf[0]), (unsigned long)lengths[j], &(md5[0]),
+                           NULL, EVP_get_digestbyname("md5"), NULL);
             d = Time_F(STOP);
             print_result(D_MD5, j, count, d);
         }
@@ -1673,12 +1628,8 @@ int MAIN(int argc, char **argv)
             print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
             Time_F(START);
             for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
-#  if 0
                 EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
                            EVP_sha1(), NULL);
-#  else
-                SHA1(buf, lengths[j], sha);
-#  endif
             d = Time_F(STOP);
             print_result(D_SHA1, j, count, d);
         }
@@ -1723,7 +1674,7 @@ int MAIN(int argc, char **argv)
     }
 # endif
 
-# ifndef OPENSSL_NO_RMD160
+# ifndef OPENSSL_NO_RIPEMD
     if (doit[D_RMD160]) {
         for (j = 0; j < SIZE_NUM; j++) {
             print_message(names[D_RMD160], c[D_RMD160][j], lengths[j]);
@@ -2061,8 +2012,7 @@ int MAIN(int argc, char **argv)
             print_result(D_EVP, j, count, d);
         }
     }
-# ifndef OPENSSL_SYS_WIN32
-# endif
+
     RAND_pseudo_bytes(buf, 36);
 # ifndef OPENSSL_NO_RSA
     for (j = 0; j < RSA_NUM; j++) {
@@ -2547,10 +2497,10 @@ int MAIN(int argc, char **argv)
 
  end:
     ERR_print_errors(bio_err);
-    if (buf_malloc != NULL)
-        OPENSSL_free(buf_malloc);
-    if (buf2_malloc != NULL)
-        OPENSSL_free(buf2_malloc);
+    if (buf != NULL)
+        OPENSSL_free(buf);
+    if (buf2 != NULL)
+        OPENSSL_free(buf2);
 # ifndef OPENSSL_NO_RSA
     for (i = 0; i < RSA_NUM; i++)
         if (rsa_key[i] != NULL)
@@ -2594,6 +2544,9 @@ static void print_message(const char *s, long num, int length)
                : "Doing %s %ld times on %d size blocks: ", s, num, length);
     (void)BIO_flush(bio_err);
 # endif
+# ifdef LINT
+    num = num;
+# endif
 }
 
 static void pkey_print_message(const char *str, const char *str2, long num,
@@ -2611,6 +2564,9 @@ static void pkey_print_message(const char *str, const char *str2, long num,
                : "Doing %ld %d bit %s %s's: ", num, bits, str, str2);
     (void)BIO_flush(bio_err);
 # endif
+# ifdef LINT
+    num = num;
+# endif
 }
 
 static void print_result(int alg, int run_no, int count, double time_used)
@@ -2718,25 +2674,6 @@ static int do_multi(int multi)
                 k = atoi(sstrsep(&p, sep));
                 sstrsep(&p, sep);
 
-                d = atof(sstrsep(&p, sep));
-                if (n)
-                    rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
-                else
-                    rsa_results[k][0] = d;
-
-                d = atof(sstrsep(&p, sep));
-                if (n)
-                    rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
-                else
-                    rsa_results[k][1] = d;
-            } else if (!strncmp(buf, "+F2:", 4)) {
-                int k;
-                double d;
-
-                p = buf + 4;
-                k = atoi(sstrsep(&p, sep));
-                sstrsep(&p, sep);
-
                 d = atof(sstrsep(&p, sep));
                 if (n)
                     rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
@@ -2838,6 +2775,11 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
 
     inp = OPENSSL_malloc(mblengths[num - 1]);
     out = OPENSSL_malloc(mblengths[num - 1] + 1024);
+    if (!inp || !out) {
+        BIO_printf(bio_err,"Out of memory\n");
+        goto end;
+    }
+
 
     EVP_CIPHER_CTX_init(&ctx);
     EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv);
@@ -2849,7 +2791,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
         print_message(alg_name, 0, mblengths[j]);
         Time_F(START);
         for (count = 0, run = 1; run && count < 0x7fffffff; count++) {
-            unsigned char aad[13];
+            unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
             EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
             size_t len = mblengths[j];
             int packlen;
@@ -2884,7 +2826,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
                 aad[11] = len >> 8;
                 aad[12] = len;
                 pad = EVP_CIPHER_CTX_ctrl(&ctx,
-                                          EVP_CTRL_AEAD_TLS1_AAD, 13, aad);
+                                          EVP_CTRL_AEAD_TLS1_AAD,
+                                          EVP_AEAD_TLS1_AAD_LEN, aad);
                 EVP_Cipher(&ctx, out, inp, len + pad);
             }
         }
@@ -2922,7 +2865,10 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
         fprintf(stdout, "\n");
     }
 
-    OPENSSL_free(inp);
-    OPENSSL_free(out);
+end:
+    if (inp)
+        OPENSSL_free(inp);
+    if (out)
+        OPENSSL_free(out);
 }
 #endif

apps/srp.c

@@ -85,7 +85,7 @@
 static char *srp_usage[] = {
     "usage: srp [args] [user] \n",
     "\n",
-    " -verbose        Talk a lot while doing things\n",
+    " -verbose        Talk alot while doing things\n",
     " -config file    A config file\n",
     " -name arg       The particular srp definition to use\n",
     " -srpvfile arg   The srp verifier file name\n",
@@ -198,7 +198,7 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
     return 1;
 }
 
-static void lookup_fail(const char *name, const char *tag)
+static void lookup_fail(const char *name, char *tag)
 {
     BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
 }
@@ -217,17 +217,14 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
 
     if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
         VERBOSE BIO_printf(bio,
-                           "Validating\n"
-                           " user=\"%s\"\n"
-                           " srp_verifier=\"%s\"\n"
-                           " srp_usersalt=\"%s\"\n"
-                           " g=\"%s\"\n N=\"%s\"\n",
+                           "Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
                            user, srp_verifier, srp_usersalt, g, N);
         BIO_printf(bio, "Pass %s\n", password);
 
-        OPENSSL_assert(srp_usersalt != NULL);
-        if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
-                                         &verifier, N, g))) {
+        if (!
+            (gNid =
+             SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
+                                 g))) {
             BIO_printf(bio, "Internal error validating SRP verifier\n");
         } else {
             if (strcmp(verifier, srp_verifier))
@@ -251,11 +248,12 @@ static char *srp_create_user(char *user, char **srp_verifier,
 
     if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
         VERBOSE BIO_printf(bio,
-                           "Creating\n"
-                           " user=\"%s\"\n"
-                           " g=\"%s\"\n" " N=\"%s\"\n", user, g, N);
-        if (!(gNid = SRP_create_verifier(user, password, &salt,
-                                         srp_verifier, N, g))) {
+                           "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+                           user, g, N);
+        if (!
+            (gNid =
+             SRP_create_verifier(user, password, &salt, srp_verifier, N,
+                                 g))) {
             BIO_printf(bio, "Internal error creating SRP verifier\n");
         } else
             *srp_usersalt = salt;
@@ -384,13 +382,13 @@ int MAIN(int argc, char **argv)
         badops = 1;
     }
     if (add_user + delete_user + modify_user + list_user != 1) {
-        BIO_printf(bio_err, "Exactly one of the options "
-                   "-add, -delete, -modify -list must be specified.\n");
+        BIO_printf(bio_err,
+                   "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
         badops = 1;
     }
     if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
-        BIO_printf(bio_err, "Need at least one user for options "
-                   "-add, -delete, -modify. \n");
+        BIO_printf(bio_err,
+                   "Need at least one user for options -add, -delete, -modify. \n");
         badops = 1;
     }
     if ((passin || passout) && argc != 1) {
@@ -437,10 +435,18 @@ int MAIN(int argc, char **argv)
 # ifdef OPENSSL_SYS_VMS
             len = strlen(s) + sizeof(CONFIG_FILE);
             tofree = OPENSSL_malloc(len);
+            if (!tofree) {
+                BIO_printf(bio_err, "Out of memory\n");
+                goto err;
+            }
             strcpy(tofree, s);
 # else
             len = strlen(s) + sizeof(CONFIG_FILE) + 1;
             tofree = OPENSSL_malloc(len);
+            if (!tofree) {
+                BIO_printf(bio_err, "Out of memory\n");
+                goto err;
+            }
             BUF_strlcpy(tofree, s, len);
             BUF_strlcat(tofree, "/", len);
 # endif
@@ -573,15 +579,16 @@ int MAIN(int argc, char **argv)
                 row[DB_srpverifier] = NULL;
                 row[DB_srpsalt] = NULL;
                 row[DB_srpinfo] = NULL;
-                if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]),
-                                             &(row[DB_srpsalt]),
-                                             gNrow ? gNrow[DB_srpsalt] : gN,
-                                             gNrow ? gNrow[DB_srpverifier] :
-                                             NULL, passout, bio_err,
-                                             verbose))) {
+                if (!
+                    (gNid =
+                     srp_create_user(user, &(row[DB_srpverifier]),
+                                     &(row[DB_srpsalt]),
+                                     gNrow ? gNrow[DB_srpsalt] : gN,
+                                     gNrow ? gNrow[DB_srpverifier] : NULL,
+                                     passout, bio_err, verbose))) {
                     BIO_printf(bio_err,
-                               "Cannot create srp verifier for user \"%s\","
-                               " operation abandoned .\n", user);
+                               "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
+                               user);
                     errors++;
                     goto err;
                 }
@@ -590,9 +597,13 @@ int MAIN(int argc, char **argv)
                 row[DB_srpgN] = BUF_strdup(gNid);
 
                 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
-                    || !row[DB_srpverifier] || !row[DB_srpsalt]
-                    || (userinfo
-                        && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))
+                    || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo
+                                                                    &&
+                                                                    (!(row
+                                                                       [DB_srpinfo]
+                                                                       =
+                                                                       BUF_strdup
+                                                                       (userinfo))))
                     || !update_index(db, bio_err, row)) {
                     if (row[DB_srpid])
                         OPENSSL_free(row[DB_srpid]);
@@ -638,8 +649,9 @@ int MAIN(int argc, char **argv)
                         if ((user_gN =
                              get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
                             irow =
-                                sk_OPENSSL_PSTRING_value(db->db->data,
-                                                         userindex);
+                                (char **)sk_OPENSSL_PSTRING_value(db->
+                                                                  db->data,
+                                                                  userindex);
 
                         if (!srp_verify_user
                             (user, row[DB_srpverifier], row[DB_srpsalt],
@@ -657,16 +669,16 @@ int MAIN(int argc, char **argv)
                                        "Password for user \"%s\" ok.\n",
                                        user);
 
-                    if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]),
-                                                 &(row[DB_srpsalt]),
-                                                 gNrow ? gNrow[DB_srpsalt] :
-                                                 NULL,
-                                                 gNrow ? gNrow[DB_srpverifier]
-                                                 : NULL, passout, bio_err,
-                                                 verbose))) {
+                    if (!
+                        (gNid =
+                         srp_create_user(user, &(row[DB_srpverifier]),
+                                         &(row[DB_srpsalt]),
+                                         gNrow ? gNrow[DB_srpsalt] : NULL,
+                                         gNrow ? gNrow[DB_srpverifier] : NULL,
+                                         passout, bio_err, verbose))) {
                         BIO_printf(bio_err,
-                                   "Cannot create srp verifier for user \"%s\","
-                                   " operation abandoned.\n", user);
+                                   "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
+                                   user);
                         errors++;
                         goto err;
                     }

apps/ts.c

@@ -105,7 +105,7 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
                                 char *queryfile, char *passin, char *inkey,
                                 char *signer, char *chain,
                                 const char *policy);
-static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
+static ASN1_INTEGER *MS_CALLBACK serial_cb(TS_RESP_CTX *ctx, void *data);
 static ASN1_INTEGER *next_serial(const char *serialfile);
 static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
 
@@ -118,7 +118,7 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
                                         char *ca_path, char *ca_file,
                                         char *untrusted);
 static X509_STORE *create_cert_store(char *ca_path, char *ca_file);
-static int verify_cb(int ok, X509_STORE_CTX *ctx);
+static int MS_CALLBACK verify_cb(int ok, X509_STORE_CTX *ctx);
 
 /* Main function definition. */
 int MAIN(int, char **);
@@ -591,8 +591,7 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md,
         while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
             EVP_DigestUpdate(&md_ctx, buffer, length);
         }
-        if (!EVP_DigestFinal(&md_ctx, *md_value, NULL))
-            return 0;
+        EVP_DigestFinal(&md_ctx, *md_value, NULL);
     } else {
         /* Digest bytes are specified with digest. */
         long digest_len;
@@ -859,7 +858,7 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
     return response;
 }
 
-static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data)
+static ASN1_INTEGER *MS_CALLBACK serial_cb(TS_RESP_CTX *ctx, void *data)
 {
     const char *serial_file = (const char *)data;
     ASN1_INTEGER *serial = next_serial(serial_file);
@@ -1100,7 +1099,7 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
     return NULL;
 }
 
-static int verify_cb(int ok, X509_STORE_CTX *ctx)
+static int MS_CALLBACK verify_cb(int ok, X509_STORE_CTX *ctx)
 {
     /*-
     char buf[256];

apps/tsget

@@ -1,7 +1,7 @@
 #!/usr/bin/perl -w
 # Written by Zoltan Glozik <zglozik@stones.com>.
 # Copyright (c) 2002 The OpenTSA Project.  All rights reserved.
-$::version = '$Id: tsget,v 1.3 2009/09/07 17:57:18 steve Exp $';
+$::version = '$Id: tsget,v 1.1.2.2 2009/09/07 17:57:02 steve Exp $';
 
 use strict;
 use IO::Handle;

apps/verify.c

@@ -69,10 +69,10 @@
 #undef PROG
 #define PROG    verify_main
 
-static int cb(int ok, X509_STORE_CTX *ctx);
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
 static int check(X509_STORE *ctx, char *file,
                  STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
-                 STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain);
+                 STACK_OF(X509_CRL) *crls, ENGINE *e);
 static int v_verbose = 0, vflags = 0;
 
 int MAIN(int, char **);
@@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
     X509_STORE *cert_ctx = NULL;
     X509_LOOKUP *lookup = NULL;
     X509_VERIFY_PARAM *vpm = NULL;
-    int crl_download = 0, show_chain = 0;
+    int crl_download = 0;
 #ifndef OPENSSL_NO_ENGINE
     char *engine = NULL;
 #endif
@@ -139,8 +139,6 @@ int MAIN(int argc, char **argv)
                 crlfile = *(++argv);
             } else if (strcmp(*argv, "-crl_download") == 0)
                 crl_download = 1;
-            else if (strcmp(*argv, "-show_chain") == 0)
-                show_chain = 1;
 #ifndef OPENSSL_NO_ENGINE
             else if (strcmp(*argv, "-engine") == 0) {
                 if (--argc < 1)
@@ -217,26 +215,24 @@ int MAIN(int argc, char **argv)
             goto end;
     }
 
+    ret = 0;
+
     if (crl_download)
         store_setup_crl_download(cert_ctx);
-
-    ret = 0;
     if (argc < 1) {
-        if (1 !=
-            check(cert_ctx, NULL, untrusted, trusted, crls, e, show_chain))
+        if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
             ret = -1;
     } else {
         for (i = 0; i < argc; i++)
-            if (1 !=
-                check(cert_ctx, argv[i], untrusted, trusted, crls, e,
-                      show_chain))
+            if (1 != check(cert_ctx, argv[i], untrusted, trusted, crls, e))
                 ret = -1;
     }
 
  end:
     if (ret == 1) {
         BIO_printf(bio_err,
-                   "usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
+                   "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+        BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
 #ifndef OPENSSL_NO_ENGINE
         BIO_printf(bio_err, " [-engine e]");
 #endif
@@ -250,15 +246,6 @@ int MAIN(int argc, char **argv)
                        X509_PURPOSE_get0_sname(ptmp),
                        X509_PURPOSE_get0_name(ptmp));
         }
-
-        BIO_printf(bio_err, "recognized verify names:\n");
-        for (i = 0; i < X509_VERIFY_PARAM_get_count(); i++) {
-            const X509_VERIFY_PARAM *vptmp;
-            vptmp = X509_VERIFY_PARAM_get0(i);
-            BIO_printf(bio_err, "\t%-10s\n",
-                       X509_VERIFY_PARAM_get0_name(vptmp));
-        }
-
     }
     if (vpm)
         X509_VERIFY_PARAM_free(vpm);
@@ -273,12 +260,11 @@ int MAIN(int argc, char **argv)
 
 static int check(X509_STORE *ctx, char *file,
                  STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
-                 STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain)
+                 STACK_OF(X509_CRL) *crls, ENGINE *e)
 {
     X509 *x = NULL;
     int i = 0, ret = 0;
     X509_STORE_CTX *csc;
-    STACK_OF(X509) *chain = NULL;
 
     x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
     if (x == NULL)
@@ -300,8 +286,6 @@ static int check(X509_STORE *ctx, char *file,
     if (crls)
         X509_STORE_CTX_set0_crls(csc, crls);
     i = X509_verify_cert(csc);
-    if (i > 0 && show_chain)
-        chain = X509_STORE_CTX_get1_chain(csc);
     X509_STORE_CTX_free(csc);
 
     ret = 0;
@@ -311,25 +295,13 @@ static int check(X509_STORE *ctx, char *file,
         ret = 1;
     } else
         ERR_print_errors(bio_err);
-    if (chain) {
-        printf("Chain:\n");
-        for (i = 0; i < sk_X509_num(chain); i++) {
-            X509 *cert = sk_X509_value(chain, i);
-            printf("depth=%d: ", i);
-            X509_NAME_print_ex_fp(stdout,
-                                  X509_get_subject_name(cert),
-                                  0, XN_FLAG_ONELINE);
-            printf("\n");
-        }
-        sk_X509_pop_free(chain, X509_free);
-    }
     if (x != NULL)
         X509_free(x);
 
     return (ret);
 }
 
-static int cb(int ok, X509_STORE_CTX *ctx)
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 {
     int cert_error = X509_STORE_CTX_get_error(ctx);
     X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);

apps/x509.c

@@ -60,6 +60,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
 #include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/asn1.h>
@@ -153,7 +156,7 @@ static const char *x509_usage[] = {
     NULL
 };
 
-static int callb(int ok, X509_STORE_CTX *ctx);
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
 static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
                 const EVP_MD *digest, CONF *conf, char *section);
 static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
@@ -826,6 +829,11 @@ int MAIN(int argc, char **argv)
 
                 z = i2d_X509(x, NULL);
                 m = OPENSSL_malloc(z);
+                if (!m) {
+                    BIO_printf(bio_err, "Out of memory\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
 
                 d = (unsigned char *)m;
                 z = i2d_X509_NAME(X509_get_subject_name(x), &d);
@@ -1168,7 +1176,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
     return ret;
 }
 
-static int callb(int ok, X509_STORE_CTX *ctx)
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 {
     int err;
     X509 *err_cert;

bugs/dggccbug.c

@@ -0,0 +1,45 @@
+/* NOCW */
+/* dggccbug.c */
+/* bug found by Eric Young (eay@cryptsoft.com) - May 1995 */
+
+#include <stdio.h>
+
+/*
+ * There is a bug in gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14
+ * 1994) as shipped with DGUX 5.4R3.10 that can be bypassed by defining
+ * DG_GCC_BUG in my code. The bug manifests itself by the vaule of a pointer
+ * that is used only by reference, not having it's value change when it is
+ * used to check for exiting the loop.  Probably caused by there being 2
+ * copies of the valiable, one in a register and one being an address that is
+ * passed.
+ */
+
+/*-
+ * compare the out put from
+ * gcc dggccbug.c; ./a.out
+ * and
+ * gcc -O dggccbug.c; ./a.out
+ * compile with -DFIXBUG to remove the bug when optimising.
+ */
+
+void inc(a)
+int *a;
+{
+    (*a)++;
+}
+
+main()
+{
+    int p = 0;
+#ifdef FIXBUG
+    int dummy;
+#endif
+
+    while (p < 3) {
+        fprintf(stderr, "%08X\n", p);
+        inc(&p);
+#ifdef FIXBUG
+        dummy += p;
+#endif
+    }
+}

bugs/sslref.dif

@@ -17,10 +17,10 @@ is returned as 1.
 =====
 I have not tested the following but it is reported by holtzman@mit.edu.
 
-SSLref clients wait to receive a server-verify before they send a
+SSLref clients wait to recieve a server-verify before they send a
 client-finished.  Besides this not being evident from the examples in
 2.2.1, it makes more sense to always send all packets you can before
-reading.  SSLeay was waiting in the server to receive a client-finish
+reading.  SSLeay was waiting in the server to recieve a client-finish
 before sending the server-verify :-).  I have changed SSLeay to send a
 server-verify before trying to read the client-finished.
 

config

@@ -102,6 +102,10 @@ fi
 # Now we simply scan though... In most cases, the SYSTEM info is enough
 #
 case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+    MPE/iX:*)
+	MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
+	echo "parisc-hp-MPE/iX"; exit 0
+	;;
     A/UX:*)
 	echo "m68k-apple-aux3"; exit 0
 	;;
@@ -118,6 +122,18 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-ibm-aix3"; exit 0
 	;;
 
+    BeOS:*:BePC)
+    if [ -e /boot/develop/headers/be/bone ]; then
+		echo "beos-x86-bone"; exit 0
+	else
+		echo "beos-x86-r5"; exit 0
+	fi
+	;;
+
+    dgux:*)
+	echo "${MACHINE}-dg-dgux"; exit 0
+	;;
+
     HI-UX:*)
 	echo "${MACHINE}-hi-hiux"; exit 0
 	;;
@@ -304,6 +320,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-unknown-ultrix"; exit 0
 	;;
 
+    SINIX*|ReliantUNIX*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0
+	;;
+
     POSIX-BC*)
 	echo "${MACHINE}-siemens-sysv4"; exit 0   # Here, $MACHINE == "BS2000"
 	;;
@@ -320,6 +340,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
 	;;
 
+    NEWS-OS:4.*)
+	echo "mips-sony-newsos4"; exit 0;
+	;;
+
     MINGW*)
 	echo "${MACHINE}-whatever-mingw"; exit 0;
 	;;
@@ -335,6 +359,18 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	exit 0
 	;;
 
+    *"CRAY T3E")
+       echo "t3e-cray-unicosmk"; exit 0;
+       ;;
+
+    *CRAY*)
+       echo "j90-cray-unicos"; exit 0;
+       ;;
+
+    NONSTOP_KERNEL*)
+       echo "nsr-tandem-nsk"; exit 0;
+       ;;
+
     vxworks*)
        echo "${MACHINE}-whatever-vxworks"; exit 0;
        ;;
@@ -346,7 +382,7 @@ esac
 #
 
 # Do the Apollo stuff first. Here, we just simply assume
-# that the existence of the /usr/apollo directory is proof
+# that the existance of the /usr/apollo directory is proof
 # enough
 if [ -d /usr/apollo ]; then
     echo "whatever-apollo-whatever"
@@ -536,8 +572,6 @@ case "$GUESSOS" in
   *-*-iphoneos)
 	options="$options -arch%20${MACHINE}"
 	OUT="iphoneos-cross" ;;
-  arm64-*-iphoneos|*-*-ios64)
-	OUT="ios64-cross" ;;
   alpha-*-linux2)
         ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
 	case ${ISA:-generic} in
@@ -748,6 +782,8 @@ case "$GUESSOS" in
 	EXE=".pm"
 	OUT="vos-$CC" ;;
   BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
+  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
+  *-siemens-sysv4) OUT="SINIX" ;;
   *-hpux1*)
 	if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then
 	    OUT="hpux64-parisc2-gcc"
@@ -813,8 +849,14 @@ case "$GUESSOS" in
 	fi
 	;;
   # these are all covered by the catchall below
+  # *-dgux) OUT="dgux" ;;
+  mips-sony-newsos4) OUT="newsos4-gcc" ;;
   *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
   *-*-cygwin) OUT="Cygwin" ;;
+  t3e-cray-unicosmk) OUT="cray-t3e" ;;
+  j90-cray-unicos) OUT="cray-j90" ;;
+  nsr-tandem-nsk) OUT="tandem-c89" ;;
+  beos-*) OUT="$GUESSOS" ;;
   x86pc-*-qnx6) OUT="QNX6-i386" ;;
   *-*-qnx6) OUT="QNX6" ;;
   x86-*-android|i?86-*-android) OUT="android-x86" ;;
@@ -822,7 +864,7 @@ case "$GUESSOS" in
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
-# NB: This atalla support has been superseded by the ENGINE support
+# NB: This atalla support has been superceded by the ENGINE support
 # That contains its own header and definitions anyway. Support can
 # be enabled or disabled on any supported platform without external
 # headers, eg. by adding the "hw-atalla" switch to ./config or
@@ -834,10 +876,6 @@ esac
 #  options="$options -DATALLA"
 #fi
 
-if [ -n "$CONFIG_OPTIONS" ]; then
-  options="$options $CONFIG_OPTIONS"
-fi
-
 if expr "$options" : '.*no\-asm' > /dev/null; then :; else
   sh -c "$CROSS_COMPILE${CC:-gcc} -Wa,--help -c -o /tmp/null.$$.o -x assembler /dev/null && rm /tmp/null.$$.o" 2>&1 | \
   grep \\--noexecstack >/dev/null && \

crypto/.cvsignore

@@ -0,0 +1,8 @@
+lib
+buildinf.h
+opensslconf.h
+Makefile.save
+*.flc
+semantic.cache
+*cpuid.s
+uplink-cof.s

crypto/Makefile

@@ -7,7 +7,7 @@ TOP=		..
 CC=		cc
 INCLUDE=	-I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
 # INCLUDES targets sudbirs!
-INCLUDES=	-I.. -I../.. -I../modes -I../asn1 -I../evp -I../include -I../../include $(ZLIB_INCLUDE)
+INCLUDES=	-I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
 CFLAG=		-g
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
@@ -36,17 +36,15 @@ TEST=constant_time_test.c
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
 LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
-	ebcdic.c uid.c o_time.c o_str.c o_dir.c thr_id.c lock.c fips_ers.c \
-	o_init.c o_fips.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \
-	ebcdic.o uid.o o_time.o o_str.o o_dir.o thr_id.o lock.o fips_ers.o \
-	o_init.o o_fips.o $(CPUID_OBJ)
+	ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
+	uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
 
 SRC= $(LIBSRC)
 
 EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
 	ossl_typ.h
-HEADER=	cryptlib.h buildinf.h md32_common.h o_str.h o_dir.h \
+HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
 	constant_time_locl.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -56,13 +54,6 @@ top:
 
 all: shared
 
-fips: cryptlib.o thr_id.o uid.o $(CPUID_OBJ)
-	[ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
-		    ( obj=`$(PERL) $(TOP)/util/fipsobj.pl $$i` && \
-			cd $$i && echo "making fips in $(DIR)/$$i..." && \
-		    $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$obj ) || exit 1; \
-		done;
-
 buildinf.h: ../Makefile
 	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
 
@@ -78,8 +69,8 @@ uplink.o:	$(TOP)/ms/uplink.c applink.o
 uplink-x86.s:	$(TOP)/ms/uplink-x86.pl
 	$(PERL) $(TOP)/ms/uplink-x86.pl $(PERLASM_SCHEME) > $@
 
-x86_64cpuid.s:	x86_64cpuid.pl;	$(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@
-ia64cpuid.s:	ia64cpuid.S;	$(CC) $(CFLAGS) -E ia64cpuid.S > $@
+x86_64cpuid.s: x86_64cpuid.pl;	$(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@
+ia64cpuid.s: ia64cpuid.S;	$(CC) $(CFLAGS) -E ia64cpuid.S > $@
 ppccpuid.s:	ppccpuid.pl;	$(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
 pariscid.s:	pariscid.pl;	$(PERL) pariscid.pl $(PERLASM_SCHEME) $@
 alphacpuid.s:	alphacpuid.pl
@@ -87,6 +78,12 @@ alphacpuid.s:	alphacpuid.pl
 	$(PERL) alphacpuid.pl > $$preproc && \
 	$(CC) -E -P $$preproc > $@ && rm $$preproc)
 
+testapps:
+	[ -z "$(THIS)" ] || (	if echo $(SDIRS) | fgrep ' des '; \
+				then cd des && $(MAKE) -e des; fi )
+	[ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps );
+	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
 subdirs:
 	@target=all; $(RECURSIVE_MAKE)
 
@@ -105,6 +102,7 @@ lib:	$(LIB)
 	@touch lib
 $(LIB):	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
+	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
 	$(RANLIB) $(LIB) || echo Never mind.
 
 shared: buildinf.h lib subdirs
@@ -124,17 +122,20 @@ install:
 	done;
 	@target=install; $(RECURSIVE_MAKE)
 
-uninstall:
-
 lint:
 	@target=lint; $(RECURSIVE_MAKE)
 
-depend:
+update: local_depend
+	@[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
+	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+depend: local_depend
+	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
+	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+local_depend:
 	@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
 	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 	@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
-	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
 
 clean:
 	rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
@@ -143,6 +144,7 @@ clean:
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
+	rm -f opensslconf.h
 	@target=dclean; $(RECURSIVE_MAKE)
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
@@ -176,13 +178,6 @@ ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 ex_data.o: ex_data.c
 fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c
-lock.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-lock.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-lock.o: ../include/openssl/err.h ../include/openssl/lhash.h
-lock.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-lock.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-lock.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-lock.o: lock.c
 mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
@@ -218,17 +213,8 @@ o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 o_init.o: ../include/openssl/symhacks.h o_init.c
 o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 o_str.o: o_str.c o_str.h
-o_time.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-o_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-o_time.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-o_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h o_time.c
-thr_id.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-thr_id.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-thr_id.o: ../include/openssl/err.h ../include/openssl/lhash.h
-thr_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-thr_id.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-thr_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-thr_id.o: thr_id.c
+o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
+o_time.o: o_time.h
 uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

crypto/aes/.cvsignore

@@ -0,0 +1,8 @@
+lib
+Makefile.save
+*.flc
+semantic.cache
+aes-*.s
+aesni-*.s
+bsaes-*.s
+vpaes-*.s

crypto/aes/Makefile

@@ -24,8 +24,8 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
-       aes_ige.c aes_wrap.c
-LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ige.o aes_wrap.o \
+       aes_ctr.c aes_ige.c aes_wrap.c
+LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \
        $(AES_ENC)
 
 SRC= $(LIBSRC)
@@ -72,7 +72,7 @@ aesni-mb-x86_64.s:	asm/aesni-mb-x86_64.pl
 
 aes-sparcv9.s: asm/aes-sparcv9.pl
 	$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
-aest4-sparcv9.s: asm/aest4-sparcv9.pl
+aest4-sparcv9.s: asm/aest4-sparcv9.pl ../perlasm/sparcv9_modes.pl
 	$(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@
 
 aes-ppc.s:	asm/aes-ppc.pl
@@ -93,7 +93,7 @@ aesv8-armx.S:	asm/aesv8-armx.pl
 aesv8-armx.o:	aesv8-armx.S
 
 # GNU make "catch all"
-aes-%.S:	asm/aes-%.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
+aes-%.S:	asm/aes-%.pl;	$(PERL) $< $(PERLASM_SCHEME) > $@
 aes-armv4.o:	aes-armv4.S
 bsaes-%.S:	asm/bsaes-%.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
 bsaes-armv7.o:	bsaes-armv7.S
@@ -122,6 +122,8 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
+update: depend
+
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
@@ -139,11 +141,10 @@ aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
 aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c
 aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
 aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c
-aes_core.o: ../../include/openssl/aes.h ../../include/openssl/crypto.h
-aes_core.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-aes_core.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-aes_core.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-aes_core.o: ../../include/openssl/symhacks.h aes_core.c aes_locl.h
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c
 aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
 aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h
@@ -153,9 +154,11 @@ aes_ige.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 aes_ige.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 aes_ige.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h
-aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_misc.o: ../../include/openssl/opensslconf.h
-aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/crypto.h
+aes_misc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_misc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_misc.o: ../../include/openssl/symhacks.h aes_locl.h aes_misc.c
 aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
 aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c
 aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h

crypto/aes/README

@@ -0,0 +1,3 @@
+This is an OpenSSL-compatible version of AES (also called Rijndael).
+aes_core.c is basically the same as rijndael-alg-fst.c but with an
+API that looks like the rest of the OpenSSL symmetric cipher suite.

crypto/aes/aes.h

@@ -92,6 +92,11 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
                         AES_KEY *key);
 
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key);
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key);
+
 void AES_encrypt(const unsigned char *in, unsigned char *out,
                  const AES_KEY *key);
 void AES_decrypt(const unsigned char *in, unsigned char *out,
@@ -114,13 +119,11 @@ void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                         size_t length, const AES_KEY *key,
                         unsigned char *ivec, int *num);
-# if 0
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
                         size_t length, const AES_KEY *key,
                         unsigned char ivec[AES_BLOCK_SIZE],
                         unsigned char ecount_buf[AES_BLOCK_SIZE],
                         unsigned int *num);
-# endif
 /* NB: the IV is _two_ blocks long */
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
                      size_t length, const AES_KEY *key,

crypto/aes/aes_core.c

@@ -36,7 +36,6 @@
 #include <assert.h>
 
 #include <stdlib.h>
-#include <openssl/crypto.h>
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
@@ -626,8 +625,8 @@ static const u32 rcon[] = {
 /**
  * Expand the cipher key into the encryption key schedule.
  */
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key)
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key)
 {
 
     u32 *rk;
@@ -728,8 +727,8 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 /**
  * Expand the cipher key into the decryption key schedule.
  */
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key)
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key)
 {
 
     u32 *rk;
@@ -737,7 +736,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
     u32 temp;
 
     /* first, start with an encryption schedule */
-    status = AES_set_encrypt_key(userKey, bits, key);
+    status = private_AES_set_encrypt_key(userKey, bits, key);
     if (status < 0)
         return status;
 
@@ -1131,31 +1130,31 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
      * map cipher state to byte array block:
      */
     s0 =
-        (Td4[(t0 >> 24)       ] << 24) ^
-        (Td4[(t3 >> 16) & 0xff] << 16) ^
-        (Td4[(t2 >>  8) & 0xff] <<  8) ^
-        (Td4[(t1      ) & 0xff])       ^
+        ((u32)Td4[(t0 >> 24)       ] << 24) ^
+        ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t2 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t1      ) & 0xff])       ^
         rk[0];
     PUTU32(out     , s0);
     s1 =
-        (Td4[(t1 >> 24)       ] << 24) ^
-        (Td4[(t0 >> 16) & 0xff] << 16) ^
-        (Td4[(t3 >>  8) & 0xff] <<  8) ^
-        (Td4[(t2      ) & 0xff])       ^
+        ((u32)Td4[(t1 >> 24)       ] << 24) ^
+        ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t3 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t2      ) & 0xff])       ^
         rk[1];
     PUTU32(out +  4, s1);
     s2 =
-        (Td4[(t2 >> 24)       ] << 24) ^
-        (Td4[(t1 >> 16) & 0xff] << 16) ^
-        (Td4[(t0 >>  8) & 0xff] <<  8) ^
-        (Td4[(t3      ) & 0xff])       ^
+        ((u32)Td4[(t2 >> 24)       ] << 24) ^
+        ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t0 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t3      ) & 0xff])       ^
         rk[2];
     PUTU32(out +  8, s2);
     s3 =
-        (Td4[(t3 >> 24)       ] << 24) ^
-        (Td4[(t2 >> 16) & 0xff] << 16) ^
-        (Td4[(t1 >>  8) & 0xff] <<  8) ^
-        (Td4[(t0      ) & 0xff])       ^
+        ((u32)Td4[(t3 >> 24)       ] << 24) ^
+        ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t1 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t0      ) & 0xff])       ^
         rk[3];
     PUTU32(out + 12, s3);
 }
@@ -1205,11 +1204,11 @@ static const u32 rcon[] = {
 /**
  * Expand the cipher key into the encryption key schedule.
  */
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key)
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key)
 {
     u32 *rk;
-    int i = 0;
+   	int i = 0;
     u32 temp;
 
     if (!userKey || !key)
@@ -1234,10 +1233,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
         while (1) {
             temp  = rk[3];
             rk[4] = rk[0] ^
-                (Te4[(temp >> 16) & 0xff] << 24) ^
-                (Te4[(temp >>  8) & 0xff] << 16) ^
-                (Te4[(temp      ) & 0xff] << 8) ^
-                (Te4[(temp >> 24)       ]) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
                 rcon[i];
             rk[5] = rk[1] ^ rk[4];
             rk[6] = rk[2] ^ rk[5];
@@ -1254,10 +1253,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
         while (1) {
             temp = rk[ 5];
             rk[ 6] = rk[ 0] ^
-                (Te4[(temp >> 16) & 0xff] << 24) ^
-                (Te4[(temp >>  8) & 0xff] << 16) ^
-                (Te4[(temp      ) & 0xff] << 8) ^
-                (Te4[(temp >> 24)       ]) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
                 rcon[i];
             rk[ 7] = rk[ 1] ^ rk[ 6];
             rk[ 8] = rk[ 2] ^ rk[ 7];
@@ -1276,10 +1275,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
         while (1) {
             temp = rk[ 7];
             rk[ 8] = rk[ 0] ^
-                (Te4[(temp >> 16) & 0xff] << 24) ^
-                (Te4[(temp >>  8) & 0xff] << 16) ^
-                (Te4[(temp      ) & 0xff] << 8) ^
-                (Te4[(temp >> 24)       ]) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
                 rcon[i];
             rk[ 9] = rk[ 1] ^ rk[ 8];
             rk[10] = rk[ 2] ^ rk[ 9];
@@ -1289,10 +1288,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
             }
             temp = rk[11];
             rk[12] = rk[ 4] ^
-                (Te4[(temp >> 24)       ] << 24) ^
-                (Te4[(temp >> 16) & 0xff] << 16) ^
-                (Te4[(temp >>  8) & 0xff] << 8) ^
-                (Te4[(temp      ) & 0xff]);
+                ((u32)Te4[(temp >> 24)       ] << 24) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 8) ^
+                ((u32)Te4[(temp      ) & 0xff]);
             rk[13] = rk[ 5] ^ rk[12];
             rk[14] = rk[ 6] ^ rk[13];
             rk[15] = rk[ 7] ^ rk[14];
@@ -1306,8 +1305,8 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 /**
  * Expand the cipher key into the decryption key schedule.
  */
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key)
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key)
 {
 
     u32 *rk;
@@ -1315,7 +1314,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
     u32 temp;
 
     /* first, start with an encryption schedule */
-    status = AES_set_encrypt_key(userKey, bits, key);
+    status = private_AES_set_encrypt_key(userKey, bits, key);
     if (status < 0)
         return status;
 

crypto/aes/aes_ctr.c

@@ -0,0 +1,63 @@
+/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char ivec[AES_BLOCK_SIZE],
+                        unsigned char ecount_buf[AES_BLOCK_SIZE],
+                        unsigned int *num)
+{
+    CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
+                          (block128_f) AES_encrypt);
+}

crypto/aes/aes_misc.c

@@ -50,6 +50,7 @@
  */
 
 #include <openssl/opensslv.h>
+#include <openssl/crypto.h>
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
@@ -63,3 +64,23 @@ const char *AES_options(void)
     return "aes(partial)";
 #endif
 }
+
+/* FIPS wrapper functions to block low level AES calls in FIPS mode */
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+#ifdef OPENSSL_FIPS
+    fips_cipher_abort(AES);
+#endif
+    return private_AES_set_encrypt_key(userKey, bits, key);
+}
+
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+#ifdef OPENSSL_FIPS
+    fips_cipher_abort(AES);
+#endif
+    return private_AES_set_decrypt_key(userKey, bits, key);
+}

crypto/aes/aes_x86core.c

@@ -499,10 +499,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
         while (1) {
             temp  = rk[3];
             rk[4] = rk[0] ^
-                (Te4[(temp >>  8) & 0xff]      ) ^
-                (Te4[(temp >> 16) & 0xff] <<  8) ^
-                (Te4[(temp >> 24)       ] << 16) ^
-                (Te4[(temp      ) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
                 rcon[i];
             rk[5] = rk[1] ^ rk[4];
             rk[6] = rk[2] ^ rk[5];
@@ -519,10 +519,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
         while (1) {
             temp = rk[ 5];
             rk[ 6] = rk[ 0] ^
-                (Te4[(temp >>  8) & 0xff]      ) ^
-                (Te4[(temp >> 16) & 0xff] <<  8) ^
-                (Te4[(temp >> 24)       ] << 16) ^
-                (Te4[(temp      ) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
                 rcon[i];
             rk[ 7] = rk[ 1] ^ rk[ 6];
             rk[ 8] = rk[ 2] ^ rk[ 7];
@@ -541,10 +541,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
         while (1) {
             temp = rk[ 7];
             rk[ 8] = rk[ 0] ^
-                (Te4[(temp >>  8) & 0xff]      ) ^
-                (Te4[(temp >> 16) & 0xff] <<  8) ^
-                (Te4[(temp >> 24)       ] << 16) ^
-                (Te4[(temp      ) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
                 rcon[i];
             rk[ 9] = rk[ 1] ^ rk[ 8];
             rk[10] = rk[ 2] ^ rk[ 9];
@@ -554,10 +554,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
             }
             temp = rk[11];
             rk[12] = rk[ 4] ^
-                (Te4[(temp      ) & 0xff]      ) ^
-                (Te4[(temp >>  8) & 0xff] <<  8) ^
-                (Te4[(temp >> 16) & 0xff] << 16) ^
-                (Te4[(temp >> 24)       ] << 24);
+                ((u32)Te4[(temp      ) & 0xff]      ) ^
+                ((u32)Te4[(temp >>  8) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                ((u32)Te4[(temp >> 24)       ] << 24);
             rk[13] = rk[ 5] ^ rk[12];
             rk[14] = rk[ 6] ^ rk[13];
             rk[15] = rk[ 7] ^ rk[14];
@@ -676,22 +676,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
 #if defined(AES_COMPACT_IN_OUTER_ROUNDS)
     prefetch256(Te4);
 
-    t[0] =  Te4[(s0      ) & 0xff]       ^
-        Te4[(s1 >>  8) & 0xff] <<  8 ^
-        Te4[(s2 >> 16) & 0xff] << 16 ^
-        Te4[(s3 >> 24)       ] << 24;
-    t[1] =  Te4[(s1      ) & 0xff]       ^
-        Te4[(s2 >>  8) & 0xff] <<  8 ^
-        Te4[(s3 >> 16) & 0xff] << 16 ^
-        Te4[(s0 >> 24)       ] << 24;
-    t[2] =  Te4[(s2      ) & 0xff]       ^
-        Te4[(s3 >>  8) & 0xff] <<  8 ^
-        Te4[(s0 >> 16) & 0xff] << 16 ^
-        Te4[(s1 >> 24)       ] << 24;
-    t[3] =  Te4[(s3      ) & 0xff]       ^
-        Te4[(s0 >>  8) & 0xff] <<  8 ^
-        Te4[(s1 >> 16) & 0xff] << 16 ^
-        Te4[(s2 >> 24)       ] << 24;
+    t[0] = (u32)Te4[(s0      ) & 0xff]       ^
+           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s3 >> 24)       ] << 24;
+    t[1] = (u32)Te4[(s1      ) & 0xff]       ^
+           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s0 >> 24)       ] << 24;
+    t[2] = (u32)Te4[(s2      ) & 0xff]       ^
+           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s1 >> 24)       ] << 24;
+    t[3] = (u32)Te4[(s3      ) & 0xff]       ^
+           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s2 >> 24)       ] << 24;
 
     /* now do the linear transform using words */
     {   int i;
@@ -742,22 +742,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
      */
     for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
 #if defined(AES_COMPACT_IN_INNER_ROUNDS)
-        t[0] =  Te4[(s0      ) & 0xff]       ^
-            Te4[(s1 >>  8) & 0xff] <<  8 ^
-            Te4[(s2 >> 16) & 0xff] << 16 ^
-            Te4[(s3 >> 24)       ] << 24;
-        t[1] =  Te4[(s1      ) & 0xff]       ^
-            Te4[(s2 >>  8) & 0xff] <<  8 ^
-            Te4[(s3 >> 16) & 0xff] << 16 ^
-            Te4[(s0 >> 24)       ] << 24;
-        t[2] =  Te4[(s2      ) & 0xff]       ^
-            Te4[(s3 >>  8) & 0xff] <<  8 ^
-            Te4[(s0 >> 16) & 0xff] << 16 ^
-            Te4[(s1 >> 24)       ] << 24;
-        t[3] =  Te4[(s3      ) & 0xff]       ^
-            Te4[(s0 >>  8) & 0xff] <<  8 ^
-            Te4[(s1 >> 16) & 0xff] << 16 ^
-            Te4[(s2 >> 24)       ] << 24;
+        t[0] = (u32)Te4[(s0      ) & 0xff]       ^
+               (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s3 >> 24)       ] << 24;
+        t[1] = (u32)Te4[(s1      ) & 0xff]       ^
+               (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s0 >> 24)       ] << 24;
+        t[2] = (u32)Te4[(s2      ) & 0xff]       ^
+               (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s1 >> 24)       ] << 24;
+        t[3] = (u32)Te4[(s3      ) & 0xff]       ^
+               (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s2 >> 24)       ] << 24;
 
         /* now do the linear transform using words */
         {
@@ -812,28 +812,28 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
     prefetch256(Te4);
 
     *(u32*)(out+0) =
-        Te4[(s0      ) & 0xff]       ^
-        Te4[(s1 >>  8) & 0xff] <<  8 ^
-        Te4[(s2 >> 16) & 0xff] << 16 ^
-        Te4[(s3 >> 24)       ] << 24 ^
+           (u32)Te4[(s0      ) & 0xff]       ^
+           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s3 >> 24)       ] << 24 ^
         rk[0];
     *(u32*)(out+4) =
-        Te4[(s1      ) & 0xff]       ^
-        Te4[(s2 >>  8) & 0xff] <<  8 ^
-        Te4[(s3 >> 16) & 0xff] << 16 ^
-        Te4[(s0 >> 24)       ] << 24 ^
+           (u32)Te4[(s1      ) & 0xff]       ^
+           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s0 >> 24)       ] << 24 ^
         rk[1];
     *(u32*)(out+8) =
-        Te4[(s2      ) & 0xff]       ^
-        Te4[(s3 >>  8) & 0xff] <<  8 ^
-        Te4[(s0 >> 16) & 0xff] << 16 ^
-        Te4[(s1 >> 24)       ] << 24 ^
+           (u32)Te4[(s2      ) & 0xff]       ^
+           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s1 >> 24)       ] << 24 ^
         rk[2];
     *(u32*)(out+12) =
-        Te4[(s3      ) & 0xff]       ^
-        Te4[(s0 >>  8) & 0xff] <<  8 ^
-        Te4[(s1 >> 16) & 0xff] << 16 ^
-        Te4[(s2 >> 24)       ] << 24 ^
+           (u32)Te4[(s3      ) & 0xff]       ^
+           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s2 >> 24)       ] << 24 ^
         rk[3];
 #else
     *(u32*)(out+0) =
@@ -890,22 +890,22 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 #if defined(AES_COMPACT_IN_OUTER_ROUNDS)
     prefetch256(Td4);
 
-    t[0] =  Td4[(s0      ) & 0xff]       ^
-    Td4[(s3 >>  8) & 0xff] <<  8 ^
-    Td4[(s2 >> 16) & 0xff] << 16 ^
-    Td4[(s1 >> 24)       ] << 24;
-    t[1] =  Td4[(s1      ) & 0xff]       ^
-    Td4[(s0 >>  8) & 0xff] <<  8 ^
-    Td4[(s3 >> 16) & 0xff] << 16 ^
-    Td4[(s2 >> 24)       ] << 24;
-    t[2] =  Td4[(s2      ) & 0xff]       ^
-    Td4[(s1 >>  8) & 0xff] <<  8 ^
-    Td4[(s0 >> 16) & 0xff] << 16 ^
-    Td4[(s3 >> 24)       ] << 24;
-    t[3] =  Td4[(s3      ) & 0xff]       ^
-    Td4[(s2 >>  8) & 0xff] <<  8 ^
-    Td4[(s1 >> 16) & 0xff] << 16 ^
-    Td4[(s0 >> 24)       ] << 24;
+    t[0] = (u32)Td4[(s0      ) & 0xff]       ^
+           (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s1 >> 24)       ] << 24;
+    t[1] = (u32)Td4[(s1      ) & 0xff]       ^
+           (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s2 >> 24)       ] << 24;
+    t[2] = (u32)Td4[(s2      ) & 0xff]       ^
+           (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s3 >> 24)       ] << 24;
+    t[3] = (u32)Td4[(s3      ) & 0xff]       ^
+           (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s0 >> 24)       ] << 24;
 
     /* now do the linear transform using words */ 
     {
@@ -967,22 +967,22 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
      */
     for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
 #if defined(AES_COMPACT_IN_INNER_ROUNDS)
-        t[0] =  Td4[(s0      ) & 0xff]       ^
-        Td4[(s3 >>  8) & 0xff] <<  8 ^
-        Td4[(s2 >> 16) & 0xff] << 16 ^
-        Td4[(s1 >> 24)       ] << 24;
-        t[1] =  Td4[(s1      ) & 0xff]       ^
-        Td4[(s0 >>  8) & 0xff] <<  8 ^
-        Td4[(s3 >> 16) & 0xff] << 16 ^
-        Td4[(s2 >> 24)       ] << 24;
-        t[2] =  Td4[(s2      ) & 0xff]       ^
-        Td4[(s1 >>  8) & 0xff] <<  8 ^
-        Td4[(s0 >> 16) & 0xff] << 16 ^
-        Td4[(s3 >> 24)       ] << 24;
-        t[3] =  Td4[(s3      ) & 0xff]       ^
-        Td4[(s2 >>  8) & 0xff] <<  8 ^
-        Td4[(s1 >> 16) & 0xff] << 16 ^
-        Td4[(s0 >> 24)       ] << 24;
+        t[0] = (u32)Td4[(s0      ) & 0xff]       ^
+               (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s1 >> 24)       ] << 24;
+        t[1] = (u32)Td4[(s1      ) & 0xff]       ^
+               (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s2 >> 24)       ] << 24;
+        t[2] = (u32)Td4[(s2      ) & 0xff]       ^
+               (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s3 >> 24)       ] << 24;
+        t[3] = (u32)Td4[(s3      ) & 0xff]       ^
+               (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s0 >> 24)       ] << 24;
 
     /* now do the linear transform using words */ 
     {
@@ -1046,27 +1046,27 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
     prefetch256(Td4);
 
     *(u32*)(out+0) =
-        (Td4[(s0      ) & 0xff])    ^
-        (Td4[(s3 >>  8) & 0xff] <<  8) ^
-        (Td4[(s2 >> 16) & 0xff] << 16) ^
-        (Td4[(s1 >> 24)       ] << 24) ^
+        ((u32)Td4[(s0      ) & 0xff])    ^
+        ((u32)Td4[(s3 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s1 >> 24)       ] << 24) ^
         rk[0];
     *(u32*)(out+4) =
-        (Td4[(s1      ) & 0xff])     ^
-        (Td4[(s0 >>  8) & 0xff] <<  8) ^
-        (Td4[(s3 >> 16) & 0xff] << 16) ^
-        (Td4[(s2 >> 24)       ] << 24) ^
+        ((u32)Td4[(s1      ) & 0xff])     ^
+        ((u32)Td4[(s0 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s2 >> 24)       ] << 24) ^
         rk[1];
     *(u32*)(out+8) =
-        (Td4[(s2      ) & 0xff])     ^
-        (Td4[(s1 >>  8) & 0xff] <<  8) ^
-        (Td4[(s0 >> 16) & 0xff] << 16) ^
-        (Td4[(s3 >> 24)       ] << 24) ^
+        ((u32)Td4[(s2      ) & 0xff])     ^
+        ((u32)Td4[(s1 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s3 >> 24)       ] << 24) ^
         rk[2];
     *(u32*)(out+12) =
-        (Td4[(s3      ) & 0xff])     ^
-        (Td4[(s2 >>  8) & 0xff] <<  8) ^
-        (Td4[(s1 >> 16) & 0xff] << 16) ^
-        (Td4[(s0 >> 24)       ] << 24) ^
+        ((u32)Td4[(s3      ) & 0xff])     ^
+        ((u32)Td4[(s2 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s0 >> 24)       ] << 24) ^
         rk[3];
 }

crypto/aes/asm/aes-586.pl

@@ -2861,12 +2861,12 @@ sub enckey()
     &set_label("exit");
 &function_end("_x86_AES_set_encrypt_key");
 
-# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
-&function_begin_B("AES_set_encrypt_key");
+&function_begin_B("private_AES_set_encrypt_key");
 	&call	("_x86_AES_set_encrypt_key");
 	&ret	();
-&function_end_B("AES_set_encrypt_key");
+&function_end_B("private_AES_set_encrypt_key");
 
 sub deckey()
 { my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
@@ -2923,9 +2923,9 @@ sub deckey()
 	&mov	(&DWP(4*$i,$key),$tp1);
 }
 
-# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
-&function_begin_B("AES_set_decrypt_key");
+&function_begin_B("private_AES_set_decrypt_key");
 	&call	("_x86_AES_set_encrypt_key");
 	&cmp	("eax",0);
 	&je	(&label("proceed"));
@@ -2981,7 +2981,7 @@ sub deckey()
 	&jb	(&label("permute"));
 
 	&xor	("eax","eax");			# return success
-&function_end("AES_set_decrypt_key");
+&function_end("private_AES_set_decrypt_key");
 &asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>");
 
 &asm_finish();

crypto/aes/asm/aes-armv4.pl

@@ -422,15 +422,15 @@ _armv4_AES_encrypt:
 	ldr	pc,[sp],#4		@ pop and return
 .size	_armv4_AES_encrypt,.-_armv4_AES_encrypt
 
-.global AES_set_encrypt_key
-.type   AES_set_encrypt_key,%function
+.global private_AES_set_encrypt_key
+.type   private_AES_set_encrypt_key,%function
 .align	5
-AES_set_encrypt_key:
+private_AES_set_encrypt_key:
 _armv4_AES_set_encrypt_key:
 #if __ARM_ARCH__<7
 	sub	r3,pc,#8		@ AES_set_encrypt_key
 #else
-	adr	r3,AES_set_encrypt_key
+	adr	r3,private_AES_set_encrypt_key
 #endif
 	teq	r0,#0
 #if __ARM_ARCH__>=7
@@ -722,12 +722,12 @@ _armv4_AES_set_encrypt_key:
 	moveq	pc,lr			@ be binary compatible with V4, yet
 	bx	lr			@ interoperable with Thumb ISA:-)
 #endif
-.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+.size	private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
 
-.global AES_set_decrypt_key
-.type   AES_set_decrypt_key,%function
+.global private_AES_set_decrypt_key
+.type   private_AES_set_decrypt_key,%function
 .align	5
-AES_set_decrypt_key:
+private_AES_set_decrypt_key:
 	str	lr,[sp,#-4]!            @ push lr
 	bl	_armv4_AES_set_encrypt_key
 	teq	r0,#0
@@ -737,7 +737,7 @@ AES_set_decrypt_key:
 	mov	r0,r2			@ AES_set_encrypt_key preserves r2,
 	mov	r1,r2			@ which is AES_KEY *key
 	b	_armv4_AES_set_enc2dec_key
-.size	AES_set_decrypt_key,.-AES_set_decrypt_key
+.size	private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
 
 @ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
 .global	AES_set_enc2dec_key

crypto/aes/asm/aes-mips.pl

@@ -1528,9 +1528,9 @@ _mips_AES_set_encrypt_key:
 	nop
 .end	_mips_AES_set_encrypt_key
 
-.globl	AES_set_encrypt_key
-.ent	AES_set_encrypt_key
-AES_set_encrypt_key:
+.globl	private_AES_set_encrypt_key
+.ent	private_AES_set_encrypt_key
+private_AES_set_encrypt_key:
 	.frame	$sp,$FRAMESIZE,$ra
 	.mask	$SAVED_REGS_MASK,-$SZREG
 	.set	noreorder
@@ -1552,7 +1552,7 @@ $code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
 ___
 $code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
 	.cplocal	$Tbl
-	.cpsetup	$pf,$zero,AES_set_encrypt_key
+	.cpsetup	$pf,$zero,private_AES_set_encrypt_key
 ___
 $code.=<<___;
 	.set	reorder
@@ -1575,7 +1575,7 @@ ___
 $code.=<<___;
 	jr	$ra
 	$PTR_ADD $sp,$FRAMESIZE
-.end	AES_set_encrypt_key
+.end	private_AES_set_encrypt_key
 ___
 
 my ($head,$tail)=($inp,$bits);
@@ -1583,9 +1583,9 @@ my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
 my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2);
 $code.=<<___;
 .align	5
-.globl	AES_set_decrypt_key
-.ent	AES_set_decrypt_key
-AES_set_decrypt_key:
+.globl	private_AES_set_decrypt_key
+.ent	private_AES_set_decrypt_key
+private_AES_set_decrypt_key:
 	.frame	$sp,$FRAMESIZE,$ra
 	.mask	$SAVED_REGS_MASK,-$SZREG
 	.set	noreorder
@@ -1607,7 +1607,7 @@ $code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
 ___
 $code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
 	.cplocal	$Tbl
-	.cpsetup	$pf,$zero,AES_set_decrypt_key
+	.cpsetup	$pf,$zero,private_AES_set_decrypt_key
 ___
 $code.=<<___;
 	.set	reorder
@@ -1729,7 +1729,7 @@ ___
 $code.=<<___;
 	jr	$ra
 	$PTR_ADD $sp,$FRAMESIZE
-.end	AES_set_decrypt_key
+.end	private_AES_set_decrypt_key
 ___
 }}}