From fd9566423b542798f5c8b06e68101a9ea5bb9885 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Wed, 15 May 2002 02:29:23 +0000 Subject: This commit was manufactured by cvs2git to create branch 'openssl'. --- src/lib/libssl/src/CHANGES | 1624 +++++ src/lib/libssl/src/CHANGES.SSLeay | 968 +++ src/lib/libssl/src/FAQ | 130 + src/lib/libssl/src/INSTALL.MacOS | 72 + src/lib/libssl/src/INSTALL.OS2 | 22 + src/lib/libssl/src/INSTALL.VMS | 245 + src/lib/libssl/src/INSTALL.W32 | 323 + src/lib/libssl/src/LICENSE | 127 + src/lib/libssl/src/MacOS/GUSI_Init.cpp | 62 + .../src/MacOS/GetHTTPS.src/CPStringUtils.cpp | 2753 ++++++++ .../src/MacOS/GetHTTPS.src/CPStringUtils.hpp | 104 + .../src/MacOS/GetHTTPS.src/ErrorHandling.cpp | 170 + .../src/MacOS/GetHTTPS.src/ErrorHandling.hpp | 147 + src/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp | 215 + .../libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp | 1607 +++++ src/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h | 103 + src/lib/libssl/src/MacOS/OpenSSL.mcp.hqx | 4880 ++++++++++++++ src/lib/libssl/src/MacOS/Randomizer.cpp | 476 ++ src/lib/libssl/src/MacOS/Randomizer.h | 43 + src/lib/libssl/src/MacOS/TODO | 18 + src/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h | 9 + src/lib/libssl/src/MacOS/_MWERKS_prefix.h | 9 + src/lib/libssl/src/MacOS/buildinf.h | 5 + src/lib/libssl/src/MacOS/mklinks.as.hqx | 820 +++ src/lib/libssl/src/MacOS/opensslconf.h | 116 + src/lib/libssl/src/Makefile.org | 351 + src/lib/libssl/src/NEWS | 65 + src/lib/libssl/src/README.ASN1 | 187 + src/lib/libssl/src/README.ENGINE | 63 + src/lib/libssl/src/VMS/TODO | 18 + src/lib/libssl/src/VMS/WISHLIST.TXT | 4 + src/lib/libssl/src/VMS/install.com | 71 + src/lib/libssl/src/VMS/mkshared.com | 353 + src/lib/libssl/src/VMS/multinet_shr.opt | 1 + src/lib/libssl/src/VMS/openssl_utils.com | 38 + src/lib/libssl/src/VMS/socketshr_shr.opt | 1 + src/lib/libssl/src/VMS/test-includes.com | 28 + src/lib/libssl/src/VMS/ucx_shr_decc.opt | 1 + src/lib/libssl/src/VMS/ucx_shr_decc_log.opt | 1 + src/lib/libssl/src/VMS/ucx_shr_vaxc.opt | 1 + src/lib/libssl/src/apps/CA.com | 200 + src/lib/libssl/src/apps/CA.pl | 153 + src/lib/libssl/src/apps/CA.pl.in | 162 + src/lib/libssl/src/apps/app_rand.c | 211 + src/lib/libssl/src/apps/dh2048.pem | 12 + src/lib/libssl/src/apps/dh4096.pem | 18 + src/lib/libssl/src/apps/dh512.pem | 9 + src/lib/libssl/src/apps/dhparam.c | 368 + src/lib/libssl/src/apps/engine.c | 520 ++ src/lib/libssl/src/apps/install.com | 69 + src/lib/libssl/src/apps/makeapps.com | 1138 ++++ src/lib/libssl/src/apps/nseq.c | 174 + src/lib/libssl/src/apps/ocsp.c | 1211 ++++ src/lib/libssl/src/apps/oid.cnf | 6 + src/lib/libssl/src/apps/openssl-vms.cnf | 214 + src/lib/libssl/src/apps/openssl.c | 373 ++ src/lib/libssl/src/apps/openssl.cnf | 214 + src/lib/libssl/src/apps/passwd.c | 475 ++ src/lib/libssl/src/apps/pkcs12.c | 703 ++ src/lib/libssl/src/apps/pkcs8.c | 274 + src/lib/libssl/src/apps/progs.pl | 77 + src/lib/libssl/src/apps/rand.c | 140 + src/lib/libssl/src/apps/rsautl.c | 315 + src/lib/libssl/src/apps/smime.c | 646 ++ src/lib/libssl/src/apps/spkac.c | 274 + src/lib/libssl/src/apps/winrand.c | 149 + src/lib/libssl/src/bugs/ultrixcc.c | 45 + src/lib/libssl/src/certs/RegTP-5R.pem | 19 + src/lib/libssl/src/certs/RegTP-6R.pem | 19 + src/lib/libssl/src/certs/expired/ICE-CA.pem | 59 + src/lib/libssl/src/certs/expired/ICE-root.pem | 48 + src/lib/libssl/src/certs/expired/ICE-user.pem | 63 + src/lib/libssl/src/certs/expired/ICE.crl | 9 + src/lib/libssl/src/certs/expired/rsa-ssca.pem | 19 + src/lib/libssl/src/certs/vsignss.pem | 17 + src/lib/libssl/src/crypto/aes/README | 3 + src/lib/libssl/src/crypto/aes/aes.h | 109 + src/lib/libssl/src/crypto/aes/aes_cbc.c | 89 + src/lib/libssl/src/crypto/aes/aes_cfb.c | 151 + src/lib/libssl/src/crypto/aes/aes_core.c | 1251 ++++ src/lib/libssl/src/crypto/aes/aes_ctr.c | 117 + src/lib/libssl/src/crypto/aes/aes_ecb.c | 67 + src/lib/libssl/src/crypto/aes/aes_locl.h | 88 + src/lib/libssl/src/crypto/aes/aes_misc.c | 64 + src/lib/libssl/src/crypto/aes/aes_ofb.c | 136 + src/lib/libssl/src/crypto/asn1/a_enum.c | 326 + src/lib/libssl/src/crypto/asn1/a_gentm.c | 224 + src/lib/libssl/src/crypto/asn1/a_mbstr.c | 390 ++ src/lib/libssl/src/crypto/asn1/a_strex.c | 533 ++ src/lib/libssl/src/crypto/asn1/a_strnid.c | 247 + src/lib/libssl/src/crypto/asn1/a_time.c | 123 + src/lib/libssl/src/crypto/asn1/a_utf8.c | 83 + src/lib/libssl/src/crypto/asn1/asn1t.h | 846 +++ src/lib/libssl/src/crypto/asn1/asn_moid.c | 95 + src/lib/libssl/src/crypto/asn1/asn_pack.c | 145 + src/lib/libssl/src/crypto/asn1/charmap.h | 15 + src/lib/libssl/src/crypto/asn1/charmap.pl | 80 + src/lib/libssl/src/crypto/asn1/f_enum.c | 207 + src/lib/libssl/src/crypto/asn1/nsseq.c | 118 + src/lib/libssl/src/crypto/asn1/p5_pbe.c | 156 + src/lib/libssl/src/crypto/asn1/p5_pbev2.c | 274 + src/lib/libssl/src/crypto/asn1/p8_key.c | 131 + src/lib/libssl/src/crypto/asn1/p8_pkey.c | 129 + src/lib/libssl/src/crypto/asn1/t_bitst.c | 99 + src/lib/libssl/src/crypto/asn1/t_crl.c | 166 + src/lib/libssl/src/crypto/asn1/t_spki.c | 116 + src/lib/libssl/src/crypto/asn1/t_x509a.c | 102 + src/lib/libssl/src/crypto/asn1/tasn_dec.c | 958 +++ src/lib/libssl/src/crypto/asn1/tasn_enc.c | 497 ++ src/lib/libssl/src/crypto/asn1/tasn_fre.c | 226 + src/lib/libssl/src/crypto/asn1/tasn_new.c | 348 + src/lib/libssl/src/crypto/asn1/tasn_prn.c | 198 + src/lib/libssl/src/crypto/asn1/tasn_typ.c | 133 + src/lib/libssl/src/crypto/asn1/tasn_utl.c | 253 + src/lib/libssl/src/crypto/asn1/x_bignum.c | 137 + src/lib/libssl/src/crypto/asn1/x_long.c | 169 + src/lib/libssl/src/crypto/asn1/x_x509a.c | 200 + src/lib/libssl/src/crypto/bf/bf_locl.h | 219 + src/lib/libssl/src/crypto/bio/bf_lbuf.c | 397 ++ src/lib/libssl/src/crypto/bio/bss_bio.c | 588 ++ src/lib/libssl/src/crypto/bio/bss_log.c | 232 + src/lib/libssl/src/crypto/bn/asm/alpha.s.works | 533 ++ .../libssl/src/crypto/bn/asm/alpha.works/add.pl | 119 + .../libssl/src/crypto/bn/asm/alpha.works/div.pl | 144 + .../libssl/src/crypto/bn/asm/alpha.works/mul.pl | 116 + .../src/crypto/bn/asm/alpha.works/mul_add.pl | 120 + .../libssl/src/crypto/bn/asm/alpha.works/mul_c4.pl | 213 + .../src/crypto/bn/asm/alpha.works/mul_c4.works.pl | 98 + .../libssl/src/crypto/bn/asm/alpha.works/mul_c8.pl | 177 + .../libssl/src/crypto/bn/asm/alpha.works/sqr.pl | 113 + .../libssl/src/crypto/bn/asm/alpha.works/sqr_c4.pl | 109 + .../libssl/src/crypto/bn/asm/alpha.works/sqr_c8.pl | 132 + .../libssl/src/crypto/bn/asm/alpha.works/sub.pl | 108 + src/lib/libssl/src/crypto/bn/asm/alpha/add.pl | 118 + src/lib/libssl/src/crypto/bn/asm/alpha/div.pl | 144 + src/lib/libssl/src/crypto/bn/asm/alpha/mul.pl | 104 + src/lib/libssl/src/crypto/bn/asm/alpha/mul_add.pl | 123 + src/lib/libssl/src/crypto/bn/asm/alpha/mul_c4.pl | 215 + .../libssl/src/crypto/bn/asm/alpha/mul_c4.works.pl | 98 + src/lib/libssl/src/crypto/bn/asm/alpha/mul_c8.pl | 177 + src/lib/libssl/src/crypto/bn/asm/alpha/sqr.pl | 113 + src/lib/libssl/src/crypto/bn/asm/alpha/sqr_c4.pl | 109 + src/lib/libssl/src/crypto/bn/asm/alpha/sqr_c8.pl | 132 + src/lib/libssl/src/crypto/bn/asm/alpha/sub.pl | 108 + src/lib/libssl/src/crypto/bn/asm/bn-alpha.pl | 571 ++ src/lib/libssl/src/crypto/bn/asm/ca.pl | 33 + src/lib/libssl/src/crypto/bn/asm/co-586.pl | 286 + src/lib/libssl/src/crypto/bn/asm/co-alpha.pl | 116 + src/lib/libssl/src/crypto/bn/asm/ia64.S | 1498 +++++ src/lib/libssl/src/crypto/bn/asm/mips1.s | 539 ++ src/lib/libssl/src/crypto/bn/asm/mips3.s | 2138 ++++++ src/lib/libssl/src/crypto/bn/asm/pa-risc2W.s | 1605 +++++ src/lib/libssl/src/crypto/bn/asm/sparcv8.S | 1458 ++++ src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S | 1535 +++++ src/lib/libssl/src/crypto/bn/asm/vms.mar | 6695 +++++++++++++++++++ src/lib/libssl/src/crypto/bn/asm/x86.pl | 28 + src/lib/libssl/src/crypto/bn/asm/x86/add.pl | 76 + src/lib/libssl/src/crypto/bn/asm/x86/comba.pl | 277 + src/lib/libssl/src/crypto/bn/asm/x86/div.pl | 15 + src/lib/libssl/src/crypto/bn/asm/x86/f | 3 + src/lib/libssl/src/crypto/bn/asm/x86/mul.pl | 77 + src/lib/libssl/src/crypto/bn/asm/x86/mul_add.pl | 87 + src/lib/libssl/src/crypto/bn/asm/x86/sqr.pl | 60 + src/lib/libssl/src/crypto/bn/asm/x86/sub.pl | 76 + src/lib/libssl/src/crypto/bn/bn.h | 467 ++ src/lib/libssl/src/crypto/bn/bn.mul | 19 + src/lib/libssl/src/crypto/bn/bn_asm.c | 802 +++ src/lib/libssl/src/crypto/bn/bn_ctx.c | 144 + src/lib/libssl/src/crypto/bn/bn_exp2.c | 195 + src/lib/libssl/src/crypto/bn/bn_kron.c | 182 + src/lib/libssl/src/crypto/bn/bn_sqrt.c | 387 ++ src/lib/libssl/src/crypto/bn/divtest.c | 41 + src/lib/libssl/src/crypto/bn/exp.c | 60 + src/lib/libssl/src/crypto/bn/todo | 3 + src/lib/libssl/src/crypto/bn/vms-helper.c | 66 + src/lib/libssl/src/crypto/comp/c_rle.c | 61 + src/lib/libssl/src/crypto/comp/c_zlib.c | 133 + src/lib/libssl/src/crypto/comp/comp.h | 60 + src/lib/libssl/src/crypto/comp/comp_err.c | 91 + src/lib/libssl/src/crypto/comp/comp_lib.c | 78 + src/lib/libssl/src/crypto/conf/README | 78 + src/lib/libssl/src/crypto/conf/conf_api.c | 289 + src/lib/libssl/src/crypto/conf/conf_api.h | 87 + src/lib/libssl/src/crypto/conf/conf_def.c | 703 ++ src/lib/libssl/src/crypto/conf/conf_def.h | 145 + src/lib/libssl/src/crypto/conf/conf_lib.c | 352 + src/lib/libssl/src/crypto/conf/conf_mall.c | 76 + src/lib/libssl/src/crypto/conf/conf_mod.c | 616 ++ src/lib/libssl/src/crypto/conf/conf_sap.c | 107 + src/lib/libssl/src/crypto/crypto-lib.com | 1218 ++++ src/lib/libssl/src/crypto/des/des-lib.com | 1003 +++ src/lib/libssl/src/crypto/des/des.h | 249 + src/lib/libssl/src/crypto/des/des.pod | 217 + src/lib/libssl/src/crypto/des/des_locl.h | 408 ++ src/lib/libssl/src/crypto/des/des_old.c | 271 + src/lib/libssl/src/crypto/des/des_old.h | 437 ++ src/lib/libssl/src/crypto/des/des_old2.c | 82 + src/lib/libssl/src/crypto/des/ede_cbcm_enc.c | 197 + src/lib/libssl/src/crypto/dh/dh_asn1.c | 87 + src/lib/libssl/src/crypto/dsa/dsa_asn1.c | 96 + src/lib/libssl/src/crypto/dsa/dsa_ossl.c | 321 + src/lib/libssl/src/crypto/dso/README | 24 + src/lib/libssl/src/crypto/dso/dso.h | 250 + src/lib/libssl/src/crypto/dso/dso_dl.c | 251 + src/lib/libssl/src/crypto/dso/dso_dlfcn.c | 276 + src/lib/libssl/src/crypto/dso/dso_err.c | 128 + src/lib/libssl/src/crypto/dso/dso_lib.c | 306 + src/lib/libssl/src/crypto/dso/dso_null.c | 86 + src/lib/libssl/src/crypto/dso/dso_openssl.c | 81 + src/lib/libssl/src/crypto/dso/dso_vms.c | 371 ++ src/lib/libssl/src/crypto/dso/dso_win32.c | 273 + src/lib/libssl/src/crypto/ebcdic.c | 217 + src/lib/libssl/src/crypto/ebcdic.h | 17 + src/lib/libssl/src/crypto/ec/ec.h | 245 + src/lib/libssl/src/crypto/ec/ec_cvt.c | 80 + src/lib/libssl/src/crypto/ec/ec_err.c | 151 + src/lib/libssl/src/crypto/ec/ec_lcl.h | 277 + src/lib/libssl/src/crypto/ec/ec_lib.c | 646 ++ src/lib/libssl/src/crypto/ec/ec_mult.c | 473 ++ src/lib/libssl/src/crypto/ec/ecp_mont.c | 304 + src/lib/libssl/src/crypto/ec/ecp_nist.c | 134 + src/lib/libssl/src/crypto/ec/ecp_recp.c | 133 + src/lib/libssl/src/crypto/ec/ecp_smpl.c | 1717 +++++ src/lib/libssl/src/crypto/ec/ectest.c | 634 ++ src/lib/libssl/src/crypto/engine/README | 278 + src/lib/libssl/src/crypto/engine/eng_all.c | 118 + src/lib/libssl/src/crypto/engine/eng_cnf.c | 242 + src/lib/libssl/src/crypto/engine/eng_ctrl.c | 387 ++ src/lib/libssl/src/crypto/engine/eng_dyn.c | 446 ++ src/lib/libssl/src/crypto/engine/eng_err.c | 165 + src/lib/libssl/src/crypto/engine/eng_fat.c | 148 + src/lib/libssl/src/crypto/engine/eng_init.c | 158 + src/lib/libssl/src/crypto/engine/eng_int.h | 185 + src/lib/libssl/src/crypto/engine/eng_lib.c | 321 + src/lib/libssl/src/crypto/engine/eng_list.c | 383 ++ src/lib/libssl/src/crypto/engine/eng_openssl.c | 347 + src/lib/libssl/src/crypto/engine/eng_pkey.c | 157 + src/lib/libssl/src/crypto/engine/eng_table.c | 361 + src/lib/libssl/src/crypto/engine/engine.h | 398 ++ src/lib/libssl/src/crypto/engine/enginetest.c | 251 + src/lib/libssl/src/crypto/engine/hw.ec | 8 + src/lib/libssl/src/crypto/engine/hw_4758_cca.c | 950 +++ src/lib/libssl/src/crypto/engine/hw_4758_cca_err.c | 149 + src/lib/libssl/src/crypto/engine/hw_4758_cca_err.h | 93 + src/lib/libssl/src/crypto/engine/hw_aep.c | 1101 +++ src/lib/libssl/src/crypto/engine/hw_aep_err.c | 157 + src/lib/libssl/src/crypto/engine/hw_aep_err.h | 101 + src/lib/libssl/src/crypto/engine/hw_atalla.c | 444 ++ src/lib/libssl/src/crypto/engine/hw_atalla_err.c | 145 + src/lib/libssl/src/crypto/engine/hw_atalla_err.h | 89 + src/lib/libssl/src/crypto/engine/hw_cryptodev.c | 926 +++ src/lib/libssl/src/crypto/engine/hw_cswift.c | 807 +++ src/lib/libssl/src/crypto/engine/hw_cswift_err.c | 149 + src/lib/libssl/src/crypto/engine/hw_cswift_err.h | 93 + src/lib/libssl/src/crypto/engine/hw_ncipher.c | 1019 +++ src/lib/libssl/src/crypto/engine/hw_ncipher_err.c | 156 + src/lib/libssl/src/crypto/engine/hw_ncipher_err.h | 100 + src/lib/libssl/src/crypto/engine/hw_nuron.c | 399 ++ src/lib/libssl/src/crypto/engine/hw_nuron_err.c | 142 + src/lib/libssl/src/crypto/engine/hw_nuron_err.h | 86 + src/lib/libssl/src/crypto/engine/hw_sureware_err.c | 150 + src/lib/libssl/src/crypto/engine/hw_sureware_err.h | 94 + src/lib/libssl/src/crypto/engine/hw_ubsec.c | 1041 +++ src/lib/libssl/src/crypto/engine/hw_ubsec_err.c | 151 + src/lib/libssl/src/crypto/engine/hw_ubsec_err.h | 95 + src/lib/libssl/src/crypto/engine/tb_cipher.c | 145 + src/lib/libssl/src/crypto/engine/tb_dh.c | 120 + src/lib/libssl/src/crypto/engine/tb_digest.c | 145 + src/lib/libssl/src/crypto/engine/tb_dsa.c | 120 + src/lib/libssl/src/crypto/engine/tb_rand.c | 120 + src/lib/libssl/src/crypto/engine/tb_rsa.c | 120 + .../libssl/src/crypto/engine/vendor_defns/aep.h | 178 + .../libssl/src/crypto/engine/vendor_defns/atalla.h | 61 + .../libssl/src/crypto/engine/vendor_defns/cswift.h | 213 + .../src/crypto/engine/vendor_defns/hw_4758_cca.h | 149 + src/lib/libssl/src/crypto/err/openssl.ec | 71 + src/lib/libssl/src/crypto/evp/bio_ok.c | 552 ++ src/lib/libssl/src/crypto/evp/c_allc.c | 149 + src/lib/libssl/src/crypto/evp/c_alld.c | 100 + src/lib/libssl/src/crypto/evp/e_aes.c | 99 + src/lib/libssl/src/crypto/evp/e_bf.c | 80 + src/lib/libssl/src/crypto/evp/e_cast.c | 82 + src/lib/libssl/src/crypto/evp/e_des.c | 118 + src/lib/libssl/src/crypto/evp/e_des3.c | 165 + src/lib/libssl/src/crypto/evp/e_idea.c | 112 + src/lib/libssl/src/crypto/evp/e_rc2.c | 222 + src/lib/libssl/src/crypto/evp/e_rc5.c | 118 + src/lib/libssl/src/crypto/evp/evp_acnf.c | 74 + src/lib/libssl/src/crypto/evp/evp_locl.h | 168 + src/lib/libssl/src/crypto/evp/evp_pbe.c | 134 + src/lib/libssl/src/crypto/evp/evp_pkey.c | 298 + src/lib/libssl/src/crypto/evp/evp_test.c | 365 + src/lib/libssl/src/crypto/evp/evptests.txt | 82 + src/lib/libssl/src/crypto/evp/m_md4.c | 83 + src/lib/libssl/src/crypto/evp/openbsd_hw.c | 446 ++ src/lib/libssl/src/crypto/evp/p5_crpt.c | 146 + src/lib/libssl/src/crypto/evp/p5_crpt2.c | 247 + src/lib/libssl/src/crypto/idea/idea.h | 99 + src/lib/libssl/src/crypto/install.com | 128 + src/lib/libssl/src/crypto/krb5/krb5_asn.c | 167 + src/lib/libssl/src/crypto/krb5/krb5_asn.h | 256 + src/lib/libssl/src/crypto/md2/md2.h | 91 + src/lib/libssl/src/crypto/md32_common.h | 594 ++ src/lib/libssl/src/crypto/md4/md4.c | 127 + src/lib/libssl/src/crypto/md4/md4.h | 114 + src/lib/libssl/src/crypto/md4/md4_dgst.c | 285 + src/lib/libssl/src/crypto/md4/md4_locl.h | 154 + src/lib/libssl/src/crypto/md4/md4_one.c | 95 + src/lib/libssl/src/crypto/md4/md4s.cpp | 78 + src/lib/libssl/src/crypto/md4/md4test.c | 131 + src/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S | 1029 +++ src/lib/libssl/src/crypto/mem_dbg.c | 703 ++ src/lib/libssl/src/crypto/o_time.c | 203 + src/lib/libssl/src/crypto/o_time.h | 66 + src/lib/libssl/src/crypto/objects/o_names.c | 243 + src/lib/libssl/src/crypto/objects/obj_mac.h | 1798 +++++ src/lib/libssl/src/crypto/objects/obj_mac.num | 392 ++ src/lib/libssl/src/crypto/objects/objects.README | 44 + src/lib/libssl/src/crypto/objects/objects.pl | 224 + src/lib/libssl/src/crypto/ocsp/ocsp.h | 619 ++ src/lib/libssl/src/crypto/ocsp/ocsp_asn.c | 182 + src/lib/libssl/src/crypto/ocsp/ocsp_cl.c | 370 ++ src/lib/libssl/src/crypto/ocsp/ocsp_err.c | 139 + src/lib/libssl/src/crypto/ocsp/ocsp_ext.c | 528 ++ src/lib/libssl/src/crypto/ocsp/ocsp_ht.c | 164 + src/lib/libssl/src/crypto/ocsp/ocsp_lib.c | 261 + src/lib/libssl/src/crypto/ocsp/ocsp_prn.c | 291 + src/lib/libssl/src/crypto/ocsp/ocsp_srv.c | 264 + src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c | 444 ++ src/lib/libssl/src/crypto/opensslconf.h.in | 142 + src/lib/libssl/src/crypto/opensslv.h | 21 + src/lib/libssl/src/crypto/ossl_typ.h | 120 + src/lib/libssl/src/crypto/pem/pem2.h | 60 + src/lib/libssl/src/crypto/pem/pem_oth.c | 85 + src/lib/libssl/src/crypto/pem/pem_pk8.c | 243 + src/lib/libssl/src/crypto/pem/pem_pkey.c | 139 + src/lib/libssl/src/crypto/pem/pem_x509.c | 69 + src/lib/libssl/src/crypto/pem/pem_xaux.c | 68 + src/lib/libssl/src/crypto/perlasm/alpha.pl | 434 ++ src/lib/libssl/src/crypto/perlasm/x86nasm.pl | 342 + src/lib/libssl/src/crypto/pkcs12/p12_add.c | 214 + src/lib/libssl/src/crypto/pkcs12/p12_asn.c | 125 + src/lib/libssl/src/crypto/pkcs12/p12_attr.c | 238 + src/lib/libssl/src/crypto/pkcs12/p12_crpt.c | 122 + src/lib/libssl/src/crypto/pkcs12/p12_crt.c | 159 + src/lib/libssl/src/crypto/pkcs12/p12_decr.c | 185 + src/lib/libssl/src/crypto/pkcs12/p12_init.c | 98 + src/lib/libssl/src/crypto/pkcs12/p12_key.c | 182 + src/lib/libssl/src/crypto/pkcs12/p12_kiss.c | 238 + src/lib/libssl/src/crypto/pkcs12/p12_mutl.c | 170 + src/lib/libssl/src/crypto/pkcs12/p12_npas.c | 212 + src/lib/libssl/src/crypto/pkcs12/p12_p8d.c | 68 + src/lib/libssl/src/crypto/pkcs12/p12_p8e.c | 97 + src/lib/libssl/src/crypto/pkcs12/p12_utl.c | 118 + src/lib/libssl/src/crypto/pkcs12/pk12err.c | 136 + src/lib/libssl/src/crypto/pkcs12/pkcs12.h | 337 + src/lib/libssl/src/crypto/pkcs7/bio_ber.c | 450 ++ src/lib/libssl/src/crypto/pkcs7/dec.c | 246 + src/lib/libssl/src/crypto/pkcs7/des.pem | 15 + src/lib/libssl/src/crypto/pkcs7/es1.pem | 66 + src/lib/libssl/src/crypto/pkcs7/example.c | 327 + src/lib/libssl/src/crypto/pkcs7/example.h | 57 + src/lib/libssl/src/crypto/pkcs7/info.pem | 57 + src/lib/libssl/src/crypto/pkcs7/infokey.pem | 9 + src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c | 213 + src/lib/libssl/src/crypto/pkcs7/pk7_attr.c | 85 + src/lib/libssl/src/crypto/pkcs7/pk7_mime.c | 673 ++ src/lib/libssl/src/crypto/pkcs7/pk7_smime.c | 427 ++ src/lib/libssl/src/crypto/pkcs7/t/3des.pem | 16 + src/lib/libssl/src/crypto/pkcs7/t/3dess.pem | 32 + src/lib/libssl/src/crypto/pkcs7/t/c.pem | 48 + src/lib/libssl/src/crypto/pkcs7/t/ff | 32 + src/lib/libssl/src/crypto/pkcs7/t/msie-e | 20 + src/lib/libssl/src/crypto/pkcs7/t/msie-e.pem | 22 + src/lib/libssl/src/crypto/pkcs7/t/msie-enc-01 | 62 + src/lib/libssl/src/crypto/pkcs7/t/msie-enc-01.pem | 66 + src/lib/libssl/src/crypto/pkcs7/t/msie-enc-02 | 90 + src/lib/libssl/src/crypto/pkcs7/t/msie-enc-02.pem | 106 + src/lib/libssl/src/crypto/pkcs7/t/msie-s-a-e | 91 + src/lib/libssl/src/crypto/pkcs7/t/msie-s-a-e.pem | 106 + src/lib/libssl/src/crypto/pkcs7/t/nav-smime | 157 + src/lib/libssl/src/crypto/pkcs7/t/s.pem | 57 + src/lib/libssl/src/crypto/pkcs7/t/server.pem | 57 + src/lib/libssl/src/crypto/rand/rand_egd.c | 110 + src/lib/libssl/src/crypto/rand/rand_err.c | 93 + src/lib/libssl/src/crypto/rand/rand_lcl.h | 184 + src/lib/libssl/src/crypto/rand/rand_lib.c | 98 + src/lib/libssl/src/crypto/rand/rand_os2.c | 147 + src/lib/libssl/src/crypto/rand/rand_unix.c | 274 + src/lib/libssl/src/crypto/rand/rand_vms.c | 135 + src/lib/libssl/src/crypto/rand/rand_win.c | 732 ++ src/lib/libssl/src/crypto/rc2/rc2.h | 99 + src/lib/libssl/src/crypto/rc2/tab.c | 86 + src/lib/libssl/src/crypto/rc4/rc4.h | 88 + src/lib/libssl/src/crypto/rc4/rc4_locl.h | 4 + src/lib/libssl/src/crypto/rsa/rsa_asn1.c | 121 + src/lib/libssl/src/crypto/rsa/rsa_chk.c | 184 + src/lib/libssl/src/crypto/rsa/rsa_null.c | 149 + src/lib/libssl/src/crypto/rsa/rsa_oaep.c | 162 + src/lib/libssl/src/crypto/rsa/rsa_test.c | 314 + src/lib/libssl/src/crypto/stack/safestack.h | 129 + src/lib/libssl/src/crypto/symhacks.h | 154 + src/lib/libssl/src/crypto/threads/README | 14 + src/lib/libssl/src/crypto/threads/profile.sh | 4 + src/lib/libssl/src/crypto/threads/ptest.bat | 4 + src/lib/libssl/src/crypto/threads/pthread.sh | 9 + src/lib/libssl/src/crypto/threads/pthread2.sh | 7 + src/lib/libssl/src/crypto/threads/pthreads-vms.com | 9 + src/lib/libssl/src/crypto/threads/purify.sh | 4 + src/lib/libssl/src/crypto/threads/solaris.sh | 4 + src/lib/libssl/src/crypto/threads/win32.bat | 4 + src/lib/libssl/src/crypto/tmdiff.h | 81 + src/lib/libssl/src/crypto/ui/ui.h | 387 ++ src/lib/libssl/src/crypto/ui/ui_compat.c | 67 + src/lib/libssl/src/crypto/ui/ui_compat.h | 83 + src/lib/libssl/src/crypto/ui/ui_err.c | 111 + src/lib/libssl/src/crypto/ui/ui_lib.c | 899 +++ src/lib/libssl/src/crypto/ui/ui_locl.h | 148 + src/lib/libssl/src/crypto/ui/ui_openssl.c | 661 ++ src/lib/libssl/src/crypto/ui/ui_util.c | 86 + src/lib/libssl/src/crypto/uid.c | 88 + src/lib/libssl/src/crypto/x509/x509_att.c | 326 + src/lib/libssl/src/crypto/x509/x509_trs.c | 263 + src/lib/libssl/src/crypto/x509/x509cset.c | 169 + src/lib/libssl/src/crypto/x509/x509spki.c | 121 + src/lib/libssl/src/crypto/x509v3/ext_dat.h | 97 + src/lib/libssl/src/crypto/x509v3/tabtest.c | 88 + src/lib/libssl/src/crypto/x509v3/v3_akey.c | 249 + src/lib/libssl/src/crypto/x509v3/v3_akeya.c | 72 + src/lib/libssl/src/crypto/x509v3/v3_alt.c | 402 ++ src/lib/libssl/src/crypto/x509v3/v3_bcons.c | 164 + src/lib/libssl/src/crypto/x509v3/v3_bitst.c | 147 + src/lib/libssl/src/crypto/x509v3/v3_conf.c | 366 + src/lib/libssl/src/crypto/x509v3/v3_cpols.c | 655 ++ src/lib/libssl/src/crypto/x509v3/v3_crld.c | 283 + src/lib/libssl/src/crypto/x509v3/v3_enum.c | 103 + src/lib/libssl/src/crypto/x509v3/v3_extku.c | 150 + src/lib/libssl/src/crypto/x509v3/v3_genn.c | 237 + src/lib/libssl/src/crypto/x509v3/v3_ia5.c | 116 + src/lib/libssl/src/crypto/x509v3/v3_info.c | 236 + src/lib/libssl/src/crypto/x509v3/v3_int.c | 79 + src/lib/libssl/src/crypto/x509v3/v3_lib.c | 177 + src/lib/libssl/src/crypto/x509v3/v3_ocsp.c | 272 + src/lib/libssl/src/crypto/x509v3/v3_pku.c | 151 + src/lib/libssl/src/crypto/x509v3/v3_prn.c | 135 + src/lib/libssl/src/crypto/x509v3/v3_purp.c | 456 ++ src/lib/libssl/src/crypto/x509v3/v3_skey.c | 156 + src/lib/libssl/src/crypto/x509v3/v3_sxnet.c | 340 + src/lib/libssl/src/crypto/x509v3/v3_utl.c | 418 ++ src/lib/libssl/src/crypto/x509v3/v3conf.c | 128 + src/lib/libssl/src/crypto/x509v3/v3err.c | 171 + src/lib/libssl/src/crypto/x509v3/v3prin.c | 101 + src/lib/libssl/src/demos/asn1/README.ASN1 | 7 + src/lib/libssl/src/demos/asn1/ocsp.c | 366 + src/lib/libssl/src/demos/bio/Makefile | 16 + src/lib/libssl/src/demos/easy_tls/Makefile | 123 + src/lib/libssl/src/demos/easy_tls/README | 65 + src/lib/libssl/src/demos/easy_tls/cacerts.pem | 18 + src/lib/libssl/src/demos/easy_tls/cert.pem | 31 + src/lib/libssl/src/demos/easy_tls/easy-tls.c | 1235 ++++ src/lib/libssl/src/demos/easy_tls/easy-tls.h | 57 + src/lib/libssl/src/demos/easy_tls/test.c | 244 + src/lib/libssl/src/demos/easy_tls/test.h | 11 + src/lib/libssl/src/demos/eay/Makefile | 24 + src/lib/libssl/src/demos/eay/base64.c | 49 + src/lib/libssl/src/demos/eay/conn.c | 105 + src/lib/libssl/src/demos/eay/loadrsa.c | 53 + src/lib/libssl/src/demos/pkcs12/README | 3 + src/lib/libssl/src/demos/pkcs12/pkread.c | 61 + src/lib/libssl/src/demos/pkcs12/pkwrite.c | 46 + src/lib/libssl/src/demos/prime/Makefile | 20 + src/lib/libssl/src/demos/sign/Makefile | 15 + src/lib/libssl/src/demos/state_machine/Makefile | 9 + .../libssl/src/demos/state_machine/state_machine.c | 416 ++ src/lib/libssl/src/demos/tunala/A-client.pem | 84 + src/lib/libssl/src/demos/tunala/A-server.pem | 84 + src/lib/libssl/src/demos/tunala/CA.pem | 24 + src/lib/libssl/src/demos/tunala/INSTALL | 107 + src/lib/libssl/src/demos/tunala/Makefile | 41 + src/lib/libssl/src/demos/tunala/Makefile.am | 7 + src/lib/libssl/src/demos/tunala/README | 233 + src/lib/libssl/src/demos/tunala/autogunk.sh | 25 + src/lib/libssl/src/demos/tunala/autoungunk.sh | 18 + src/lib/libssl/src/demos/tunala/breakage.c | 66 + src/lib/libssl/src/demos/tunala/buffer.c | 205 + src/lib/libssl/src/demos/tunala/cb.c | 133 + src/lib/libssl/src/demos/tunala/configure.in | 28 + src/lib/libssl/src/demos/tunala/ip.c | 146 + src/lib/libssl/src/demos/tunala/sm.c | 151 + src/lib/libssl/src/demos/tunala/tunala.c | 1093 +++ src/lib/libssl/src/demos/tunala/tunala.h | 214 + src/lib/libssl/src/demos/x509/README | 3 + src/lib/libssl/src/demos/x509/mkcert.c | 168 + src/lib/libssl/src/demos/x509/mkreq.c | 157 + src/lib/libssl/src/doc/HOWTO/certificates.txt | 85 + src/lib/libssl/src/doc/README | 10 + src/lib/libssl/src/doc/apps/CA.pl.pod | 138 + src/lib/libssl/src/doc/apps/asn1parse.pod | 129 + src/lib/libssl/src/doc/apps/ca.pod | 479 ++ src/lib/libssl/src/doc/apps/ciphers.pod | 342 + src/lib/libssl/src/doc/apps/config.pod | 138 + src/lib/libssl/src/doc/apps/crl.pod | 117 + src/lib/libssl/src/doc/apps/crl2pkcs7.pod | 90 + src/lib/libssl/src/doc/apps/dgst.pod | 49 + src/lib/libssl/src/doc/apps/dhparam.pod | 115 + src/lib/libssl/src/doc/apps/dsa.pod | 150 + src/lib/libssl/src/doc/apps/dsaparam.pod | 102 + src/lib/libssl/src/doc/apps/enc.pod | 257 + src/lib/libssl/src/doc/apps/gendsa.pod | 58 + src/lib/libssl/src/doc/apps/genrsa.pod | 85 + src/lib/libssl/src/doc/apps/nseq.pod | 70 + src/lib/libssl/src/doc/apps/ocsp.pod | 348 + src/lib/libssl/src/doc/apps/openssl.pod | 298 + src/lib/libssl/src/doc/apps/passwd.pod | 69 + src/lib/libssl/src/doc/apps/pkcs12.pod | 310 + src/lib/libssl/src/doc/apps/pkcs7.pod | 97 + src/lib/libssl/src/doc/apps/pkcs8.pod | 235 + src/lib/libssl/src/doc/apps/rand.pod | 50 + src/lib/libssl/src/doc/apps/req.pod | 528 ++ src/lib/libssl/src/doc/apps/rsa.pod | 156 + src/lib/libssl/src/doc/apps/rsautl.pod | 183 + src/lib/libssl/src/doc/apps/s_client.pod | 213 + src/lib/libssl/src/doc/apps/s_server.pod | 265 + src/lib/libssl/src/doc/apps/sess_id.pod | 151 + src/lib/libssl/src/doc/apps/smime.pod | 325 + src/lib/libssl/src/doc/apps/speed.pod | 45 + src/lib/libssl/src/doc/apps/spkac.pod | 127 + src/lib/libssl/src/doc/apps/verify.pod | 273 + src/lib/libssl/src/doc/apps/version.pod | 56 + src/lib/libssl/src/doc/apps/x509.pod | 543 ++ src/lib/libssl/src/doc/c-indentation.el | 36 + src/lib/libssl/src/doc/crypto/BIO_ctrl.pod | 128 + src/lib/libssl/src/doc/crypto/BIO_f_base64.pod | 82 + src/lib/libssl/src/doc/crypto/BIO_f_buffer.pod | 69 + src/lib/libssl/src/doc/crypto/BIO_f_cipher.pod | 76 + src/lib/libssl/src/doc/crypto/BIO_f_md.pod | 138 + src/lib/libssl/src/doc/crypto/BIO_f_null.pod | 32 + src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod | 313 + src/lib/libssl/src/doc/crypto/BIO_find_type.pod | 98 + src/lib/libssl/src/doc/crypto/BIO_new.pod | 65 + src/lib/libssl/src/doc/crypto/BIO_push.pod | 69 + src/lib/libssl/src/doc/crypto/BIO_read.pod | 66 + src/lib/libssl/src/doc/crypto/BIO_s_accept.pod | 184 + src/lib/libssl/src/doc/crypto/BIO_s_bio.pod | 130 + src/lib/libssl/src/doc/crypto/BIO_s_connect.pod | 182 + src/lib/libssl/src/doc/crypto/BIO_s_fd.pod | 89 + src/lib/libssl/src/doc/crypto/BIO_s_file.pod | 144 + src/lib/libssl/src/doc/crypto/BIO_s_mem.pod | 115 + src/lib/libssl/src/doc/crypto/BIO_s_null.pod | 37 + src/lib/libssl/src/doc/crypto/BIO_s_socket.pod | 61 + src/lib/libssl/src/doc/crypto/BIO_set_callback.pod | 108 + src/lib/libssl/src/doc/crypto/BIO_should_retry.pod | 114 + src/lib/libssl/src/doc/crypto/BN_CTX_new.pod | 53 + src/lib/libssl/src/doc/crypto/BN_CTX_start.pod | 51 + src/lib/libssl/src/doc/crypto/BN_add.pod | 99 + src/lib/libssl/src/doc/crypto/BN_add_word.pod | 57 + src/lib/libssl/src/doc/crypto/BN_bn2bin.pod | 95 + src/lib/libssl/src/doc/crypto/BN_cmp.pod | 48 + src/lib/libssl/src/doc/crypto/BN_copy.pod | 34 + .../libssl/src/doc/crypto/BN_generate_prime.pod | 102 + src/lib/libssl/src/doc/crypto/BN_mod_inverse.pod | 36 + .../src/doc/crypto/BN_mod_mul_montgomery.pod | 95 + .../src/doc/crypto/BN_mod_mul_reciprocal.pod | 81 + src/lib/libssl/src/doc/crypto/BN_new.pod | 53 + src/lib/libssl/src/doc/crypto/BN_num_bytes.pod | 37 + src/lib/libssl/src/doc/crypto/BN_rand.pod | 45 + src/lib/libssl/src/doc/crypto/BN_set_bit.pod | 66 + src/lib/libssl/src/doc/crypto/BN_swap.pod | 23 + src/lib/libssl/src/doc/crypto/BN_zero.pod | 55 + .../libssl/src/doc/crypto/CRYPTO_set_ex_data.pod | 51 + src/lib/libssl/src/doc/crypto/DH_generate_key.pod | 50 + .../src/doc/crypto/DH_generate_parameters.pod | 72 + .../libssl/src/doc/crypto/DH_get_ex_new_index.pod | 36 + src/lib/libssl/src/doc/crypto/DH_new.pod | 40 + src/lib/libssl/src/doc/crypto/DH_set_method.pod | 99 + src/lib/libssl/src/doc/crypto/DH_size.pod | 33 + src/lib/libssl/src/doc/crypto/DSA_SIG_new.pod | 39 + src/lib/libssl/src/doc/crypto/DSA_do_sign.pod | 47 + src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod | 36 + src/lib/libssl/src/doc/crypto/DSA_generate_key.pod | 33 + .../src/doc/crypto/DSA_generate_parameters.pod | 105 + .../libssl/src/doc/crypto/DSA_get_ex_new_index.pod | 36 + src/lib/libssl/src/doc/crypto/DSA_new.pod | 41 + src/lib/libssl/src/doc/crypto/DSA_set_method.pod | 111 + src/lib/libssl/src/doc/crypto/DSA_sign.pod | 66 + src/lib/libssl/src/doc/crypto/DSA_size.pod | 33 + src/lib/libssl/src/doc/crypto/ERR_GET_LIB.pod | 51 + src/lib/libssl/src/doc/crypto/ERR_clear_error.pod | 29 + src/lib/libssl/src/doc/crypto/ERR_error_string.pod | 65 + src/lib/libssl/src/doc/crypto/ERR_get_error.pod | 62 + .../src/doc/crypto/ERR_load_crypto_strings.pod | 46 + src/lib/libssl/src/doc/crypto/ERR_load_strings.pod | 54 + src/lib/libssl/src/doc/crypto/ERR_print_errors.pod | 51 + src/lib/libssl/src/doc/crypto/ERR_put_error.pod | 44 + src/lib/libssl/src/doc/crypto/ERR_remove_state.pod | 34 + src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod | 67 + src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod | 197 + src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod | 224 + src/lib/libssl/src/doc/crypto/EVP_OpenInit.pod | 51 + src/lib/libssl/src/doc/crypto/EVP_SealInit.pod | 70 + src/lib/libssl/src/doc/crypto/EVP_SignInit.pod | 85 + src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod | 71 + .../src/doc/crypto/OPENSSL_VERSION_NUMBER.pod | 46 + .../src/doc/crypto/OpenSSL_add_all_algorithms.pod | 65 + src/lib/libssl/src/doc/crypto/RAND_add.pod | 68 + src/lib/libssl/src/doc/crypto/RAND_bytes.pod | 46 + src/lib/libssl/src/doc/crypto/RAND_cleanup.pod | 29 + src/lib/libssl/src/doc/crypto/RAND_egd.pod | 38 + src/lib/libssl/src/doc/crypto/RAND_load_file.pod | 53 + .../libssl/src/doc/crypto/RAND_set_rand_method.pod | 57 + src/lib/libssl/src/doc/crypto/RSA_blinding_on.pod | 43 + src/lib/libssl/src/doc/crypto/RSA_check_key.pod | 39 + src/lib/libssl/src/doc/crypto/RSA_generate_key.pod | 68 + .../libssl/src/doc/crypto/RSA_get_ex_new_index.pod | 122 + src/lib/libssl/src/doc/crypto/RSA_new.pod | 38 + .../doc/crypto/RSA_padding_add_PKCS1_type_1.pod | 124 + src/lib/libssl/src/doc/crypto/RSA_print.pod | 48 + .../libssl/src/doc/crypto/RSA_private_encrypt.pod | 69 + .../libssl/src/doc/crypto/RSA_public_encrypt.pod | 86 + src/lib/libssl/src/doc/crypto/RSA_set_method.pod | 153 + src/lib/libssl/src/doc/crypto/RSA_sign.pod | 62 + .../src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod | 59 + src/lib/libssl/src/doc/crypto/RSA_size.pod | 33 + src/lib/libssl/src/doc/crypto/bio.pod | 54 + src/lib/libssl/src/doc/crypto/blowfish.pod | 106 + src/lib/libssl/src/doc/crypto/bn.pod | 148 + src/lib/libssl/src/doc/crypto/bn_internal.pod | 225 + src/lib/libssl/src/doc/crypto/buffer.pod | 73 + src/lib/libssl/src/doc/crypto/crypto.pod | 67 + src/lib/libssl/src/doc/crypto/d2i_DHparams.pod | 30 + src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod | 39 + src/lib/libssl/src/doc/crypto/des.pod | 376 ++ src/lib/libssl/src/doc/crypto/des_modes.pod | 250 + src/lib/libssl/src/doc/crypto/dh.pod | 68 + src/lib/libssl/src/doc/crypto/dsa.pod | 104 + src/lib/libssl/src/doc/crypto/err.pod | 187 + src/lib/libssl/src/doc/crypto/evp.pod | 37 + src/lib/libssl/src/doc/crypto/hmac.pod | 75 + src/lib/libssl/src/doc/crypto/lh_stats.pod | 60 + src/lib/libssl/src/doc/crypto/lhash.pod | 155 + src/lib/libssl/src/doc/crypto/md5.pod | 85 + src/lib/libssl/src/doc/crypto/mdc2.pod | 64 + src/lib/libssl/src/doc/crypto/pem.pod | 476 ++ src/lib/libssl/src/doc/crypto/rand.pod | 158 + src/lib/libssl/src/doc/crypto/rc4.pod | 62 + src/lib/libssl/src/doc/crypto/ripemd.pod | 66 + src/lib/libssl/src/doc/crypto/rsa.pod | 115 + src/lib/libssl/src/doc/crypto/sha.pod | 70 + src/lib/libssl/src/doc/crypto/threads.pod | 70 + src/lib/libssl/src/doc/crypto/ui.pod | 194 + src/lib/libssl/src/doc/crypto/ui_compat.pod | 55 + src/lib/libssl/src/doc/openssl.txt | 1174 ++++ src/lib/libssl/src/doc/openssl_button.gif | Bin 0 -> 2063 bytes src/lib/libssl/src/doc/openssl_button.html | 7 + src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod | 57 + .../doc/ssl/SSL_COMP_add_compression_method.pod | 70 + .../src/doc/ssl/SSL_CTX_add_extra_chain_cert.pod | 38 + src/lib/libssl/src/doc/ssl/SSL_CTX_add_session.pod | 65 + src/lib/libssl/src/doc/ssl/SSL_CTX_ctrl.pod | 34 + .../libssl/src/doc/ssl/SSL_CTX_flush_sessions.pod | 49 + src/lib/libssl/src/doc/ssl/SSL_CTX_free.pod | 29 + .../src/doc/ssl/SSL_CTX_get_ex_new_index.pod | 53 + .../libssl/src/doc/ssl/SSL_CTX_get_verify_mode.pod | 50 + .../src/doc/ssl/SSL_CTX_load_verify_locations.pod | 124 + src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod | 93 + src/lib/libssl/src/doc/ssl/SSL_CTX_sess_number.pod | 76 + .../src/doc/ssl/SSL_CTX_sess_set_cache_size.pod | 51 + .../libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod | 81 + src/lib/libssl/src/doc/ssl/SSL_CTX_sessions.pod | 34 + .../libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod | 57 + .../doc/ssl/SSL_CTX_set_cert_verify_callback.pod | 75 + .../libssl/src/doc/ssl/SSL_CTX_set_cipher_list.pod | 52 + .../src/doc/ssl/SSL_CTX_set_client_CA_list.pod | 90 + .../src/doc/ssl/SSL_CTX_set_client_cert_cb.pod | 90 + .../src/doc/ssl/SSL_CTX_set_default_passwd_cb.pod | 70 + .../doc/ssl/SSL_CTX_set_generate_session_id.pod | 150 + .../src/doc/ssl/SSL_CTX_set_info_callback.pod | 153 + .../src/doc/ssl/SSL_CTX_set_max_cert_list.pod | 77 + src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod | 78 + .../src/doc/ssl/SSL_CTX_set_msg_callback.pod | 97 + src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod | 183 + .../src/doc/ssl/SSL_CTX_set_quiet_shutdown.pod | 63 + .../src/doc/ssl/SSL_CTX_set_session_cache_mode.pod | 107 + .../src/doc/ssl/SSL_CTX_set_session_id_context.pod | 82 + .../libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod | 60 + src/lib/libssl/src/doc/ssl/SSL_CTX_set_timeout.pod | 55 + .../src/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 170 + .../src/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 166 + src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod | 284 + .../libssl/src/doc/ssl/SSL_CTX_use_certificate.pod | 154 + src/lib/libssl/src/doc/ssl/SSL_SESSION_free.pod | 25 + .../src/doc/ssl/SSL_SESSION_get_ex_new_index.pod | 61 + .../libssl/src/doc/ssl/SSL_SESSION_get_time.pod | 63 + src/lib/libssl/src/doc/ssl/SSL_accept.pod | 72 + .../libssl/src/doc/ssl/SSL_alert_type_string.pod | 228 + src/lib/libssl/src/doc/ssl/SSL_clear.pod | 39 + src/lib/libssl/src/doc/ssl/SSL_connect.pod | 69 + src/lib/libssl/src/doc/ssl/SSL_free.pod | 33 + src/lib/libssl/src/doc/ssl/SSL_get_SSL_CTX.pod | 26 + src/lib/libssl/src/doc/ssl/SSL_get_ciphers.pod | 42 + .../libssl/src/doc/ssl/SSL_get_client_CA_list.pod | 52 + .../libssl/src/doc/ssl/SSL_get_current_cipher.pod | 43 + .../libssl/src/doc/ssl/SSL_get_default_timeout.pod | 41 + src/lib/libssl/src/doc/ssl/SSL_get_error.pod | 91 + .../doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod | 61 + .../libssl/src/doc/ssl/SSL_get_ex_new_index.pod | 59 + src/lib/libssl/src/doc/ssl/SSL_get_fd.pod | 44 + .../libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod | 52 + .../src/doc/ssl/SSL_get_peer_certificate.pod | 48 + src/lib/libssl/src/doc/ssl/SSL_get_rbio.pod | 40 + src/lib/libssl/src/doc/ssl/SSL_get_session.pod | 48 + .../libssl/src/doc/ssl/SSL_get_verify_result.pod | 57 + src/lib/libssl/src/doc/ssl/SSL_get_version.pod | 46 + src/lib/libssl/src/doc/ssl/SSL_library_init.pod | 52 + .../libssl/src/doc/ssl/SSL_load_client_CA_file.pod | 62 + src/lib/libssl/src/doc/ssl/SSL_new.pod | 42 + src/lib/libssl/src/doc/ssl/SSL_pending.pod | 30 + src/lib/libssl/src/doc/ssl/SSL_read.pod | 77 + src/lib/libssl/src/doc/ssl/SSL_rstate_string.pod | 59 + src/lib/libssl/src/doc/ssl/SSL_session_reused.pod | 45 + src/lib/libssl/src/doc/ssl/SSL_set_bio.pod | 34 + .../libssl/src/doc/ssl/SSL_set_connect_state.pod | 47 + src/lib/libssl/src/doc/ssl/SSL_set_fd.pod | 54 + src/lib/libssl/src/doc/ssl/SSL_set_session.pod | 45 + src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod | 68 + .../libssl/src/doc/ssl/SSL_set_verify_result.pod | 38 + src/lib/libssl/src/doc/ssl/SSL_shutdown.pod | 62 + src/lib/libssl/src/doc/ssl/SSL_state_string.pod | 45 + src/lib/libssl/src/doc/ssl/SSL_want.pod | 77 + src/lib/libssl/src/doc/ssl/SSL_write.pod | 76 + src/lib/libssl/src/doc/ssl/d2i_SSL_SESSION.pod | 56 + src/lib/libssl/src/doc/ssl/ssl.pod | 634 ++ src/lib/libssl/src/doc/ssleay.txt | 7014 ++++++++++++++++++++ src/lib/libssl/src/doc/standards.txt | 121 + src/lib/libssl/src/e_os2.h | 38 + src/lib/libssl/src/install.com | 88 + src/lib/libssl/src/ms/bcb4.bat | 6 + src/lib/libssl/src/ms/do_masm.bat | 68 + src/lib/libssl/src/ms/do_nasm.bat | 69 + src/lib/libssl/src/ms/do_nt.bat | 7 + src/lib/libssl/src/ms/mingw32.bat | 92 + src/lib/libssl/src/ms/mw.bat | 31 + src/lib/libssl/src/ms/tlhelp32.h | 136 + src/lib/libssl/src/ms/x86asm.bat | 57 + src/lib/libssl/src/openssl.doxy | 7 + src/lib/libssl/src/openssl.spec | 213 + src/lib/libssl/src/os2/OS2-EMX.cmd | 61 + src/lib/libssl/src/shlib/Makefile.hpux10-cc | 51 + src/lib/libssl/src/shlib/hpux10-cc.sh | 90 + src/lib/libssl/src/shlib/solaris-sc4.sh | 42 + src/lib/libssl/src/shlib/svr5-shared-gcc.sh | 48 + src/lib/libssl/src/shlib/svr5-shared-installed | 28 + src/lib/libssl/src/shlib/svr5-shared.sh | 48 + src/lib/libssl/src/ssl/install.com | 102 + src/lib/libssl/src/ssl/kssl.c | 2195 ++++++ src/lib/libssl/src/ssl/kssl.h | 173 + src/lib/libssl/src/ssl/kssl_lcl.h | 87 + src/lib/libssl/src/ssl/ssl-lib.com | 1200 ++++ src/lib/libssl/src/test/VMSca-response.1 | 1 + src/lib/libssl/src/test/VMSca-response.2 | 2 + src/lib/libssl/src/test/bctest | 111 + src/lib/libssl/src/test/maketests.com | 1053 +++ src/lib/libssl/src/test/tcrl.com | 78 + src/lib/libssl/src/test/testca.com | 76 + src/lib/libssl/src/test/testenc.com | 50 + src/lib/libssl/src/test/testgen.com | 35 + src/lib/libssl/src/test/tests.com | 203 + src/lib/libssl/src/test/testss.com | 105 + src/lib/libssl/src/test/testssl.com | 111 + src/lib/libssl/src/test/tpkcs7.com | 49 + src/lib/libssl/src/test/tpkcs7d.com | 42 + src/lib/libssl/src/test/treq.com | 78 + src/lib/libssl/src/test/trsa.com | 78 + src/lib/libssl/src/test/tsid.com | 78 + src/lib/libssl/src/test/tverify.com | 26 + src/lib/libssl/src/test/tx509.com | 78 + src/lib/libssl/src/times/091/486-50.nt | 30 + src/lib/libssl/src/times/091/586-100.lnx | 32 + src/lib/libssl/src/times/091/68000.bsd | 32 + src/lib/libssl/src/times/091/686-200.lnx | 32 + src/lib/libssl/src/times/091/alpha064.osf | 32 + src/lib/libssl/src/times/091/alpha164.lnx | 32 + src/lib/libssl/src/times/091/alpha164.osf | 31 + src/lib/libssl/src/times/091/mips-rel.pl | 21 + src/lib/libssl/src/times/091/r10000.irx | 37 + src/lib/libssl/src/times/091/r3000.ult | 32 + src/lib/libssl/src/times/091/r4400.irx | 32 + src/lib/libssl/src/times/x86/md4s.cpp | 78 + src/lib/libssl/src/tools/c89.sh | 15 + src/lib/libssl/src/tools/c_rehash.in | 61 + src/lib/libssl/src/util/clean-depend.pl | 38 + src/lib/libssl/src/util/cygwin.sh | 125 + src/lib/libssl/src/util/domd | 11 + src/lib/libssl/src/util/mkdir-p.pl | 33 + src/lib/libssl/src/util/mkerr.pl | 503 ++ src/lib/libssl/src/util/mkfiles.pl | 110 + src/lib/libssl/src/util/mklink.pl | 55 + src/lib/libssl/src/util/mkstack.pl | 124 + src/lib/libssl/src/util/pl/Mingw32.pl | 79 + src/lib/libssl/src/util/pl/OS2-EMX.pl | 96 + src/lib/libssl/src/util/pl/ultrix.pl | 38 + src/lib/libssl/src/util/pod2man.pl | 1181 ++++ src/lib/libssl/src/util/selftest.pl | 174 + 803 files changed, 170380 insertions(+) create mode 100644 src/lib/libssl/src/CHANGES create mode 100644 src/lib/libssl/src/CHANGES.SSLeay create mode 100644 src/lib/libssl/src/FAQ create mode 100644 src/lib/libssl/src/INSTALL.MacOS create mode 100644 src/lib/libssl/src/INSTALL.OS2 create mode 100644 src/lib/libssl/src/INSTALL.VMS create mode 100644 src/lib/libssl/src/INSTALL.W32 create mode 100644 src/lib/libssl/src/LICENSE create mode 100644 src/lib/libssl/src/MacOS/GUSI_Init.cpp create mode 100644 src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp create mode 100644 src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp create mode 100644 src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp create mode 100644 src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp create mode 100644 src/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp create mode 100644 src/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp create mode 100644 src/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h create mode 100644 src/lib/libssl/src/MacOS/OpenSSL.mcp.hqx create mode 100644 src/lib/libssl/src/MacOS/Randomizer.cpp create mode 100644 src/lib/libssl/src/MacOS/Randomizer.h create mode 100644 src/lib/libssl/src/MacOS/TODO create mode 100644 src/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h create mode 100644 src/lib/libssl/src/MacOS/_MWERKS_prefix.h create mode 100644 src/lib/libssl/src/MacOS/buildinf.h create mode 100644 src/lib/libssl/src/MacOS/mklinks.as.hqx create mode 100644 src/lib/libssl/src/MacOS/opensslconf.h create mode 100644 src/lib/libssl/src/Makefile.org create mode 100644 src/lib/libssl/src/NEWS create mode 100644 src/lib/libssl/src/README.ASN1 create mode 100644 src/lib/libssl/src/README.ENGINE create mode 100644 src/lib/libssl/src/VMS/TODO create mode 100644 src/lib/libssl/src/VMS/WISHLIST.TXT create mode 100644 src/lib/libssl/src/VMS/install.com create mode 100644 src/lib/libssl/src/VMS/mkshared.com create mode 100644 src/lib/libssl/src/VMS/multinet_shr.opt create mode 100644 src/lib/libssl/src/VMS/openssl_utils.com create mode 100644 src/lib/libssl/src/VMS/socketshr_shr.opt create mode 100644 src/lib/libssl/src/VMS/test-includes.com create mode 100644 src/lib/libssl/src/VMS/ucx_shr_decc.opt create mode 100644 src/lib/libssl/src/VMS/ucx_shr_decc_log.opt create mode 100644 src/lib/libssl/src/VMS/ucx_shr_vaxc.opt create mode 100644 src/lib/libssl/src/apps/CA.com create mode 100644 src/lib/libssl/src/apps/CA.pl create mode 100644 src/lib/libssl/src/apps/CA.pl.in create mode 100644 src/lib/libssl/src/apps/app_rand.c create mode 100644 src/lib/libssl/src/apps/dh2048.pem create mode 100644 src/lib/libssl/src/apps/dh4096.pem create mode 100644 src/lib/libssl/src/apps/dh512.pem create mode 100644 src/lib/libssl/src/apps/dhparam.c create mode 100644 src/lib/libssl/src/apps/engine.c create mode 100644 src/lib/libssl/src/apps/install.com create mode 100644 src/lib/libssl/src/apps/makeapps.com create mode 100644 src/lib/libssl/src/apps/nseq.c create mode 100644 src/lib/libssl/src/apps/ocsp.c create mode 100644 src/lib/libssl/src/apps/oid.cnf create mode 100644 src/lib/libssl/src/apps/openssl-vms.cnf create mode 100644 src/lib/libssl/src/apps/openssl.c create mode 100644 src/lib/libssl/src/apps/openssl.cnf create mode 100644 src/lib/libssl/src/apps/passwd.c create mode 100644 src/lib/libssl/src/apps/pkcs12.c create mode 100644 src/lib/libssl/src/apps/pkcs8.c create mode 100644 src/lib/libssl/src/apps/progs.pl create mode 100644 src/lib/libssl/src/apps/rand.c create mode 100644 src/lib/libssl/src/apps/rsautl.c create mode 100644 src/lib/libssl/src/apps/smime.c create mode 100644 src/lib/libssl/src/apps/spkac.c create mode 100644 src/lib/libssl/src/apps/winrand.c create mode 100644 src/lib/libssl/src/bugs/ultrixcc.c create mode 100644 src/lib/libssl/src/certs/RegTP-5R.pem create mode 100644 src/lib/libssl/src/certs/RegTP-6R.pem create mode 100644 src/lib/libssl/src/certs/expired/ICE-CA.pem create mode 100644 src/lib/libssl/src/certs/expired/ICE-root.pem create mode 100644 src/lib/libssl/src/certs/expired/ICE-user.pem create mode 100644 src/lib/libssl/src/certs/expired/ICE.crl create mode 100644 src/lib/libssl/src/certs/expired/rsa-ssca.pem create mode 100644 src/lib/libssl/src/certs/vsignss.pem create mode 100644 src/lib/libssl/src/crypto/aes/README create mode 100644 src/lib/libssl/src/crypto/aes/aes.h create mode 100644 src/lib/libssl/src/crypto/aes/aes_cbc.c create mode 100644 src/lib/libssl/src/crypto/aes/aes_cfb.c create mode 100644 src/lib/libssl/src/crypto/aes/aes_core.c create mode 100644 src/lib/libssl/src/crypto/aes/aes_ctr.c create mode 100644 src/lib/libssl/src/crypto/aes/aes_ecb.c create mode 100644 src/lib/libssl/src/crypto/aes/aes_locl.h create mode 100644 src/lib/libssl/src/crypto/aes/aes_misc.c create mode 100644 src/lib/libssl/src/crypto/aes/aes_ofb.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_enum.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_gentm.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_mbstr.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_strex.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_strnid.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_time.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_utf8.c create mode 100644 src/lib/libssl/src/crypto/asn1/asn1t.h create mode 100644 src/lib/libssl/src/crypto/asn1/asn_moid.c create mode 100644 src/lib/libssl/src/crypto/asn1/asn_pack.c create mode 100644 src/lib/libssl/src/crypto/asn1/charmap.h create mode 100644 src/lib/libssl/src/crypto/asn1/charmap.pl create mode 100644 src/lib/libssl/src/crypto/asn1/f_enum.c create mode 100644 src/lib/libssl/src/crypto/asn1/nsseq.c create mode 100644 src/lib/libssl/src/crypto/asn1/p5_pbe.c create mode 100644 src/lib/libssl/src/crypto/asn1/p5_pbev2.c create mode 100644 src/lib/libssl/src/crypto/asn1/p8_key.c create mode 100644 src/lib/libssl/src/crypto/asn1/p8_pkey.c create mode 100644 src/lib/libssl/src/crypto/asn1/t_bitst.c create mode 100644 src/lib/libssl/src/crypto/asn1/t_crl.c create mode 100644 src/lib/libssl/src/crypto/asn1/t_spki.c create mode 100644 src/lib/libssl/src/crypto/asn1/t_x509a.c create mode 100644 src/lib/libssl/src/crypto/asn1/tasn_dec.c create mode 100644 src/lib/libssl/src/crypto/asn1/tasn_enc.c create mode 100644 src/lib/libssl/src/crypto/asn1/tasn_fre.c create mode 100644 src/lib/libssl/src/crypto/asn1/tasn_new.c create mode 100644 src/lib/libssl/src/crypto/asn1/tasn_prn.c create mode 100644 src/lib/libssl/src/crypto/asn1/tasn_typ.c create mode 100644 src/lib/libssl/src/crypto/asn1/tasn_utl.c create mode 100644 src/lib/libssl/src/crypto/asn1/x_bignum.c create mode 100644 src/lib/libssl/src/crypto/asn1/x_long.c create mode 100644 src/lib/libssl/src/crypto/asn1/x_x509a.c create mode 100644 src/lib/libssl/src/crypto/bf/bf_locl.h create mode 100644 src/lib/libssl/src/crypto/bio/bf_lbuf.c create mode 100644 src/lib/libssl/src/crypto/bio/bss_bio.c create mode 100644 src/lib/libssl/src/crypto/bio/bss_log.c create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.s.works create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/add.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/div.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/mul.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/mul_add.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/mul_c4.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/mul_c4.works.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/mul_c8.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/sqr.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/sqr_c4.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/sqr_c8.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.works/sub.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/add.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/div.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/mul.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/mul_add.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/mul_c4.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/mul_c4.works.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/mul_c8.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/sqr.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/sqr_c4.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/sqr_c8.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha/sub.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/bn-alpha.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/ca.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/co-586.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/co-alpha.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/ia64.S create mode 100644 src/lib/libssl/src/crypto/bn/asm/mips1.s create mode 100644 src/lib/libssl/src/crypto/bn/asm/mips3.s create mode 100644 src/lib/libssl/src/crypto/bn/asm/pa-risc2W.s create mode 100644 src/lib/libssl/src/crypto/bn/asm/sparcv8.S create mode 100644 src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S create mode 100644 src/lib/libssl/src/crypto/bn/asm/vms.mar create mode 100644 src/lib/libssl/src/crypto/bn/asm/x86.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/x86/add.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/x86/comba.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/x86/div.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/x86/f create mode 100644 src/lib/libssl/src/crypto/bn/asm/x86/mul.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/x86/mul_add.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/x86/sqr.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/x86/sub.pl create mode 100644 src/lib/libssl/src/crypto/bn/bn.h create mode 100644 src/lib/libssl/src/crypto/bn/bn.mul create mode 100644 src/lib/libssl/src/crypto/bn/bn_asm.c create mode 100644 src/lib/libssl/src/crypto/bn/bn_ctx.c create mode 100644 src/lib/libssl/src/crypto/bn/bn_exp2.c create mode 100644 src/lib/libssl/src/crypto/bn/bn_kron.c create mode 100644 src/lib/libssl/src/crypto/bn/bn_sqrt.c create mode 100644 src/lib/libssl/src/crypto/bn/divtest.c create mode 100644 src/lib/libssl/src/crypto/bn/exp.c create mode 100644 src/lib/libssl/src/crypto/bn/todo create mode 100644 src/lib/libssl/src/crypto/bn/vms-helper.c create mode 100644 src/lib/libssl/src/crypto/comp/c_rle.c create mode 100644 src/lib/libssl/src/crypto/comp/c_zlib.c create mode 100644 src/lib/libssl/src/crypto/comp/comp.h create mode 100644 src/lib/libssl/src/crypto/comp/comp_err.c create mode 100644 src/lib/libssl/src/crypto/comp/comp_lib.c create mode 100644 src/lib/libssl/src/crypto/conf/README create mode 100644 src/lib/libssl/src/crypto/conf/conf_api.c create mode 100644 src/lib/libssl/src/crypto/conf/conf_api.h create mode 100644 src/lib/libssl/src/crypto/conf/conf_def.c create mode 100644 src/lib/libssl/src/crypto/conf/conf_def.h create mode 100644 src/lib/libssl/src/crypto/conf/conf_lib.c create mode 100644 src/lib/libssl/src/crypto/conf/conf_mall.c create mode 100644 src/lib/libssl/src/crypto/conf/conf_mod.c create mode 100644 src/lib/libssl/src/crypto/conf/conf_sap.c create mode 100644 src/lib/libssl/src/crypto/crypto-lib.com create mode 100644 src/lib/libssl/src/crypto/des/des-lib.com create mode 100644 src/lib/libssl/src/crypto/des/des.h create mode 100644 src/lib/libssl/src/crypto/des/des.pod create mode 100644 src/lib/libssl/src/crypto/des/des_locl.h create mode 100644 src/lib/libssl/src/crypto/des/des_old.c create mode 100644 src/lib/libssl/src/crypto/des/des_old.h create mode 100644 src/lib/libssl/src/crypto/des/des_old2.c create mode 100644 src/lib/libssl/src/crypto/des/ede_cbcm_enc.c create mode 100644 src/lib/libssl/src/crypto/dh/dh_asn1.c create mode 100644 src/lib/libssl/src/crypto/dsa/dsa_asn1.c create mode 100644 src/lib/libssl/src/crypto/dsa/dsa_ossl.c create mode 100644 src/lib/libssl/src/crypto/dso/README create mode 100644 src/lib/libssl/src/crypto/dso/dso.h create mode 100644 src/lib/libssl/src/crypto/dso/dso_dl.c create mode 100644 src/lib/libssl/src/crypto/dso/dso_dlfcn.c create mode 100644 src/lib/libssl/src/crypto/dso/dso_err.c create mode 100644 src/lib/libssl/src/crypto/dso/dso_lib.c create mode 100644 src/lib/libssl/src/crypto/dso/dso_null.c create mode 100644 src/lib/libssl/src/crypto/dso/dso_openssl.c create mode 100644 src/lib/libssl/src/crypto/dso/dso_vms.c create mode 100644 src/lib/libssl/src/crypto/dso/dso_win32.c create mode 100644 src/lib/libssl/src/crypto/ebcdic.c create mode 100644 src/lib/libssl/src/crypto/ebcdic.h create mode 100644 src/lib/libssl/src/crypto/ec/ec.h create mode 100644 src/lib/libssl/src/crypto/ec/ec_cvt.c create mode 100644 src/lib/libssl/src/crypto/ec/ec_err.c create mode 100644 src/lib/libssl/src/crypto/ec/ec_lcl.h create mode 100644 src/lib/libssl/src/crypto/ec/ec_lib.c create mode 100644 src/lib/libssl/src/crypto/ec/ec_mult.c create mode 100644 src/lib/libssl/src/crypto/ec/ecp_mont.c create mode 100644 src/lib/libssl/src/crypto/ec/ecp_nist.c create mode 100644 src/lib/libssl/src/crypto/ec/ecp_recp.c create mode 100644 src/lib/libssl/src/crypto/ec/ecp_smpl.c create mode 100644 src/lib/libssl/src/crypto/ec/ectest.c create mode 100644 src/lib/libssl/src/crypto/engine/README create mode 100644 src/lib/libssl/src/crypto/engine/eng_all.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_cnf.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_ctrl.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_dyn.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_err.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_fat.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_init.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_int.h create mode 100644 src/lib/libssl/src/crypto/engine/eng_lib.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_list.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_openssl.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_pkey.c create mode 100644 src/lib/libssl/src/crypto/engine/eng_table.c create mode 100644 src/lib/libssl/src/crypto/engine/engine.h create mode 100644 src/lib/libssl/src/crypto/engine/enginetest.c create mode 100644 src/lib/libssl/src/crypto/engine/hw.ec create mode 100644 src/lib/libssl/src/crypto/engine/hw_4758_cca.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_4758_cca_err.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_4758_cca_err.h create mode 100644 src/lib/libssl/src/crypto/engine/hw_aep.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_aep_err.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_aep_err.h create mode 100644 src/lib/libssl/src/crypto/engine/hw_atalla.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_atalla_err.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_atalla_err.h create mode 100644 src/lib/libssl/src/crypto/engine/hw_cryptodev.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_cswift.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_cswift_err.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_cswift_err.h create mode 100644 src/lib/libssl/src/crypto/engine/hw_ncipher.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_ncipher_err.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_ncipher_err.h create mode 100644 src/lib/libssl/src/crypto/engine/hw_nuron.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_nuron_err.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_nuron_err.h create mode 100644 src/lib/libssl/src/crypto/engine/hw_sureware_err.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_sureware_err.h create mode 100644 src/lib/libssl/src/crypto/engine/hw_ubsec.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_ubsec_err.c create mode 100644 src/lib/libssl/src/crypto/engine/hw_ubsec_err.h create mode 100644 src/lib/libssl/src/crypto/engine/tb_cipher.c create mode 100644 src/lib/libssl/src/crypto/engine/tb_dh.c create mode 100644 src/lib/libssl/src/crypto/engine/tb_digest.c create mode 100644 src/lib/libssl/src/crypto/engine/tb_dsa.c create mode 100644 src/lib/libssl/src/crypto/engine/tb_rand.c create mode 100644 src/lib/libssl/src/crypto/engine/tb_rsa.c create mode 100644 src/lib/libssl/src/crypto/engine/vendor_defns/aep.h create mode 100644 src/lib/libssl/src/crypto/engine/vendor_defns/atalla.h create mode 100644 src/lib/libssl/src/crypto/engine/vendor_defns/cswift.h create mode 100644 src/lib/libssl/src/crypto/engine/vendor_defns/hw_4758_cca.h create mode 100644 src/lib/libssl/src/crypto/err/openssl.ec create mode 100644 src/lib/libssl/src/crypto/evp/bio_ok.c create mode 100644 src/lib/libssl/src/crypto/evp/c_allc.c create mode 100644 src/lib/libssl/src/crypto/evp/c_alld.c create mode 100644 src/lib/libssl/src/crypto/evp/e_aes.c create mode 100644 src/lib/libssl/src/crypto/evp/e_bf.c create mode 100644 src/lib/libssl/src/crypto/evp/e_cast.c create mode 100644 src/lib/libssl/src/crypto/evp/e_des.c create mode 100644 src/lib/libssl/src/crypto/evp/e_des3.c create mode 100644 src/lib/libssl/src/crypto/evp/e_idea.c create mode 100644 src/lib/libssl/src/crypto/evp/e_rc2.c create mode 100644 src/lib/libssl/src/crypto/evp/e_rc5.c create mode 100644 src/lib/libssl/src/crypto/evp/evp_acnf.c create mode 100644 src/lib/libssl/src/crypto/evp/evp_locl.h create mode 100644 src/lib/libssl/src/crypto/evp/evp_pbe.c create mode 100644 src/lib/libssl/src/crypto/evp/evp_pkey.c create mode 100644 src/lib/libssl/src/crypto/evp/evp_test.c create mode 100644 src/lib/libssl/src/crypto/evp/evptests.txt create mode 100644 src/lib/libssl/src/crypto/evp/m_md4.c create mode 100644 src/lib/libssl/src/crypto/evp/openbsd_hw.c create mode 100644 src/lib/libssl/src/crypto/evp/p5_crpt.c create mode 100644 src/lib/libssl/src/crypto/evp/p5_crpt2.c create mode 100644 src/lib/libssl/src/crypto/idea/idea.h create mode 100644 src/lib/libssl/src/crypto/install.com create mode 100644 src/lib/libssl/src/crypto/krb5/krb5_asn.c create mode 100644 src/lib/libssl/src/crypto/krb5/krb5_asn.h create mode 100644 src/lib/libssl/src/crypto/md2/md2.h create mode 100644 src/lib/libssl/src/crypto/md32_common.h create mode 100644 src/lib/libssl/src/crypto/md4/md4.c create mode 100644 src/lib/libssl/src/crypto/md4/md4.h create mode 100644 src/lib/libssl/src/crypto/md4/md4_dgst.c create mode 100644 src/lib/libssl/src/crypto/md4/md4_locl.h create mode 100644 src/lib/libssl/src/crypto/md4/md4_one.c create mode 100644 src/lib/libssl/src/crypto/md4/md4s.cpp create mode 100644 src/lib/libssl/src/crypto/md4/md4test.c create mode 100644 src/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S create mode 100644 src/lib/libssl/src/crypto/mem_dbg.c create mode 100644 src/lib/libssl/src/crypto/o_time.c create mode 100644 src/lib/libssl/src/crypto/o_time.h create mode 100644 src/lib/libssl/src/crypto/objects/o_names.c create mode 100644 src/lib/libssl/src/crypto/objects/obj_mac.h create mode 100644 src/lib/libssl/src/crypto/objects/obj_mac.num create mode 100644 src/lib/libssl/src/crypto/objects/objects.README create mode 100644 src/lib/libssl/src/crypto/objects/objects.pl create mode 100644 src/lib/libssl/src/crypto/ocsp/ocsp.h create mode 100644 src/lib/libssl/src/crypto/ocsp/ocsp_asn.c create mode 100644 src/lib/libssl/src/crypto/ocsp/ocsp_cl.c create mode 100644 src/lib/libssl/src/crypto/ocsp/ocsp_err.c create mode 100644 src/lib/libssl/src/crypto/ocsp/ocsp_ext.c create mode 100644 src/lib/libssl/src/crypto/ocsp/ocsp_ht.c create mode 100644 src/lib/libssl/src/crypto/ocsp/ocsp_lib.c create mode 100644 src/lib/libssl/src/crypto/ocsp/ocsp_prn.c create mode 100644 src/lib/libssl/src/crypto/ocsp/ocsp_srv.c create mode 100644 src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c create mode 100644 src/lib/libssl/src/crypto/opensslconf.h.in create mode 100644 src/lib/libssl/src/crypto/opensslv.h create mode 100644 src/lib/libssl/src/crypto/ossl_typ.h create mode 100644 src/lib/libssl/src/crypto/pem/pem2.h create mode 100644 src/lib/libssl/src/crypto/pem/pem_oth.c create mode 100644 src/lib/libssl/src/crypto/pem/pem_pk8.c create mode 100644 src/lib/libssl/src/crypto/pem/pem_pkey.c create mode 100644 src/lib/libssl/src/crypto/pem/pem_x509.c create mode 100644 src/lib/libssl/src/crypto/pem/pem_xaux.c create mode 100644 src/lib/libssl/src/crypto/perlasm/alpha.pl create mode 100644 src/lib/libssl/src/crypto/perlasm/x86nasm.pl create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_add.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_asn.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_attr.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_crpt.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_crt.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_decr.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_init.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_key.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_kiss.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_mutl.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_npas.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_p8d.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_p8e.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/p12_utl.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/pk12err.c create mode 100644 src/lib/libssl/src/crypto/pkcs12/pkcs12.h create mode 100644 src/lib/libssl/src/crypto/pkcs7/bio_ber.c create mode 100644 src/lib/libssl/src/crypto/pkcs7/dec.c create mode 100644 src/lib/libssl/src/crypto/pkcs7/des.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/es1.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/example.c create mode 100644 src/lib/libssl/src/crypto/pkcs7/example.h create mode 100644 src/lib/libssl/src/crypto/pkcs7/info.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/infokey.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c create mode 100644 src/lib/libssl/src/crypto/pkcs7/pk7_attr.c create mode 100644 src/lib/libssl/src/crypto/pkcs7/pk7_mime.c create mode 100644 src/lib/libssl/src/crypto/pkcs7/pk7_smime.c create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/3des.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/3dess.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/c.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/ff create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/msie-e create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/msie-e.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/msie-enc-01 create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/msie-enc-01.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/msie-enc-02 create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/msie-enc-02.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/msie-s-a-e create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/msie-s-a-e.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/nav-smime create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/s.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/t/server.pem create mode 100644 src/lib/libssl/src/crypto/rand/rand_egd.c create mode 100644 src/lib/libssl/src/crypto/rand/rand_err.c create mode 100644 src/lib/libssl/src/crypto/rand/rand_lcl.h create mode 100644 src/lib/libssl/src/crypto/rand/rand_lib.c create mode 100644 src/lib/libssl/src/crypto/rand/rand_os2.c create mode 100644 src/lib/libssl/src/crypto/rand/rand_unix.c create mode 100644 src/lib/libssl/src/crypto/rand/rand_vms.c create mode 100644 src/lib/libssl/src/crypto/rand/rand_win.c create mode 100644 src/lib/libssl/src/crypto/rc2/rc2.h create mode 100644 src/lib/libssl/src/crypto/rc2/tab.c create mode 100644 src/lib/libssl/src/crypto/rc4/rc4.h create mode 100644 src/lib/libssl/src/crypto/rc4/rc4_locl.h create mode 100644 src/lib/libssl/src/crypto/rsa/rsa_asn1.c create mode 100644 src/lib/libssl/src/crypto/rsa/rsa_chk.c create mode 100644 src/lib/libssl/src/crypto/rsa/rsa_null.c create mode 100644 src/lib/libssl/src/crypto/rsa/rsa_oaep.c create mode 100644 src/lib/libssl/src/crypto/rsa/rsa_test.c create mode 100644 src/lib/libssl/src/crypto/stack/safestack.h create mode 100644 src/lib/libssl/src/crypto/symhacks.h create mode 100644 src/lib/libssl/src/crypto/threads/README create mode 100644 src/lib/libssl/src/crypto/threads/profile.sh create mode 100644 src/lib/libssl/src/crypto/threads/ptest.bat create mode 100644 src/lib/libssl/src/crypto/threads/pthread.sh create mode 100644 src/lib/libssl/src/crypto/threads/pthread2.sh create mode 100644 src/lib/libssl/src/crypto/threads/pthreads-vms.com create mode 100644 src/lib/libssl/src/crypto/threads/purify.sh create mode 100644 src/lib/libssl/src/crypto/threads/solaris.sh create mode 100644 src/lib/libssl/src/crypto/threads/win32.bat create mode 100644 src/lib/libssl/src/crypto/tmdiff.h create mode 100644 src/lib/libssl/src/crypto/ui/ui.h create mode 100644 src/lib/libssl/src/crypto/ui/ui_compat.c create mode 100644 src/lib/libssl/src/crypto/ui/ui_compat.h create mode 100644 src/lib/libssl/src/crypto/ui/ui_err.c create mode 100644 src/lib/libssl/src/crypto/ui/ui_lib.c create mode 100644 src/lib/libssl/src/crypto/ui/ui_locl.h create mode 100644 src/lib/libssl/src/crypto/ui/ui_openssl.c create mode 100644 src/lib/libssl/src/crypto/ui/ui_util.c create mode 100644 src/lib/libssl/src/crypto/uid.c create mode 100644 src/lib/libssl/src/crypto/x509/x509_att.c create mode 100644 src/lib/libssl/src/crypto/x509/x509_trs.c create mode 100644 src/lib/libssl/src/crypto/x509/x509cset.c create mode 100644 src/lib/libssl/src/crypto/x509/x509spki.c create mode 100644 src/lib/libssl/src/crypto/x509v3/ext_dat.h create mode 100644 src/lib/libssl/src/crypto/x509v3/tabtest.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_akey.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_akeya.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_alt.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_bcons.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_bitst.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_conf.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_cpols.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_crld.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_enum.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_extku.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_genn.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_ia5.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_info.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_int.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_lib.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_ocsp.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_pku.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_prn.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_purp.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_skey.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_sxnet.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_utl.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3conf.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3err.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3prin.c create mode 100644 src/lib/libssl/src/demos/asn1/README.ASN1 create mode 100644 src/lib/libssl/src/demos/asn1/ocsp.c create mode 100644 src/lib/libssl/src/demos/bio/Makefile create mode 100644 src/lib/libssl/src/demos/easy_tls/Makefile create mode 100644 src/lib/libssl/src/demos/easy_tls/README create mode 100644 src/lib/libssl/src/demos/easy_tls/cacerts.pem create mode 100644 src/lib/libssl/src/demos/easy_tls/cert.pem create mode 100644 src/lib/libssl/src/demos/easy_tls/easy-tls.c create mode 100644 src/lib/libssl/src/demos/easy_tls/easy-tls.h create mode 100644 src/lib/libssl/src/demos/easy_tls/test.c create mode 100644 src/lib/libssl/src/demos/easy_tls/test.h create mode 100644 src/lib/libssl/src/demos/eay/Makefile create mode 100644 src/lib/libssl/src/demos/eay/base64.c create mode 100644 src/lib/libssl/src/demos/eay/conn.c create mode 100644 src/lib/libssl/src/demos/eay/loadrsa.c create mode 100644 src/lib/libssl/src/demos/pkcs12/README create mode 100644 src/lib/libssl/src/demos/pkcs12/pkread.c create mode 100644 src/lib/libssl/src/demos/pkcs12/pkwrite.c create mode 100644 src/lib/libssl/src/demos/prime/Makefile create mode 100644 src/lib/libssl/src/demos/sign/Makefile create mode 100644 src/lib/libssl/src/demos/state_machine/Makefile create mode 100644 src/lib/libssl/src/demos/state_machine/state_machine.c create mode 100644 src/lib/libssl/src/demos/tunala/A-client.pem create mode 100644 src/lib/libssl/src/demos/tunala/A-server.pem create mode 100644 src/lib/libssl/src/demos/tunala/CA.pem create mode 100644 src/lib/libssl/src/demos/tunala/INSTALL create mode 100644 src/lib/libssl/src/demos/tunala/Makefile create mode 100644 src/lib/libssl/src/demos/tunala/Makefile.am create mode 100644 src/lib/libssl/src/demos/tunala/README create mode 100644 src/lib/libssl/src/demos/tunala/autogunk.sh create mode 100644 src/lib/libssl/src/demos/tunala/autoungunk.sh create mode 100644 src/lib/libssl/src/demos/tunala/breakage.c create mode 100644 src/lib/libssl/src/demos/tunala/buffer.c create mode 100644 src/lib/libssl/src/demos/tunala/cb.c create mode 100644 src/lib/libssl/src/demos/tunala/configure.in create mode 100644 src/lib/libssl/src/demos/tunala/ip.c create mode 100644 src/lib/libssl/src/demos/tunala/sm.c create mode 100644 src/lib/libssl/src/demos/tunala/tunala.c create mode 100644 src/lib/libssl/src/demos/tunala/tunala.h create mode 100644 src/lib/libssl/src/demos/x509/README create mode 100644 src/lib/libssl/src/demos/x509/mkcert.c create mode 100644 src/lib/libssl/src/demos/x509/mkreq.c create mode 100644 src/lib/libssl/src/doc/HOWTO/certificates.txt create mode 100644 src/lib/libssl/src/doc/README create mode 100644 src/lib/libssl/src/doc/apps/CA.pl.pod create mode 100644 src/lib/libssl/src/doc/apps/asn1parse.pod create mode 100644 src/lib/libssl/src/doc/apps/ca.pod create mode 100644 src/lib/libssl/src/doc/apps/ciphers.pod create mode 100644 src/lib/libssl/src/doc/apps/config.pod create mode 100644 src/lib/libssl/src/doc/apps/crl.pod create mode 100644 src/lib/libssl/src/doc/apps/crl2pkcs7.pod create mode 100644 src/lib/libssl/src/doc/apps/dgst.pod create mode 100644 src/lib/libssl/src/doc/apps/dhparam.pod create mode 100644 src/lib/libssl/src/doc/apps/dsa.pod create mode 100644 src/lib/libssl/src/doc/apps/dsaparam.pod create mode 100644 src/lib/libssl/src/doc/apps/enc.pod create mode 100644 src/lib/libssl/src/doc/apps/gendsa.pod create mode 100644 src/lib/libssl/src/doc/apps/genrsa.pod create mode 100644 src/lib/libssl/src/doc/apps/nseq.pod create mode 100644 src/lib/libssl/src/doc/apps/ocsp.pod create mode 100644 src/lib/libssl/src/doc/apps/openssl.pod create mode 100644 src/lib/libssl/src/doc/apps/passwd.pod create mode 100644 src/lib/libssl/src/doc/apps/pkcs12.pod create mode 100644 src/lib/libssl/src/doc/apps/pkcs7.pod create mode 100644 src/lib/libssl/src/doc/apps/pkcs8.pod create mode 100644 src/lib/libssl/src/doc/apps/rand.pod create mode 100644 src/lib/libssl/src/doc/apps/req.pod create mode 100644 src/lib/libssl/src/doc/apps/rsa.pod create mode 100644 src/lib/libssl/src/doc/apps/rsautl.pod create mode 100644 src/lib/libssl/src/doc/apps/s_client.pod create mode 100644 src/lib/libssl/src/doc/apps/s_server.pod create mode 100644 src/lib/libssl/src/doc/apps/sess_id.pod create mode 100644 src/lib/libssl/src/doc/apps/smime.pod create mode 100644 src/lib/libssl/src/doc/apps/speed.pod create mode 100644 src/lib/libssl/src/doc/apps/spkac.pod create mode 100644 src/lib/libssl/src/doc/apps/verify.pod create mode 100644 src/lib/libssl/src/doc/apps/version.pod create mode 100644 src/lib/libssl/src/doc/apps/x509.pod create mode 100644 src/lib/libssl/src/doc/c-indentation.el create mode 100644 src/lib/libssl/src/doc/crypto/BIO_ctrl.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_f_base64.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_f_buffer.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_f_cipher.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_f_md.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_f_null.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_find_type.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_new.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_push.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_read.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_s_accept.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_s_bio.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_s_connect.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_s_fd.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_s_file.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_s_mem.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_s_null.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_s_socket.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_set_callback.pod create mode 100644 src/lib/libssl/src/doc/crypto/BIO_should_retry.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_CTX_new.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_CTX_start.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_add.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_add_word.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_bn2bin.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_cmp.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_copy.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_generate_prime.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_mod_inverse.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_new.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_num_bytes.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_rand.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_set_bit.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_swap.pod create mode 100644 src/lib/libssl/src/doc/crypto/BN_zero.pod create mode 100644 src/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod create mode 100644 src/lib/libssl/src/doc/crypto/DH_generate_key.pod create mode 100644 src/lib/libssl/src/doc/crypto/DH_generate_parameters.pod create mode 100644 src/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod create mode 100644 src/lib/libssl/src/doc/crypto/DH_new.pod create mode 100644 src/lib/libssl/src/doc/crypto/DH_set_method.pod create mode 100644 src/lib/libssl/src/doc/crypto/DH_size.pod create mode 100644 src/lib/libssl/src/doc/crypto/DSA_SIG_new.pod create mode 100644 src/lib/libssl/src/doc/crypto/DSA_do_sign.pod create mode 100644 src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod create mode 100644 src/lib/libssl/src/doc/crypto/DSA_generate_key.pod create mode 100644 src/lib/libssl/src/doc/crypto/DSA_generate_parameters.pod create mode 100644 src/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod create mode 100644 src/lib/libssl/src/doc/crypto/DSA_new.pod create mode 100644 src/lib/libssl/src/doc/crypto/DSA_set_method.pod create mode 100644 src/lib/libssl/src/doc/crypto/DSA_sign.pod create mode 100644 src/lib/libssl/src/doc/crypto/DSA_size.pod create mode 100644 src/lib/libssl/src/doc/crypto/ERR_GET_LIB.pod create mode 100644 src/lib/libssl/src/doc/crypto/ERR_clear_error.pod create mode 100644 src/lib/libssl/src/doc/crypto/ERR_error_string.pod create mode 100644 src/lib/libssl/src/doc/crypto/ERR_get_error.pod create mode 100644 src/lib/libssl/src/doc/crypto/ERR_load_crypto_strings.pod create mode 100644 src/lib/libssl/src/doc/crypto/ERR_load_strings.pod create mode 100644 src/lib/libssl/src/doc/crypto/ERR_print_errors.pod create mode 100644 src/lib/libssl/src/doc/crypto/ERR_put_error.pod create mode 100644 src/lib/libssl/src/doc/crypto/ERR_remove_state.pod create mode 100644 src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod create mode 100644 src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod create mode 100644 src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod create mode 100644 src/lib/libssl/src/doc/crypto/EVP_OpenInit.pod create mode 100644 src/lib/libssl/src/doc/crypto/EVP_SealInit.pod create mode 100644 src/lib/libssl/src/doc/crypto/EVP_SignInit.pod create mode 100644 src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod create mode 100644 src/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod create mode 100644 src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod create mode 100644 src/lib/libssl/src/doc/crypto/RAND_add.pod create mode 100644 src/lib/libssl/src/doc/crypto/RAND_bytes.pod create mode 100644 src/lib/libssl/src/doc/crypto/RAND_cleanup.pod create mode 100644 src/lib/libssl/src/doc/crypto/RAND_egd.pod create mode 100644 src/lib/libssl/src/doc/crypto/RAND_load_file.pod create mode 100644 src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_blinding_on.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_check_key.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_generate_key.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_new.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_padding_add_PKCS1_type_1.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_print.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_set_method.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_sign.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod create mode 100644 src/lib/libssl/src/doc/crypto/RSA_size.pod create mode 100644 src/lib/libssl/src/doc/crypto/bio.pod create mode 100644 src/lib/libssl/src/doc/crypto/blowfish.pod create mode 100644 src/lib/libssl/src/doc/crypto/bn.pod create mode 100644 src/lib/libssl/src/doc/crypto/bn_internal.pod create mode 100644 src/lib/libssl/src/doc/crypto/buffer.pod create mode 100644 src/lib/libssl/src/doc/crypto/crypto.pod create mode 100644 src/lib/libssl/src/doc/crypto/d2i_DHparams.pod create mode 100644 src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod create mode 100644 src/lib/libssl/src/doc/crypto/des.pod create mode 100644 src/lib/libssl/src/doc/crypto/des_modes.pod create mode 100644 src/lib/libssl/src/doc/crypto/dh.pod create mode 100644 src/lib/libssl/src/doc/crypto/dsa.pod create mode 100644 src/lib/libssl/src/doc/crypto/err.pod create mode 100644 src/lib/libssl/src/doc/crypto/evp.pod create mode 100644 src/lib/libssl/src/doc/crypto/hmac.pod create mode 100644 src/lib/libssl/src/doc/crypto/lh_stats.pod create mode 100644 src/lib/libssl/src/doc/crypto/lhash.pod create mode 100644 src/lib/libssl/src/doc/crypto/md5.pod create mode 100644 src/lib/libssl/src/doc/crypto/mdc2.pod create mode 100644 src/lib/libssl/src/doc/crypto/pem.pod create mode 100644 src/lib/libssl/src/doc/crypto/rand.pod create mode 100644 src/lib/libssl/src/doc/crypto/rc4.pod create mode 100644 src/lib/libssl/src/doc/crypto/ripemd.pod create mode 100644 src/lib/libssl/src/doc/crypto/rsa.pod create mode 100644 src/lib/libssl/src/doc/crypto/sha.pod create mode 100644 src/lib/libssl/src/doc/crypto/threads.pod create mode 100644 src/lib/libssl/src/doc/crypto/ui.pod create mode 100644 src/lib/libssl/src/doc/crypto/ui_compat.pod create mode 100644 src/lib/libssl/src/doc/openssl.txt create mode 100644 src/lib/libssl/src/doc/openssl_button.gif create mode 100644 src/lib/libssl/src/doc/openssl_button.html create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_add_extra_chain_cert.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_add_session.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_ctrl.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_flush_sessions.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_free.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_get_verify_mode.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_sess_number.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_cache_size.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_sessions.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_verify_callback.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_cipher_list.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_cert_cb.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_default_passwd_cb.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_generate_session_id.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_info_callback.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_max_cert_list.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_quiet_shutdown.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_id_context.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_timeout.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_SESSION_free.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_accept.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_alert_type_string.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_clear.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_connect.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_free.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_SSL_CTX.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_ciphers.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_default_timeout.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_error.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_fd.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_rbio.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_session.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_get_version.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_library_init.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_load_client_CA_file.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_new.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_pending.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_read.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_rstate_string.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_session_reused.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_set_bio.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_set_fd.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_set_session.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_set_verify_result.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_shutdown.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_state_string.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_want.pod create mode 100644 src/lib/libssl/src/doc/ssl/SSL_write.pod create mode 100644 src/lib/libssl/src/doc/ssl/d2i_SSL_SESSION.pod create mode 100644 src/lib/libssl/src/doc/ssl/ssl.pod create mode 100644 src/lib/libssl/src/doc/ssleay.txt create mode 100644 src/lib/libssl/src/doc/standards.txt create mode 100644 src/lib/libssl/src/e_os2.h create mode 100644 src/lib/libssl/src/install.com create mode 100644 src/lib/libssl/src/ms/bcb4.bat create mode 100644 src/lib/libssl/src/ms/do_masm.bat create mode 100644 src/lib/libssl/src/ms/do_nasm.bat create mode 100644 src/lib/libssl/src/ms/do_nt.bat create mode 100644 src/lib/libssl/src/ms/mingw32.bat create mode 100644 src/lib/libssl/src/ms/mw.bat create mode 100644 src/lib/libssl/src/ms/tlhelp32.h create mode 100644 src/lib/libssl/src/ms/x86asm.bat create mode 100644 src/lib/libssl/src/openssl.doxy create mode 100644 src/lib/libssl/src/openssl.spec create mode 100644 src/lib/libssl/src/os2/OS2-EMX.cmd create mode 100644 src/lib/libssl/src/shlib/Makefile.hpux10-cc create mode 100644 src/lib/libssl/src/shlib/hpux10-cc.sh create mode 100644 src/lib/libssl/src/shlib/solaris-sc4.sh create mode 100644 src/lib/libssl/src/shlib/svr5-shared-gcc.sh create mode 100644 src/lib/libssl/src/shlib/svr5-shared-installed create mode 100644 src/lib/libssl/src/shlib/svr5-shared.sh create mode 100644 src/lib/libssl/src/ssl/install.com create mode 100644 src/lib/libssl/src/ssl/kssl.c create mode 100644 src/lib/libssl/src/ssl/kssl.h create mode 100644 src/lib/libssl/src/ssl/kssl_lcl.h create mode 100644 src/lib/libssl/src/ssl/ssl-lib.com create mode 100644 src/lib/libssl/src/test/VMSca-response.1 create mode 100644 src/lib/libssl/src/test/VMSca-response.2 create mode 100644 src/lib/libssl/src/test/bctest create mode 100644 src/lib/libssl/src/test/maketests.com create mode 100644 src/lib/libssl/src/test/tcrl.com create mode 100644 src/lib/libssl/src/test/testca.com create mode 100644 src/lib/libssl/src/test/testenc.com create mode 100644 src/lib/libssl/src/test/testgen.com create mode 100644 src/lib/libssl/src/test/tests.com create mode 100644 src/lib/libssl/src/test/testss.com create mode 100644 src/lib/libssl/src/test/testssl.com create mode 100644 src/lib/libssl/src/test/tpkcs7.com create mode 100644 src/lib/libssl/src/test/tpkcs7d.com create mode 100644 src/lib/libssl/src/test/treq.com create mode 100644 src/lib/libssl/src/test/trsa.com create mode 100644 src/lib/libssl/src/test/tsid.com create mode 100644 src/lib/libssl/src/test/tverify.com create mode 100644 src/lib/libssl/src/test/tx509.com create mode 100644 src/lib/libssl/src/times/091/486-50.nt create mode 100644 src/lib/libssl/src/times/091/586-100.lnx create mode 100644 src/lib/libssl/src/times/091/68000.bsd create mode 100644 src/lib/libssl/src/times/091/686-200.lnx create mode 100644 src/lib/libssl/src/times/091/alpha064.osf create mode 100644 src/lib/libssl/src/times/091/alpha164.lnx create mode 100644 src/lib/libssl/src/times/091/alpha164.osf create mode 100644 src/lib/libssl/src/times/091/mips-rel.pl create mode 100644 src/lib/libssl/src/times/091/r10000.irx create mode 100644 src/lib/libssl/src/times/091/r3000.ult create mode 100644 src/lib/libssl/src/times/091/r4400.irx create mode 100644 src/lib/libssl/src/times/x86/md4s.cpp create mode 100644 src/lib/libssl/src/tools/c89.sh create mode 100644 src/lib/libssl/src/tools/c_rehash.in create mode 100644 src/lib/libssl/src/util/clean-depend.pl create mode 100644 src/lib/libssl/src/util/cygwin.sh create mode 100644 src/lib/libssl/src/util/domd create mode 100644 src/lib/libssl/src/util/mkdir-p.pl create mode 100644 src/lib/libssl/src/util/mkerr.pl create mode 100644 src/lib/libssl/src/util/mkfiles.pl create mode 100644 src/lib/libssl/src/util/mklink.pl create mode 100644 src/lib/libssl/src/util/mkstack.pl create mode 100644 src/lib/libssl/src/util/pl/Mingw32.pl create mode 100644 src/lib/libssl/src/util/pl/OS2-EMX.pl create mode 100644 src/lib/libssl/src/util/pl/ultrix.pl create mode 100644 src/lib/libssl/src/util/pod2man.pl create mode 100644 src/lib/libssl/src/util/selftest.pl (limited to 'src/lib/libssl/src') diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES new file mode 100644 index 0000000000..d0db7eaf61 --- /dev/null +++ b/src/lib/libssl/src/CHANGES @@ -0,0 +1,1624 @@ + + OpenSSL CHANGES + _______________ + + Changes between 0.9.3a and 0.9.4 [09 Aug 1999] + + *) Install libRSAglue.a when OpenSSL is built with RSAref. + [Ralf S. Engelschall] + + *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. + [Andrija Antonijevic ] + + *) Fix -startdate and -enddate (which was missing) arguments to 'ca' + program. + [Steve Henson] + + *) New function DSA_dup_DH, which duplicates DSA parameters/keys as + DH parameters/keys (q is lost during that conversion, but the resulting + DH parameters contain its length). + + For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is + much faster than DH_generate_parameters (which creates parameters + where p = 2*q + 1), and also the smaller q makes DH computations + much more efficient (160-bit exponentiation instead of 1024-bit + exponentiation); so this provides a convenient way to support DHE + ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of + utter importance to use + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + or + SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + when such DH parameters are used, because otherwise small subgroup + attacks may become possible! + [Bodo Moeller] + + *) Avoid memory leak in i2d_DHparams. + [Bodo Moeller] + + *) Allow the -k option to be used more than once in the enc program: + this allows the same encrypted message to be read by multiple recipients. + [Steve Henson] + + *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts + an ASN1_OBJECT to a text string. If the "no_name" parameter is set then + it will always use the numerical form of the OID, even if it has a short + or long name. + [Steve Henson] + + *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp + method only got called if p,q,dmp1,dmq1,iqmp components were present, + otherwise bn_mod_exp was called. In the case of hardware keys for example + no private key components need be present and it might store extra data + in the RSA structure, which cannot be accessed from bn_mod_exp. By setting + RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key + operations. + [Steve Henson] + + *) Added support for SPARC Linux. + [Andy Polyakov] + + *) pem_password_cb function type incompatibly changed from + typedef int pem_password_cb(char *buf, int size, int rwflag); + to + ....(char *buf, int size, int rwflag, void *userdata); + so that applications can pass data to their callbacks: + The PEM[_ASN1]_{read,write}... functions and macros now take an + additional void * argument, which is just handed through whenever + the password callback is called. + [Damien Miller , with tiny changes by Bodo Moeller] + + New function SSL_CTX_set_default_passwd_cb_userdata. + + Compatibility note: As many C implementations push function arguments + onto the stack in reverse order, the new library version is likely to + interoperate with programs that have been compiled with the old + pem_password_cb definition (PEM_whatever takes some data that + happens to be on the stack as its last argument, and the callback + just ignores this garbage); but there is no guarantee whatsoever that + this will work. + + *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=... + (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused + problems not only on Windows, but also on some Unix platforms. + To avoid problematic command lines, these definitions are now in an + auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl + for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds). + [Bodo Moeller] + + *) MIPS III/IV assembler module is reimplemented. + [Andy Polyakov] + + *) More DES library cleanups: remove references to srand/rand and + delete an unused file. + [Ulf Möller] + + *) Add support for the the free Netwide assembler (NASM) under Win32, + since not many people have MASM (ml) and it can be hard to obtain. + This is currently experimental but it seems to work OK and pass all + the tests. Check out INSTALL.W32 for info. + [Steve Henson] + + *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections + without temporary keys kept an extra copy of the server key, + and connections with temporary keys did not free everything in case + of an error. + [Bodo Moeller] + + *) New function RSA_check_key and new openssl rsa option -check + for verifying the consistency of RSA keys. + [Ulf Moeller, Bodo Moeller] + + *) Various changes to make Win32 compile work: + 1. Casts to avoid "loss of data" warnings in p5_crpt2.c + 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned + comparison" warnings. + 3. Add sk__sort to DEF file generator and do make update. + [Steve Henson] + + *) Add a debugging option to PKCS#5 v2 key generation function: when + you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and + derived keys are printed to stderr. + [Steve Henson] + + *) Copy the flags in ASN1_STRING_dup(). + [Roman E. Pavlov ] + + *) The x509 application mishandled signing requests containing DSA + keys when the signing key was also DSA and the parameters didn't match. + + It was supposed to omit the parameters when they matched the signing key: + the verifying software was then supposed to automatically use the CA's + parameters if they were absent from the end user certificate. + + Omitting parameters is no longer recommended. The test was also + the wrong way round! This was probably due to unusual behaviour in + EVP_cmp_parameters() which returns 1 if the parameters match. + This meant that parameters were omitted when they *didn't* match and + the certificate was useless. Certificates signed with 'ca' didn't have + this bug. + [Steve Henson, reported by Doug Erickson ] + + *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems. + The interface is as follows: + Applications can use + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(), + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop(); + "off" is now the default. + The library internally uses + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(), + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on() + to disable memory-checking temporarily. + + Some inconsistent states that previously were possible (and were + even the default) are now avoided. + + -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time + with each memory chunk allocated; this is occasionally more helpful + than just having a counter. + + -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID. + + -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future + extensions. + [Bodo Moeller] + + *) Introduce "mode" for SSL structures (with defaults in SSL_CTX), + which largely parallels "options", but is for changing API behaviour, + whereas "options" are about protocol behaviour. + Initial "mode" flags are: + + SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when + a single record has been written. + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write + retries use the same buffer location. + (But all of the contents must be + copied!) + [Bodo Moeller] + + *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode + worked. + + *) Fix problems with no-hmac etc. + [Ulf Möller, pointed out by Brian Wellington ] + + *) New functions RSA_get_default_method(), RSA_set_method() and + RSA_get_method(). These allows replacement of RSA_METHODs without having + to mess around with the internals of an RSA structure. + [Steve Henson] + + *) Fix memory leaks in DSA_do_sign and DSA_is_prime. + Also really enable memory leak checks in openssl.c and in some + test programs. + [Chad C. Mulligan, Bodo Moeller] + + *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess + up the length of negative integers. This has now been simplified to just + store the length when it is first determined and use it later, rather + than trying to keep track of where data is copied and updating it to + point to the end. + [Steve Henson, reported by Brien Wheeler + ] + + *) Add a new function PKCS7_signatureVerify. This allows the verification + of a PKCS#7 signature but with the signing certificate passed to the + function itself. This contrasts with PKCS7_dataVerify which assumes the + certificate is present in the PKCS#7 structure. This isn't always the + case: certificates can be omitted from a PKCS#7 structure and be + distributed by "out of band" means (such as a certificate database). + [Steve Henson] + + *) Complete the PEM_* macros with DECLARE_PEM versions to replace the + function prototypes in pem.h, also change util/mkdef.pl to add the + necessary function names. + [Steve Henson] + + *) mk1mf.pl (used by Windows builds) did not properly read the + options set by Configure in the top level Makefile, and Configure + was not even able to write more than one option correctly. + Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended. + [Bodo Moeller] + + *) New functions CONF_load_bio() and CONF_load_fp() to allow a config + file to be loaded from a BIO or FILE pointer. The BIO version will + for example allow memory BIOs to contain config info. + [Steve Henson] + + *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS. + Whoever hopes to achieve shared-library compatibility across versions + must use this, not the compile-time macro. + (Exercise 0.9.4: Which is the minimum library version required by + such programs?) + Note: All this applies only to multi-threaded programs, others don't + need locks. + [Bodo Moeller] + + *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests + through a BIO pair triggered the default case, i.e. + SSLerr(...,SSL_R_UNKNOWN_STATE). + [Bodo Moeller] + + *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications + can use the SSL library even if none of the specific BIOs is + appropriate. + [Bodo Moeller] + + *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value + for the encoded length. + [Jeon KyoungHo ] + + *) Add initial documentation of the X509V3 functions. + [Steve Henson] + + *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and + PEM_write_bio_PKCS8PrivateKey() that are equivalent to + PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more + secure PKCS#8 private key format with a high iteration count. + [Steve Henson] + + *) Fix determination of Perl interpreter: A perl or perl5 + _directory_ in $PATH was also accepted as the interpreter. + [Ralf S. Engelschall] + + *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking + wrong with it but it was very old and did things like calling + PEM_ASN1_read() directly and used MD5 for the hash not to mention some + unusual formatting. + [Steve Henson] + + *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed + to use the new extension code. + [Steve Henson] + + *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c + with macros. This should make it easier to change their form, add extra + arguments etc. Fix a few PEM prototypes which didn't have cipher as a + constant. + [Steve Henson] + + *) Add to configuration table a new entry that can specify an alternative + name for unistd.h (for pre-POSIX systems); we need this for NeXTstep, + according to Mark Crispin . + [Bodo Moeller] + +#if 0 + *) DES CBC did not update the IV. Weird. + [Ben Laurie] +#else + des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does. + Changing the behaviour of the former might break existing programs -- + where IV updating is needed, des_ncbc_encrypt can be used. +#endif + + *) When bntest is run from "make test" it drives bc to check its + calculations, as well as internally checking them. If an internal check + fails, it needs to cause bc to give a non-zero result or make test carries + on without noticing the failure. Fixed. + [Ben Laurie] + + *) DES library cleanups. + [Ulf Möller] + + *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be + used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit + ciphers. NOTE: although the key derivation function has been verified + against some published test vectors it has not been extensively tested + yet. Added a -v2 "cipher" option to pkcs8 application to allow the use + of v2.0. + [Steve Henson] + + *) Instead of "mkdir -p", which is not fully portable, use new + Perl script "util/mkdir-p.pl". + [Bodo Moeller] + + *) Rewrite the way password based encryption (PBE) is handled. It used to + assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter + structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms + but doesn't apply to PKCS#5 v2.0 where it can be something else. Now + the 'parameter' field of the AlgorithmIdentifier is passed to the + underlying key generation function so it must do its own ASN1 parsing. + This has also changed the EVP_PBE_CipherInit() function which now has a + 'parameter' argument instead of literal salt and iteration count values + and the function EVP_PBE_ALGOR_CipherInit() has been deleted. + [Steve Henson] + + *) Support for PKCS#5 v1.5 compatible password based encryption algorithms + and PKCS#8 functionality. New 'pkcs8' application linked to openssl. + Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE + KEY" because this clashed with PKCS#8 unencrypted string. Since this + value was just used as a "magic string" and not used directly its + value doesn't matter. + [Steve Henson] + + *) Introduce some semblance of const correctness to BN. Shame C doesn't + support mutable. + [Ben Laurie] + + *) "linux-sparc64" configuration (ultrapenguin). + [Ray Miller ] + "linux-sparc" configuration. + [Christian Forster ] + + *) config now generates no-xxx options for missing ciphers. + [Ulf Möller] + + *) Support the EBCDIC character set (work in progress). + File ebcdic.c not yet included because it has a different license. + [Martin Kraemer ] + + *) Support BS2000/OSD-POSIX. + [Martin Kraemer ] + + *) Make callbacks for key generation use void * instead of char *. + [Ben Laurie] + + *) Make S/MIME samples compile (not yet tested). + [Ben Laurie] + + *) Additional typesafe stacks. + [Ben Laurie] + + *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x). + [Bodo Moeller] + + + Changes between 0.9.3 and 0.9.3a [29 May 1999] + + *) New configuration variant "sco5-gcc". + + *) Updated some demos. + [Sean O Riordain, Wade Scholine] + + *) Add missing BIO_free at exit of pkcs12 application. + [Wu Zhigang] + + *) Fix memory leak in conf.c. + [Steve Henson] + + *) Updates for Win32 to assembler version of MD5. + [Steve Henson] + + *) Set #! path to perl in apps/der_chop to where we found it + instead of using a fixed path. + [Bodo Moeller] + + *) SHA library changes for irix64-mips4-cc. + [Andy Polyakov] + + *) Improvements for VMS support. + [Richard Levitte] + + + Changes between 0.9.2b and 0.9.3 [24 May 1999] + + *) Bignum library bug fix. IRIX 6 passes "make test" now! + This also avoids the problems with SC4.2 and unpatched SC5. + [Andy Polyakov ] + + *) New functions sk_num, sk_value and sk_set to replace the previous macros. + These are required because of the typesafe stack would otherwise break + existing code. If old code used a structure member which used to be STACK + and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with + sk_num or sk_value it would produce an error because the num, data members + are not present in STACK_OF. Now it just produces a warning. sk_set + replaces the old method of assigning a value to sk_value + (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code + that does this will no longer work (and should use sk_set instead) but + this could be regarded as a "questionable" behaviour anyway. + [Steve Henson] + + *) Fix most of the other PKCS#7 bugs. The "experimental" code can now + correctly handle encrypted S/MIME data. + [Steve Henson] + + *) Change type of various DES function arguments from des_cblock + (which means, in function argument declarations, pointer to char) + to des_cblock * (meaning pointer to array with 8 char elements), + which allows the compiler to do more typechecking; it was like + that back in SSLeay, but with lots of ugly casts. + + Introduce new type const_des_cblock. + [Bodo Moeller] + + *) Reorganise the PKCS#7 library and get rid of some of the more obvious + problems: find RecipientInfo structure that matches recipient certificate + and initialise the ASN1 structures properly based on passed cipher. + [Steve Henson] + + *) Belatedly make the BN tests actually check the results. + [Ben Laurie] + + *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion + to and from BNs: it was completely broken. New compilation option + NEG_PUBKEY_BUG to allow for some broken certificates that encode public + key elements as negative integers. + [Steve Henson] + + *) Reorganize and speed up MD5. + [Andy Polyakov ] + + *) VMS support. + [Richard Levitte ] + + *) New option -out to asn1parse to allow the parsed structure to be + output to a file. This is most useful when combined with the -strparse + option to examine the output of things like OCTET STRINGS. + [Steve Henson] + + *) Make SSL library a little more fool-proof by not requiring any longer + that SSL_set_{accept,connect}_state be called before + SSL_{accept,connect} may be used (SSL_set_..._state is omitted + in many applications because usually everything *appeared* to work as + intended anyway -- now it really works as intended). + [Bodo Moeller] + + *) Move openssl.cnf out of lib/. + [Ulf Möller] + + *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall + -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes + -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ + [Ralf S. Engelschall] + + *) Various fixes to the EVP and PKCS#7 code. It may now be able to + handle PKCS#7 enveloped data properly. + [Sebastian Akerman , modified by Steve] + + *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of + copying pointers. The cert_st handling is changed by this in + various ways (and thus what used to be known as ctx->default_cert + is now called ctx->cert, since we don't resort to s->ctx->[default_]cert + any longer when s->cert does not give us what we need). + ssl_cert_instantiate becomes obsolete by this change. + As soon as we've got the new code right (possibly it already is?), + we have solved a couple of bugs of the earlier code where s->cert + was used as if it could not have been shared with other SSL structures. + + Note that using the SSL API in certain dirty ways now will result + in different behaviour than observed with earlier library versions: + Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx) + does not influence s as it used to. + + In order to clean up things more thoroughly, inside SSL_SESSION + we don't use CERT any longer, but a new structure SESS_CERT + that holds per-session data (if available); currently, this is + the peer's certificate chain and, for clients, the server's certificate + and temporary key. CERT holds only those values that can have + meaningful defaults in an SSL_CTX. + [Bodo Moeller] + + *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure + from the internal representation. Various PKCS#7 fixes: remove some + evil casts and set the enc_dig_alg field properly based on the signing + key type. + [Steve Henson] + + *) Allow PKCS#12 password to be set from the command line or the + environment. Let 'ca' get its config file name from the environment + variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req' + and 'x509'). + [Steve Henson] + + *) Allow certificate policies extension to use an IA5STRING for the + organization field. This is contrary to the PKIX definition but + VeriSign uses it and IE5 only recognises this form. Document 'x509' + extension option. + [Steve Henson] + + *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic, + without disallowing inline assembler and the like for non-pedantic builds. + [Ben Laurie] + + *) Support Borland C++ builder. + [Janez Jere , modified by Ulf Möller] + + *) Support Mingw32. + [Ulf Möller] + + *) SHA-1 cleanups and performance enhancements. + [Andy Polyakov ] + + *) Sparc v8plus assembler for the bignum library. + [Andy Polyakov ] + + *) Accept any -xxx and +xxx compiler options in Configure. + [Ulf Möller] + + *) Update HPUX configuration. + [Anonymous] + + *) Add missing sk__unshift() function to safestack.h + [Ralf S. Engelschall] + + *) New function SSL_CTX_use_certificate_chain_file that sets the + "extra_cert"s in addition to the certificate. (This makes sense + only for "PEM" format files, as chains as a whole are not + DER-encoded.) + [Bodo Moeller] + + *) Support verify_depth from the SSL API. + x509_vfy.c had what can be considered an off-by-one-error: + Its depth (which was not part of the external interface) + was actually counting the number of certificates in a chain; + now it really counts the depth. + [Bodo Moeller] + + *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used + instead of X509err, which often resulted in confusing error + messages since the error codes are not globally unique + (e.g. an alleged error in ssl3_accept when a certificate + didn't match the private key). + + *) New function SSL_CTX_set_session_id_context that allows to set a default + value (so that you don't need SSL_set_session_id_context for each + connection using the SSL_CTX). + [Bodo Moeller] + + *) OAEP decoding bug fix. + [Ulf Möller] + + *) Support INSTALL_PREFIX for package builders, as proposed by + David Harris. + [Bodo Moeller] + + *) New Configure options "threads" and "no-threads". For systems + where the proper compiler options are known (currently Solaris + and Linux), "threads" is the default. + [Bodo Moeller] + + *) New script util/mklink.pl as a faster substitute for util/mklink.sh. + [Bodo Moeller] + + *) Install various scripts to $(OPENSSLDIR)/misc, not to + $(INSTALLTOP)/bin -- they shouldn't clutter directories + such as /usr/local/bin. + [Bodo Moeller] + + *) "make linux-shared" to build shared libraries. + [Niels Poppe ] + + *) New Configure option no- (rsa, idea, rc5, ...). + [Ulf Möller] + + *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for + extension adding in x509 utility. + [Steve Henson] + + *) Remove NOPROTO sections and error code comments. + [Ulf Möller] + + *) Partial rewrite of the DEF file generator to now parse the ANSI + prototypes. + [Steve Henson] + + *) New Configure options --prefix=DIR and --openssldir=DIR. + [Ulf Möller] + + *) Complete rewrite of the error code script(s). It is all now handled + by one script at the top level which handles error code gathering, + header rewriting and C source file generation. It should be much better + than the old method: it now uses a modified version of Ulf's parser to + read the ANSI prototypes in all header files (thus the old K&R definitions + aren't needed for error creation any more) and do a better job of + translating function codes into names. The old 'ASN1 error code imbedded + in a comment' is no longer necessary and it doesn't use .err files which + have now been deleted. Also the error code call doesn't have to appear all + on one line (which resulted in some large lines...). + [Steve Henson] + + *) Change #include filenames from to . + [Bodo Moeller] + + *) Change behaviour of ssl2_read when facing length-0 packets: Don't return + 0 (which usually indicates a closed connection), but continue reading. + [Bodo Moeller] + + *) Fix some race conditions. + [Bodo Moeller] + + *) Add support for CRL distribution points extension. Add Certificate + Policies and CRL distribution points documentation. + [Steve Henson] + + *) Move the autogenerated header file parts to crypto/opensslconf.h. + [Ulf Möller] + + *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of + 8 of keying material. Merlin has also confirmed interop with this fix + between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0. + [Merlin Hughes ] + + *) Fix lots of warnings. + [Richard Levitte ] + + *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if + the directory spec didn't end with a LIST_SEPARATOR_CHAR. + [Richard Levitte ] + + *) Fix problems with sizeof(long) == 8. + [Andy Polyakov ] + + *) Change functions to ANSI C. + [Ulf Möller] + + *) Fix typos in error codes. + [Martin Kraemer , Ulf Möller] + + *) Remove defunct assembler files from Configure. + [Ulf Möller] + + *) SPARC v8 assembler BIGNUM implementation. + [Andy Polyakov ] + + *) Support for Certificate Policies extension: both print and set. + Various additions to support the r2i method this uses. + [Steve Henson] + + *) A lot of constification, and fix a bug in X509_NAME_oneline() that could + return a const string when you are expecting an allocated buffer. + [Ben Laurie] + + *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE + types DirectoryString and DisplayText. + [Steve Henson] + + *) Add code to allow r2i extensions to access the configuration database, + add an LHASH database driver and add several ctx helper functions. + [Steve Henson] + + *) Fix an evil bug in bn_expand2() which caused various BN functions to + fail when they extended the size of a BIGNUM. + [Steve Henson] + + *) Various utility functions to handle SXNet extension. Modify mkdef.pl to + support typesafe stack. + [Steve Henson] + + *) Fix typo in SSL_[gs]et_options(). + [Nils Frostberg ] + + *) Delete various functions and files that belonged to the (now obsolete) + old X509V3 handling code. + [Steve Henson] + + *) New Configure option "rsaref". + [Ulf Möller] + + *) Don't auto-generate pem.h. + [Bodo Moeller] + + *) Introduce type-safe ASN.1 SETs. + [Ben Laurie] + + *) Convert various additional casted stacks to type-safe STACK_OF() variants. + [Ben Laurie, Ralf S. Engelschall, Steve Henson] + + *) Introduce type-safe STACKs. This will almost certainly break lots of code + that links with OpenSSL (well at least cause lots of warnings), but fear + not: the conversion is trivial, and it eliminates loads of evil casts. A + few STACKed things have been converted already. Feel free to convert more. + In the fullness of time, I'll do away with the STACK type altogether. + [Ben Laurie] + + *) Add `openssl ca -revoke ' facility which revokes a certificate + specified in by updating the entry in the index.txt file. + This way one no longer has to edit the index.txt file manually for + revoking a certificate. The -revoke option does the gory details now. + [Massimiliano Pala , Ralf S. Engelschall] + + *) Fix `openssl crl -noout -text' combination where `-noout' killed the + `-text' option at all and this way the `-noout -text' combination was + inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'. + [Ralf S. Engelschall] + + *) Make sure a corresponding plain text error message exists for the + X509_V_ERR_CERT_REVOKED/23 error number which can occur when a + verify callback function determined that a certificate was revoked. + [Ralf S. Engelschall] + + *) Bugfix: In test/testenc, don't test "openssl " for + ciphers that were excluded, e.g. by -DNO_IDEA. Also, test + all available cipers including rc5, which was forgotten until now. + In order to let the testing shell script know which algorithms + are available, a new (up to now undocumented) command + "openssl list-cipher-commands" is used. + [Bodo Moeller] + + *) Bugfix: s_client occasionally would sleep in select() when + it should have checked SSL_pending() first. + [Bodo Moeller] + + *) New functions DSA_do_sign and DSA_do_verify to provide access to + the raw DSA values prior to ASN.1 encoding. + [Ulf Möller] + + *) Tweaks to Configure + [Niels Poppe ] + + *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support, + yet... + [Steve Henson] + + *) New variables $(RANLIB) and $(PERL) in the Makefiles. + [Ulf Möller] + + *) New config option to avoid instructions that are illegal on the 80386. + The default code is faster, but requires at least a 486. + [Ulf Möller] + + *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and + SSL2_SERVER_VERSION (not used at all) macros, which are now the + same as SSL2_VERSION anyway. + [Bodo Moeller] + + *) New "-showcerts" option for s_client. + [Bodo Moeller] + + *) Still more PKCS#12 integration. Add pkcs12 application to openssl + application. Various cleanups and fixes. + [Steve Henson] + + *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and + modify error routines to work internally. Add error codes and PBE init + to library startup routines. + [Steve Henson] + + *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and + packing functions to asn1 and evp. Changed function names and error + codes along the way. + [Steve Henson] + + *) PKCS12 integration: and so it begins... First of several patches to + slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12 + objects to objects.h + [Steve Henson] + + *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1 + and display support for Thawte strong extranet extension. + [Steve Henson] + + *) Add LinuxPPC support. + [Jeff Dubrule ] + + *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to + bn_div_words in alpha.s. + [Hannes Reinecke and Ben Laurie] + + *) Make sure the RSA OAEP test is skipped under -DRSAref because + OAEP isn't supported when OpenSSL is built with RSAref. + [Ulf Moeller ] + + *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h + so they no longer are missing under -DNOPROTO. + [Soren S. Jorvang ] + + + Changes between 0.9.1c and 0.9.2b [22 Mar 1999] + + *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still + doesn't work when the session is reused. Coming soon! + [Ben Laurie] + + *) Fix a security hole, that allows sessions to be reused in the wrong + context thus bypassing client cert protection! All software that uses + client certs and session caches in multiple contexts NEEDS PATCHING to + allow session reuse! A fuller solution is in the works. + [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)] + + *) Some more source tree cleanups (removed obsolete files + crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed + permission on "config" script to be executable) and a fix for the INSTALL + document. + [Ulf Moeller ] + + *) Remove some legacy and erroneous uses of malloc, free instead of + Malloc, Free. + [Lennart Bang , with minor changes by Steve] + + *) Make rsa_oaep_test return non-zero on error. + [Ulf Moeller ] + + *) Add support for native Solaris shared libraries. Configure + solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice + if someone would make that last step automatic. + [Matthias Loepfe ] + + *) ctx_size was not built with the right compiler during "make links". Fixed. + [Ben Laurie] + + *) Change the meaning of 'ALL' in the cipher list. It now means "everything + except NULL ciphers". This means the default cipher list will no longer + enable NULL ciphers. They need to be specifically enabled e.g. with + the string "DEFAULT:eNULL". + [Steve Henson] + + *) Fix to RSA private encryption routines: if p < q then it would + occasionally produce an invalid result. This will only happen with + externally generated keys because OpenSSL (and SSLeay) ensure p > q. + [Steve Henson] + + *) Be less restrictive and allow also `perl util/perlpath.pl + /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', + because this way one can also use an interpreter named `perl5' (which is + usually the name of Perl 5.xxx on platforms where an Perl 4.x is still + installed as `perl'). + [Matthias Loepfe ] + + *) Let util/clean-depend.pl work also with older Perl 5.00x versions. + [Matthias Loepfe ] + + *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add + advapi32.lib to Win32 build and change the pem test comparision + to fc.exe (thanks to Ulrich Kroener for the + suggestion). Fix misplaced ASNI prototypes and declarations in evp.h + and crypto/des/ede_cbcm_enc.c. + [Steve Henson] + + *) DES quad checksum was broken on big-endian architectures. Fixed. + [Ben Laurie] + + *) Comment out two functions in bio.h that aren't implemented. Fix up the + Win32 test batch file so it (might) work again. The Win32 test batch file + is horrible: I feel ill.... + [Steve Henson] + + *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected + in e_os.h. Audit of header files to check ANSI and non ANSI + sections: 10 functions were absent from non ANSI section and not exported + from Windows DLLs. Fixed up libeay.num for new functions. + [Steve Henson] + + *) Make `openssl version' output lines consistent. + [Ralf S. Engelschall] + + *) Fix Win32 symbol export lists for BIO functions: Added + BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data + to ms/libeay{16,32}.def. + [Ralf S. Engelschall] + + *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled + fine under Unix and passes some trivial tests I've now added. But the + whole stuff is horribly incomplete, so a README.1ST with a disclaimer was + added to make sure no one expects that this stuff really works in the + OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources + up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and + openssl_bio.xs. + [Ralf S. Engelschall] + + *) Fix the generation of two part addresses in perl. + [Kenji Miyake , integrated by Ben Laurie] + + *) Add config entry for Linux on MIPS. + [John Tobey ] + + *) Make links whenever Configure is run, unless we are on Windoze. + [Ben Laurie] + + *) Permit extensions to be added to CRLs using crl_section in openssl.cnf. + Currently only issuerAltName and AuthorityKeyIdentifier make any sense + in CRLs. + [Steve Henson] + + *) Add a useful kludge to allow package maintainers to specify compiler and + other platforms details on the command line without having to patch the + Configure script everytime: One now can use ``perl Configure + :
'', i.e. platform ids are allowed to have details appended + to them (seperated by colons). This is treated as there would be a static + pre-configured entry in Configure's %table under key with value +
and ``perl Configure '' is called. So, when you want to + perform a quick test-compile under FreeBSD 3.1 with pgcc and without + assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' + now, which overrides the FreeBSD-elf entry on-the-fly. + [Ralf S. Engelschall] + + *) Disable new TLS1 ciphersuites by default: they aren't official yet. + [Ben Laurie] + + *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified + on the `perl Configure ...' command line. This way one can compile + OpenSSL libraries with Position Independent Code (PIC) which is needed + for linking it into DSOs. + [Ralf S. Engelschall] + + *) Remarkably, export ciphers were totally broken and no-one had noticed! + Fixed. + [Ben Laurie] + + *) Cleaned up the LICENSE document: The official contact for any license + questions now is the OpenSSL core team under openssl-core@openssl.org. + And add a paragraph about the dual-license situation to make sure people + recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply + to the OpenSSL toolkit. + [Ralf S. Engelschall] + + *) General source tree makefile cleanups: Made `making xxx in yyy...' + display consistent in the source tree and replaced `/bin/rm' by `rm'. + Additonally cleaned up the `make links' target: Remove unnecessary + semicolons, subsequent redundant removes, inline point.sh into mklink.sh + to speed processing and no longer clutter the display with confusing + stuff. Instead only the actually done links are displayed. + [Ralf S. Engelschall] + + *) Permit null encryption ciphersuites, used for authentication only. It used + to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this. + It is now necessary to set SSL_FORBID_ENULL to prevent the use of null + encryption. + [Ben Laurie] + + *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder + signed attributes when verifying signatures (this would break them), + the detached data encoding was wrong and public keys obtained using + X509_get_pubkey() weren't freed. + [Steve Henson] + + *) Add text documentation for the BUFFER functions. Also added a work around + to a Win95 console bug. This was triggered by the password read stuff: the + last character typed gets carried over to the next fread(). If you were + generating a new cert request using 'req' for example then the last + character of the passphrase would be CR which would then enter the first + field as blank. + [Steve Henson] + + *) Added the new `Includes OpenSSL Cryptography Software' button as + doc/openssl_button.{gif,html} which is similar in style to the old SSLeay + button and can be used by applications based on OpenSSL to show the + relationship to the OpenSSL project. + [Ralf S. Engelschall] + + *) Remove confusing variables in function signatures in files + ssl/ssl_lib.c and ssl/ssl.h. + [Lennart Bong ] + + *) Don't install bss_file.c under PREFIX/include/ + [Lennart Bong ] + + *) Get the Win32 compile working again. Modify mkdef.pl so it can handle + functions that return function pointers and has support for NT specific + stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various + #ifdef WIN32 and WINNTs sprinkled about the place and some changes from + unsigned to signed types: this was killing the Win32 compile. + [Steve Henson] + + *) Add new certificate file to stack functions, + SSL_add_dir_cert_subjects_to_stack() and + SSL_add_file_cert_subjects_to_stack(). These largely supplant + SSL_load_client_CA_file(), and can be used to add multiple certs easily + to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()). + This means that Apache-SSL and similar packages don't have to mess around + to add as many CAs as they want to the preferred list. + [Ben Laurie] + + *) Experiment with doxygen documentation. Currently only partially applied to + ssl/ssl_lib.c. + See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with + openssl.doxy as the configuration file. + [Ben Laurie] + + *) Get rid of remaining C++-style comments which strict C compilers hate. + [Ralf S. Engelschall, pointed out by Carlos Amengual] + + *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not + compiled in by default: it has problems with large keys. + [Steve Henson] + + *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and + DH private keys and/or callback functions which directly correspond to + their SSL_CTX_xxx() counterparts but work on a per-connection basis. This + is needed for applications which have to configure certificates on a + per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis + (e.g. s_server). + For the RSA certificate situation is makes no difference, but + for the DSA certificate situation this fixes the "no shared cipher" + problem where the OpenSSL cipher selection procedure failed because the + temporary keys were not overtaken from the context and the API provided + no way to reconfigure them. + The new functions now let applications reconfigure the stuff and they + are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, + SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new + non-public-API function ssl_cert_instantiate() is used as a helper + function and also to reduce code redundancy inside ssl_rsa.c. + [Ralf S. Engelschall] + + *) Move s_server -dcert and -dkey options out of the undocumented feature + area because they are useful for the DSA situation and should be + recognized by the users. + [Ralf S. Engelschall] + + *) Fix the cipher decision scheme for export ciphers: the export bits are + *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within + SSL_EXP_MASK. So, the original variable has to be used instead of the + already masked variable. + [Richard Levitte ] + + *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c + [Richard Levitte ] + + *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() + from `int' to `unsigned int' because it's a length and initialized by + EVP_DigestFinal() which expects an `unsigned int *'. + [Richard Levitte ] + + *) Don't hard-code path to Perl interpreter on shebang line of Configure + script. Instead use the usual Shell->Perl transition trick. + [Ralf S. Engelschall] + + *) Make `openssl x509 -noout -modulus' functional also for DSA certificates + (in addition to RSA certificates) to match the behaviour of `openssl dsa + -noout -modulus' as it's already the case for `openssl rsa -noout + -modulus'. For RSA the -modulus is the real "modulus" while for DSA + currently the public key is printed (a decision which was already done by + `openssl dsa -modulus' in the past) which serves a similar purpose. + Additionally the NO_RSA no longer completely removes the whole -modulus + option; it now only avoids using the RSA stuff. Same applies to NO_DSA + now, too. + [Ralf S. Engelschall] + + *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested + BIO. See the source (crypto/evp/bio_ok.c) for more info. + [Arne Ansper ] + + *) Dump the old yucky req code that tried (and failed) to allow raw OIDs + to be added. Now both 'req' and 'ca' can use new objects defined in the + config file. + [Steve Henson] + + *) Add cool BIO that does syslog (or event log on NT). + [Arne Ansper , integrated by Ben Laurie] + + *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5, + TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and + TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher + Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt. + [Ben Laurie] + + *) Add preliminary config info for new extension code. + [Steve Henson] + + *) Make RSA_NO_PADDING really use no padding. + [Ulf Moeller ] + + *) Generate errors when private/public key check is done. + [Ben Laurie] + + *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support + for some CRL extensions and new objects added. + [Steve Henson] + + *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private + key usage extension and fuller support for authority key id. + [Steve Henson] + + *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved + padding method for RSA, which is recommended for new applications in PKCS + #1 v2.0 (RFC 2437, October 1998). + OAEP (Optimal Asymmetric Encryption Padding) has better theoretical + foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure + against Bleichbacher's attack on RSA. + [Ulf Moeller , reformatted, corrected and integrated by + Ben Laurie] + + *) Updates to the new SSL compression code + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Fix so that the version number in the master secret, when passed + via RSA, checks that if TLS was proposed, but we roll back to SSLv3 + (because the server will not accept higher), that the version number + is 0x03,0x01, not 0x03,0x00 + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory + leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes + in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c + [Steve Henson] + + *) Support for RAW extensions where an arbitrary extension can be + created by including its DER encoding. See apps/openssl.cnf for + an example. + [Steve Henson] + + *) Make sure latest Perl versions don't interpret some generated C array + code as Perl array code in the crypto/err/err_genc.pl script. + [Lars Weber <3weber@informatik.uni-hamburg.de>] + + *) Modify ms/do_ms.bat to not generate assembly language makefiles since + not many people have the assembler. Various Win32 compilation fixes and + update to the INSTALL.W32 file with (hopefully) more accurate Win32 + build instructions. + [Steve Henson] + + *) Modify configure script 'Configure' to automatically create crypto/date.h + file under Win32 and also build pem.h from pem.org. New script + util/mkfiles.pl to create the MINFO file on environments that can't do a + 'make files': perl util/mkfiles.pl >MINFO should work. + [Steve Henson] + + *) Major rework of DES function declarations, in the pursuit of correctness + and purity. As a result, many evil casts evaporated, and some weirdness, + too. You may find this causes warnings in your code. Zapping your evil + casts will probably fix them. Mostly. + [Ben Laurie] + + *) Fix for a typo in asn1.h. Bug fix to object creation script + obj_dat.pl. It considered a zero in an object definition to mean + "end of object": none of the objects in objects.h have any zeros + so it wasn't spotted. + [Steve Henson, reported by Erwann ABALEA ] + + *) Add support for Triple DES Cipher Block Chaining with Output Feedback + Masking (CBCM). In the absence of test vectors, the best I have been able + to do is check that the decrypt undoes the encrypt, so far. Send me test + vectors if you have them. + [Ben Laurie] + + *) Correct calculation of key length for export ciphers (too much space was + allocated for null ciphers). This has not been tested! + [Ben Laurie] + + *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage + message is now correct (it understands "crypto" and "ssl" on its + command line). There is also now an "update" option. This will update + the util/ssleay.num and util/libeay.num files with any new functions. + If you do a: + perl util/mkdef.pl crypto ssl update + it will update them. + [Steve Henson] + + *) Overhauled the Perl interface (perl/*): + - ported BN stuff to OpenSSL's different BN library + - made the perl/ source tree CVS-aware + - renamed the package from SSLeay to OpenSSL (the files still contain + their history because I've copied them in the repository) + - removed obsolete files (the test scripts will be replaced + by better Test::Harness variants in the future) + [Ralf S. Engelschall] + + *) First cut for a very conservative source tree cleanup: + 1. merge various obsolete readme texts into doc/ssleay.txt + where we collect the old documents and readme texts. + 2. remove the first part of files where I'm already sure that we no + longer need them because of three reasons: either they are just temporary + files which were left by Eric or they are preserved original files where + I've verified that the diff is also available in the CVS via "cvs diff + -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for + the crypto/md/ stuff). + [Ralf S. Engelschall] + + *) More extension code. Incomplete support for subject and issuer alt + name, issuer and authority key id. Change the i2v function parameters + and add an extra 'crl' parameter in the X509V3_CTX structure: guess + what that's for :-) Fix to ASN1 macro which messed up + IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED. + [Steve Henson] + + *) Preliminary support for ENUMERATED type. This is largely copied from the + INTEGER code. + [Steve Henson] + + *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy. + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Make sure `make rehash' target really finds the `openssl' program. + [Ralf S. Engelschall, Matthias Loepfe ] + + *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd + like to hear about it if this slows down other processors. + [Ben Laurie] + + *) Add CygWin32 platform information to Configure script. + [Alan Batie ] + + *) Fixed ms/32all.bat script: `no_asm' -> `no-asm' + [Rainer W. Gerling ] + + *) New program nseq to manipulate netscape certificate sequences + [Steve Henson] + + *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a + few typos. + [Steve Henson] + + *) Fixes to BN code. Previously the default was to define BN_RECURSION + but the BN code had some problems that would cause failures when + doing certificate verification and some other functions. + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + + *) Add several PKIX and private extended key usage OIDs. + [Steve Henson] + + *) Modify the 'ca' program to handle the new extension code. Modify + openssl.cnf for new extension format, add comments. + [Steve Henson] + + *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req' + and add a sample to openssl.cnf so req -x509 now adds appropriate + CA extensions. + [Steve Henson] + + *) Continued X509 V3 changes. Add to other makefiles, integrate with the + error code, add initial support to X509_print() and x509 application. + [Steve Henson] + + *) Takes a deep breath and start addding X509 V3 extension support code. Add + files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this + stuff is currently isolated and isn't even compiled yet. + [Steve Henson] + + *) Continuing patches for GeneralizedTime. Fix up certificate and CRL + ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. + Removed the versions check from X509 routines when loading extensions: + this allows certain broken certificates that don't set the version + properly to be processed. + [Steve Henson] + + *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another + Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which + can still be regenerated with "make depend". + [Ben Laurie] + + *) Spelling mistake in C version of CAST-128. + [Ben Laurie, reported by Jeremy Hylton ] + + *) Changes to the error generation code. The perl script err-code.pl + now reads in the old error codes and retains the old numbers, only + adding new ones if necessary. It also only changes the .err files if new + codes are added. The makefiles have been modified to only insert errors + when needed (to avoid needlessly modifying header files). This is done + by only inserting errors if the .err file is newer than the auto generated + C file. To rebuild all the error codes from scratch (the old behaviour) + either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl + or delete all the .err files. + [Steve Henson] + + *) CAST-128 was incorrectly implemented for short keys. The C version has + been fixed, but is untested. The assembler versions are also fixed, but + new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing + to regenerate it if needed. + [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun + Hagino ] + + *) File was opened incorrectly in randfile.c. + [Ulf Möller ] + + *) Beginning of support for GeneralizedTime. d2i, i2d, check and print + functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or + GeneralizedTime. ASN1_TIME is the proper type used in certificates et + al: it's just almost always a UTCTime. Note this patch adds new error + codes so do a "make errors" if there are problems. + [Steve Henson] + + *) Correct Linux 1 recognition in config. + [Ulf Möller ] + + *) Remove pointless MD5 hash when using DSA keys in ca. + [Anonymous ] + + *) Generate an error if given an empty string as a cert directory. Also + generate an error if handed NULL (previously returned 0 to indicate an + error, but didn't set one). + [Ben Laurie, reported by Anonymous ] + + *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last. + [Ben Laurie] + + *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct + parameters. This was causing a warning which killed off the Win32 compile. + [Steve Henson] + + *) Remove C++ style comments from crypto/bn/bn_local.h. + [Neil Costigan ] + + *) The function OBJ_txt2nid was broken. It was supposed to return a nid + based on a text string, looking up short and long names and finally + "dot" format. The "dot" format stuff didn't work. Added new function + OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote + OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the + OID is not part of the table. + [Steve Henson] + + *) Add prototypes to X509 lookup/verify methods, fixing a bug in + X509_LOOKUP_by_alias(). + [Ben Laurie] + + *) Sort openssl functions by name. + [Ben Laurie] + + *) Get the gendsa program working (hopefully) and add it to app list. Remove + encryption from sample DSA keys (in case anyone is interested the password + was "1234"). + [Steve Henson] + + *) Make _all_ *_free functions accept a NULL pointer. + [Frans Heymans ] + + *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use + NULL pointers. + [Anonymous ] + + *) s_server should send the CAfile as acceptable CAs, not its own cert. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Don't blow it for numeric -newkey arguments to apps/req. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Temp key "for export" tests were wrong in s3_srvr.c. + [Anonymous ] + + *) Add prototype for temp key callback functions + SSL_CTX_set_tmp_{rsa,dh}_callback(). + [Ben Laurie] + + *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and + DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey(). + [Steve Henson] + + *) X509_name_add_entry() freed the wrong thing after an error. + [Arne Ansper ] + + *) rsa_eay.c would attempt to free a NULL context. + [Arne Ansper ] + + *) BIO_s_socket() had a broken should_retry() on Windoze. + [Arne Ansper ] + + *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH. + [Arne Ansper ] + + *) Make sure the already existing X509_STORE->depth variable is initialized + in X509_STORE_new(), but document the fact that this variable is still + unused in the certificate verification process. + [Ralf S. Engelschall] + + *) Fix the various library and apps files to free up pkeys obtained from + X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions. + [Steve Henson] + + *) Fix reference counting in X509_PUBKEY_get(). This makes + demos/maurice/example2.c work, amongst others, probably. + [Steve Henson and Ben Laurie] + + *) First cut of a cleanup for apps/. First the `ssleay' program is now named + `openssl' and second, the shortcut symlinks for the `openssl ' + are no longer created. This way we have a single and consistent command + line interface `openssl ', similar to `cvs '. + [Ralf S. Engelschall, Paul Sutton and Ben Laurie] + + *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey + BIT STRING wrapper always have zero unused bits. + [Steve Henson] + + *) Add CA.pl, perl version of CA.sh, add extended key usage OID. + [Steve Henson] + + *) Make the top-level INSTALL documentation easier to understand. + [Paul Sutton] + + *) Makefiles updated to exit if an error occurs in a sub-directory + make (including if user presses ^C) [Paul Sutton] + + *) Make Montgomery context stuff explicit in RSA data structure. + [Ben Laurie] + + *) Fix build order of pem and err to allow for generated pem.h. + [Ben Laurie] + + *) Fix renumbering bug in X509_NAME_delete_entry(). + [Ben Laurie] + + *) Enhanced the err-ins.pl script so it makes the error library number + global and can add a library name. This is needed for external ASN1 and + other error libraries. + [Steve Henson] + + *) Fixed sk_insert which never worked properly. + [Steve Henson] + + *) Fix ASN1 macros so they can handle indefinite length construted + EXPLICIT tags. Some non standard certificates use these: they can now + be read in. + [Steve Henson] + + *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc) + into a single doc/ssleay.txt bundle. This way the information is still + preserved but no longer messes up this directory. Now it's new room for + the new set of documenation files. + [Ralf S. Engelschall] + + *) SETs were incorrectly DER encoded. This was a major pain, because they + shared code with SEQUENCEs, which aren't coded the same. This means that + almost everything to do with SETs or SEQUENCEs has either changed name or + number of arguments. + [Ben Laurie, based on a partial fix by GP Jayan ] + + *) Fix test data to work with the above. + [Ben Laurie] + + *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but + was already fixed by Eric for 0.9.1 it seems. + [Ben Laurie - pointed out by Ulf Möller ] + + *) Autodetect FreeBSD3. + [Ben Laurie] + + *) Fix various bugs in Configure. This affects the following platforms: + nextstep + ncr-scde + unixware-2.0 + unixware-2.0-pentium + sco5-cc. + [Ben Laurie] + + *) Eliminate generated files from CVS. Reorder tests to regenerate files + before they are needed. + [Ben Laurie] + + *) Generate Makefile.ssl from Makefile.org (to keep CVS happy). + [Ben Laurie] + + + Changes between 0.9.1b and 0.9.1c [23-Dec-1998] + + *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and + changed SSLeay to OpenSSL in version strings. + [Ralf S. Engelschall] + + *) Some fixups to the top-level documents. + [Paul Sutton] + + *) Fixed the nasty bug where rsaref.h was not found under compile-time + because the symlink to include/ was missing. + [Ralf S. Engelschall] + + *) Incorporated the popular no-RSA/DSA-only patches + which allow to compile a RSA-free SSLeay. + [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall] + + *) Fixed nasty rehash problem under `make -f Makefile.ssl links' + when "ssleay" is still not found. + [Ralf S. Engelschall] + + *) Added more platforms to Configure: Cray T3E, HPUX 11, + [Ralf S. Engelschall, Beckmann ] + + *) Updated the README file. + [Ralf S. Engelschall] + + *) Added various .cvsignore files in the CVS repository subdirs + to make a "cvs update" really silent. + [Ralf S. Engelschall] + + *) Recompiled the error-definition header files and added + missing symbols to the Win32 linker tables. + [Ralf S. Engelschall] + + *) Cleaned up the top-level documents; + o new files: CHANGES and LICENSE + o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay + o merged COPYRIGHT into LICENSE + o removed obsolete TODO file + o renamed MICROSOFT to INSTALL.W32 + [Ralf S. Engelschall] + + *) Removed dummy files from the 0.9.1b source tree: + crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi + crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f + crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f + crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f + util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f + [Ralf S. Engelschall] + + *) Added various platform portability fixes. + [Mark J. Cox] + + *) The Genesis of the OpenSSL rpject: + We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A. + Young and Tim J. Hudson created while they were working for C2Net until + summer 1998. + [The OpenSSL Project] + + + Changes between 0.9.0b and 0.9.1b [not released] + + *) Updated a few CA certificates under certs/ + [Eric A. Young] + + *) Changed some BIGNUM api stuff. + [Eric A. Young] + + *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, + DGUX x86, Linux Alpha, etc. + [Eric A. Young] + + *) New COMP library [crypto/comp/] for SSL Record Layer Compression: + RLE (dummy implemented) and ZLIB (really implemented when ZLIB is + available). + [Eric A. Young] + + *) Add -strparse option to asn1pars program which parses nested + binary structures + [Dr Stephen Henson ] + + *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs. + [Eric A. Young] + + *) DSA fix for "ca" program. + [Eric A. Young] + + *) Added "-genkey" option to "dsaparam" program. + [Eric A. Young] + + *) Added RIPE MD160 (rmd160) message digest. + [Eric A. Young] + + *) Added -a (all) option to "ssleay version" command. + [Eric A. Young] + + *) Added PLATFORM define which is the id given to Configure. + [Eric A. Young] + + *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking. + [Eric A. Young] + + *) Extended the ASN.1 parser routines. + [Eric A. Young] + + *) Extended BIO routines to support REUSEADDR, seek, tell, etc. + [Eric A. Young] + + *) Added a BN_CTX to the BN library. + [Eric A. Young] + + *) Fixed the weak key values in DES library + [Eric A. Young] + + *) Changed API in EVP library for cipher aliases. + [Eric A. Young] + + *) Added support for RC2/64bit cipher. + [Eric A. Young] + + *) Converted the lhash library to the crypto/mem.c functions. + [Eric A. Young] + + *) Added more recognized ASN.1 object ids. + [Eric A. Young] + + *) Added more RSA padding checks for SSL/TLS. + [Eric A. Young] + + *) Added BIO proxy/filter functionality. + [Eric A. Young] + + *) Added extra_certs to SSL_CTX which can be used + send extra CA certificates to the client in the CA cert chain sending + process. It can be configured with SSL_CTX_add_extra_chain_cert(). + [Eric A. Young] + + *) Now Fortezza is denied in the authentication phase because + this is key exchange mechanism is not supported by SSLeay at all. + [Eric A. Young] + + *) Additional PKCS1 checks. + [Eric A. Young] + + *) Support the string "TLSv1" for all TLS v1 ciphers. + [Eric A. Young] + + *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the + ex_data index of the SSL context in the X509_STORE_CTX ex_data. + [Eric A. Young] + + *) Fixed a few memory leaks. + [Eric A. Young] + + *) Fixed various code and comment typos. + [Eric A. Young] + + *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 + bytes sent in the client random. + [Edward Bishop ] + diff --git a/src/lib/libssl/src/CHANGES.SSLeay b/src/lib/libssl/src/CHANGES.SSLeay new file mode 100644 index 0000000000..dbb80b003d --- /dev/null +++ b/src/lib/libssl/src/CHANGES.SSLeay @@ -0,0 +1,968 @@ +This file contains the changes for the SSLeay library up to version +0.9.0b. For later changes, see the file "CHANGES". + + SSLeay CHANGES + ______________ + +Changes between 0.8.x and 0.9.0b + +10-Apr-1998 + +I said the next version would go out at easter, and so it shall. +I expect a 0.9.1 will follow with portability fixes in the next few weeks. + +This is a quick, meet the deadline. Look to ssl-users for comments on what +is new etc. + +eric (about to go bushwalking for the 4 day easter break :-) + +16-Mar-98 + - Patch for Cray T90 from Wayne Schroeder + - Lots and lots of changes + +29-Jan-98 + - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from + Goetz Babin-Ebell . + - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or + TLS1_VERSION. + +7-Jan-98 + - Finally reworked the cipher string to ciphers again, so it + works correctly + - All the app_data stuff is now ex_data with funcion calls to access. + The index is supplied by a function and 'methods' can be setup + for the types that are called on XXX_new/XXX_free. This lets + applications get notified on creation and destruction. Some of + the RSA methods could be implemented this way and I may do so. + - Oh yes, SSL under perl5 is working at the basic level. + +15-Dec-97 + - Warning - the gethostbyname cache is not fully thread safe, + but it should work well enough. + - Major internal reworking of the app_data stuff. More functions + but if you were accessing ->app_data directly, things will + stop working. + - The perlv5 stuff is working. Currently on message digests, + ciphers and the bignum library. + +9-Dec-97 + - Modified re-negotiation so that server initated re-neg + will cause a SSL_read() to return -1 should retry. + The danger otherwise was that the server and the + client could end up both trying to read when using non-blocking + sockets. + +4-Dec-97 + - Lots of small changes + - Fix for binaray mode in Windows for the FILE BIO, thanks to + Bob Denny + +17-Nov-97 + - Quite a few internal cleanups, (removal of errno, and using macros + defined in e_os.h). + - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where + the automactic naming out output files was being stuffed up. + +29-Oct-97 + - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember + for x86. + +21-Oct-97 + - Fixed a bug in the BIO_gethostbyname() cache. + +15-Oct-97 + - cbc mode for blowfish/des/3des is now in assember. Blowfish asm + has also been improved. At this point in time, on the pentium, + md5 is %80 faster, the unoptimesed sha-1 is %79 faster, + des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc + is %62 faster. + +12-Oct-97 + - MEM_BUF_grow() has been fixed so that it always sets the buf->length + to the value we are 'growing' to. Think of MEM_BUF_grow() as the + way to set the length value correctly. + +10-Oct-97 + - I now hash for certificate lookup on the raw DER encoded RDN (md5). + This breaks things again :-(. This is efficent since I cache + the DER encoding of the RDN. + - The text DN now puts in the numeric OID instead of UNKNOWN. + - req can now process arbitary OIDs in the config file. + - I've been implementing md5 in x86 asm, much faster :-). + - Started sha1 in x86 asm, needs more work. + - Quite a few speedups in the BN stuff. RSA public operation + has been made faster by caching the BN_MONT_CTX structure. + The calulating of the Ai where A*Ai === 1 mod m was rather + expensive. Basically a 40-50% speedup on public operations. + The RSA speedup is now 15% on pentiums and %20 on pentium + pro. + +30-Sep-97 + - After doing some profiling, I added x86 adm for bn_add_words(), + which just adds 2 arrays of longs together. A %10 speedup + for 512 and 1024 bit RSA on the pentium pro. + +29-Sep-97 + - Converted the x86 bignum assembler to us the perl scripts + for generation. + +23-Sep-97 + - If SSL_set_session() is passed a NULL session, it now clears the + current session-id. + +22-Sep-97 + - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned + certificates. + - Bug in crypto/evp/encode.c where by decoding of 65 base64 + encoded lines, one line at a time (via a memory BIO) would report + EOF after the first line was decoded. + - Fix in X509_find_by_issuer_and_serial() from + Dr Stephen Henson + +19-Sep-97 + - NO_FP_API and NO_STDIO added. + - Put in sh config command. It auto runs Configure with the correct + parameters. + +18-Sep-97 + - Fix x509.c so if a DSA cert has different parameters to its parent, + they are left in place. Not tested yet. + +16-Sep-97 + - ssl_create_cipher_list() had some bugs, fixes from + Patrick Eisenacher + - Fixed a bug in the Base64 BIO, where it would return 1 instead + of -1 when end of input was encountered but should retry. + Basically a Base64/Memory BIO interaction problem. + - Added a HMAC set of functions in preporarion for TLS work. + +15-Sep-97 + - Top level makefile tweak - Cameron Simpson + - Prime generation spead up %25 (512 bit prime, pentium pro linux) + by using montgomery multiplication in the prime number test. + +11-Sep-97 + - Ugly bug in ssl3_write_bytes(). Basically if application land + does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code + did not check the size and tried to copy the entire buffer. + This would tend to cause memory overwrites since SSLv3 has + a maximum packet size of 16k. If your program uses + buffers <= 16k, you would probably never see this problem. + - Fixed a new errors that were cause by malloc() not returning + 0 initialised memory.. + - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using + SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing + since this flags stops SSLeay being able to handle client + cert requests correctly. + +08-Sep-97 + - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched + on, the SSL server routines will not use a SSL_SESSION that is + held in it's cache. This in intended to be used with the session-id + callbacks so that while the session-ids are still stored in the + cache, the decision to use them and how to look them up can be + done by the callbacks. The are the 'new', 'get' and 'remove' + callbacks. This can be used to determine the session-id + to use depending on information like which port/host the connection + is coming from. Since the are also SSL_SESSION_set_app_data() and + SSL_SESSION_get_app_data() functions, the application can hold + information against the session-id as well. + +03-Sep-97 + - Added lookup of CRLs to the by_dir method, + X509_load_crl_file() also added. Basically it means you can + lookup CRLs via the same system used to lookup certificates. + - Changed things so that the X509_NAME structure can contain + ASN.1 BIT_STRINGS which is required for the unique + identifier OID. + - Fixed some problems with the auto flushing of the session-id + cache. It was not occuring on the server side. + +02-Sep-97 + - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) + which is the maximum number of entries allowed in the + session-id cache. This is enforced with a simple FIFO list. + The default size is 20*1024 entries which is rather large :-). + The Timeout code is still always operating. + +01-Sep-97 + - Added an argument to all the 'generate private key/prime` + callbacks. It is the last parameter so this should not + break existing code but it is needed for C++. + - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() + BIO. This lets the BIO read and write base64 encoded data + without inserting or looking for '\n' characters. The '-A' + flag turns this on when using apps/enc.c. + - RSA_NO_PADDING added to help BSAFE functionality. This is a + very dangerous thing to use, since RSA private key + operations without random padding bytes (as PKCS#1 adds) can + be attacked such that the private key can be revealed. + - ASN.1 bug and rc2-40-cbc and rc4-40 added by + Dr Stephen Henson + +31-Aug-97 (stuff added while I was away) + - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). + - RSA_flags() added allowing bypass of pub/priv match check + in ssl/ssl_rsa.c - Tim Hudson. + - A few minor bugs. + +SSLeay 0.8.1 released. + +19-Jul-97 + - Server side initated dynamic renegotiation is broken. I will fix + it when I get back from holidays. + +15-Jul-97 + - Quite a few small changes. + - INVALID_SOCKET usage cleanups from Alex Kiernan + +09-Jul-97 + - Added 2 new values to the SSL info callback. + SSL_CB_START which is passed when the SSL protocol is started + and SSL_CB_DONE when it has finished sucsessfully. + +08-Jul-97 + - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c + that related to DSA public/private keys. + - Added all the relevent PEM and normal IO functions to support + reading and writing RSAPublic keys. + - Changed makefiles to use ${AR} instead of 'ar r' + +07-Jul-97 + - Error in ERR_remove_state() that would leave a dangling reference + to a free()ed location - thanks to Alex Kiernan + - s_client now prints the X509_NAMEs passed from the server + when requesting a client cert. + - Added a ssl->type, which is one of SSL_ST_CONNECT or + SSL_ST_ACCEPT. I had to add it so I could tell if I was + a connect or an accept after the handshake had finished. + - SSL_get_client_CA_list(SSL *s) now returns the CA names + passed by the server if called by a client side SSL. + +05-Jul-97 + - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index + 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). + +04-Jul-97 + - Fixed some things in X509_NAME_add_entry(), thanks to + Matthew Donald . + - I had a look at the cipher section and though that it was a + bit confused, so I've changed it. + - I was not setting up the RC4-64-MD5 cipher correctly. It is + a MS special that appears in exported MS Money. + - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 + spec. I was missing the two byte length header for the + ClientDiffieHellmanPublic value. This is a packet sent from + the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG + option will enable SSLeay server side SSLv3 accept either + the correct or my 080 packet format. + - Fixed a few typos in crypto/pem.org. + +02-Jul-97 + - Alias mapping for EVP_get_(digest|cipher)byname is now + performed before a lookup for actual cipher. This means + that an alias can be used to 're-direct' a cipher or a + digest. + - ASN1_read_bio() had a bug that only showed up when using a + memory BIO. When EOF is reached in the memory BIO, it is + reported as a -1 with BIO_should_retry() set to true. + +01-Jul-97 + - Fixed an error in X509_verify_cert() caused by my + miss-understanding how 'do { contine } while(0);' works. + Thanks to Emil Sit for educating me :-) + +30-Jun-97 + - Base64 decoding error. If the last data line did not end with + a '=', sometimes extra data would be returned. + - Another 'cut and paste' bug in x509.c related to setting up the + STDout BIO. + +27-Jun-97 + - apps/ciphers.c was not printing due to an editing error. + - Alex Kiernan send in a nice fix for + a library build error in util/mk1mf.pl + +26-Jun-97 + - Still did not have the auto 'experimental' code removal + script correct. + - A few header tweaks for Watcom 11.0 under Win32 from + Rolf Lindemann + - 0 length OCTET_STRING bug in asn1_parse + - A minor fix with an non-existent function in the MS .def files. + - A few changes to the PKCS7 stuff. + +25-Jun-97 + SSLeay 0.8.0 finally it gets released. + +24-Jun-97 + Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to + use a temporary RSA key. This is experimental and needs some more work. + Fixed a few Win16 build problems. + +23-Jun-97 + SSLv3 bug. I was not doing the 'lookup' of the CERT structure + correctly. I was taking the SSL->ctx->default_cert when I should + have been using SSL->cert. The bug was in ssl/s3_srvr.c + +20-Jun-97 + X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the + rest of the library. Even though I had the code required to do + it correctly, apps/req.c was doing the wrong thing. I have fixed + and tested everything. + + Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. + +19-Jun-97 + Fixed a bug in the SSLv2 server side first packet handling. When + using the non-blocking test BIO, the ssl->s2->first_packet flag + was being reset when a would-block failure occurred when reading + the first 5 bytes of the first packet. This caused the checking + logic to run at the wrong time and cause an error. + + Fixed a problem with specifying cipher. If RC4-MD5 were used, + only the SSLv3 version would be picked up. Now this will pick + up both SSLv2 and SSLv3 versions. This required changing the + SSL_CIPHER->mask values so that they only mask the ciphers, + digests, authentication, export type and key-exchange algorithms. + + I found that when a SSLv23 session is established, a reused + session, of type SSLv3 was attempting to write the SSLv2 + ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char + method has been modified so it will only write out cipher which + that method knows about. + + + Changes between 0.8.0 and 0.8.1 + + *) Mostly bug fixes. + There is an Ephemeral DH cipher problem which is fixed. + + SSLeay 0.8.0 + +This version of SSLeay has quite a lot of things different from the +previous version. + +Basically check all callback parameters, I will be producing documentation +about how to use things in th future. Currently I'm just getting 080 out +the door. Please not that there are several ways to do everything, and +most of the applications in the apps directory are hybrids, some using old +methods and some using new methods. + +Have a look in demos/bio for some very simple programs and +apps/s_client.c and apps/s_server.c for some more advanced versions. +Notes are definitly needed but they are a week or so away. + +Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) +--- +Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to +get those people that want to move to using the new code base off to +a quick start. + +Note that Eric has tidied up a lot of the areas of the API that were +less than desirable and renamed quite a few things (as he had to break +the API in lots of places anyrate). There are a whole pile of additional +functions for making dealing with (and creating) certificates a lot +cleaner. + +01-Jul-97 +Tim Hudson +tjh@cryptsoft.com + +---8<--- + +To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could +use something like the following (assuming you #include "crypto.h" which +is something that you really should be doing). + +#if SSLEAY_VERSION_NUMBER >= 0x0800 +#define SSLEAY8 +#endif + +buffer.h -> splits into buffer.h and bio.h so you need to include bio.h + too if you are working with BIO internal stuff (as distinct + from simply using the interface in an opaque manner) + +#include "bio.h" - required along with "buffer.h" if you write + your own BIO routines as the buffer and bio + stuff that was intermixed has been separated + out + +envelope.h -> evp.h (which should have been done ages ago) + +Initialisation ... don't forget these or you end up with code that +is missing the bits required to do useful things (like ciphers): + +SSLeay_add_ssl_algorithms() +(probably also want SSL_load_error_strings() too but you should have + already had that call in place) + +SSL_CTX_new() - requires an extra method parameter + SSL_CTX_new(SSLv23_method()) + SSL_CTX_new(SSLv2_method()) + SSL_CTX_new(SSLv3_method()) + + OR to only have the server or the client code + SSL_CTX_new(SSLv23_server_method()) + SSL_CTX_new(SSLv2_server_method()) + SSL_CTX_new(SSLv3_server_method()) + or + SSL_CTX_new(SSLv23_client_method()) + SSL_CTX_new(SSLv2_client_method()) + SSL_CTX_new(SSLv3_client_method()) + +SSL_set_default_verify_paths() ... renamed to the more appropriate +SSL_CTX_set_default_verify_paths() + +If you want to use client certificates then you have to add in a bit +of extra stuff in that a SSLv3 server sends a list of those CAs that +it will accept certificates from ... so you have to provide a list to +SSLeay otherwise certain browsers will not send client certs. + +SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + + +X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) + or provide a buffer and size to copy the + result into + +X509_add_cert -> X509_STORE_add_cert (and you might want to read the + notes on X509_NAME structure changes too) + + +VERIFICATION CODE +================= + +The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to +more accurately reflect things. + +The verification callback args are now packaged differently so that +extra fields for verification can be added easily in future without +having to break things by adding extra parameters each release :-) + +X509_cert_verify_error_string -> X509_verify_cert_error_string + + +BIO INTERNALS +============= + +Eric has fixed things so that extra flags can be introduced in +the BIO layer in future without having to play with all the BIO +modules by adding in some macros. + +The ugly stuff using + b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_clear_retry_flags(b) + + b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_set_retry_read(b) + +Also ... BIO_get_retry_flags(b), BIO_set_flags(b) + + + +OTHER THINGS +============ + +X509_NAME has been altered so that it isn't just a STACK ... the STACK +is now in the "entries" field ... and there are a pile of nice functions +for getting at the details in a much cleaner manner. + +SSL_CTX has been altered ... "cert" is no longer a direct member of this +structure ... things are now down under "cert_store" (see x509_vfy.h) and +things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. +If your code "knows" about this level of detail then it will need some +surgery. + +If you depending on the incorrect spelling of a number of the error codes +then you will have to change your code as these have been fixed. + +ENV_CIPHER "type" got renamed to "nid" and as that is what it actually +has been all along so this makes things clearer. +ify_cert_error_string(ctx->error)); + +SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST + and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO + + + + Changes between 0.7.x and 0.8.0 + + *) There have been lots of changes, mostly the addition of SSLv3. + There have been many additions from people and amongst + others, C2Net has assisted greatly. + + Changes between 0.7.x and 0.7.x + + *) Internal development version only + +SSLeay 0.6.6 13-Jan-1997 + +The main additions are + +- assember for x86 DES improvments. + From 191,000 per second on a pentium 100, I now get 281,000. The inner + loop and the IP/FP modifications are from + Svend Olaf Mikkelsen . Many thanks for his + contribution. +- The 'DES macros' introduced in 0.6.5 now have 3 types. + DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which + is best and there is a summery of mine in crypto/des/options.txt +- A few bug fixes. +- Added blowfish. It is not used by SSL but all the other stuff that + deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. + There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. + BF_PTR2 is pentium/x86 specific. The correct option is setup in + the 'Configure' script. +- There is now a 'get client certificate' callback which can be + 'non-blocking'. If more details are required, let me know. It will + documented more in SSLv3 when I finish it. +- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' + now tests the ca program. +- Lots of little things modified and tweaked. + + SSLeay 0.6.5 + +After quite some time (3 months), the new release. I have been very busy +for the last few months and so this is mostly bug fixes and improvments. + +The main additions are + +- assember for x86 DES. For all those gcc based systems, this is a big + improvement. From 117,000 DES operation a second on a pentium 100, + I now get 191,000. I have also reworked the C version so it + now gives 148,000 DESs per second. +- As mentioned above, the inner DES macros now have some more variant that + sometimes help, sometimes hinder performance. There are now 3 options + DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) + and DES_RISC (a more register intensive version of the inner macro). + The crypto/des/des_opts.c program, when compiled and run, will give + an indication of the correct options to use. +- The BIO stuff has been improved. Read doc/bio.doc. There are now + modules for encryption and base64 encoding and a BIO_printf() function. +- The CA program will accept simple one line X509v3 extensions in the + ssleay.cnf file. Have a look at the example. Currently this just + puts the text into the certificate as an OCTET_STRING so currently + the more advanced X509v3 data types are not handled but this is enough + for the netscape extensions. +- There is the start of a nicer higher level interface to the X509 + strucutre. +- Quite a lot of bug fixes. +- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used + to define the malloc(), free() and realloc() routines to use + (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when + using DLLs and mixing CRT libraries. + +In general, read the 'VERSION' file for changes and be aware that some of +the new stuff may not have been tested quite enough yet, so don't just plonk +in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. + +SSLeay 0.6.4 30/08/96 eay + +I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, +Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). + +The main changes in this release + +- Thread safe. have a read of doc/threads.doc and play in the mt directory. + For anyone using 0.6.3 with threads, I found 2 major errors so consider + moving to 0.6.4. I have a test program that builds under NT and + solaris. +- The get session-id callback has changed. Have a read of doc/callback.doc. +- The X509_cert_verify callback (the SSL_verify callback) now + has another argument. Have a read of doc/callback.doc +- 'ca -preserve', sign without re-ordering the DN. Not tested much. +- VMS support. +- Compile time memory leak detection can now be built into SSLeay. + Read doc/memory.doc +- CONF routines now understand '\', '\n', '\r' etc. What this means is that + the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. +- 'ssleay ciphers' added, lists the default cipher list for SSLeay. +- RC2 key setup is now compatable with Netscape. +- Modifed server side of SSL implementation, big performance difference when + using session-id reuse. + +0.6.3 + +Bug fixes and the addition of some nice stuff to the 'ca' program. +Have a read of doc/ns-ca.doc for how hit has been modified so +it can be driven from a CGI script. The CGI script is not provided, +but that is just being left as an excersize for the reader :-). + +0.6.2 + +This is most bug fixes and functionality improvements. + +Additions are +- More thread debugging patches, the thread stuff is still being + tested, but for those keep to play with stuff, have a look in + crypto/cryptlib.c. The application needs to define 1 (or optionaly + a second) callback that is used to implement locking. Compiling + with LOCK_DEBUG spits out lots of locking crud :-). + This is what I'm currently working on. +- SSL_CTX_set_default_passwd_cb() can be used to define the callback + function used in the SSL*_file() functions used to load keys. I was + always of the opinion that people should call + PEM_read_RSAPrivateKey() and pass the callback they want to use, but + it appears they just want to use the SSL_*_file() function() :-(. +- 'enc' now has a -kfile so a key can be read from a file. This is + mostly used so that the passwd does not appear when using 'ps', + which appears imposible to stop under solaris. +- X509v3 certificates now work correctly. I even have more examples + in my tests :-). There is now a X509_EXTENSION type that is used in + X509v3 certificates and CRLv2. +- Fixed that signature type error :-( +- Fixed quite a few potential memory leaks and problems when reusing + X509, CRL and REQ structures. +- EVP_set_pw_prompt() now sets the library wide default password + prompt. +- The 'pkcs7' command will now, given the -print_certs flag, output in + pem format, all certificates and CRL contained within. This is more + of a pre-emtive thing for the new verisign distribution method. I + should also note, that this also gives and example in code, of how + to do this :-), or for that matter, what is involved in going the + other way (list of certs and crl -> pkcs7). +- Added RSA's DESX to the DES library. It is also available via the + EVP_desx_cbc() method and via 'enc desx'. + +SSLeay 0.6.1 + +The main functional changes since 0.6.0 are as follows +- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is + that from now on, I'll keep the .def numbers the same so they will be. +- RSA private key operations are about 2 times faster that 0.6.0 +- The SSL_CTX now has more fields so default values can be put against + it. When an SSL structure is created, these default values are used + but can be overwritten. There are defaults for cipher, certificate, + private key, verify mode and callback. This means SSL session + creation can now be + ssl=SSL_new() + SSL_set_fd(ssl,sock); + SSL_accept(ssl) + .... + All the other uglyness with having to keep a global copy of the + private key and certificate/verify mode in the server is now gone. +- ssl/ssltest.c - one process talking SSL to its self for testing. +- Storage of Session-id's can be controled via a session_cache_mode + flag. There is also now an automatic default flushing of + old session-id's. +- The X509_cert_verify() function now has another parameter, this + should not effect most people but it now means that the reason for + the failure to verify is now available via SSL_get_verify_result(ssl). + You don't have to use a global variable. +- SSL_get_app_data() and SSL_set_app_data() can be used to keep some + application data against the SSL structure. It is upto the application + to free the data. I don't use it, but it is available. +- SSL_CTX_set_cert_verify_callback() can be used to specify a + verify callback function that completly replaces my certificate + verification code. Xcert should be able to use this :-). + The callback is of the form int app_verify_callback(arg,ssl,cert). + This needs to be documented more. +- I have started playing with shared library builds, have a look in + the shlib directory. It is very simple. If you need a numbered + list of functions, have a look at misc/crypto.num and misc/ssl.num. +- There is some stuff to do locking to make the library thread safe. + I have only started this stuff and have not finished. If anyone is + keen to do so, please send me the patches when finished. + +So I have finally made most of the additions to the SSL interface that +I thought were needed. + +There will probably be a pause before I make any non-bug/documentation +related changes to SSLeay since I'm feeling like a bit of a break. + +eric - 12 Jul 1996 +I saw recently a comment by some-one that we now seem to be entering +the age of perpetual Beta software. +Pioneered by packages like linux but refined to an art form by +netscape. + +I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). + +There are quite a large number of sections that are 'works in +progress' in this package. I will also list the major changes and +what files you should read. + +BIO - this is the new IO structure being used everywhere in SSLeay. I +started out developing this because of microsoft, I wanted a mechanism +to callback to the application for all IO, so Windows 3.1 DLL +perversion could be hidden from me and the 15 different ways to write +to a file under NT would also not be dictated by me at library build +time. What the 'package' is is an API for a data structure containing +functions. IO interfaces can be written to conform to the +specification. This in not intended to hide the underlying data type +from the application, but to hide it from SSLeay :-). +I have only really finished testing the FILE * and socket/fd modules. +There are also 'filter' BIO's. Currently I have only implemented +message digests, and it is in use in the dgst application. This +functionality will allow base64/encrypto/buffering modules to be +'push' into a BIO without it affecting the semantics. I'm also +working on an SSL BIO which will hide the SSL_accept()/SLL_connet() +from an event loop which uses the interface. +It is also possible to 'attach' callbacks to a BIO so they get called +before and after each operation, alowing extensive debug output +to be generated (try running dgst with -d). + +Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few +functions that used to take FILE *, now take BIO *. +The wrappers are easy to write + +function_fp(fp,x) +FILE *fp; + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) error..... + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=function_bio(b,x); + BIO_free(b); + return(ret); + } +Remember, there are no functions that take FILE * in SSLeay when +compiled for Windows 3.1 DLL's. + +-- +I have added a general EVP_PKEY type that can hold a public/private +key. This is now what is used by the EVP_ functions and is passed +around internally. I still have not done the PKCS#8 stuff, but +X509_PKEY is defined and waiting :-) + +-- +For a full function name listings, have a look at ms/crypt32.def and +ms/ssl32.def. These are auto-generated but are complete. +Things like ASN1_INTEGER_get() have been added and are in here if you +look. I have renamed a few things, again, have a look through the +function list and you will probably find what you are after. I intend +to at least put a one line descrition for each one..... + +-- +Microsoft - thats what this release is about, read the MICROSOFT file. + +-- +Multi-threading support. I have started hunting through the code and +flaging where things need to be done. In a state of work but high on +the list. + +-- +For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) +be be you random data device, otherwise 'RFILE' in e_os.h +will be used, in your home directory. It will be updated +periodically. The environment variable RANDFILE will override this +choice and read/write to that file instead. DEVRANDOM is used in +conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random +number generator, pick on one of these files. + +-- + +The list of things to read and do + +dgst -d +s_client -state (this uses a callback placed in the SSL state loop and + will be used else-where to help debug/monitor what + is happening.) + +doc/why.doc +doc/bio.doc <- hmmm, needs lots of work. +doc/bss_file.doc <- one that is working :-) +doc/session.doc <- it has changed +doc/speed.doc + also play with ssleay version -a. I have now added a SSLeay() + function that returns a version number, eg 0600 for this release + which is primarily to be used to check DLL version against the + application. +util/* Quite a few will not interest people, but some may, like + mk1mf.pl, mkdef.pl, +util/do_ms.sh + +try +cc -Iinclude -Icrypto -c crypto/crypto.c +cc -Iinclude -Issl -c ssl/ssl.c +You have just built the SSLeay libraries as 2 object files :-) + +Have a general rummage around in the bin stall directory and look at +what is in there, like CA.sh and c_rehash + +There are lots more things but it is 12:30am on a Friday night and I'm +heading home :-). + +eric 22-Jun-1996 +This version has quite a few major bug fixes and improvements. It DOES NOT +do SSLv3 yet. + +The main things changed +- A Few days ago I added the s_mult application to ssleay which is + a demo of an SSL server running in an event loop type thing. + It supports non-blocking IO, I have finally gotten it right, SSL_accept() + can operate in non-blocking IO mode, look at the code to see how :-). + Have a read of doc/s_mult as well. This program leaks memory and + file descriptors everywhere but I have not cleaned it up yet. + This is a demo of how to do non-blocking IO. +- The SSL session management has been 'worked over' and there is now + quite an expansive set of functions to manipulate them. Have a read of + doc/session.doc for some-things I quickly whipped up about how it now works. + This assume you know the SSLv2 protocol :-) +- I can now read/write the netscape certificate format, use the + -inform/-outform 'net' options to the x509 command. I have not put support + for this type in the other demo programs, but it would be easy to add. +- asn1parse and 'enc' have been modified so that when reading base64 + encoded files (pem format), they do not require '-----BEGIN' header lines. + The 'enc' program had a buffering bug fixed, it can be used as a general + base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' + respecivly. Leaving out the '-a' flag in this case makes the 'enc' command + into a form of 'cat'. +- The 'x509' and 'req' programs have been fixed and modified a little so + that they generate self-signed certificates correctly. The test + script actually generates a 'CA' certificate and then 'signs' a + 'user' certificate. Have a look at this shell script (test/sstest) + to see how things work, it tests most possible combinations of what can + be done. +- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name + of SSL_set_cipher_list() is now the correct API (stops confusion :-). + If this function is used in the client, only the specified ciphers can + be used, with preference given to the order the ciphers were listed. + For the server, if this is used, only the specified ciphers will be used + to accept connections. If this 'option' is not used, a default set of + ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this + list for all ciphers started against the SSL_CTX. So the order is + SSL cipher_list, if not present, SSL_CTX cipher list, if not + present, then the library default. + What this means is that normally ciphers like + NULL-MD5 will never be used. The only way this cipher can be used + for both ends to specify to use it. + To enable or disable ciphers in the library at build time, modify the + first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. + This file also contains the 'pref_cipher' list which is the default + cipher preference order. +- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' + options work. They should, and they enable loading and writing the + netscape rsa private key format. I will be re-working this section of + SSLeay for the next version. What is currently in place is a quick and + dirty hack. +- I've re-written parts of the bignum library. This gives speedups + for all platforms. I now provide assembler for use under Windows NT. + I have not tested the Windows 3.1 assembler but it is quite simple code. + This gives RSAprivate_key operation encryption times of 0.047s (512bit key) + and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. + Basically the times available under linux/solaris x86 can be achieve under + Windows NT. I still don't know how these times compare to RSA's BSAFE + library but I have been emailing with people and with their help, I should + be able to get my library's quite a bit faster still (more algorithm changes). + The object file crypto/bn/asm/x86-32.obj should be used when linking + under NT. +- 'make makefile.one' in the top directory will generate a single makefile + called 'makefile.one' This makefile contains no perl references and + will build the SSLeay library into the 'tmp' and 'out' directories. + util/mk1mf.pl >makefile.one is how this makefile is + generated. The mk1mf.pl command take several option to generate the + makefile for use with cc, gcc, Visual C++ and Borland C++. This is + still under development. I have only build .lib's for NT and MSDOS + I will be working on this more. I still need to play with the + correct compiler setups for these compilers and add some more stuff but + basically if you just want to compile the library + on a 'non-unix' platform, this is a very very good file to start with :-). + Have a look in the 'microsoft' directory for my current makefiles. + I have not yet modified things to link with sockets under Windows NT. + You guys should be able to do this since this is actually outside of the + SSLeay scope :-). I will be doing it for myself soon. + util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock + to build without RC2/RC4, to require RSAref for linking, and to + build with no socket code. + +- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher + that was posted to sci.crypt has been added to the library and SSL. + I take the view that if RC2 is going to be included in a standard, + I'll include the cipher to make my package complete. + There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers + at compile time. I have not tested this recently but it should all work + and if you are in the USA and don't want RSA threatening to sue you, + you could probably remove the RC4/RC2 code inside these sections. + I may in the future include a perl script that does this code + removal automatically for those in the USA :-). +- I have removed all references to sed in the makefiles. So basically, + the development environment requires perl and sh. The build environment + does not (use the makefile.one makefile). + The Configure script still requires perl, this will probably stay that way + since I have perl for Windows NT :-). + +eric (03-May-1996) + +PS Have a look in the VERSION file for more details on the changes and + bug fixes. +I have fixed a few bugs, added alpha and x86 assembler and generally cleaned +things up. This version will be quite stable, mostly because I'm on +holidays until 10-March-1996. For any problems in the interum, send email +to Tim Hudson . + +SSLeay 0.5.0 + +12-12-95 +This is going out before it should really be released. + +I leave for 11 weeks holidays on the 22-12-95 and so I either sit on +this for 11 weeks or get things out. It is still going to change a +lot in the next week so if you do grab this version, please test and +give me feed back ASAP, inculuding questions on how to do things with +the library. This will prompt me to write documentation so I don't +have to answer the same question again :-). + +This 'pre' release version is for people who are interested in the +library. The applications will have to be changed to use +the new version of the SSL interface. I intend to finish more +documentation before I leave but until then, look at the programs in +the apps directory. As far as code goes, it is much much nicer than +the old version. + +The current library works, has no memory leaks (as far as I can tell) +and is far more bug free that 0.4.5d. There are no global variable of +consequence (I believe) and I will produce some documentation that +tell where to look for those people that do want to do multi-threaded +stuff. + +There should be more documentation. Have a look in the +doc directory. I'll be adding more before I leave, it is a start +by mostly documents the crypto library. Tim Hudson will update +the web page ASAP. The spelling and grammar are crap but +it is better than nothing :-) + +Reasons to start playing with version 0.5.0 +- All the programs in the apps directory build into one ssleay binary. +- There is a new version of the 'req' program that generates certificate + requests, there is even documentation for this one :-) +- There is a demo certification authorithy program. Currently it will + look at the simple database and update it. It will generate CRL from + the data base. You need to edit the database by hand to revoke a + certificate, it is my aim to use perl5/Tk but I don't have time to do + this right now. It will generate the certificates but the management + scripts still need to be written. This is not a hard task. +- Things have been cleaned up alot. +- Have a look at the enc and dgst programs in the apps directory. +- It supports v3 of x509 certiticates. + + +Major things missing. +- I have been working on (and thinging about) the distributed x509 + hierachy problem. I have not had time to put my solution in place. + It will have to wait until I come back. +- I have not put in CRL checking in the certificate verification but + it would not be hard to do. I was waiting until I could generate my + own CRL (which has only been in the last week) and I don't have time + to put it in correctly. +- Montgomery multiplication need to be implemented. I know the + algorithm, just ran out of time. +- PKCS#7. I can load and write the DER version. I need to re-work + things to support BER (if that means nothing, read the ASN1 spec :-). +- Testing of the higher level digital envelope routines. I have not + played with the *_seal() and *_open() type functions. They are + written but need testing. The *_sign() and *_verify() functions are + rock solid. +- PEM. Doing this and PKCS#7 have been dependant on the distributed + x509 heirachy problem. I started implementing my ideas, got + distracted writing a CA program and then ran out of time. I provide + the functionality of RSAref at least. +- Re work the asm. code for the x86. I've changed by low level bignum + interface again, so I really need to tweak the x86 stuff. gcc is + good enough for the other boxes. + diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ new file mode 100644 index 0000000000..ab84a3f9e8 --- /dev/null +++ b/src/lib/libssl/src/FAQ @@ -0,0 +1,130 @@ +OpenSSL - Frequently Asked Questions +-------------------------------------- + +* Which is the current version of OpenSSL? +* Where is the documentation? +* How can I contact the OpenSSL developers? +* Do I need patent licenses to use OpenSSL? +* Is OpenSSL thread-safe? +* Why do I get a "PRNG not seeded" error message? +* Why does the linker complain about undefined symbols? +* Where can I get a compiled version of OpenSSL? + + +* Which is the current version of OpenSSL? + +The current version is available from . +OpenSSL 0.9.5 was released on February 28th, 2000. + +In addition to the current stable release, you can also access daily +snapshots of the OpenSSL development version at , or get it by anonymous CVS access. + + +* Where is the documentation? + +OpenSSL is a library that provides cryptographic functionality to +applications such as secure web servers. Be sure to read the +documentation of the application you want to use. The INSTALL file +explains how to install this library. + +OpenSSL includes a command line utility that can be used to perform a +variety of cryptographic functions. It is described in the openssl(1) +manpage. Documentation for developers is currently being written. A +few manual pages already are available; overviews over libcrypto and +libssl are given in the crypto(3) and ssl(3) manpages. + +The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a +different directory if you specified one as described in INSTALL). +In addition, you can read the most current versions at +. + +For information on parts of libcrypto that are not yet documented, you +might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's +predecessor, at . Much +of this still applies to OpenSSL. + +There is some documentation about certificate extensions and PKCS#12 +in doc/openssl.txt + +The original SSLeay documentation is included in OpenSSL as +doc/ssleay.txt. It may be useful when none of the other resources +help, but please note that it reflects the obsolete version SSLeay +0.6.6. + + +* How can I contact the OpenSSL developers? + +The README file describes how to submit bug reports and patches to +OpenSSL. Information on the OpenSSL mailing lists is available from +. + + +* Do I need patent licenses to use OpenSSL? + +The patents section of the README file lists patents that may apply to +you if you want to use OpenSSL. For information on intellectual +property rights, please consult a lawyer. The OpenSSL team does not +offer legal advice. + +You can configure OpenSSL so as not to use RC5 and IDEA by using + ./config no-rc5 no-idea + +Until the RSA patent expires, U.S. users may want to use + ./config no-rc5 no-idea no-rsa + +Please note that you will *not* be able to communicate with most of +the popular web browsers without RSA support. + + +* Is OpenSSL thread-safe? + +Yes. On Windows and many Unix systems, OpenSSL automatically uses the +multi-threaded versions of the standard libraries. If your platform +is not one of these, consult the INSTALL file. + +Multi-threaded applications must provide two callback functions to +OpenSSL. This is described in the threads(3) manpage. + + +* Why do I get a "PRNG not seeded" error message? + +Cryptographic software needs a source of unpredictable data to work +correctly. Many open source operating systems provide a "randomness +device" that serves this purpose. On other systems, applications have +to call the RAND_add() or RAND_seed() function with appropriate data +before generating keys or performing public key encryption. + +Some broken applications do not do this. As of version 0.9.5, the +OpenSSL functions that need randomness report an error if the random +number generator has not been seeded with at least 128 bits of +randomness. If this error occurs, please contact the author of the +application you are using. It is likely that it never worked +correctly. OpenSSL 0.9.5 makes the error visible by refusing to +perform potentially insecure encryption. + + +* Why does the linker complain about undefined symbols? + +Maybe the compilation was interrupted, and make doesn't notice that +something is missing. Run "make clean; make". + +If you used ./Configure instead of ./config, make sure that you +selected the right target. File formats may differ slightly between +OS versions (for example sparcv8/sparcv9, or a.out/elf). + +If that doesn't help, you may want to try using the current snapshot. +If the problem persists, please submit a bug report. + + +* Where can I get a compiled version of OpenSSL? + +Some applications that use OpenSSL are distributed in binary form. +When using such an application, you don't need to install OpenSSL +yourself; the application will include the required parts (e.g. DLLs). + +If you want to install OpenSSL on a Windows system and you don't have +a C compiler, read the "Mingw32" section of INSTALL.W32 for information +on how to obtain and install the free GNU C compiler. + +A number of Linux and *BSD distributions include OpenSSL. diff --git a/src/lib/libssl/src/INSTALL.MacOS b/src/lib/libssl/src/INSTALL.MacOS new file mode 100644 index 0000000000..a8c4f7f1da --- /dev/null +++ b/src/lib/libssl/src/INSTALL.MacOS @@ -0,0 +1,72 @@ +OpenSSL - Port To The Macintosh +=============================== + +Thanks to Roy Wood initial support for MacOS (pre +X) is now provided. "Initial" means that unlike other platforms where you +get an SDK and a "swiss army" openssl application, on Macintosh you only +get one sample application which fetches a page over HTTPS(*) and dumps it +in a window. We don't even build the test applications so that we can't +guarantee that all algorithms are operational. + +Required software: + +- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar; +- Scriptable Finder; +- CodeWarrior Pro 5; + +Installation procedure: + +- fetch the source at ftp://ftp.openssl.org/ (well, you probably already + did, huh?) +- unpack the .tar.gz file: + - if you have StuffIt Expander then just drag it over it; + - otherwise uncompress it with MacGzip and then unpack with SUNtar; +- locate MacOS folder in OpenSSL source tree and open it; +- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it + "in-place", i.e. unpacked files should end-up in the very same folder; +- execute mklinks.as; +- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****); +- that's it for now; + +(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40 + to 42, change appropriately. +(**) If you use SUNtar, then it might have already unbinhexed the files + in question. +(***) The project file was saved with CW Pro 5.3. If you have earlier + version and it refuses to open it, then download + http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it + overwriting the original OpenSSL.mcp. +(****) Other targets are work in progress. If you feel like giving 'em a + shot, then you should know that OpenSSL* and Lib* targets are + supposed to be built with the GUSI, MacOS library which mimics + BSD sockets and some other POSIX APIs. The GUSI distribution is + expected to be found in the same directory as openssl source tree, + i.e. in the parent directory to the one where this very file, + namely INSTALL.MacOS. For more informations about GUSI, see + http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html + +Finally some essential comments from our generous contributor:-) + +"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a +hack, but it works for what I'm doing. If you don't like the way I've done +it, then feel free to change what I've done. I freely admit that I've done +some less-than-ideal things in my port, and if you don't like the way I've +done something, then feel free to change it-- I won't be offended! + +... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket" +library I wrote. My MacSocket library is a wrapper around OpenTransport, +handling stuff like endpoint creation, reading, writing, etc. It is not +designed as a high-performance package such as you'd use in a webserver, +but is fine for lots of other applications. MacSocket also uses some other +code libraries I've written to deal with string manipulations and error +handling. Feel free to use these things in your own code, but give me +credit and/or send me free stuff in appreciation! :-) + +... + +If you have any questions, feel free to email me as the following: + +roy@centricsystems.ca + +-Roy Wood" + diff --git a/src/lib/libssl/src/INSTALL.OS2 b/src/lib/libssl/src/INSTALL.OS2 new file mode 100644 index 0000000000..d4cc0e319b --- /dev/null +++ b/src/lib/libssl/src/INSTALL.OS2 @@ -0,0 +1,22 @@ + + Installation on OS/2 + -------------------- + + You need to have the following tools installed: + + * EMX GCC + * PERL + * GNU make + + + To build the makefile, run + + > os2\os2-emx + + This will configure OpenSSL and create OS2-EMX.mak which you then use to + build the OpenSSL libraries & programs by running + + > make -f os2-emx.mak + + If that finishes successfully you will find the libraries and programs in the + "out" directory. diff --git a/src/lib/libssl/src/INSTALL.VMS b/src/lib/libssl/src/INSTALL.VMS new file mode 100644 index 0000000000..4c01560d3d --- /dev/null +++ b/src/lib/libssl/src/INSTALL.VMS @@ -0,0 +1,245 @@ + VMS Installation instructions + written by Richard Levitte + + + +Intro: +====== + +This file is divided in the following parts: + + Compilation - Mandatory reading. + Test - Mandatory reading. + Installation - Mandatory reading. + Backward portability - Read if it's an issue. + Possible bugs or quirks - A few warnings on things that + may go wrong or may surprise you. + Report - How to get in touch with me. + +Compilation: +============ + +I've used the very good command procedures written by Robert Byer +, and just slightly modified them, making +them slightly more general and easier to maintain. + +You can actually compile in almost any directory separately. Look +for a command procedure name xxx-LIB.COM (in the library directories) +or MAKExxx.COM (in the program directories) and read the comments at +the top to understand how to use them. However, if you want to +compile all you can get, the simplest is to use MAKEVMS.COM in the top +directory. The syntax is trhe following: + + @MAKEVMS