From de8f24ea083384bb66b32ec105dc4743c5663cdf Mon Sep 17 00:00:00 2001 From: beck <> Date: Wed, 29 Sep 1999 04:37:45 +0000 Subject: OpenSSL 0.9.4 merge --- src/lib/libssl/src/CHANGES | 1624 +++++ src/lib/libssl/src/CHANGES.SSLeay | 968 +++ src/lib/libssl/src/COPYRIGHT | 65 - src/lib/libssl/src/Configure | 938 ++- src/lib/libssl/src/HISTORY | 316 - src/lib/libssl/src/HISTORY.066 | 443 -- src/lib/libssl/src/INSTALL | 265 +- src/lib/libssl/src/INSTALL.VMS | 245 + src/lib/libssl/src/INSTALL.W32 | 323 + src/lib/libssl/src/LICENSE | 127 + src/lib/libssl/src/MICROSOFT | 146 - src/lib/libssl/src/MINFO | 968 --- src/lib/libssl/src/Makefile.org | 351 ++ src/lib/libssl/src/Makefile.ssl | 331 - src/lib/libssl/src/NEWS | 65 + src/lib/libssl/src/PATENTS | 9 - src/lib/libssl/src/PROBLEMS | 50 - src/lib/libssl/src/README | 376 +- src/lib/libssl/src/README.066 | 27 - src/lib/libssl/src/README.080 | 147 - src/lib/libssl/src/README.090 | 71 - src/lib/libssl/src/TODO | 28 - src/lib/libssl/src/VERSION | 24 - src/lib/libssl/src/apps/CA.com | 200 + src/lib/libssl/src/apps/CA.pl | 153 + src/lib/libssl/src/apps/CA.sh | 10 +- src/lib/libssl/src/apps/Makefile.ssl | 665 +- src/lib/libssl/src/apps/apps.c | 64 +- src/lib/libssl/src/apps/apps.h | 25 +- src/lib/libssl/src/apps/asn1pars.c | 105 +- src/lib/libssl/src/apps/ca-cert.srl | 2 +- src/lib/libssl/src/apps/ca.c | 818 ++- src/lib/libssl/src/apps/ciphers.c | 21 +- src/lib/libssl/src/apps/crl.c | 96 +- src/lib/libssl/src/apps/crl2p7.c | 77 +- src/lib/libssl/src/apps/der_chop | 305 - src/lib/libssl/src/apps/der_chop.in | 305 + src/lib/libssl/src/apps/dgst.c | 40 +- src/lib/libssl/src/apps/dh.c | 24 +- src/lib/libssl/src/apps/dsa-ca.pem | 23 +- src/lib/libssl/src/apps/dsa-pca.pem | 23 +- src/lib/libssl/src/apps/dsa.c | 27 +- src/lib/libssl/src/apps/dsaparam.c | 57 +- src/lib/libssl/src/apps/eay.c | 35 +- src/lib/libssl/src/apps/enc.c | 44 +- src/lib/libssl/src/apps/errstr.c | 12 +- src/lib/libssl/src/apps/ext.v3 | 2 - src/lib/libssl/src/apps/g_ssleay.pl | 114 - src/lib/libssl/src/apps/gendh.c | 42 +- src/lib/libssl/src/apps/gendsa.c | 70 +- src/lib/libssl/src/apps/genrsa.c | 46 +- src/lib/libssl/src/apps/install.com | 69 + src/lib/libssl/src/apps/makeapps.com | 1138 ++++ src/lib/libssl/src/apps/mklinks | 7 - src/lib/libssl/src/apps/nseq.c | 174 + src/lib/libssl/src/apps/oid.cnf | 6 + src/lib/libssl/src/apps/openssl-vms.cnf | 214 + src/lib/libssl/src/apps/openssl.c | 373 ++ src/lib/libssl/src/apps/openssl.cnf | 214 + src/lib/libssl/src/apps/pem_mail.c | 18 +- src/lib/libssl/src/apps/pkcs12.c | 703 +++ src/lib/libssl/src/apps/pkcs7.c | 36 +- src/lib/libssl/src/apps/pkcs8.c | 274 + src/lib/libssl/src/apps/privkey.pem | 25 +- src/lib/libssl/src/apps/progs.h | 62 +- src/lib/libssl/src/apps/progs.pl | 77 + src/lib/libssl/src/apps/req.c | 322 +- src/lib/libssl/src/apps/rmlinks | 6 - src/lib/libssl/src/apps/rsa.c | 60 +- src/lib/libssl/src/apps/s_apps.h | 51 +- src/lib/libssl/src/apps/s_cb.c | 48 +- src/lib/libssl/src/apps/s_client.c | 222 +- src/lib/libssl/src/apps/s_server.c | 441 +- src/lib/libssl/src/apps/s_socket.c | 137 +- src/lib/libssl/src/apps/s_time.c | 85 +- src/lib/libssl/src/apps/server.pem | 14 +- src/lib/libssl/src/apps/sess_id.c | 53 +- src/lib/libssl/src/apps/speed.c | 215 +- src/lib/libssl/src/apps/ssleay.c | 342 - src/lib/libssl/src/apps/ssleay.cnf | 116 - src/lib/libssl/src/apps/testdsa.h | 7 - src/lib/libssl/src/apps/verify.c | 29 +- src/lib/libssl/src/apps/version.c | 21 +- src/lib/libssl/src/apps/x509.c | 282 +- src/lib/libssl/src/bugs/sgiccbug.c | 2 + src/lib/libssl/src/bugs/stream.c | 4 +- src/lib/libssl/src/bugs/ultrixcc.c | 45 + src/lib/libssl/src/certs/vsign1.pem | 28 +- src/lib/libssl/src/certs/vsign2.pem | 45 +- src/lib/libssl/src/certs/vsign3.pem | 30 +- src/lib/libssl/src/certs/vsign4.pem | 16 - src/lib/libssl/src/certs/vsignss.pem | 17 + src/lib/libssl/src/certs/vsigntca.pem | 18 + src/lib/libssl/src/config | 279 +- src/lib/libssl/src/crypto/Makefile | 308 +- src/lib/libssl/src/crypto/Makefile.ssl | 140 +- src/lib/libssl/src/crypto/asn1/Makefile.ssl | 1038 ++- src/lib/libssl/src/crypto/asn1/a_bitstr.c | 78 +- src/lib/libssl/src/crypto/asn1/a_bmp.c | 19 +- src/lib/libssl/src/crypto/asn1/a_bool.c | 15 +- src/lib/libssl/src/crypto/asn1/a_bytes.c | 44 +- src/lib/libssl/src/crypto/asn1/a_d2i_fp.c | 18 +- src/lib/libssl/src/crypto/asn1/a_digest.c | 14 +- src/lib/libssl/src/crypto/asn1/a_dup.c | 7 +- src/lib/libssl/src/crypto/asn1/a_enum.c | 326 + src/lib/libssl/src/crypto/asn1/a_gentm.c | 224 + src/lib/libssl/src/crypto/asn1/a_hdr.c | 27 +- src/lib/libssl/src/crypto/asn1/a_i2d_fp.c | 14 +- src/lib/libssl/src/crypto/asn1/a_int.c | 215 +- src/lib/libssl/src/crypto/asn1/a_meth.c | 8 +- src/lib/libssl/src/crypto/asn1/a_object.c | 139 +- src/lib/libssl/src/crypto/asn1/a_octet.c | 17 +- src/lib/libssl/src/crypto/asn1/a_print.c | 70 +- src/lib/libssl/src/crypto/asn1/a_set.c | 112 +- src/lib/libssl/src/crypto/asn1/a_sign.c | 28 +- src/lib/libssl/src/crypto/asn1/a_time.c | 123 + src/lib/libssl/src/crypto/asn1/a_type.c | 91 +- src/lib/libssl/src/crypto/asn1/a_utctm.c | 98 +- src/lib/libssl/src/crypto/asn1/a_utf8.c | 83 + src/lib/libssl/src/crypto/asn1/a_verify.c | 23 +- src/lib/libssl/src/crypto/asn1/a_vis.c | 83 + src/lib/libssl/src/crypto/asn1/asn1.err | 182 - src/lib/libssl/src/crypto/asn1/asn1.h | 606 +- src/lib/libssl/src/crypto/asn1/asn1_err.c | 357 +- src/lib/libssl/src/crypto/asn1/asn1_lib.c | 121 +- src/lib/libssl/src/crypto/asn1/asn1_mac.h | 355 +- src/lib/libssl/src/crypto/asn1/asn1_par.c | 84 +- src/lib/libssl/src/crypto/asn1/asn_pack.c | 145 + src/lib/libssl/src/crypto/asn1/d2i_dhp.c | 23 +- src/lib/libssl/src/crypto/asn1/d2i_dsap.c | 25 +- src/lib/libssl/src/crypto/asn1/d2i_pr.c | 17 +- src/lib/libssl/src/crypto/asn1/d2i_pu.c | 17 +- src/lib/libssl/src/crypto/asn1/d2i_r_pr.c | 24 +- src/lib/libssl/src/crypto/asn1/d2i_r_pu.c | 23 +- src/lib/libssl/src/crypto/asn1/d2i_s_pr.c | 24 +- src/lib/libssl/src/crypto/asn1/d2i_s_pu.c | 25 +- src/lib/libssl/src/crypto/asn1/evp_asn1.c | 38 +- src/lib/libssl/src/crypto/asn1/f.c | 4 +- src/lib/libssl/src/crypto/asn1/f_enum.c | 207 + src/lib/libssl/src/crypto/asn1/f_int.c | 25 +- src/lib/libssl/src/crypto/asn1/f_string.c | 26 +- src/lib/libssl/src/crypto/asn1/i2d_dhp.c | 24 +- src/lib/libssl/src/crypto/asn1/i2d_dsap.c | 16 +- src/lib/libssl/src/crypto/asn1/i2d_pr.c | 10 +- src/lib/libssl/src/crypto/asn1/i2d_pu.c | 10 +- src/lib/libssl/src/crypto/asn1/i2d_r_pr.c | 19 +- src/lib/libssl/src/crypto/asn1/i2d_r_pu.c | 20 +- src/lib/libssl/src/crypto/asn1/i2d_s_pr.c | 19 +- src/lib/libssl/src/crypto/asn1/i2d_s_pu.c | 22 +- src/lib/libssl/src/crypto/asn1/n_pkey.c | 66 +- src/lib/libssl/src/crypto/asn1/nsseq.c | 118 + src/lib/libssl/src/crypto/asn1/p5_pbe.c | 156 + src/lib/libssl/src/crypto/asn1/p5_pbev2.c | 274 + src/lib/libssl/src/crypto/asn1/p7_dgst.c | 25 +- src/lib/libssl/src/crypto/asn1/p7_enc.c | 25 +- src/lib/libssl/src/crypto/asn1/p7_enc_c.c | 28 +- src/lib/libssl/src/crypto/asn1/p7_evp.c | 38 +- src/lib/libssl/src/crypto/asn1/p7_i_s.c | 25 +- src/lib/libssl/src/crypto/asn1/p7_lib.c | 42 +- src/lib/libssl/src/crypto/asn1/p7_recip.c | 29 +- src/lib/libssl/src/crypto/asn1/p7_s_e.c | 81 +- src/lib/libssl/src/crypto/asn1/p7_signd.c | 69 +- src/lib/libssl/src/crypto/asn1/p7_signi.c | 51 +- src/lib/libssl/src/crypto/asn1/p8_pkey.c | 129 + src/lib/libssl/src/crypto/asn1/pkcs8.c | 23 +- src/lib/libssl/src/crypto/asn1/t_crl.c | 166 + src/lib/libssl/src/crypto/asn1/t_pkey.c | 71 +- src/lib/libssl/src/crypto/asn1/t_req.c | 36 +- src/lib/libssl/src/crypto/asn1/t_x509.c | 150 +- src/lib/libssl/src/crypto/asn1/x_algor.c | 28 +- src/lib/libssl/src/crypto/asn1/x_attrib.c | 59 +- src/lib/libssl/src/crypto/asn1/x_cinf.c | 56 +- src/lib/libssl/src/crypto/asn1/x_crl.c | 175 +- src/lib/libssl/src/crypto/asn1/x_exten.c | 28 +- src/lib/libssl/src/crypto/asn1/x_info.c | 14 +- src/lib/libssl/src/crypto/asn1/x_name.c | 96 +- src/lib/libssl/src/crypto/asn1/x_pkey.c | 27 +- src/lib/libssl/src/crypto/asn1/x_pubkey.c | 44 +- src/lib/libssl/src/crypto/asn1/x_req.c | 61 +- src/lib/libssl/src/crypto/asn1/x_sig.c | 23 +- src/lib/libssl/src/crypto/asn1/x_spki.c | 43 +- src/lib/libssl/src/crypto/asn1/x_val.c | 43 +- src/lib/libssl/src/crypto/asn1/x_x509.c | 33 +- src/lib/libssl/src/crypto/bf/Makefile.ssl | 45 +- src/lib/libssl/src/crypto/bf/Makefile.uni | 20 +- src/lib/libssl/src/crypto/bf/asm/bf-586.pl | 4 +- src/lib/libssl/src/crypto/bf/asm/bf-686.pl | 1 - src/lib/libssl/src/crypto/bf/asm/bx86unix.cpp | 976 --- src/lib/libssl/src/crypto/bf/bf_cbc.c | 11 +- src/lib/libssl/src/crypto/bf/bf_cfb64.c | 12 +- src/lib/libssl/src/crypto/bf/bf_ecb.c | 14 +- src/lib/libssl/src/crypto/bf/bf_enc.c | 93 +- src/lib/libssl/src/crypto/bf/bf_locl.h | 219 + src/lib/libssl/src/crypto/bf/bf_locl.org | 242 - src/lib/libssl/src/crypto/bf/bf_ofb64.c | 11 +- src/lib/libssl/src/crypto/bf/bf_opts.c | 61 +- src/lib/libssl/src/crypto/bf/bf_skey.c | 7 +- src/lib/libssl/src/crypto/bf/bfs.cpp | 2 +- src/lib/libssl/src/crypto/bf/bfspeed.c | 59 +- src/lib/libssl/src/crypto/bf/bftest.c | 46 +- src/lib/libssl/src/crypto/bf/blowfish.h | 45 +- src/lib/libssl/src/crypto/bio/Makefile.ssl | 170 +- src/lib/libssl/src/crypto/bio/b_dump.c | 13 +- src/lib/libssl/src/crypto/bio/b_print.c | 19 +- src/lib/libssl/src/crypto/bio/b_sock.c | 319 +- src/lib/libssl/src/crypto/bio/bf_buff.c | 49 +- src/lib/libssl/src/crypto/bio/bf_nbio.c | 50 +- src/lib/libssl/src/crypto/bio/bf_null.c | 48 +- src/lib/libssl/src/crypto/bio/bio.err | 46 - src/lib/libssl/src/crypto/bio/bio.h | 343 +- src/lib/libssl/src/crypto/bio/bio_cb.c | 13 +- src/lib/libssl/src/crypto/bio/bio_err.c | 131 +- src/lib/libssl/src/crypto/bio/bio_lib.c | 147 +- src/lib/libssl/src/crypto/bio/bss_acpt.c | 132 +- src/lib/libssl/src/crypto/bio/bss_bio.c | 588 ++ src/lib/libssl/src/crypto/bio/bss_conn.c | 146 +- src/lib/libssl/src/crypto/bio/bss_file.c | 60 +- src/lib/libssl/src/crypto/bio/bss_log.c | 232 + src/lib/libssl/src/crypto/bio/bss_mem.c | 59 +- src/lib/libssl/src/crypto/bio/bss_null.c | 46 +- src/lib/libssl/src/crypto/bio/bss_rtcp.c | 56 +- src/lib/libssl/src/crypto/bio/bss_sock.c | 118 +- src/lib/libssl/src/crypto/bn/Makefile.ssl | 215 +- src/lib/libssl/src/crypto/bn/asm/alpha.s | 1860 +++++- src/lib/libssl/src/crypto/bn/asm/alpha.s.works | 533 ++ src/lib/libssl/src/crypto/bn/asm/bn-586.pl | 84 +- src/lib/libssl/src/crypto/bn/asm/bn-alpha.pl | 571 ++ src/lib/libssl/src/crypto/bn/asm/bn-win32.asm | 1441 ++++- src/lib/libssl/src/crypto/bn/asm/bn86unix.cpp | 752 --- src/lib/libssl/src/crypto/bn/asm/ca.pl | 33 + src/lib/libssl/src/crypto/bn/asm/co-586.pl | 286 + src/lib/libssl/src/crypto/bn/asm/co-alpha.pl | 116 + src/lib/libssl/src/crypto/bn/asm/mips1.s | 539 ++ src/lib/libssl/src/crypto/bn/asm/mips3.s | 2138 +++++++ src/lib/libssl/src/crypto/bn/asm/sparc.s | 462 -- src/lib/libssl/src/crypto/bn/asm/sparcv8.S | 1458 +++++ src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S | 1535 +++++ src/lib/libssl/src/crypto/bn/asm/vms.mar | 6695 ++++++++++++++++++++ src/lib/libssl/src/crypto/bn/asm/x86.pl | 28 + src/lib/libssl/src/crypto/bn/asm/x86w16.asm | 6 +- src/lib/libssl/src/crypto/bn/asm/x86w32.asm | 34 +- src/lib/libssl/src/crypto/bn/bn.err | 27 - src/lib/libssl/src/crypto/bn/bn.h | 467 ++ src/lib/libssl/src/crypto/bn/bn.mul | 19 + src/lib/libssl/src/crypto/bn/bn.org | 502 -- src/lib/libssl/src/crypto/bn/bn_add.c | 194 +- src/lib/libssl/src/crypto/bn/bn_asm.c | 802 +++ src/lib/libssl/src/crypto/bn/bn_blind.c | 43 +- src/lib/libssl/src/crypto/bn/bn_comba.c | 345 + src/lib/libssl/src/crypto/bn/bn_div.c | 180 +- src/lib/libssl/src/crypto/bn/bn_err.c | 123 +- src/lib/libssl/src/crypto/bn/bn_exp.c | 210 +- src/lib/libssl/src/crypto/bn/bn_exp2.c | 195 + src/lib/libssl/src/crypto/bn/bn_gcd.c | 53 +- src/lib/libssl/src/crypto/bn/bn_lcl.h | 107 +- src/lib/libssl/src/crypto/bn/bn_lib.c | 492 +- src/lib/libssl/src/crypto/bn/bn_m.c | 169 - src/lib/libssl/src/crypto/bn/bn_mod.c | 97 - src/lib/libssl/src/crypto/bn/bn_mont.c | 441 +- src/lib/libssl/src/crypto/bn/bn_mpi.c | 11 +- src/lib/libssl/src/crypto/bn/bn_mul.c | 753 ++- src/lib/libssl/src/crypto/bn/bn_mulw.c | 366 -- src/lib/libssl/src/crypto/bn/bn_opts.c | 324 + src/lib/libssl/src/crypto/bn/bn_prime.c | 126 +- src/lib/libssl/src/crypto/bn/bn_prime.pl | 2 +- src/lib/libssl/src/crypto/bn/bn_print.c | 30 +- src/lib/libssl/src/crypto/bn/bn_rand.c | 10 +- src/lib/libssl/src/crypto/bn/bn_recp.c | 178 +- src/lib/libssl/src/crypto/bn/bn_shift.c | 18 +- src/lib/libssl/src/crypto/bn/bn_sqr.c | 205 +- src/lib/libssl/src/crypto/bn/bn_sub.c | 180 - src/lib/libssl/src/crypto/bn/bn_word.c | 30 +- src/lib/libssl/src/crypto/bn/bnspeed.c | 67 +- src/lib/libssl/src/crypto/bn/bntest.c | 621 +- src/lib/libssl/src/crypto/bn/comba.pl | 285 + src/lib/libssl/src/crypto/bn/d.c | 72 + src/lib/libssl/src/crypto/bn/exp.c | 60 + src/lib/libssl/src/crypto/bn/expspeed.c | 55 +- src/lib/libssl/src/crypto/bn/exptest.c | 60 +- src/lib/libssl/src/crypto/bn/new | 23 + src/lib/libssl/src/crypto/bn/test.c | 241 + src/lib/libssl/src/crypto/bn/todo | 3 + src/lib/libssl/src/crypto/bn/vms-helper.c | 66 + src/lib/libssl/src/crypto/buffer/Makefile.ssl | 44 +- src/lib/libssl/src/crypto/buffer/buf_err.c | 123 +- src/lib/libssl/src/crypto/buffer/buffer.c | 25 +- src/lib/libssl/src/crypto/buffer/buffer.err | 9 - src/lib/libssl/src/crypto/buffer/buffer.h | 21 +- src/lib/libssl/src/crypto/cast/Makefile.ssl | 51 +- src/lib/libssl/src/crypto/cast/Makefile.uni | 3 +- src/lib/libssl/src/crypto/cast/asm/c-win32.asm | 117 +- src/lib/libssl/src/crypto/cast/asm/cast-586.pl | 267 +- src/lib/libssl/src/crypto/cast/asm/cx86unix.cpp | 1010 --- src/lib/libssl/src/crypto/cast/c_cfb64.c | 25 +- src/lib/libssl/src/crypto/cast/c_ecb.c | 14 +- src/lib/libssl/src/crypto/cast/c_enc.c | 43 +- src/lib/libssl/src/crypto/cast/c_ofb64.c | 16 +- src/lib/libssl/src/crypto/cast/c_skey.c | 11 +- src/lib/libssl/src/crypto/cast/cast.h | 36 +- src/lib/libssl/src/crypto/cast/cast_lcl.h | 20 +- src/lib/libssl/src/crypto/cast/cast_s.h | 16 +- src/lib/libssl/src/crypto/cast/cast_spd.c | 59 +- src/lib/libssl/src/crypto/cast/castopts.c | 61 +- src/lib/libssl/src/crypto/cast/casts.cpp | 2 +- src/lib/libssl/src/crypto/cast/casttest.c | 183 +- src/lib/libssl/src/crypto/conf/Makefile.ssl | 49 +- src/lib/libssl/src/crypto/conf/cnf_save.c | 7 +- src/lib/libssl/src/crypto/conf/conf.c | 211 +- src/lib/libssl/src/crypto/conf/conf.err | 12 - src/lib/libssl/src/crypto/conf/conf.h | 32 +- src/lib/libssl/src/crypto/conf/conf_err.c | 120 +- src/lib/libssl/src/crypto/conf/conf_lcl.h | 14 + src/lib/libssl/src/crypto/conf/keysets.pl | 2 +- src/lib/libssl/src/crypto/conf/test.c | 5 +- src/lib/libssl/src/crypto/cpt_err.c | 122 +- src/lib/libssl/src/crypto/cryptall.h | 110 - src/lib/libssl/src/crypto/cryptlib.c | 85 +- src/lib/libssl/src/crypto/cryptlib.h | 34 +- src/lib/libssl/src/crypto/crypto-lib.com | 1218 ++++ src/lib/libssl/src/crypto/crypto.c | 575 -- src/lib/libssl/src/crypto/crypto.err | 8 - src/lib/libssl/src/crypto/crypto.h | 188 +- src/lib/libssl/src/crypto/cversion.c | 39 +- src/lib/libssl/src/crypto/date.h | 1 - src/lib/libssl/src/crypto/des/Makefile.ssl | 126 +- src/lib/libssl/src/crypto/des/Makefile.uni | 20 +- src/lib/libssl/src/crypto/des/VERSION | 1 + src/lib/libssl/src/crypto/des/asm/crypt586.pl | 4 +- src/lib/libssl/src/crypto/des/asm/des-586.pl | 4 +- src/lib/libssl/src/crypto/des/asm/des686.pl | 2 +- src/lib/libssl/src/crypto/des/asm/desboth.pl | 8 +- src/lib/libssl/src/crypto/des/asm/dx86unix.cpp | 3202 ---------- src/lib/libssl/src/crypto/des/asm/yx86unix.cpp | 976 --- src/lib/libssl/src/crypto/des/cbc3_enc.c | 12 +- src/lib/libssl/src/crypto/des/cbc_cksm.c | 16 +- src/lib/libssl/src/crypto/des/cbc_enc.c | 78 +- src/lib/libssl/src/crypto/des/cfb64ede.c | 36 +- src/lib/libssl/src/crypto/des/cfb64enc.c | 27 +- src/lib/libssl/src/crypto/des/cfb_enc.c | 14 +- src/lib/libssl/src/crypto/des/des-lib.com | 1003 +++ src/lib/libssl/src/crypto/des/des.c | 121 +- src/lib/libssl/src/crypto/des/des.h | 249 + src/lib/libssl/src/crypto/des/des.org | 301 - src/lib/libssl/src/crypto/des/des.pl | 2 +- src/lib/libssl/src/crypto/des/des3s.cpp | 2 +- src/lib/libssl/src/crypto/des/des_enc.c | 140 +- src/lib/libssl/src/crypto/des/des_locl.h | 408 ++ src/lib/libssl/src/crypto/des/des_locl.org | 516 -- src/lib/libssl/src/crypto/des/des_opts.c | 62 +- src/lib/libssl/src/crypto/des/des_ver.h | 5 +- src/lib/libssl/src/crypto/des/dess.cpp | 2 +- src/lib/libssl/src/crypto/des/destest.c | 295 +- src/lib/libssl/src/crypto/des/ecb3_enc.c | 15 +- src/lib/libssl/src/crypto/des/ecb_enc.c | 24 +- src/lib/libssl/src/crypto/des/ede_cbcm_enc.c | 197 + src/lib/libssl/src/crypto/des/ede_enc.c | 190 - src/lib/libssl/src/crypto/des/enc_read.c | 84 +- src/lib/libssl/src/crypto/des/enc_writ.c | 62 +- src/lib/libssl/src/crypto/des/fcrypt_b.c | 9 +- src/lib/libssl/src/crypto/des/ncbc_enc.c | 41 +- src/lib/libssl/src/crypto/des/ofb64ede.c | 27 +- src/lib/libssl/src/crypto/des/ofb64enc.c | 22 +- src/lib/libssl/src/crypto/des/ofb_enc.c | 13 +- src/lib/libssl/src/crypto/des/pcbc_enc.c | 18 +- src/lib/libssl/src/crypto/des/qud_cksm.c | 16 +- src/lib/libssl/src/crypto/des/rand_key.c | 22 +- src/lib/libssl/src/crypto/des/ranlib.sh | 23 - src/lib/libssl/src/crypto/des/read2pwd.c | 12 +- src/lib/libssl/src/crypto/des/read_pwd.c | 145 +- src/lib/libssl/src/crypto/des/rpc_enc.c | 23 +- src/lib/libssl/src/crypto/des/rpw.c | 10 +- src/lib/libssl/src/crypto/des/set_key.c | 36 +- src/lib/libssl/src/crypto/des/shifts.pl | 2 +- src/lib/libssl/src/crypto/des/speed.c | 77 +- src/lib/libssl/src/crypto/des/spr.h | 2 +- src/lib/libssl/src/crypto/des/str2key.c | 34 +- src/lib/libssl/src/crypto/des/supp.c | 8 +- src/lib/libssl/src/crypto/des/testdes.pl | 2 +- src/lib/libssl/src/crypto/des/vms.com | 90 - src/lib/libssl/src/crypto/des/xcbc_enc.c | 56 +- src/lib/libssl/src/crypto/dh/Makefile.ssl | 66 +- src/lib/libssl/src/crypto/dh/dh.err | 12 - src/lib/libssl/src/crypto/dh/dh.h | 44 +- src/lib/libssl/src/crypto/dh/dh_check.c | 8 +- src/lib/libssl/src/crypto/dh/dh_err.c | 118 +- src/lib/libssl/src/crypto/dh/dh_gen.c | 18 +- src/lib/libssl/src/crypto/dh/dh_key.c | 52 +- src/lib/libssl/src/crypto/dh/dh_lib.c | 19 +- src/lib/libssl/src/crypto/dh/dhtest.c | 36 +- src/lib/libssl/src/crypto/dh/p1024.c | 8 +- src/lib/libssl/src/crypto/dh/p192.c | 8 +- src/lib/libssl/src/crypto/dh/p512.c | 8 +- src/lib/libssl/src/crypto/dsa/Makefile.ssl | 91 +- src/lib/libssl/src/crypto/dsa/dsa.err | 15 - src/lib/libssl/src/crypto/dsa/dsa.h | 80 +- src/lib/libssl/src/crypto/dsa/dsa_asn1.c | 96 + src/lib/libssl/src/crypto/dsa/dsa_err.c | 123 +- src/lib/libssl/src/crypto/dsa/dsa_gen.c | 109 +- src/lib/libssl/src/crypto/dsa/dsa_key.c | 14 +- src/lib/libssl/src/crypto/dsa/dsa_lib.c | 59 +- src/lib/libssl/src/crypto/dsa/dsa_sign.c | 152 +- src/lib/libssl/src/crypto/dsa/dsa_vrf.c | 140 +- src/lib/libssl/src/crypto/dsa/dsagen.c | 5 +- src/lib/libssl/src/crypto/dsa/dsatest.c | 52 +- src/lib/libssl/src/crypto/ebcdic.h | 17 + src/lib/libssl/src/crypto/err/Makefile.ssl | 60 +- src/lib/libssl/src/crypto/err/err.c | 185 +- src/lib/libssl/src/crypto/err/err.h | 82 +- src/lib/libssl/src/crypto/err/err_all.c | 34 +- src/lib/libssl/src/crypto/err/err_code.pl | 105 - src/lib/libssl/src/crypto/err/err_genc.pl | 198 - src/lib/libssl/src/crypto/err/err_prn.c | 20 +- src/lib/libssl/src/crypto/err/error.err | 13 - src/lib/libssl/src/crypto/err/openssl.ec | 71 + src/lib/libssl/src/crypto/err/ssleay.ec | 57 - src/lib/libssl/src/crypto/evp/Makefile.ssl | 1034 ++- src/lib/libssl/src/crypto/evp/bio_b64.c | 39 +- src/lib/libssl/src/crypto/evp/bio_enc.c | 58 +- src/lib/libssl/src/crypto/evp/bio_md.c | 48 +- src/lib/libssl/src/crypto/evp/bio_ok.c | 552 ++ src/lib/libssl/src/crypto/evp/c_all.c | 77 +- src/lib/libssl/src/crypto/evp/digest.c | 29 +- src/lib/libssl/src/crypto/evp/e_cbc_3d.c | 64 +- src/lib/libssl/src/crypto/evp/e_cbc_bf.c | 31 +- src/lib/libssl/src/crypto/evp/e_cbc_c.c | 28 +- src/lib/libssl/src/crypto/evp/e_cbc_d.c | 40 +- src/lib/libssl/src/crypto/evp/e_cbc_i.c | 28 +- src/lib/libssl/src/crypto/evp/e_cbc_r2.c | 122 +- src/lib/libssl/src/crypto/evp/e_cbc_r5.c | 26 +- src/lib/libssl/src/crypto/evp/e_cfb_3d.c | 69 +- src/lib/libssl/src/crypto/evp/e_cfb_bf.c | 29 +- src/lib/libssl/src/crypto/evp/e_cfb_c.c | 26 +- src/lib/libssl/src/crypto/evp/e_cfb_d.c | 34 +- src/lib/libssl/src/crypto/evp/e_cfb_i.c | 26 +- src/lib/libssl/src/crypto/evp/e_cfb_r2.c | 30 +- src/lib/libssl/src/crypto/evp/e_cfb_r5.c | 26 +- src/lib/libssl/src/crypto/evp/e_dsa.c | 6 +- src/lib/libssl/src/crypto/evp/e_ecb_3d.c | 67 +- src/lib/libssl/src/crypto/evp/e_ecb_bf.c | 29 +- src/lib/libssl/src/crypto/evp/e_ecb_c.c | 26 +- src/lib/libssl/src/crypto/evp/e_ecb_d.c | 48 +- src/lib/libssl/src/crypto/evp/e_ecb_i.c | 26 +- src/lib/libssl/src/crypto/evp/e_ecb_r2.c | 30 +- src/lib/libssl/src/crypto/evp/e_ecb_r5.c | 26 +- src/lib/libssl/src/crypto/evp/e_null.c | 26 +- src/lib/libssl/src/crypto/evp/e_ofb_3d.c | 65 +- src/lib/libssl/src/crypto/evp/e_ofb_bf.c | 29 +- src/lib/libssl/src/crypto/evp/e_ofb_c.c | 26 +- src/lib/libssl/src/crypto/evp/e_ofb_d.c | 41 +- src/lib/libssl/src/crypto/evp/e_ofb_i.c | 26 +- src/lib/libssl/src/crypto/evp/e_ofb_r2.c | 30 +- src/lib/libssl/src/crypto/evp/e_ofb_r5.c | 26 +- src/lib/libssl/src/crypto/evp/e_rc4.c | 28 +- src/lib/libssl/src/crypto/evp/e_xcbc_d.c | 42 +- src/lib/libssl/src/crypto/evp/encode.c | 57 +- src/lib/libssl/src/crypto/evp/evp.err | 24 - src/lib/libssl/src/crypto/evp/evp.h | 347 +- src/lib/libssl/src/crypto/evp/evp_enc.c | 71 +- src/lib/libssl/src/crypto/evp/evp_err.c | 144 +- src/lib/libssl/src/crypto/evp/evp_key.c | 31 +- src/lib/libssl/src/crypto/evp/evp_lib.c | 51 +- src/lib/libssl/src/crypto/evp/evp_pbe.c | 134 + src/lib/libssl/src/crypto/evp/evp_pkey.c | 298 + src/lib/libssl/src/crypto/evp/m_dss.c | 11 +- src/lib/libssl/src/crypto/evp/m_dss1.c | 10 +- src/lib/libssl/src/crypto/evp/m_md2.c | 11 +- src/lib/libssl/src/crypto/evp/m_md5.c | 10 +- src/lib/libssl/src/crypto/evp/m_mdc2.c | 10 +- src/lib/libssl/src/crypto/evp/m_null.c | 10 +- src/lib/libssl/src/crypto/evp/m_ripemd.c | 11 +- src/lib/libssl/src/crypto/evp/m_sha.c | 11 +- src/lib/libssl/src/crypto/evp/m_sha1.c | 10 +- src/lib/libssl/src/crypto/evp/names.c | 239 +- src/lib/libssl/src/crypto/evp/p5_crpt.c | 146 + src/lib/libssl/src/crypto/evp/p5_crpt2.c | 247 + src/lib/libssl/src/crypto/evp/p_dec.c | 23 +- src/lib/libssl/src/crypto/evp/p_enc.c | 23 +- src/lib/libssl/src/crypto/evp/p_lib.c | 53 +- src/lib/libssl/src/crypto/evp/p_open.c | 22 +- src/lib/libssl/src/crypto/evp/p_seal.c | 27 +- src/lib/libssl/src/crypto/evp/p_sign.c | 25 +- src/lib/libssl/src/crypto/evp/p_verify.c | 15 +- src/lib/libssl/src/crypto/evp/pk_lib.c | 82 - src/lib/libssl/src/crypto/ex_data.c | 57 +- src/lib/libssl/src/crypto/hmac/Makefile.ssl | 44 +- src/lib/libssl/src/crypto/hmac/hmac.c | 33 +- src/lib/libssl/src/crypto/hmac/hmac.h | 28 +- src/lib/libssl/src/crypto/hmac/hmactest.c | 34 +- src/lib/libssl/src/crypto/idea/Makefile.ssl | 40 +- src/lib/libssl/src/crypto/idea/idea.h | 99 + src/lib/libssl/src/crypto/install.com | 128 + src/lib/libssl/src/crypto/lhash/Makefile.ssl | 38 +- src/lib/libssl/src/crypto/lhash/lh_stats.c | 38 +- src/lib/libssl/src/crypto/lhash/lh_test.c | 2 +- src/lib/libssl/src/crypto/lhash/lhash.c | 97 +- src/lib/libssl/src/crypto/lhash/lhash.h | 33 +- src/lib/libssl/src/crypto/lhash/num.pl | 2 +- src/lib/libssl/src/crypto/libvms.com | 31 - src/lib/libssl/src/crypto/md2/Makefile.ssl | 40 +- src/lib/libssl/src/crypto/md2/md2.c | 20 +- src/lib/libssl/src/crypto/md2/md2.h | 91 + src/lib/libssl/src/crypto/md2/md2.org | 106 - src/lib/libssl/src/crypto/md2/md2_dgst.c | 28 +- src/lib/libssl/src/crypto/md2/md2_one.c | 23 +- src/lib/libssl/src/crypto/md2/md2test.c | 27 +- src/lib/libssl/src/crypto/md32_common.h | 594 ++ src/lib/libssl/src/crypto/md5/Makefile.ssl | 58 +- src/lib/libssl/src/crypto/md5/Makefile.uni | 3 +- src/lib/libssl/src/crypto/md5/asm/m5-win32.asm | 55 +- src/lib/libssl/src/crypto/md5/asm/md5-586.pl | 40 +- src/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S | 1029 +++ src/lib/libssl/src/crypto/md5/asm/mx86unix.cpp | 730 --- src/lib/libssl/src/crypto/md5/md5.c | 18 +- src/lib/libssl/src/crypto/md5/md5.h | 51 +- src/lib/libssl/src/crypto/md5/md5_dgst.c | 395 +- src/lib/libssl/src/crypto/md5/md5_locl.h | 160 +- src/lib/libssl/src/crypto/md5/md5_one.c | 28 +- src/lib/libssl/src/crypto/md5/md5s.cpp | 2 +- src/lib/libssl/src/crypto/md5/md5test.c | 23 +- src/lib/libssl/src/crypto/mdc2/Makefile.ssl | 39 +- src/lib/libssl/src/crypto/mdc2/mdc2.h | 16 +- src/lib/libssl/src/crypto/mem.c | 228 +- src/lib/libssl/src/crypto/objects/Makefile.ssl | 66 +- src/lib/libssl/src/crypto/objects/o_names.c | 243 + src/lib/libssl/src/crypto/objects/obj_dat.c | 269 +- src/lib/libssl/src/crypto/objects/obj_dat.h | 656 -- src/lib/libssl/src/crypto/objects/obj_dat.pl | 4 +- src/lib/libssl/src/crypto/objects/obj_err.c | 118 +- src/lib/libssl/src/crypto/objects/obj_lib.c | 32 +- src/lib/libssl/src/crypto/objects/objects.err | 12 - src/lib/libssl/src/crypto/objects/objects.h | 316 +- src/lib/libssl/src/crypto/opensslconf.h.in | 142 + src/lib/libssl/src/crypto/opensslv.h | 21 + src/lib/libssl/src/crypto/pem/Makefile.ssl | 162 +- src/lib/libssl/src/crypto/pem/ctx_size.c | 122 - src/lib/libssl/src/crypto/pem/pem.err | 38 - src/lib/libssl/src/crypto/pem/pem.h | 551 +- src/lib/libssl/src/crypto/pem/pem.org | 562 -- src/lib/libssl/src/crypto/pem/pem2.h | 60 + src/lib/libssl/src/crypto/pem/pem_all.c | 429 +- src/lib/libssl/src/crypto/pem/pem_err.c | 121 +- src/lib/libssl/src/crypto/pem/pem_info.c | 60 +- src/lib/libssl/src/crypto/pem/pem_lib.c | 273 +- src/lib/libssl/src/crypto/pem/pem_seal.c | 41 +- src/lib/libssl/src/crypto/pem/pem_sign.c | 27 +- src/lib/libssl/src/crypto/perlasm/alpha.pl | 434 ++ src/lib/libssl/src/crypto/perlasm/cbc.pl | 2 +- src/lib/libssl/src/crypto/perlasm/x86asm.pl | 11 +- src/lib/libssl/src/crypto/perlasm/x86ms.pl | 12 +- src/lib/libssl/src/crypto/perlasm/x86nasm.pl | 342 + src/lib/libssl/src/crypto/perlasm/x86unix.pl | 42 +- src/lib/libssl/src/crypto/pkcs7/Makefile.ssl | 97 +- src/lib/libssl/src/crypto/pkcs7/bio_ber.c | 450 ++ src/lib/libssl/src/crypto/pkcs7/dec.c | 246 + src/lib/libssl/src/crypto/pkcs7/des.pem | 15 + src/lib/libssl/src/crypto/pkcs7/enc.c | 79 +- src/lib/libssl/src/crypto/pkcs7/es1.pem | 66 + src/lib/libssl/src/crypto/pkcs7/example.c | 327 + src/lib/libssl/src/crypto/pkcs7/example.h | 57 + src/lib/libssl/src/crypto/pkcs7/info.pem | 57 + src/lib/libssl/src/crypto/pkcs7/infokey.pem | 9 + src/lib/libssl/src/crypto/pkcs7/mf.p7 | 18 - src/lib/libssl/src/crypto/pkcs7/p7.tst | 33 - src/lib/libssl/src/crypto/pkcs7/pk7_dgst.c | 10 +- src/lib/libssl/src/crypto/pkcs7/pk7_doit.c | 718 ++- src/lib/libssl/src/crypto/pkcs7/pk7_enc.c | 10 +- src/lib/libssl/src/crypto/pkcs7/pk7_lib.c | 156 +- src/lib/libssl/src/crypto/pkcs7/pkcs7.err | 26 - src/lib/libssl/src/crypto/pkcs7/pkcs7.h | 196 +- src/lib/libssl/src/crypto/pkcs7/pkcs7err.c | 129 +- src/lib/libssl/src/crypto/pkcs7/sign.c | 21 +- src/lib/libssl/src/crypto/pkcs7/verify.c | 55 +- src/lib/libssl/src/crypto/rand/Makefile.ssl | 41 +- src/lib/libssl/src/crypto/rand/md_rand.c | 102 +- src/lib/libssl/src/crypto/rand/rand.h | 31 +- src/lib/libssl/src/crypto/rand/rand_lib.c | 98 + src/lib/libssl/src/crypto/rand/randfile.c | 39 +- src/lib/libssl/src/crypto/rand/randtest.c | 20 +- src/lib/libssl/src/crypto/ranlib.sh | 23 - src/lib/libssl/src/crypto/rc2/Makefile.ssl | 40 +- src/lib/libssl/src/crypto/rc2/Makefile.uni | 3 +- src/lib/libssl/src/crypto/rc2/rc2.h | 99 + src/lib/libssl/src/crypto/rc2/rc2.org | 118 - src/lib/libssl/src/crypto/rc2/rc2_cbc.c | 19 +- src/lib/libssl/src/crypto/rc2/rc2_ecb.c | 12 +- src/lib/libssl/src/crypto/rc2/rc2_skey.c | 8 +- src/lib/libssl/src/crypto/rc2/rc2cfb64.c | 12 +- src/lib/libssl/src/crypto/rc2/rc2ofb64.c | 11 +- src/lib/libssl/src/crypto/rc2/rc2speed.c | 59 +- src/lib/libssl/src/crypto/rc2/rc2test.c | 27 +- src/lib/libssl/src/crypto/rc2/tab.c | 86 + src/lib/libssl/src/crypto/rc4/Makefile.ssl | 41 +- src/lib/libssl/src/crypto/rc4/Makefile.uni | 3 +- src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl | 2 +- src/lib/libssl/src/crypto/rc4/asm/rx86unix.cpp | 358 -- src/lib/libssl/src/crypto/rc4/rc4.c | 6 +- src/lib/libssl/src/crypto/rc4/rc4.h | 88 + src/lib/libssl/src/crypto/rc4/rc4.org | 103 - src/lib/libssl/src/crypto/rc4/rc4_enc.c | 10 +- src/lib/libssl/src/crypto/rc4/rc4_locl.h | 4 + src/lib/libssl/src/crypto/rc4/rc4_locl.org | 70 - src/lib/libssl/src/crypto/rc4/rc4_skey.c | 12 +- src/lib/libssl/src/crypto/rc4/rc4s.cpp | 2 +- src/lib/libssl/src/crypto/rc4/rc4speed.c | 59 +- src/lib/libssl/src/crypto/rc4/rc4test.c | 16 +- src/lib/libssl/src/crypto/rc5/Makefile.ssl | 41 +- src/lib/libssl/src/crypto/rc5/Makefile.uni | 3 +- src/lib/libssl/src/crypto/rc5/asm/r586unix.cpp | 628 -- src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl | 2 +- src/lib/libssl/src/crypto/rc5/rc5.h | 17 +- src/lib/libssl/src/crypto/ripemd/Makefile.ssl | 39 +- src/lib/libssl/src/crypto/ripemd/Makefile.uni | 2 +- src/lib/libssl/src/crypto/ripemd/asm/rips.cpp | 2 +- src/lib/libssl/src/crypto/ripemd/asm/rm86unix.cpp | 2016 ------ src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl | 4 +- src/lib/libssl/src/crypto/ripemd/ripemd.h | 13 +- src/lib/libssl/src/crypto/ripemd/rmd160.c | 18 +- src/lib/libssl/src/crypto/ripemd/rmd_dgst.c | 38 +- src/lib/libssl/src/crypto/ripemd/rmd_locl.h | 6 +- src/lib/libssl/src/crypto/ripemd/rmd_one.c | 6 +- src/lib/libssl/src/crypto/ripemd/rmdtest.c | 31 +- src/lib/libssl/src/crypto/rsa/Makefile.ssl | 134 +- src/lib/libssl/src/crypto/rsa/rsa.err | 45 - src/lib/libssl/src/crypto/rsa/rsa.h | 203 +- src/lib/libssl/src/crypto/rsa/rsa_chk.c | 184 + src/lib/libssl/src/crypto/rsa/rsa_eay.c | 164 +- src/lib/libssl/src/crypto/rsa/rsa_err.c | 133 +- src/lib/libssl/src/crypto/rsa/rsa_gen.c | 14 +- src/lib/libssl/src/crypto/rsa/rsa_lib.c | 167 +- src/lib/libssl/src/crypto/rsa/rsa_none.c | 47 +- src/lib/libssl/src/crypto/rsa/rsa_oaep.c | 162 + src/lib/libssl/src/crypto/rsa/rsa_oaep_test.c | 309 + src/lib/libssl/src/crypto/rsa/rsa_pk1.c | 53 +- src/lib/libssl/src/crypto/rsa/rsa_saos.c | 27 +- src/lib/libssl/src/crypto/rsa/rsa_sign.c | 28 +- src/lib/libssl/src/crypto/rsa/rsa_ssl.c | 22 +- src/lib/libssl/src/crypto/sha/Makefile.ssl | 42 +- src/lib/libssl/src/crypto/sha/Makefile.uni | 2 +- src/lib/libssl/src/crypto/sha/asm/sha1-586.pl | 4 +- src/lib/libssl/src/crypto/sha/asm/sx86unix.cpp | 1948 ------ src/lib/libssl/src/crypto/sha/sha.c | 19 +- src/lib/libssl/src/crypto/sha/sha.h | 58 +- src/lib/libssl/src/crypto/sha/sha1.c | 18 +- src/lib/libssl/src/crypto/sha/sha1_one.c | 9 +- src/lib/libssl/src/crypto/sha/sha1dgst.c | 244 +- src/lib/libssl/src/crypto/sha/sha1s.cpp | 2 +- src/lib/libssl/src/crypto/sha/sha1test.c | 35 +- src/lib/libssl/src/crypto/sha/sha_dgst.c | 250 +- src/lib/libssl/src/crypto/sha/sha_locl.h | 78 +- src/lib/libssl/src/crypto/sha/sha_one.c | 9 +- src/lib/libssl/src/crypto/sha/sha_sgst.c | 246 - src/lib/libssl/src/crypto/sha/shatest.c | 35 +- src/lib/libssl/src/crypto/stack/Makefile.ssl | 37 +- src/lib/libssl/src/crypto/stack/safestack.h | 129 + src/lib/libssl/src/crypto/stack/stack.c | 108 +- src/lib/libssl/src/crypto/stack/stack.h | 33 +- src/lib/libssl/src/crypto/threads/mttest.c | 119 +- src/lib/libssl/src/crypto/threads/th-lock.c | 79 +- src/lib/libssl/src/crypto/tmdiff.c | 106 +- src/lib/libssl/src/crypto/tmdiff.h | 81 + src/lib/libssl/src/crypto/txt_db/Makefile.ssl | 36 +- src/lib/libssl/src/crypto/txt_db/txt_db.c | 39 +- src/lib/libssl/src/crypto/txt_db/txt_db.h | 16 +- src/lib/libssl/src/crypto/x509/Makefile.ssl | 374 +- src/lib/libssl/src/crypto/x509/attrib | 38 - src/lib/libssl/src/crypto/x509/by_dir.c | 57 +- src/lib/libssl/src/crypto/x509/by_file.c | 41 +- src/lib/libssl/src/crypto/x509/v3_net.c | 87 - src/lib/libssl/src/crypto/x509/v3_x509.c | 253 - src/lib/libssl/src/crypto/x509/x509.doc | 27 - src/lib/libssl/src/crypto/x509/x509.err | 46 - src/lib/libssl/src/crypto/x509/x509.h | 627 +- src/lib/libssl/src/crypto/x509/x509_cmp.c | 138 +- src/lib/libssl/src/crypto/x509/x509_d2.c | 13 +- src/lib/libssl/src/crypto/x509/x509_def.c | 16 +- src/lib/libssl/src/crypto/x509/x509_err.c | 136 +- src/lib/libssl/src/crypto/x509/x509_ext.c | 106 +- src/lib/libssl/src/crypto/x509/x509_lu.c | 139 +- src/lib/libssl/src/crypto/x509/x509_obj.c | 72 +- src/lib/libssl/src/crypto/x509/x509_r2x.c | 34 +- src/lib/libssl/src/crypto/x509/x509_req.c | 27 +- src/lib/libssl/src/crypto/x509/x509_set.c | 36 +- src/lib/libssl/src/crypto/x509/x509_txt.c | 18 +- src/lib/libssl/src/crypto/x509/x509_v3.c | 225 +- src/lib/libssl/src/crypto/x509/x509_vfy.c | 221 +- src/lib/libssl/src/crypto/x509/x509_vfy.h | 168 +- src/lib/libssl/src/crypto/x509/x509name.c | 137 +- src/lib/libssl/src/crypto/x509/x509pack.c | 157 - src/lib/libssl/src/crypto/x509/x509rset.c | 20 +- src/lib/libssl/src/crypto/x509/x509type.c | 13 +- src/lib/libssl/src/crypto/x509/x509v3.doc | 24 - src/lib/libssl/src/crypto/x509/x_all.c | 272 +- src/lib/libssl/src/crypto/x509v3/Makefile.ssl | 432 ++ src/lib/libssl/src/crypto/x509v3/README | 4 + src/lib/libssl/src/crypto/x509v3/format | 92 - src/lib/libssl/src/crypto/x509v3/header | 6 - src/lib/libssl/src/crypto/x509v3/v3_akey.c | 249 + src/lib/libssl/src/crypto/x509v3/v3_alt.c | 402 ++ src/lib/libssl/src/crypto/x509v3/v3_bcons.c | 164 + src/lib/libssl/src/crypto/x509v3/v3_bitst.c | 147 + src/lib/libssl/src/crypto/x509v3/v3_conf.c | 366 ++ src/lib/libssl/src/crypto/x509v3/v3_cpols.c | 655 ++ src/lib/libssl/src/crypto/x509v3/v3_crld.c | 283 + src/lib/libssl/src/crypto/x509v3/v3_enum.c | 103 + src/lib/libssl/src/crypto/x509v3/v3_extku.c | 150 + src/lib/libssl/src/crypto/x509v3/v3_genn.c | 237 + src/lib/libssl/src/crypto/x509v3/v3_ia5.c | 116 + src/lib/libssl/src/crypto/x509v3/v3_int.c | 79 + src/lib/libssl/src/crypto/x509v3/v3_ku.c | 318 - src/lib/libssl/src/crypto/x509v3/v3_lib.c | 177 + src/lib/libssl/src/crypto/x509v3/v3_pku.c | 151 + src/lib/libssl/src/crypto/x509v3/v3_prn.c | 135 + src/lib/libssl/src/crypto/x509v3/v3_skey.c | 156 + src/lib/libssl/src/crypto/x509v3/v3_sxnet.c | 340 + src/lib/libssl/src/crypto/x509v3/v3_utl.c | 418 ++ src/lib/libssl/src/crypto/x509v3/v3conf.c | 128 + src/lib/libssl/src/crypto/x509v3/v3err.c | 171 + src/lib/libssl/src/crypto/x509v3/v3prin.c | 101 + src/lib/libssl/src/crypto/x509v3/x509v3.h | 607 +- src/lib/libssl/src/demos/README | 6 + src/lib/libssl/src/demos/b64.c | 14 +- src/lib/libssl/src/demos/b64.pl | 2 +- src/lib/libssl/src/demos/bio/Makefile | 16 + src/lib/libssl/src/demos/bio/saccept.c | 4 +- src/lib/libssl/src/demos/bio/sconnect.c | 7 +- src/lib/libssl/src/demos/maurice/Makefile | 42 +- src/lib/libssl/src/demos/maurice/example1.c | 14 +- src/lib/libssl/src/demos/maurice/example2.c | 18 +- src/lib/libssl/src/demos/maurice/example3.c | 9 +- src/lib/libssl/src/demos/maurice/example4.c | 7 +- src/lib/libssl/src/demos/maurice/loadkeys.c | 14 +- src/lib/libssl/src/demos/maurice/loadkeys.h | 2 +- src/lib/libssl/src/demos/prime/Makefile | 20 + src/lib/libssl/src/demos/prime/prime.c | 7 +- src/lib/libssl/src/demos/selfsign.c | 58 +- src/lib/libssl/src/demos/sign/Makefile | 15 + src/lib/libssl/src/demos/sign/sign.c | 82 +- src/lib/libssl/src/demos/spkigen.c | 12 +- src/lib/libssl/src/demos/ssl/cli.cpp | 29 +- src/lib/libssl/src/demos/ssl/inetdsrv.cpp | 10 +- src/lib/libssl/src/demos/ssl/serv.cpp | 66 +- src/lib/libssl/src/dep/files | 8 - src/lib/libssl/src/dep/gen.pl | 2 +- src/lib/libssl/src/doc/API.doc | 24 - src/lib/libssl/src/doc/README | 10 + src/lib/libssl/src/doc/a_verify.doc | 85 - src/lib/libssl/src/doc/apps.doc | 53 - src/lib/libssl/src/doc/asn1.doc | 401 -- src/lib/libssl/src/doc/bio.doc | 423 -- src/lib/libssl/src/doc/blowfish.doc | 146 - src/lib/libssl/src/doc/bn.doc | 381 -- src/lib/libssl/src/doc/c-indentation.el | 36 + src/lib/libssl/src/doc/ca.1 | 121 - src/lib/libssl/src/doc/callback.doc | 240 - src/lib/libssl/src/doc/cipher.doc | 345 - src/lib/libssl/src/doc/cipher.m | 128 - src/lib/libssl/src/doc/conf.doc | 89 - src/lib/libssl/src/doc/crypto.pod | 27 + src/lib/libssl/src/doc/des.doc | 505 -- src/lib/libssl/src/doc/digest.doc | 94 - src/lib/libssl/src/doc/encode.doc | 15 - src/lib/libssl/src/doc/envelope.doc | 67 - src/lib/libssl/src/doc/error.doc | 115 - src/lib/libssl/src/doc/legal.doc | 117 - src/lib/libssl/src/doc/lhash.doc | 151 - src/lib/libssl/src/doc/md2.doc | 49 - src/lib/libssl/src/doc/md5.doc | 50 - src/lib/libssl/src/doc/memory.doc | 27 - src/lib/libssl/src/doc/ms3-ca.doc | 398 -- src/lib/libssl/src/doc/ns-ca.doc | 154 - src/lib/libssl/src/doc/obj.doc | 69 - src/lib/libssl/src/doc/openssl.pod | 304 + src/lib/libssl/src/doc/openssl.txt | 1174 ++++ src/lib/libssl/src/doc/openssl_button.gif | Bin 0 -> 2063 bytes src/lib/libssl/src/doc/openssl_button.html | 7 + src/lib/libssl/src/doc/rand.doc | 141 - src/lib/libssl/src/doc/rc2.doc | 165 - src/lib/libssl/src/doc/rc4.doc | 44 - src/lib/libssl/src/doc/readme | 6 - src/lib/libssl/src/doc/ref.doc | 48 - src/lib/libssl/src/doc/req.1 | 137 - src/lib/libssl/src/doc/rsa.doc | 135 - src/lib/libssl/src/doc/rsaref.doc | 35 - src/lib/libssl/src/doc/s_mult.doc | 17 - src/lib/libssl/src/doc/session.doc | 297 - src/lib/libssl/src/doc/sha.doc | 52 - src/lib/libssl/src/doc/speed.doc | 96 - src/lib/libssl/src/doc/ssl-ciph.doc | 84 - src/lib/libssl/src/doc/ssl.doc | 172 - src/lib/libssl/src/doc/ssl.pod | 633 ++ src/lib/libssl/src/doc/ssl_ctx.doc | 68 - src/lib/libssl/src/doc/ssleay.doc | 213 - src/lib/libssl/src/doc/ssleay.txt | 7014 +++++++++++++++++++++ src/lib/libssl/src/doc/ssluse.doc | 45 - src/lib/libssl/src/doc/stack.doc | 96 - src/lib/libssl/src/doc/threads.doc | 90 - src/lib/libssl/src/doc/txt_db.doc | 4 - src/lib/libssl/src/doc/verify | 22 - src/lib/libssl/src/doc/why.doc | 79 - src/lib/libssl/src/e_os.h | 142 +- src/lib/libssl/src/e_os2.h | 38 + src/lib/libssl/src/install.com | 88 + src/lib/libssl/src/makefile.one | 1781 ------ src/lib/libssl/src/makevms.com | 969 ++- src/lib/libssl/src/ms/.rnd | Bin 1019 -> 1024 bytes src/lib/libssl/src/ms/32all.bat | 2 +- src/lib/libssl/src/ms/bcb4.bat | 6 + src/lib/libssl/src/ms/certCA.srl | 2 +- src/lib/libssl/src/ms/certCA.ss | 12 +- src/lib/libssl/src/ms/certU.ss | 14 +- src/lib/libssl/src/ms/cmp.pl | 2 +- src/lib/libssl/src/ms/do_masm.bat | 68 + src/lib/libssl/src/ms/do_ms.bat | 23 +- src/lib/libssl/src/ms/do_nasm.bat | 69 + src/lib/libssl/src/ms/do_nt.bat | 7 + src/lib/libssl/src/ms/keyCA.ss | 14 +- src/lib/libssl/src/ms/keyU.ss | 14 +- src/lib/libssl/src/ms/libeay16.def | 987 --- src/lib/libssl/src/ms/libeay32.def | 1035 --- src/lib/libssl/src/ms/mw.bat | 31 + src/lib/libssl/src/ms/ntdll.mak | 1853 ------ src/lib/libssl/src/ms/req2CA.ss | 28 +- src/lib/libssl/src/ms/reqCA.ss | 10 +- src/lib/libssl/src/ms/reqU.ss | 8 +- src/lib/libssl/src/ms/ssleay16.def | 171 - src/lib/libssl/src/ms/ssleay32.def | 164 - src/lib/libssl/src/ms/tenc.bat | 28 +- src/lib/libssl/src/ms/test.bat | 323 +- src/lib/libssl/src/ms/testenc.bat | 187 +- src/lib/libssl/src/ms/testpem.bat | 68 +- src/lib/libssl/src/ms/testss.bat | 196 +- src/lib/libssl/src/ms/tpem.bat | 12 +- src/lib/libssl/src/ms/w31dll.mak | 2295 ------- src/lib/libssl/src/ms/x86asm.bat | 57 + src/lib/libssl/src/mt/mttest.c | 35 +- src/lib/libssl/src/openssl.doxy | 7 + src/lib/libssl/src/perl/MANIFEST | 28 +- src/lib/libssl/src/perl/Makefile.PL | 66 +- src/lib/libssl/src/perl/OpenSSL.pm | 90 + src/lib/libssl/src/perl/OpenSSL.xs | 82 + src/lib/libssl/src/perl/README.1ST | 4 + src/lib/libssl/src/perl/SSLeay.pm | 78 - src/lib/libssl/src/perl/SSLeay.xs | 63 - src/lib/libssl/src/perl/b.pl | 21 - src/lib/libssl/src/perl/bio.pl | 28 - src/lib/libssl/src/perl/bio.txt | 36 - src/lib/libssl/src/perl/bio.xs | 448 -- src/lib/libssl/src/perl/bn.pl | 23 - src/lib/libssl/src/perl/bn.txt | 38 - src/lib/libssl/src/perl/bn.xs | 589 -- src/lib/libssl/src/perl/callback.c | 103 - src/lib/libssl/src/perl/cipher.pl | 39 - src/lib/libssl/src/perl/cipher.txt | 10 - src/lib/libssl/src/perl/cipher.xs | 152 - src/lib/libssl/src/perl/dh.pl | 40 - src/lib/libssl/src/perl/digest.txt | 7 - src/lib/libssl/src/perl/digest.xs | 83 - src/lib/libssl/src/perl/err.txt | 2 - src/lib/libssl/src/perl/err.xs | 46 - src/lib/libssl/src/perl/f.pl | 25 - src/lib/libssl/src/perl/g.pl | 18 - src/lib/libssl/src/perl/gen_rsa.pl | 49 - src/lib/libssl/src/perl/mul.pl | 56 - src/lib/libssl/src/perl/openssl.h | 96 + src/lib/libssl/src/perl/openssl_bio.xs | 450 ++ src/lib/libssl/src/perl/openssl_bn.xs | 593 ++ src/lib/libssl/src/perl/openssl_cipher.xs | 154 + src/lib/libssl/src/perl/openssl_digest.xs | 84 + src/lib/libssl/src/perl/openssl_err.xs | 47 + src/lib/libssl/src/perl/openssl_ssl.xs | 483 ++ src/lib/libssl/src/perl/openssl_x509.xs | 75 + src/lib/libssl/src/perl/p5SSLeay.h | 96 - src/lib/libssl/src/perl/r.pl | 56 - src/lib/libssl/src/perl/s.pl | 72 - src/lib/libssl/src/perl/s2.pl | 49 - src/lib/libssl/src/perl/server.pem | 369 -- src/lib/libssl/src/perl/ss.pl | 64 - src/lib/libssl/src/perl/ssl.pl | 71 - src/lib/libssl/src/perl/ssl.txt | 43 - src/lib/libssl/src/perl/ssl.xs | 474 -- src/lib/libssl/src/perl/ssl_srvr.pl | 35 - src/lib/libssl/src/perl/sslbio.pl | 40 - src/lib/libssl/src/perl/t.pl | 12 - src/lib/libssl/src/perl/test | 32 - src/lib/libssl/src/perl/test.pl | 30 - src/lib/libssl/src/perl/test.txt | 36 - src/lib/libssl/src/perl/test2.pl | 28 - src/lib/libssl/src/perl/test3.pl | 19 - src/lib/libssl/src/perl/test8.pl | 19 - src/lib/libssl/src/perl/test9.pl | 38 - src/lib/libssl/src/perl/testbn.pl | 23 - src/lib/libssl/src/perl/testdec.pl | 14 - src/lib/libssl/src/perl/testmd.pl | 26 - src/lib/libssl/src/perl/tt.pl | 15 - src/lib/libssl/src/perl/typemap | 52 +- src/lib/libssl/src/perl/x509.txt | 6 - src/lib/libssl/src/perl/x509.xs | 74 - src/lib/libssl/src/perl/xstmp.c | 102 - src/lib/libssl/src/perl/y.pl | 7 - src/lib/libssl/src/perl/yy.pl | 19 - src/lib/libssl/src/perl/z.pl | 32 - src/lib/libssl/src/perl/zz.pl | 22 - src/lib/libssl/src/shlib/linux.sh | 76 - src/lib/libssl/src/shlib/solaris-sc4.sh | 42 + src/lib/libssl/src/ssl/Makefile.ssl | 772 ++- src/lib/libssl/src/ssl/bio_ssl.c | 62 +- src/lib/libssl/src/ssl/install.com | 102 + src/lib/libssl/src/ssl/readme | 277 - src/lib/libssl/src/ssl/s23_clnt.c | 55 +- src/lib/libssl/src/ssl/s23_lib.c | 52 +- src/lib/libssl/src/ssl/s23_meth.c | 10 +- src/lib/libssl/src/ssl/s23_pkt.c | 13 +- src/lib/libssl/src/ssl/s23_srvr.c | 72 +- src/lib/libssl/src/ssl/s2_clnt.c | 174 +- src/lib/libssl/src/ssl/s2_enc.c | 19 +- src/lib/libssl/src/ssl/s2_lib.c | 102 +- src/lib/libssl/src/ssl/s2_meth.c | 13 +- src/lib/libssl/src/ssl/s2_pkt.c | 101 +- src/lib/libssl/src/ssl/s2_srvr.c | 162 +- src/lib/libssl/src/ssl/s3_both.c | 85 +- src/lib/libssl/src/ssl/s3_clnt.c | 363 +- src/lib/libssl/src/ssl/s3_enc.c | 176 +- src/lib/libssl/src/ssl/s3_lib.c | 382 +- src/lib/libssl/src/ssl/s3_meth.c | 10 +- src/lib/libssl/src/ssl/s3_pkt.c | 160 +- src/lib/libssl/src/ssl/s3_srvr.c | 336 +- src/lib/libssl/src/ssl/ssl-lib.com | 1200 ++++ src/lib/libssl/src/ssl/ssl.c | 172 - src/lib/libssl/src/ssl/ssl.err | 290 - src/lib/libssl/src/ssl/ssl.h | 1161 ++-- src/lib/libssl/src/ssl/ssl2.h | 6 +- src/lib/libssl/src/ssl/ssl3.h | 32 +- src/lib/libssl/src/ssl/ssl_algs.c | 23 +- src/lib/libssl/src/ssl/ssl_asn1.c | 44 +- src/lib/libssl/src/ssl/ssl_cert.c | 537 +- src/lib/libssl/src/ssl/ssl_ciph.c | 193 +- src/lib/libssl/src/ssl/ssl_err.c | 158 +- src/lib/libssl/src/ssl/ssl_err2.c | 6 +- src/lib/libssl/src/ssl/ssl_lib.c | 1016 +-- src/lib/libssl/src/ssl/ssl_locl.h | 299 +- src/lib/libssl/src/ssl/ssl_rsa.c | 332 +- src/lib/libssl/src/ssl/ssl_sess.c | 257 +- src/lib/libssl/src/ssl/ssl_stat.c | 42 +- src/lib/libssl/src/ssl/ssl_task.c | 20 +- src/lib/libssl/src/ssl/ssl_txt.c | 61 +- src/lib/libssl/src/ssl/ssltest.c | 510 +- src/lib/libssl/src/ssl/t1_clnt.c | 16 +- src/lib/libssl/src/ssl/t1_enc.c | 188 +- src/lib/libssl/src/ssl/t1_lib.c | 24 +- src/lib/libssl/src/ssl/t1_meth.c | 10 +- src/lib/libssl/src/ssl/t1_srvr.c | 18 +- src/lib/libssl/src/ssl/tls1.h | 40 +- src/lib/libssl/src/test/.rnd | Bin 1024 -> 0 bytes src/lib/libssl/src/test/Makefile.ssl | 128 +- src/lib/libssl/src/test/VMSca-response.1 | 1 + src/lib/libssl/src/test/VMSca-response.2 | 2 + src/lib/libssl/src/test/certCA.srl | 1 - src/lib/libssl/src/test/maketests.com | 1053 ++++ src/lib/libssl/src/test/methtest.c | 6 +- src/lib/libssl/src/test/p | 294 - src/lib/libssl/src/test/riptest | Bin 13325 -> 0 bytes src/lib/libssl/src/test/tcrl | 2 +- src/lib/libssl/src/test/tcrl.com | 78 + src/lib/libssl/src/test/test.txt | 31 - src/lib/libssl/src/test/testca | 2 +- src/lib/libssl/src/test/testca.com | 76 + src/lib/libssl/src/test/testenc | 12 +- src/lib/libssl/src/test/testenc.com | 50 + src/lib/libssl/src/test/testgen | 4 +- src/lib/libssl/src/test/testgen.com | 35 + src/lib/libssl/src/test/testkey.pem | 2 - src/lib/libssl/src/test/testp7.pem | 20 +- src/lib/libssl/src/test/testreq.pem | 9 - src/lib/libssl/src/test/tests.com | 203 + src/lib/libssl/src/test/testsid.pem | 4 +- src/lib/libssl/src/test/testss | 11 +- src/lib/libssl/src/test/testss.com | 105 + src/lib/libssl/src/test/testssl | 37 +- src/lib/libssl/src/test/testssl.com | 111 + src/lib/libssl/src/test/tpkcs7 | 2 +- src/lib/libssl/src/test/tpkcs7.com | 49 + src/lib/libssl/src/test/tpkcs7d | 4 +- src/lib/libssl/src/test/tpkcs7d.com | 42 + src/lib/libssl/src/test/treq | 2 +- src/lib/libssl/src/test/treq.com | 78 + src/lib/libssl/src/test/trsa | 2 +- src/lib/libssl/src/test/trsa.com | 78 + src/lib/libssl/src/test/tsid | 2 +- src/lib/libssl/src/test/tsid.com | 78 + src/lib/libssl/src/test/tverify.com | 26 + src/lib/libssl/src/test/tx509 | 2 +- src/lib/libssl/src/test/tx509.com | 78 + src/lib/libssl/src/times/x86/bfs.cpp | 2 +- src/lib/libssl/src/times/x86/casts.cpp | 2 +- src/lib/libssl/src/times/x86/des3s.cpp | 2 +- src/lib/libssl/src/times/x86/dess.cpp | 2 +- src/lib/libssl/src/times/x86/md5s.cpp | 2 +- src/lib/libssl/src/times/x86/rc4s.cpp | 2 +- src/lib/libssl/src/times/x86/sha1s.cpp | 2 +- src/lib/libssl/src/tools/Makefile.ssl | 25 +- src/lib/libssl/src/tools/c_hash | 2 +- src/lib/libssl/src/tools/c_info | 2 +- src/lib/libssl/src/tools/c_issuer | 2 +- src/lib/libssl/src/tools/c_name | 2 +- src/lib/libssl/src/tools/c_rehash | 47 - src/lib/libssl/src/tools/c_rehash.in | 61 + src/lib/libssl/src/util/add_cr.pl | 2 +- src/lib/libssl/src/util/ck_errf.pl | 3 +- src/lib/libssl/src/util/clean-depend.pl | 38 + src/lib/libssl/src/util/deleof.pl | 2 +- src/lib/libssl/src/util/do_ms.sh | 8 +- src/lib/libssl/src/util/domd | 11 + src/lib/libssl/src/util/err-ins.pl | 2 +- src/lib/libssl/src/util/files.pl | 2 +- src/lib/libssl/src/util/libeay.num | 789 ++- src/lib/libssl/src/util/mk1mf.pl | 316 +- src/lib/libssl/src/util/mkdef.pl | 444 +- src/lib/libssl/src/util/mkdir-p.pl | 33 + src/lib/libssl/src/util/mkerr.pl | 503 ++ src/lib/libssl/src/util/mkfiles.pl | 110 + src/lib/libssl/src/util/mklink.pl | 55 + src/lib/libssl/src/util/mklink.sh | 35 - src/lib/libssl/src/util/perlpath.pl | 9 +- src/lib/libssl/src/util/pl/BC-16.pl | 14 +- src/lib/libssl/src/util/pl/BC-32.pl | 153 +- src/lib/libssl/src/util/pl/Mingw32.pl | 79 + src/lib/libssl/src/util/pl/Mingw32f.pl | 73 + src/lib/libssl/src/util/pl/VC-16.pl | 14 +- src/lib/libssl/src/util/pl/VC-32.pl | 33 +- src/lib/libssl/src/util/pl/linux.pl | 16 +- src/lib/libssl/src/util/pl/ultrix.pl | 38 + src/lib/libssl/src/util/pl/unix.pl | 23 +- src/lib/libssl/src/util/point.sh | 4 +- src/lib/libssl/src/util/ranlib.sh | 23 - src/lib/libssl/src/util/sep_lib.sh | 3 - src/lib/libssl/src/util/sp-diff.pl | 2 +- src/lib/libssl/src/util/src-dep.pl | 2 +- src/lib/libssl/src/util/ssldir.pl | 52 - src/lib/libssl/src/util/ssleay.num | 61 + src/lib/libssl/src/util/tab_num.pl | 2 +- src/lib/libssl/src/util/up_ver.pl | 79 - src/lib/libssl/src/util/x86asm.sh | 4 +- 1042 files changed, 94474 insertions(+), 65431 deletions(-) create mode 100644 src/lib/libssl/src/CHANGES create mode 100644 src/lib/libssl/src/CHANGES.SSLeay delete mode 100644 src/lib/libssl/src/COPYRIGHT delete mode 100644 src/lib/libssl/src/HISTORY delete mode 100644 src/lib/libssl/src/HISTORY.066 create mode 100644 src/lib/libssl/src/INSTALL.VMS create mode 100644 src/lib/libssl/src/INSTALL.W32 create mode 100644 src/lib/libssl/src/LICENSE delete mode 100644 src/lib/libssl/src/MICROSOFT delete mode 100644 src/lib/libssl/src/MINFO create mode 100644 src/lib/libssl/src/Makefile.org delete mode 100644 src/lib/libssl/src/Makefile.ssl create mode 100644 src/lib/libssl/src/NEWS delete mode 100644 src/lib/libssl/src/PATENTS delete mode 100644 src/lib/libssl/src/PROBLEMS delete mode 100644 src/lib/libssl/src/README.066 delete mode 100644 src/lib/libssl/src/README.080 delete mode 100644 src/lib/libssl/src/README.090 delete mode 100644 src/lib/libssl/src/TODO delete mode 100644 src/lib/libssl/src/VERSION create mode 100644 src/lib/libssl/src/apps/CA.com create mode 100644 src/lib/libssl/src/apps/CA.pl delete mode 100644 src/lib/libssl/src/apps/der_chop create mode 100644 src/lib/libssl/src/apps/der_chop.in delete mode 100644 src/lib/libssl/src/apps/ext.v3 delete mode 100644 src/lib/libssl/src/apps/g_ssleay.pl create mode 100644 src/lib/libssl/src/apps/install.com create mode 100644 src/lib/libssl/src/apps/makeapps.com delete mode 100644 src/lib/libssl/src/apps/mklinks create mode 100644 src/lib/libssl/src/apps/nseq.c create mode 100644 src/lib/libssl/src/apps/oid.cnf create mode 100644 src/lib/libssl/src/apps/openssl-vms.cnf create mode 100644 src/lib/libssl/src/apps/openssl.c create mode 100644 src/lib/libssl/src/apps/openssl.cnf create mode 100644 src/lib/libssl/src/apps/pkcs12.c create mode 100644 src/lib/libssl/src/apps/pkcs8.c create mode 100644 src/lib/libssl/src/apps/progs.pl delete mode 100644 src/lib/libssl/src/apps/rmlinks delete mode 100644 src/lib/libssl/src/apps/ssleay.c delete mode 100644 src/lib/libssl/src/apps/ssleay.cnf create mode 100644 src/lib/libssl/src/bugs/ultrixcc.c delete mode 100644 src/lib/libssl/src/certs/vsign4.pem create mode 100644 src/lib/libssl/src/certs/vsignss.pem create mode 100644 src/lib/libssl/src/certs/vsigntca.pem create mode 100644 src/lib/libssl/src/crypto/asn1/a_enum.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_gentm.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_time.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_utf8.c create mode 100644 src/lib/libssl/src/crypto/asn1/a_vis.c delete mode 100644 src/lib/libssl/src/crypto/asn1/asn1.err create mode 100644 src/lib/libssl/src/crypto/asn1/asn_pack.c create mode 100644 src/lib/libssl/src/crypto/asn1/f_enum.c create mode 100644 src/lib/libssl/src/crypto/asn1/nsseq.c create mode 100644 src/lib/libssl/src/crypto/asn1/p5_pbe.c create mode 100644 src/lib/libssl/src/crypto/asn1/p5_pbev2.c create mode 100644 src/lib/libssl/src/crypto/asn1/p8_pkey.c create mode 100644 src/lib/libssl/src/crypto/asn1/t_crl.c delete mode 100644 src/lib/libssl/src/crypto/bf/asm/bx86unix.cpp create mode 100644 src/lib/libssl/src/crypto/bf/bf_locl.h delete mode 100644 src/lib/libssl/src/crypto/bf/bf_locl.org delete mode 100644 src/lib/libssl/src/crypto/bio/bio.err create mode 100644 src/lib/libssl/src/crypto/bio/bss_bio.c create mode 100644 src/lib/libssl/src/crypto/bio/bss_log.c create mode 100644 src/lib/libssl/src/crypto/bn/asm/alpha.s.works create mode 100644 src/lib/libssl/src/crypto/bn/asm/bn-alpha.pl delete mode 100644 src/lib/libssl/src/crypto/bn/asm/bn86unix.cpp create mode 100644 src/lib/libssl/src/crypto/bn/asm/ca.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/co-586.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/co-alpha.pl create mode 100644 src/lib/libssl/src/crypto/bn/asm/mips1.s create mode 100644 src/lib/libssl/src/crypto/bn/asm/mips3.s delete mode 100644 src/lib/libssl/src/crypto/bn/asm/sparc.s create mode 100644 src/lib/libssl/src/crypto/bn/asm/sparcv8.S create mode 100644 src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S create mode 100644 src/lib/libssl/src/crypto/bn/asm/vms.mar create mode 100644 src/lib/libssl/src/crypto/bn/asm/x86.pl delete mode 100644 src/lib/libssl/src/crypto/bn/bn.err create mode 100644 src/lib/libssl/src/crypto/bn/bn.h create mode 100644 src/lib/libssl/src/crypto/bn/bn.mul delete mode 100644 src/lib/libssl/src/crypto/bn/bn.org create mode 100644 src/lib/libssl/src/crypto/bn/bn_asm.c create mode 100644 src/lib/libssl/src/crypto/bn/bn_comba.c create mode 100644 src/lib/libssl/src/crypto/bn/bn_exp2.c delete mode 100644 src/lib/libssl/src/crypto/bn/bn_m.c delete mode 100644 src/lib/libssl/src/crypto/bn/bn_mod.c delete mode 100644 src/lib/libssl/src/crypto/bn/bn_mulw.c create mode 100644 src/lib/libssl/src/crypto/bn/bn_opts.c delete mode 100644 src/lib/libssl/src/crypto/bn/bn_sub.c create mode 100644 src/lib/libssl/src/crypto/bn/comba.pl create mode 100644 src/lib/libssl/src/crypto/bn/d.c create mode 100644 src/lib/libssl/src/crypto/bn/exp.c create mode 100644 src/lib/libssl/src/crypto/bn/new create mode 100644 src/lib/libssl/src/crypto/bn/test.c create mode 100644 src/lib/libssl/src/crypto/bn/todo create mode 100644 src/lib/libssl/src/crypto/bn/vms-helper.c delete mode 100644 src/lib/libssl/src/crypto/buffer/buffer.err delete mode 100644 src/lib/libssl/src/crypto/cast/asm/cx86unix.cpp delete mode 100644 src/lib/libssl/src/crypto/conf/conf.err delete mode 100644 src/lib/libssl/src/crypto/cryptall.h create mode 100644 src/lib/libssl/src/crypto/crypto-lib.com delete mode 100644 src/lib/libssl/src/crypto/crypto.c delete mode 100644 src/lib/libssl/src/crypto/crypto.err delete mode 100644 src/lib/libssl/src/crypto/date.h delete mode 100644 src/lib/libssl/src/crypto/des/asm/dx86unix.cpp delete mode 100644 src/lib/libssl/src/crypto/des/asm/yx86unix.cpp create mode 100644 src/lib/libssl/src/crypto/des/des-lib.com create mode 100644 src/lib/libssl/src/crypto/des/des.h delete mode 100644 src/lib/libssl/src/crypto/des/des.org create mode 100644 src/lib/libssl/src/crypto/des/des_locl.h delete mode 100644 src/lib/libssl/src/crypto/des/des_locl.org create mode 100644 src/lib/libssl/src/crypto/des/ede_cbcm_enc.c delete mode 100644 src/lib/libssl/src/crypto/des/ede_enc.c delete mode 100644 src/lib/libssl/src/crypto/des/ranlib.sh delete mode 100644 src/lib/libssl/src/crypto/des/vms.com delete mode 100644 src/lib/libssl/src/crypto/dh/dh.err delete mode 100644 src/lib/libssl/src/crypto/dsa/dsa.err create mode 100644 src/lib/libssl/src/crypto/dsa/dsa_asn1.c create mode 100644 src/lib/libssl/src/crypto/ebcdic.h delete mode 100644 src/lib/libssl/src/crypto/err/err_code.pl delete mode 100644 src/lib/libssl/src/crypto/err/err_genc.pl delete mode 100644 src/lib/libssl/src/crypto/err/error.err create mode 100644 src/lib/libssl/src/crypto/err/openssl.ec delete mode 100644 src/lib/libssl/src/crypto/err/ssleay.ec create mode 100644 src/lib/libssl/src/crypto/evp/bio_ok.c delete mode 100644 src/lib/libssl/src/crypto/evp/evp.err create mode 100644 src/lib/libssl/src/crypto/evp/evp_pbe.c create mode 100644 src/lib/libssl/src/crypto/evp/evp_pkey.c create mode 100644 src/lib/libssl/src/crypto/evp/p5_crpt.c create mode 100644 src/lib/libssl/src/crypto/evp/p5_crpt2.c delete mode 100644 src/lib/libssl/src/crypto/evp/pk_lib.c create mode 100644 src/lib/libssl/src/crypto/idea/idea.h create mode 100644 src/lib/libssl/src/crypto/install.com delete mode 100644 src/lib/libssl/src/crypto/libvms.com create mode 100644 src/lib/libssl/src/crypto/md2/md2.h delete mode 100644 src/lib/libssl/src/crypto/md2/md2.org create mode 100644 src/lib/libssl/src/crypto/md32_common.h create mode 100644 src/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S delete mode 100644 src/lib/libssl/src/crypto/md5/asm/mx86unix.cpp create mode 100644 src/lib/libssl/src/crypto/objects/o_names.c delete mode 100644 src/lib/libssl/src/crypto/objects/obj_dat.h delete mode 100644 src/lib/libssl/src/crypto/objects/objects.err create mode 100644 src/lib/libssl/src/crypto/opensslconf.h.in create mode 100644 src/lib/libssl/src/crypto/opensslv.h delete mode 100644 src/lib/libssl/src/crypto/pem/ctx_size.c delete mode 100644 src/lib/libssl/src/crypto/pem/pem.err delete mode 100644 src/lib/libssl/src/crypto/pem/pem.org create mode 100644 src/lib/libssl/src/crypto/pem/pem2.h create mode 100644 src/lib/libssl/src/crypto/perlasm/alpha.pl create mode 100644 src/lib/libssl/src/crypto/perlasm/x86nasm.pl create mode 100644 src/lib/libssl/src/crypto/pkcs7/bio_ber.c create mode 100644 src/lib/libssl/src/crypto/pkcs7/dec.c create mode 100644 src/lib/libssl/src/crypto/pkcs7/des.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/es1.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/example.c create mode 100644 src/lib/libssl/src/crypto/pkcs7/example.h create mode 100644 src/lib/libssl/src/crypto/pkcs7/info.pem create mode 100644 src/lib/libssl/src/crypto/pkcs7/infokey.pem delete mode 100644 src/lib/libssl/src/crypto/pkcs7/mf.p7 delete mode 100644 src/lib/libssl/src/crypto/pkcs7/p7.tst delete mode 100644 src/lib/libssl/src/crypto/pkcs7/pkcs7.err create mode 100644 src/lib/libssl/src/crypto/rand/rand_lib.c delete mode 100644 src/lib/libssl/src/crypto/ranlib.sh create mode 100644 src/lib/libssl/src/crypto/rc2/rc2.h delete mode 100644 src/lib/libssl/src/crypto/rc2/rc2.org create mode 100644 src/lib/libssl/src/crypto/rc2/tab.c delete mode 100644 src/lib/libssl/src/crypto/rc4/asm/rx86unix.cpp create mode 100644 src/lib/libssl/src/crypto/rc4/rc4.h delete mode 100644 src/lib/libssl/src/crypto/rc4/rc4.org create mode 100644 src/lib/libssl/src/crypto/rc4/rc4_locl.h delete mode 100644 src/lib/libssl/src/crypto/rc4/rc4_locl.org delete mode 100644 src/lib/libssl/src/crypto/rc5/asm/r586unix.cpp delete mode 100644 src/lib/libssl/src/crypto/ripemd/asm/rm86unix.cpp delete mode 100644 src/lib/libssl/src/crypto/rsa/rsa.err create mode 100644 src/lib/libssl/src/crypto/rsa/rsa_chk.c create mode 100644 src/lib/libssl/src/crypto/rsa/rsa_oaep.c create mode 100644 src/lib/libssl/src/crypto/rsa/rsa_oaep_test.c delete mode 100644 src/lib/libssl/src/crypto/sha/asm/sx86unix.cpp delete mode 100644 src/lib/libssl/src/crypto/sha/sha_sgst.c create mode 100644 src/lib/libssl/src/crypto/stack/safestack.h create mode 100644 src/lib/libssl/src/crypto/tmdiff.h delete mode 100644 src/lib/libssl/src/crypto/x509/attrib delete mode 100644 src/lib/libssl/src/crypto/x509/v3_net.c delete mode 100644 src/lib/libssl/src/crypto/x509/v3_x509.c delete mode 100644 src/lib/libssl/src/crypto/x509/x509.doc delete mode 100644 src/lib/libssl/src/crypto/x509/x509.err delete mode 100644 src/lib/libssl/src/crypto/x509/x509pack.c delete mode 100644 src/lib/libssl/src/crypto/x509/x509v3.doc create mode 100644 src/lib/libssl/src/crypto/x509v3/Makefile.ssl create mode 100644 src/lib/libssl/src/crypto/x509v3/README delete mode 100644 src/lib/libssl/src/crypto/x509v3/format delete mode 100644 src/lib/libssl/src/crypto/x509v3/header create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_akey.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_alt.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_bcons.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_bitst.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_conf.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_cpols.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_crld.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_enum.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_extku.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_genn.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_ia5.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_int.c delete mode 100644 src/lib/libssl/src/crypto/x509v3/v3_ku.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_lib.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_pku.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_prn.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_skey.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_sxnet.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3_utl.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3conf.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3err.c create mode 100644 src/lib/libssl/src/crypto/x509v3/v3prin.c create mode 100644 src/lib/libssl/src/demos/bio/Makefile create mode 100644 src/lib/libssl/src/demos/prime/Makefile create mode 100644 src/lib/libssl/src/demos/sign/Makefile delete mode 100644 src/lib/libssl/src/doc/API.doc create mode 100644 src/lib/libssl/src/doc/README delete mode 100644 src/lib/libssl/src/doc/a_verify.doc delete mode 100644 src/lib/libssl/src/doc/apps.doc delete mode 100644 src/lib/libssl/src/doc/asn1.doc delete mode 100644 src/lib/libssl/src/doc/bio.doc delete mode 100644 src/lib/libssl/src/doc/blowfish.doc delete mode 100644 src/lib/libssl/src/doc/bn.doc create mode 100644 src/lib/libssl/src/doc/c-indentation.el delete mode 100644 src/lib/libssl/src/doc/ca.1 delete mode 100644 src/lib/libssl/src/doc/callback.doc delete mode 100644 src/lib/libssl/src/doc/cipher.doc delete mode 100644 src/lib/libssl/src/doc/cipher.m delete mode 100644 src/lib/libssl/src/doc/conf.doc create mode 100644 src/lib/libssl/src/doc/crypto.pod delete mode 100644 src/lib/libssl/src/doc/des.doc delete mode 100644 src/lib/libssl/src/doc/digest.doc delete mode 100644 src/lib/libssl/src/doc/encode.doc delete mode 100644 src/lib/libssl/src/doc/envelope.doc delete mode 100644 src/lib/libssl/src/doc/error.doc delete mode 100644 src/lib/libssl/src/doc/legal.doc delete mode 100644 src/lib/libssl/src/doc/lhash.doc delete mode 100644 src/lib/libssl/src/doc/md2.doc delete mode 100644 src/lib/libssl/src/doc/md5.doc delete mode 100644 src/lib/libssl/src/doc/memory.doc delete mode 100644 src/lib/libssl/src/doc/ms3-ca.doc delete mode 100644 src/lib/libssl/src/doc/ns-ca.doc delete mode 100644 src/lib/libssl/src/doc/obj.doc create mode 100644 src/lib/libssl/src/doc/openssl.pod create mode 100644 src/lib/libssl/src/doc/openssl.txt create mode 100644 src/lib/libssl/src/doc/openssl_button.gif create mode 100644 src/lib/libssl/src/doc/openssl_button.html delete mode 100644 src/lib/libssl/src/doc/rand.doc delete mode 100644 src/lib/libssl/src/doc/rc2.doc delete mode 100644 src/lib/libssl/src/doc/rc4.doc delete mode 100644 src/lib/libssl/src/doc/readme delete mode 100644 src/lib/libssl/src/doc/ref.doc delete mode 100644 src/lib/libssl/src/doc/req.1 delete mode 100644 src/lib/libssl/src/doc/rsa.doc delete mode 100644 src/lib/libssl/src/doc/rsaref.doc delete mode 100644 src/lib/libssl/src/doc/s_mult.doc delete mode 100644 src/lib/libssl/src/doc/session.doc delete mode 100644 src/lib/libssl/src/doc/sha.doc delete mode 100644 src/lib/libssl/src/doc/speed.doc delete mode 100644 src/lib/libssl/src/doc/ssl-ciph.doc delete mode 100644 src/lib/libssl/src/doc/ssl.doc create mode 100644 src/lib/libssl/src/doc/ssl.pod delete mode 100644 src/lib/libssl/src/doc/ssl_ctx.doc delete mode 100644 src/lib/libssl/src/doc/ssleay.doc create mode 100644 src/lib/libssl/src/doc/ssleay.txt delete mode 100644 src/lib/libssl/src/doc/ssluse.doc delete mode 100644 src/lib/libssl/src/doc/stack.doc delete mode 100644 src/lib/libssl/src/doc/threads.doc delete mode 100644 src/lib/libssl/src/doc/txt_db.doc delete mode 100644 src/lib/libssl/src/doc/verify delete mode 100644 src/lib/libssl/src/doc/why.doc create mode 100644 src/lib/libssl/src/e_os2.h create mode 100644 src/lib/libssl/src/install.com delete mode 100644 src/lib/libssl/src/makefile.one create mode 100644 src/lib/libssl/src/ms/bcb4.bat create mode 100644 src/lib/libssl/src/ms/do_masm.bat create mode 100644 src/lib/libssl/src/ms/do_nasm.bat create mode 100644 src/lib/libssl/src/ms/do_nt.bat delete mode 100644 src/lib/libssl/src/ms/libeay16.def delete mode 100644 src/lib/libssl/src/ms/libeay32.def create mode 100644 src/lib/libssl/src/ms/mw.bat delete mode 100644 src/lib/libssl/src/ms/ntdll.mak delete mode 100644 src/lib/libssl/src/ms/ssleay16.def delete mode 100644 src/lib/libssl/src/ms/ssleay32.def delete mode 100644 src/lib/libssl/src/ms/w31dll.mak create mode 100644 src/lib/libssl/src/ms/x86asm.bat create mode 100644 src/lib/libssl/src/openssl.doxy create mode 100644 src/lib/libssl/src/perl/OpenSSL.pm create mode 100644 src/lib/libssl/src/perl/OpenSSL.xs create mode 100644 src/lib/libssl/src/perl/README.1ST delete mode 100644 src/lib/libssl/src/perl/SSLeay.pm delete mode 100644 src/lib/libssl/src/perl/SSLeay.xs delete mode 100644 src/lib/libssl/src/perl/b.pl delete mode 100644 src/lib/libssl/src/perl/bio.pl delete mode 100644 src/lib/libssl/src/perl/bio.txt delete mode 100644 src/lib/libssl/src/perl/bio.xs delete mode 100644 src/lib/libssl/src/perl/bn.pl delete mode 100644 src/lib/libssl/src/perl/bn.txt delete mode 100644 src/lib/libssl/src/perl/bn.xs delete mode 100644 src/lib/libssl/src/perl/callback.c delete mode 100644 src/lib/libssl/src/perl/cipher.pl delete mode 100644 src/lib/libssl/src/perl/cipher.txt delete mode 100644 src/lib/libssl/src/perl/cipher.xs delete mode 100644 src/lib/libssl/src/perl/dh.pl delete mode 100644 src/lib/libssl/src/perl/digest.txt delete mode 100644 src/lib/libssl/src/perl/digest.xs delete mode 100644 src/lib/libssl/src/perl/err.txt delete mode 100644 src/lib/libssl/src/perl/err.xs delete mode 100644 src/lib/libssl/src/perl/f.pl delete mode 100644 src/lib/libssl/src/perl/g.pl delete mode 100644 src/lib/libssl/src/perl/gen_rsa.pl delete mode 100644 src/lib/libssl/src/perl/mul.pl create mode 100644 src/lib/libssl/src/perl/openssl.h create mode 100644 src/lib/libssl/src/perl/openssl_bio.xs create mode 100644 src/lib/libssl/src/perl/openssl_bn.xs create mode 100644 src/lib/libssl/src/perl/openssl_cipher.xs create mode 100644 src/lib/libssl/src/perl/openssl_digest.xs create mode 100644 src/lib/libssl/src/perl/openssl_err.xs create mode 100644 src/lib/libssl/src/perl/openssl_ssl.xs create mode 100644 src/lib/libssl/src/perl/openssl_x509.xs delete mode 100644 src/lib/libssl/src/perl/p5SSLeay.h delete mode 100644 src/lib/libssl/src/perl/r.pl delete mode 100644 src/lib/libssl/src/perl/s.pl delete mode 100644 src/lib/libssl/src/perl/s2.pl delete mode 100644 src/lib/libssl/src/perl/server.pem delete mode 100644 src/lib/libssl/src/perl/ss.pl delete mode 100644 src/lib/libssl/src/perl/ssl.pl delete mode 100644 src/lib/libssl/src/perl/ssl.txt delete mode 100644 src/lib/libssl/src/perl/ssl.xs delete mode 100644 src/lib/libssl/src/perl/ssl_srvr.pl delete mode 100644 src/lib/libssl/src/perl/sslbio.pl delete mode 100644 src/lib/libssl/src/perl/t.pl delete mode 100644 src/lib/libssl/src/perl/test delete mode 100644 src/lib/libssl/src/perl/test.pl delete mode 100644 src/lib/libssl/src/perl/test.txt delete mode 100644 src/lib/libssl/src/perl/test2.pl delete mode 100644 src/lib/libssl/src/perl/test3.pl delete mode 100644 src/lib/libssl/src/perl/test8.pl delete mode 100644 src/lib/libssl/src/perl/test9.pl delete mode 100644 src/lib/libssl/src/perl/testbn.pl delete mode 100644 src/lib/libssl/src/perl/testdec.pl delete mode 100644 src/lib/libssl/src/perl/testmd.pl delete mode 100644 src/lib/libssl/src/perl/tt.pl delete mode 100644 src/lib/libssl/src/perl/x509.txt delete mode 100644 src/lib/libssl/src/perl/x509.xs delete mode 100644 src/lib/libssl/src/perl/xstmp.c delete mode 100644 src/lib/libssl/src/perl/y.pl delete mode 100644 src/lib/libssl/src/perl/yy.pl delete mode 100644 src/lib/libssl/src/perl/z.pl delete mode 100644 src/lib/libssl/src/perl/zz.pl delete mode 100644 src/lib/libssl/src/shlib/linux.sh create mode 100644 src/lib/libssl/src/shlib/solaris-sc4.sh create mode 100644 src/lib/libssl/src/ssl/install.com delete mode 100644 src/lib/libssl/src/ssl/readme create mode 100644 src/lib/libssl/src/ssl/ssl-lib.com delete mode 100644 src/lib/libssl/src/ssl/ssl.c delete mode 100644 src/lib/libssl/src/ssl/ssl.err delete mode 100644 src/lib/libssl/src/test/.rnd create mode 100644 src/lib/libssl/src/test/VMSca-response.1 create mode 100644 src/lib/libssl/src/test/VMSca-response.2 delete mode 100644 src/lib/libssl/src/test/certCA.srl create mode 100644 src/lib/libssl/src/test/maketests.com delete mode 100644 src/lib/libssl/src/test/p delete mode 100644 src/lib/libssl/src/test/riptest create mode 100644 src/lib/libssl/src/test/tcrl.com delete mode 100644 src/lib/libssl/src/test/test.txt create mode 100644 src/lib/libssl/src/test/testca.com create mode 100644 src/lib/libssl/src/test/testenc.com create mode 100644 src/lib/libssl/src/test/testgen.com delete mode 100644 src/lib/libssl/src/test/testkey.pem delete mode 100644 src/lib/libssl/src/test/testreq.pem create mode 100644 src/lib/libssl/src/test/tests.com create mode 100644 src/lib/libssl/src/test/testss.com create mode 100644 src/lib/libssl/src/test/testssl.com create mode 100644 src/lib/libssl/src/test/tpkcs7.com create mode 100644 src/lib/libssl/src/test/tpkcs7d.com create mode 100644 src/lib/libssl/src/test/treq.com create mode 100644 src/lib/libssl/src/test/trsa.com create mode 100644 src/lib/libssl/src/test/tsid.com create mode 100644 src/lib/libssl/src/test/tverify.com create mode 100644 src/lib/libssl/src/test/tx509.com delete mode 100644 src/lib/libssl/src/tools/c_rehash create mode 100644 src/lib/libssl/src/tools/c_rehash.in create mode 100644 src/lib/libssl/src/util/clean-depend.pl create mode 100644 src/lib/libssl/src/util/domd create mode 100644 src/lib/libssl/src/util/mkdir-p.pl create mode 100644 src/lib/libssl/src/util/mkerr.pl create mode 100644 src/lib/libssl/src/util/mkfiles.pl create mode 100644 src/lib/libssl/src/util/mklink.pl delete mode 100644 src/lib/libssl/src/util/mklink.sh create mode 100644 src/lib/libssl/src/util/pl/Mingw32.pl create mode 100644 src/lib/libssl/src/util/pl/Mingw32f.pl create mode 100644 src/lib/libssl/src/util/pl/ultrix.pl delete mode 100644 src/lib/libssl/src/util/ranlib.sh delete mode 100644 src/lib/libssl/src/util/ssldir.pl delete mode 100644 src/lib/libssl/src/util/up_ver.pl (limited to 'src/lib/libssl/src') diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES new file mode 100644 index 0000000000..d0db7eaf61 --- /dev/null +++ b/src/lib/libssl/src/CHANGES @@ -0,0 +1,1624 @@ + + OpenSSL CHANGES + _______________ + + Changes between 0.9.3a and 0.9.4 [09 Aug 1999] + + *) Install libRSAglue.a when OpenSSL is built with RSAref. + [Ralf S. Engelschall] + + *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. + [Andrija Antonijevic ] + + *) Fix -startdate and -enddate (which was missing) arguments to 'ca' + program. + [Steve Henson] + + *) New function DSA_dup_DH, which duplicates DSA parameters/keys as + DH parameters/keys (q is lost during that conversion, but the resulting + DH parameters contain its length). + + For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is + much faster than DH_generate_parameters (which creates parameters + where p = 2*q + 1), and also the smaller q makes DH computations + much more efficient (160-bit exponentiation instead of 1024-bit + exponentiation); so this provides a convenient way to support DHE + ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of + utter importance to use + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + or + SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + when such DH parameters are used, because otherwise small subgroup + attacks may become possible! + [Bodo Moeller] + + *) Avoid memory leak in i2d_DHparams. + [Bodo Moeller] + + *) Allow the -k option to be used more than once in the enc program: + this allows the same encrypted message to be read by multiple recipients. + [Steve Henson] + + *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts + an ASN1_OBJECT to a text string. If the "no_name" parameter is set then + it will always use the numerical form of the OID, even if it has a short + or long name. + [Steve Henson] + + *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp + method only got called if p,q,dmp1,dmq1,iqmp components were present, + otherwise bn_mod_exp was called. In the case of hardware keys for example + no private key components need be present and it might store extra data + in the RSA structure, which cannot be accessed from bn_mod_exp. By setting + RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key + operations. + [Steve Henson] + + *) Added support for SPARC Linux. + [Andy Polyakov] + + *) pem_password_cb function type incompatibly changed from + typedef int pem_password_cb(char *buf, int size, int rwflag); + to + ....(char *buf, int size, int rwflag, void *userdata); + so that applications can pass data to their callbacks: + The PEM[_ASN1]_{read,write}... functions and macros now take an + additional void * argument, which is just handed through whenever + the password callback is called. + [Damien Miller , with tiny changes by Bodo Moeller] + + New function SSL_CTX_set_default_passwd_cb_userdata. + + Compatibility note: As many C implementations push function arguments + onto the stack in reverse order, the new library version is likely to + interoperate with programs that have been compiled with the old + pem_password_cb definition (PEM_whatever takes some data that + happens to be on the stack as its last argument, and the callback + just ignores this garbage); but there is no guarantee whatsoever that + this will work. + + *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=... + (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused + problems not only on Windows, but also on some Unix platforms. + To avoid problematic command lines, these definitions are now in an + auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl + for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds). + [Bodo Moeller] + + *) MIPS III/IV assembler module is reimplemented. + [Andy Polyakov] + + *) More DES library cleanups: remove references to srand/rand and + delete an unused file. + [Ulf Möller] + + *) Add support for the the free Netwide assembler (NASM) under Win32, + since not many people have MASM (ml) and it can be hard to obtain. + This is currently experimental but it seems to work OK and pass all + the tests. Check out INSTALL.W32 for info. + [Steve Henson] + + *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections + without temporary keys kept an extra copy of the server key, + and connections with temporary keys did not free everything in case + of an error. + [Bodo Moeller] + + *) New function RSA_check_key and new openssl rsa option -check + for verifying the consistency of RSA keys. + [Ulf Moeller, Bodo Moeller] + + *) Various changes to make Win32 compile work: + 1. Casts to avoid "loss of data" warnings in p5_crpt2.c + 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned + comparison" warnings. + 3. Add sk__sort to DEF file generator and do make update. + [Steve Henson] + + *) Add a debugging option to PKCS#5 v2 key generation function: when + you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and + derived keys are printed to stderr. + [Steve Henson] + + *) Copy the flags in ASN1_STRING_dup(). + [Roman E. Pavlov ] + + *) The x509 application mishandled signing requests containing DSA + keys when the signing key was also DSA and the parameters didn't match. + + It was supposed to omit the parameters when they matched the signing key: + the verifying software was then supposed to automatically use the CA's + parameters if they were absent from the end user certificate. + + Omitting parameters is no longer recommended. The test was also + the wrong way round! This was probably due to unusual behaviour in + EVP_cmp_parameters() which returns 1 if the parameters match. + This meant that parameters were omitted when they *didn't* match and + the certificate was useless. Certificates signed with 'ca' didn't have + this bug. + [Steve Henson, reported by Doug Erickson ] + + *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems. + The interface is as follows: + Applications can use + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(), + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop(); + "off" is now the default. + The library internally uses + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(), + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on() + to disable memory-checking temporarily. + + Some inconsistent states that previously were possible (and were + even the default) are now avoided. + + -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time + with each memory chunk allocated; this is occasionally more helpful + than just having a counter. + + -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID. + + -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future + extensions. + [Bodo Moeller] + + *) Introduce "mode" for SSL structures (with defaults in SSL_CTX), + which largely parallels "options", but is for changing API behaviour, + whereas "options" are about protocol behaviour. + Initial "mode" flags are: + + SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when + a single record has been written. + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write + retries use the same buffer location. + (But all of the contents must be + copied!) + [Bodo Moeller] + + *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode + worked. + + *) Fix problems with no-hmac etc. + [Ulf Möller, pointed out by Brian Wellington ] + + *) New functions RSA_get_default_method(), RSA_set_method() and + RSA_get_method(). These allows replacement of RSA_METHODs without having + to mess around with the internals of an RSA structure. + [Steve Henson] + + *) Fix memory leaks in DSA_do_sign and DSA_is_prime. + Also really enable memory leak checks in openssl.c and in some + test programs. + [Chad C. Mulligan, Bodo Moeller] + + *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess + up the length of negative integers. This has now been simplified to just + store the length when it is first determined and use it later, rather + than trying to keep track of where data is copied and updating it to + point to the end. + [Steve Henson, reported by Brien Wheeler + ] + + *) Add a new function PKCS7_signatureVerify. This allows the verification + of a PKCS#7 signature but with the signing certificate passed to the + function itself. This contrasts with PKCS7_dataVerify which assumes the + certificate is present in the PKCS#7 structure. This isn't always the + case: certificates can be omitted from a PKCS#7 structure and be + distributed by "out of band" means (such as a certificate database). + [Steve Henson] + + *) Complete the PEM_* macros with DECLARE_PEM versions to replace the + function prototypes in pem.h, also change util/mkdef.pl to add the + necessary function names. + [Steve Henson] + + *) mk1mf.pl (used by Windows builds) did not properly read the + options set by Configure in the top level Makefile, and Configure + was not even able to write more than one option correctly. + Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended. + [Bodo Moeller] + + *) New functions CONF_load_bio() and CONF_load_fp() to allow a config + file to be loaded from a BIO or FILE pointer. The BIO version will + for example allow memory BIOs to contain config info. + [Steve Henson] + + *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS. + Whoever hopes to achieve shared-library compatibility across versions + must use this, not the compile-time macro. + (Exercise 0.9.4: Which is the minimum library version required by + such programs?) + Note: All this applies only to multi-threaded programs, others don't + need locks. + [Bodo Moeller] + + *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests + through a BIO pair triggered the default case, i.e. + SSLerr(...,SSL_R_UNKNOWN_STATE). + [Bodo Moeller] + + *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications + can use the SSL library even if none of the specific BIOs is + appropriate. + [Bodo Moeller] + + *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value + for the encoded length. + [Jeon KyoungHo ] + + *) Add initial documentation of the X509V3 functions. + [Steve Henson] + + *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and + PEM_write_bio_PKCS8PrivateKey() that are equivalent to + PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more + secure PKCS#8 private key format with a high iteration count. + [Steve Henson] + + *) Fix determination of Perl interpreter: A perl or perl5 + _directory_ in $PATH was also accepted as the interpreter. + [Ralf S. Engelschall] + + *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking + wrong with it but it was very old and did things like calling + PEM_ASN1_read() directly and used MD5 for the hash not to mention some + unusual formatting. + [Steve Henson] + + *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed + to use the new extension code. + [Steve Henson] + + *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c + with macros. This should make it easier to change their form, add extra + arguments etc. Fix a few PEM prototypes which didn't have cipher as a + constant. + [Steve Henson] + + *) Add to configuration table a new entry that can specify an alternative + name for unistd.h (for pre-POSIX systems); we need this for NeXTstep, + according to Mark Crispin . + [Bodo Moeller] + +#if 0 + *) DES CBC did not update the IV. Weird. + [Ben Laurie] +#else + des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does. + Changing the behaviour of the former might break existing programs -- + where IV updating is needed, des_ncbc_encrypt can be used. +#endif + + *) When bntest is run from "make test" it drives bc to check its + calculations, as well as internally checking them. If an internal check + fails, it needs to cause bc to give a non-zero result or make test carries + on without noticing the failure. Fixed. + [Ben Laurie] + + *) DES library cleanups. + [Ulf Möller] + + *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be + used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit + ciphers. NOTE: although the key derivation function has been verified + against some published test vectors it has not been extensively tested + yet. Added a -v2 "cipher" option to pkcs8 application to allow the use + of v2.0. + [Steve Henson] + + *) Instead of "mkdir -p", which is not fully portable, use new + Perl script "util/mkdir-p.pl". + [Bodo Moeller] + + *) Rewrite the way password based encryption (PBE) is handled. It used to + assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter + structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms + but doesn't apply to PKCS#5 v2.0 where it can be something else. Now + the 'parameter' field of the AlgorithmIdentifier is passed to the + underlying key generation function so it must do its own ASN1 parsing. + This has also changed the EVP_PBE_CipherInit() function which now has a + 'parameter' argument instead of literal salt and iteration count values + and the function EVP_PBE_ALGOR_CipherInit() has been deleted. + [Steve Henson] + + *) Support for PKCS#5 v1.5 compatible password based encryption algorithms + and PKCS#8 functionality. New 'pkcs8' application linked to openssl. + Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE + KEY" because this clashed with PKCS#8 unencrypted string. Since this + value was just used as a "magic string" and not used directly its + value doesn't matter. + [Steve Henson] + + *) Introduce some semblance of const correctness to BN. Shame C doesn't + support mutable. + [Ben Laurie] + + *) "linux-sparc64" configuration (ultrapenguin). + [Ray Miller ] + "linux-sparc" configuration. + [Christian Forster ] + + *) config now generates no-xxx options for missing ciphers. + [Ulf Möller] + + *) Support the EBCDIC character set (work in progress). + File ebcdic.c not yet included because it has a different license. + [Martin Kraemer ] + + *) Support BS2000/OSD-POSIX. + [Martin Kraemer ] + + *) Make callbacks for key generation use void * instead of char *. + [Ben Laurie] + + *) Make S/MIME samples compile (not yet tested). + [Ben Laurie] + + *) Additional typesafe stacks. + [Ben Laurie] + + *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x). + [Bodo Moeller] + + + Changes between 0.9.3 and 0.9.3a [29 May 1999] + + *) New configuration variant "sco5-gcc". + + *) Updated some demos. + [Sean O Riordain, Wade Scholine] + + *) Add missing BIO_free at exit of pkcs12 application. + [Wu Zhigang] + + *) Fix memory leak in conf.c. + [Steve Henson] + + *) Updates for Win32 to assembler version of MD5. + [Steve Henson] + + *) Set #! path to perl in apps/der_chop to where we found it + instead of using a fixed path. + [Bodo Moeller] + + *) SHA library changes for irix64-mips4-cc. + [Andy Polyakov] + + *) Improvements for VMS support. + [Richard Levitte] + + + Changes between 0.9.2b and 0.9.3 [24 May 1999] + + *) Bignum library bug fix. IRIX 6 passes "make test" now! + This also avoids the problems with SC4.2 and unpatched SC5. + [Andy Polyakov ] + + *) New functions sk_num, sk_value and sk_set to replace the previous macros. + These are required because of the typesafe stack would otherwise break + existing code. If old code used a structure member which used to be STACK + and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with + sk_num or sk_value it would produce an error because the num, data members + are not present in STACK_OF. Now it just produces a warning. sk_set + replaces the old method of assigning a value to sk_value + (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code + that does this will no longer work (and should use sk_set instead) but + this could be regarded as a "questionable" behaviour anyway. + [Steve Henson] + + *) Fix most of the other PKCS#7 bugs. The "experimental" code can now + correctly handle encrypted S/MIME data. + [Steve Henson] + + *) Change type of various DES function arguments from des_cblock + (which means, in function argument declarations, pointer to char) + to des_cblock * (meaning pointer to array with 8 char elements), + which allows the compiler to do more typechecking; it was like + that back in SSLeay, but with lots of ugly casts. + + Introduce new type const_des_cblock. + [Bodo Moeller] + + *) Reorganise the PKCS#7 library and get rid of some of the more obvious + problems: find RecipientInfo structure that matches recipient certificate + and initialise the ASN1 structures properly based on passed cipher. + [Steve Henson] + + *) Belatedly make the BN tests actually check the results. + [Ben Laurie] + + *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion + to and from BNs: it was completely broken. New compilation option + NEG_PUBKEY_BUG to allow for some broken certificates that encode public + key elements as negative integers. + [Steve Henson] + + *) Reorganize and speed up MD5. + [Andy Polyakov ] + + *) VMS support. + [Richard Levitte ] + + *) New option -out to asn1parse to allow the parsed structure to be + output to a file. This is most useful when combined with the -strparse + option to examine the output of things like OCTET STRINGS. + [Steve Henson] + + *) Make SSL library a little more fool-proof by not requiring any longer + that SSL_set_{accept,connect}_state be called before + SSL_{accept,connect} may be used (SSL_set_..._state is omitted + in many applications because usually everything *appeared* to work as + intended anyway -- now it really works as intended). + [Bodo Moeller] + + *) Move openssl.cnf out of lib/. + [Ulf Möller] + + *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall + -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes + -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ + [Ralf S. Engelschall] + + *) Various fixes to the EVP and PKCS#7 code. It may now be able to + handle PKCS#7 enveloped data properly. + [Sebastian Akerman , modified by Steve] + + *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of + copying pointers. The cert_st handling is changed by this in + various ways (and thus what used to be known as ctx->default_cert + is now called ctx->cert, since we don't resort to s->ctx->[default_]cert + any longer when s->cert does not give us what we need). + ssl_cert_instantiate becomes obsolete by this change. + As soon as we've got the new code right (possibly it already is?), + we have solved a couple of bugs of the earlier code where s->cert + was used as if it could not have been shared with other SSL structures. + + Note that using the SSL API in certain dirty ways now will result + in different behaviour than observed with earlier library versions: + Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx) + does not influence s as it used to. + + In order to clean up things more thoroughly, inside SSL_SESSION + we don't use CERT any longer, but a new structure SESS_CERT + that holds per-session data (if available); currently, this is + the peer's certificate chain and, for clients, the server's certificate + and temporary key. CERT holds only those values that can have + meaningful defaults in an SSL_CTX. + [Bodo Moeller] + + *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure + from the internal representation. Various PKCS#7 fixes: remove some + evil casts and set the enc_dig_alg field properly based on the signing + key type. + [Steve Henson] + + *) Allow PKCS#12 password to be set from the command line or the + environment. Let 'ca' get its config file name from the environment + variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req' + and 'x509'). + [Steve Henson] + + *) Allow certificate policies extension to use an IA5STRING for the + organization field. This is contrary to the PKIX definition but + VeriSign uses it and IE5 only recognises this form. Document 'x509' + extension option. + [Steve Henson] + + *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic, + without disallowing inline assembler and the like for non-pedantic builds. + [Ben Laurie] + + *) Support Borland C++ builder. + [Janez Jere , modified by Ulf Möller] + + *) Support Mingw32. + [Ulf Möller] + + *) SHA-1 cleanups and performance enhancements. + [Andy Polyakov ] + + *) Sparc v8plus assembler for the bignum library. + [Andy Polyakov ] + + *) Accept any -xxx and +xxx compiler options in Configure. + [Ulf Möller] + + *) Update HPUX configuration. + [Anonymous] + + *) Add missing sk__unshift() function to safestack.h + [Ralf S. Engelschall] + + *) New function SSL_CTX_use_certificate_chain_file that sets the + "extra_cert"s in addition to the certificate. (This makes sense + only for "PEM" format files, as chains as a whole are not + DER-encoded.) + [Bodo Moeller] + + *) Support verify_depth from the SSL API. + x509_vfy.c had what can be considered an off-by-one-error: + Its depth (which was not part of the external interface) + was actually counting the number of certificates in a chain; + now it really counts the depth. + [Bodo Moeller] + + *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used + instead of X509err, which often resulted in confusing error + messages since the error codes are not globally unique + (e.g. an alleged error in ssl3_accept when a certificate + didn't match the private key). + + *) New function SSL_CTX_set_session_id_context that allows to set a default + value (so that you don't need SSL_set_session_id_context for each + connection using the SSL_CTX). + [Bodo Moeller] + + *) OAEP decoding bug fix. + [Ulf Möller] + + *) Support INSTALL_PREFIX for package builders, as proposed by + David Harris. + [Bodo Moeller] + + *) New Configure options "threads" and "no-threads". For systems + where the proper compiler options are known (currently Solaris + and Linux), "threads" is the default. + [Bodo Moeller] + + *) New script util/mklink.pl as a faster substitute for util/mklink.sh. + [Bodo Moeller] + + *) Install various scripts to $(OPENSSLDIR)/misc, not to + $(INSTALLTOP)/bin -- they shouldn't clutter directories + such as /usr/local/bin. + [Bodo Moeller] + + *) "make linux-shared" to build shared libraries. + [Niels Poppe ] + + *) New Configure option no- (rsa, idea, rc5, ...). + [Ulf Möller] + + *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for + extension adding in x509 utility. + [Steve Henson] + + *) Remove NOPROTO sections and error code comments. + [Ulf Möller] + + *) Partial rewrite of the DEF file generator to now parse the ANSI + prototypes. + [Steve Henson] + + *) New Configure options --prefix=DIR and --openssldir=DIR. + [Ulf Möller] + + *) Complete rewrite of the error code script(s). It is all now handled + by one script at the top level which handles error code gathering, + header rewriting and C source file generation. It should be much better + than the old method: it now uses a modified version of Ulf's parser to + read the ANSI prototypes in all header files (thus the old K&R definitions + aren't needed for error creation any more) and do a better job of + translating function codes into names. The old 'ASN1 error code imbedded + in a comment' is no longer necessary and it doesn't use .err files which + have now been deleted. Also the error code call doesn't have to appear all + on one line (which resulted in some large lines...). + [Steve Henson] + + *) Change #include filenames from to . + [Bodo Moeller] + + *) Change behaviour of ssl2_read when facing length-0 packets: Don't return + 0 (which usually indicates a closed connection), but continue reading. + [Bodo Moeller] + + *) Fix some race conditions. + [Bodo Moeller] + + *) Add support for CRL distribution points extension. Add Certificate + Policies and CRL distribution points documentation. + [Steve Henson] + + *) Move the autogenerated header file parts to crypto/opensslconf.h. + [Ulf Möller] + + *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of + 8 of keying material. Merlin has also confirmed interop with this fix + between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0. + [Merlin Hughes ] + + *) Fix lots of warnings. + [Richard Levitte ] + + *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if + the directory spec didn't end with a LIST_SEPARATOR_CHAR. + [Richard Levitte ] + + *) Fix problems with sizeof(long) == 8. + [Andy Polyakov ] + + *) Change functions to ANSI C. + [Ulf Möller] + + *) Fix typos in error codes. + [Martin Kraemer , Ulf Möller] + + *) Remove defunct assembler files from Configure. + [Ulf Möller] + + *) SPARC v8 assembler BIGNUM implementation. + [Andy Polyakov ] + + *) Support for Certificate Policies extension: both print and set. + Various additions to support the r2i method this uses. + [Steve Henson] + + *) A lot of constification, and fix a bug in X509_NAME_oneline() that could + return a const string when you are expecting an allocated buffer. + [Ben Laurie] + + *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE + types DirectoryString and DisplayText. + [Steve Henson] + + *) Add code to allow r2i extensions to access the configuration database, + add an LHASH database driver and add several ctx helper functions. + [Steve Henson] + + *) Fix an evil bug in bn_expand2() which caused various BN functions to + fail when they extended the size of a BIGNUM. + [Steve Henson] + + *) Various utility functions to handle SXNet extension. Modify mkdef.pl to + support typesafe stack. + [Steve Henson] + + *) Fix typo in SSL_[gs]et_options(). + [Nils Frostberg ] + + *) Delete various functions and files that belonged to the (now obsolete) + old X509V3 handling code. + [Steve Henson] + + *) New Configure option "rsaref". + [Ulf Möller] + + *) Don't auto-generate pem.h. + [Bodo Moeller] + + *) Introduce type-safe ASN.1 SETs. + [Ben Laurie] + + *) Convert various additional casted stacks to type-safe STACK_OF() variants. + [Ben Laurie, Ralf S. Engelschall, Steve Henson] + + *) Introduce type-safe STACKs. This will almost certainly break lots of code + that links with OpenSSL (well at least cause lots of warnings), but fear + not: the conversion is trivial, and it eliminates loads of evil casts. A + few STACKed things have been converted already. Feel free to convert more. + In the fullness of time, I'll do away with the STACK type altogether. + [Ben Laurie] + + *) Add `openssl ca -revoke ' facility which revokes a certificate + specified in by updating the entry in the index.txt file. + This way one no longer has to edit the index.txt file manually for + revoking a certificate. The -revoke option does the gory details now. + [Massimiliano Pala , Ralf S. Engelschall] + + *) Fix `openssl crl -noout -text' combination where `-noout' killed the + `-text' option at all and this way the `-noout -text' combination was + inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'. + [Ralf S. Engelschall] + + *) Make sure a corresponding plain text error message exists for the + X509_V_ERR_CERT_REVOKED/23 error number which can occur when a + verify callback function determined that a certificate was revoked. + [Ralf S. Engelschall] + + *) Bugfix: In test/testenc, don't test "openssl " for + ciphers that were excluded, e.g. by -DNO_IDEA. Also, test + all available cipers including rc5, which was forgotten until now. + In order to let the testing shell script know which algorithms + are available, a new (up to now undocumented) command + "openssl list-cipher-commands" is used. + [Bodo Moeller] + + *) Bugfix: s_client occasionally would sleep in select() when + it should have checked SSL_pending() first. + [Bodo Moeller] + + *) New functions DSA_do_sign and DSA_do_verify to provide access to + the raw DSA values prior to ASN.1 encoding. + [Ulf Möller] + + *) Tweaks to Configure + [Niels Poppe ] + + *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support, + yet... + [Steve Henson] + + *) New variables $(RANLIB) and $(PERL) in the Makefiles. + [Ulf Möller] + + *) New config option to avoid instructions that are illegal on the 80386. + The default code is faster, but requires at least a 486. + [Ulf Möller] + + *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and + SSL2_SERVER_VERSION (not used at all) macros, which are now the + same as SSL2_VERSION anyway. + [Bodo Moeller] + + *) New "-showcerts" option for s_client. + [Bodo Moeller] + + *) Still more PKCS#12 integration. Add pkcs12 application to openssl + application. Various cleanups and fixes. + [Steve Henson] + + *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and + modify error routines to work internally. Add error codes and PBE init + to library startup routines. + [Steve Henson] + + *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and + packing functions to asn1 and evp. Changed function names and error + codes along the way. + [Steve Henson] + + *) PKCS12 integration: and so it begins... First of several patches to + slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12 + objects to objects.h + [Steve Henson] + + *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1 + and display support for Thawte strong extranet extension. + [Steve Henson] + + *) Add LinuxPPC support. + [Jeff Dubrule ] + + *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to + bn_div_words in alpha.s. + [Hannes Reinecke and Ben Laurie] + + *) Make sure the RSA OAEP test is skipped under -DRSAref because + OAEP isn't supported when OpenSSL is built with RSAref. + [Ulf Moeller ] + + *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h + so they no longer are missing under -DNOPROTO. + [Soren S. Jorvang ] + + + Changes between 0.9.1c and 0.9.2b [22 Mar 1999] + + *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still + doesn't work when the session is reused. Coming soon! + [Ben Laurie] + + *) Fix a security hole, that allows sessions to be reused in the wrong + context thus bypassing client cert protection! All software that uses + client certs and session caches in multiple contexts NEEDS PATCHING to + allow session reuse! A fuller solution is in the works. + [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)] + + *) Some more source tree cleanups (removed obsolete files + crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed + permission on "config" script to be executable) and a fix for the INSTALL + document. + [Ulf Moeller ] + + *) Remove some legacy and erroneous uses of malloc, free instead of + Malloc, Free. + [Lennart Bang , with minor changes by Steve] + + *) Make rsa_oaep_test return non-zero on error. + [Ulf Moeller ] + + *) Add support for native Solaris shared libraries. Configure + solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice + if someone would make that last step automatic. + [Matthias Loepfe ] + + *) ctx_size was not built with the right compiler during "make links". Fixed. + [Ben Laurie] + + *) Change the meaning of 'ALL' in the cipher list. It now means "everything + except NULL ciphers". This means the default cipher list will no longer + enable NULL ciphers. They need to be specifically enabled e.g. with + the string "DEFAULT:eNULL". + [Steve Henson] + + *) Fix to RSA private encryption routines: if p < q then it would + occasionally produce an invalid result. This will only happen with + externally generated keys because OpenSSL (and SSLeay) ensure p > q. + [Steve Henson] + + *) Be less restrictive and allow also `perl util/perlpath.pl + /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', + because this way one can also use an interpreter named `perl5' (which is + usually the name of Perl 5.xxx on platforms where an Perl 4.x is still + installed as `perl'). + [Matthias Loepfe ] + + *) Let util/clean-depend.pl work also with older Perl 5.00x versions. + [Matthias Loepfe ] + + *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add + advapi32.lib to Win32 build and change the pem test comparision + to fc.exe (thanks to Ulrich Kroener for the + suggestion). Fix misplaced ASNI prototypes and declarations in evp.h + and crypto/des/ede_cbcm_enc.c. + [Steve Henson] + + *) DES quad checksum was broken on big-endian architectures. Fixed. + [Ben Laurie] + + *) Comment out two functions in bio.h that aren't implemented. Fix up the + Win32 test batch file so it (might) work again. The Win32 test batch file + is horrible: I feel ill.... + [Steve Henson] + + *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected + in e_os.h. Audit of header files to check ANSI and non ANSI + sections: 10 functions were absent from non ANSI section and not exported + from Windows DLLs. Fixed up libeay.num for new functions. + [Steve Henson] + + *) Make `openssl version' output lines consistent. + [Ralf S. Engelschall] + + *) Fix Win32 symbol export lists for BIO functions: Added + BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data + to ms/libeay{16,32}.def. + [Ralf S. Engelschall] + + *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled + fine under Unix and passes some trivial tests I've now added. But the + whole stuff is horribly incomplete, so a README.1ST with a disclaimer was + added to make sure no one expects that this stuff really works in the + OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources + up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and + openssl_bio.xs. + [Ralf S. Engelschall] + + *) Fix the generation of two part addresses in perl. + [Kenji Miyake , integrated by Ben Laurie] + + *) Add config entry for Linux on MIPS. + [John Tobey ] + + *) Make links whenever Configure is run, unless we are on Windoze. + [Ben Laurie] + + *) Permit extensions to be added to CRLs using crl_section in openssl.cnf. + Currently only issuerAltName and AuthorityKeyIdentifier make any sense + in CRLs. + [Steve Henson] + + *) Add a useful kludge to allow package maintainers to specify compiler and + other platforms details on the command line without having to patch the + Configure script everytime: One now can use ``perl Configure + :
'', i.e. platform ids are allowed to have details appended + to them (seperated by colons). This is treated as there would be a static + pre-configured entry in Configure's %table under key with value +
and ``perl Configure '' is called. So, when you want to + perform a quick test-compile under FreeBSD 3.1 with pgcc and without + assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' + now, which overrides the FreeBSD-elf entry on-the-fly. + [Ralf S. Engelschall] + + *) Disable new TLS1 ciphersuites by default: they aren't official yet. + [Ben Laurie] + + *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified + on the `perl Configure ...' command line. This way one can compile + OpenSSL libraries with Position Independent Code (PIC) which is needed + for linking it into DSOs. + [Ralf S. Engelschall] + + *) Remarkably, export ciphers were totally broken and no-one had noticed! + Fixed. + [Ben Laurie] + + *) Cleaned up the LICENSE document: The official contact for any license + questions now is the OpenSSL core team under openssl-core@openssl.org. + And add a paragraph about the dual-license situation to make sure people + recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply + to the OpenSSL toolkit. + [Ralf S. Engelschall] + + *) General source tree makefile cleanups: Made `making xxx in yyy...' + display consistent in the source tree and replaced `/bin/rm' by `rm'. + Additonally cleaned up the `make links' target: Remove unnecessary + semicolons, subsequent redundant removes, inline point.sh into mklink.sh + to speed processing and no longer clutter the display with confusing + stuff. Instead only the actually done links are displayed. + [Ralf S. Engelschall] + + *) Permit null encryption ciphersuites, used for authentication only. It used + to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this. + It is now necessary to set SSL_FORBID_ENULL to prevent the use of null + encryption. + [Ben Laurie] + + *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder + signed attributes when verifying signatures (this would break them), + the detached data encoding was wrong and public keys obtained using + X509_get_pubkey() weren't freed. + [Steve Henson] + + *) Add text documentation for the BUFFER functions. Also added a work around + to a Win95 console bug. This was triggered by the password read stuff: the + last character typed gets carried over to the next fread(). If you were + generating a new cert request using 'req' for example then the last + character of the passphrase would be CR which would then enter the first + field as blank. + [Steve Henson] + + *) Added the new `Includes OpenSSL Cryptography Software' button as + doc/openssl_button.{gif,html} which is similar in style to the old SSLeay + button and can be used by applications based on OpenSSL to show the + relationship to the OpenSSL project. + [Ralf S. Engelschall] + + *) Remove confusing variables in function signatures in files + ssl/ssl_lib.c and ssl/ssl.h. + [Lennart Bong ] + + *) Don't install bss_file.c under PREFIX/include/ + [Lennart Bong ] + + *) Get the Win32 compile working again. Modify mkdef.pl so it can handle + functions that return function pointers and has support for NT specific + stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various + #ifdef WIN32 and WINNTs sprinkled about the place and some changes from + unsigned to signed types: this was killing the Win32 compile. + [Steve Henson] + + *) Add new certificate file to stack functions, + SSL_add_dir_cert_subjects_to_stack() and + SSL_add_file_cert_subjects_to_stack(). These largely supplant + SSL_load_client_CA_file(), and can be used to add multiple certs easily + to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()). + This means that Apache-SSL and similar packages don't have to mess around + to add as many CAs as they want to the preferred list. + [Ben Laurie] + + *) Experiment with doxygen documentation. Currently only partially applied to + ssl/ssl_lib.c. + See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with + openssl.doxy as the configuration file. + [Ben Laurie] + + *) Get rid of remaining C++-style comments which strict C compilers hate. + [Ralf S. Engelschall, pointed out by Carlos Amengual] + + *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not + compiled in by default: it has problems with large keys. + [Steve Henson] + + *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and + DH private keys and/or callback functions which directly correspond to + their SSL_CTX_xxx() counterparts but work on a per-connection basis. This + is needed for applications which have to configure certificates on a + per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis + (e.g. s_server). + For the RSA certificate situation is makes no difference, but + for the DSA certificate situation this fixes the "no shared cipher" + problem where the OpenSSL cipher selection procedure failed because the + temporary keys were not overtaken from the context and the API provided + no way to reconfigure them. + The new functions now let applications reconfigure the stuff and they + are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, + SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new + non-public-API function ssl_cert_instantiate() is used as a helper + function and also to reduce code redundancy inside ssl_rsa.c. + [Ralf S. Engelschall] + + *) Move s_server -dcert and -dkey options out of the undocumented feature + area because they are useful for the DSA situation and should be + recognized by the users. + [Ralf S. Engelschall] + + *) Fix the cipher decision scheme for export ciphers: the export bits are + *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within + SSL_EXP_MASK. So, the original variable has to be used instead of the + already masked variable. + [Richard Levitte ] + + *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c + [Richard Levitte ] + + *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() + from `int' to `unsigned int' because it's a length and initialized by + EVP_DigestFinal() which expects an `unsigned int *'. + [Richard Levitte ] + + *) Don't hard-code path to Perl interpreter on shebang line of Configure + script. Instead use the usual Shell->Perl transition trick. + [Ralf S. Engelschall] + + *) Make `openssl x509 -noout -modulus' functional also for DSA certificates + (in addition to RSA certificates) to match the behaviour of `openssl dsa + -noout -modulus' as it's already the case for `openssl rsa -noout + -modulus'. For RSA the -modulus is the real "modulus" while for DSA + currently the public key is printed (a decision which was already done by + `openssl dsa -modulus' in the past) which serves a similar purpose. + Additionally the NO_RSA no longer completely removes the whole -modulus + option; it now only avoids using the RSA stuff. Same applies to NO_DSA + now, too. + [Ralf S. Engelschall] + + *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested + BIO. See the source (crypto/evp/bio_ok.c) for more info. + [Arne Ansper ] + + *) Dump the old yucky req code that tried (and failed) to allow raw OIDs + to be added. Now both 'req' and 'ca' can use new objects defined in the + config file. + [Steve Henson] + + *) Add cool BIO that does syslog (or event log on NT). + [Arne Ansper , integrated by Ben Laurie] + + *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5, + TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and + TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher + Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt. + [Ben Laurie] + + *) Add preliminary config info for new extension code. + [Steve Henson] + + *) Make RSA_NO_PADDING really use no padding. + [Ulf Moeller ] + + *) Generate errors when private/public key check is done. + [Ben Laurie] + + *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support + for some CRL extensions and new objects added. + [Steve Henson] + + *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private + key usage extension and fuller support for authority key id. + [Steve Henson] + + *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved + padding method for RSA, which is recommended for new applications in PKCS + #1 v2.0 (RFC 2437, October 1998). + OAEP (Optimal Asymmetric Encryption Padding) has better theoretical + foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure + against Bleichbacher's attack on RSA. + [Ulf Moeller , reformatted, corrected and integrated by + Ben Laurie] + + *) Updates to the new SSL compression code + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Fix so that the version number in the master secret, when passed + via RSA, checks that if TLS was proposed, but we roll back to SSLv3 + (because the server will not accept higher), that the version number + is 0x03,0x01, not 0x03,0x00 + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory + leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes + in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c + [Steve Henson] + + *) Support for RAW extensions where an arbitrary extension can be + created by including its DER encoding. See apps/openssl.cnf for + an example. + [Steve Henson] + + *) Make sure latest Perl versions don't interpret some generated C array + code as Perl array code in the crypto/err/err_genc.pl script. + [Lars Weber <3weber@informatik.uni-hamburg.de>] + + *) Modify ms/do_ms.bat to not generate assembly language makefiles since + not many people have the assembler. Various Win32 compilation fixes and + update to the INSTALL.W32 file with (hopefully) more accurate Win32 + build instructions. + [Steve Henson] + + *) Modify configure script 'Configure' to automatically create crypto/date.h + file under Win32 and also build pem.h from pem.org. New script + util/mkfiles.pl to create the MINFO file on environments that can't do a + 'make files': perl util/mkfiles.pl >MINFO should work. + [Steve Henson] + + *) Major rework of DES function declarations, in the pursuit of correctness + and purity. As a result, many evil casts evaporated, and some weirdness, + too. You may find this causes warnings in your code. Zapping your evil + casts will probably fix them. Mostly. + [Ben Laurie] + + *) Fix for a typo in asn1.h. Bug fix to object creation script + obj_dat.pl. It considered a zero in an object definition to mean + "end of object": none of the objects in objects.h have any zeros + so it wasn't spotted. + [Steve Henson, reported by Erwann ABALEA ] + + *) Add support for Triple DES Cipher Block Chaining with Output Feedback + Masking (CBCM). In the absence of test vectors, the best I have been able + to do is check that the decrypt undoes the encrypt, so far. Send me test + vectors if you have them. + [Ben Laurie] + + *) Correct calculation of key length for export ciphers (too much space was + allocated for null ciphers). This has not been tested! + [Ben Laurie] + + *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage + message is now correct (it understands "crypto" and "ssl" on its + command line). There is also now an "update" option. This will update + the util/ssleay.num and util/libeay.num files with any new functions. + If you do a: + perl util/mkdef.pl crypto ssl update + it will update them. + [Steve Henson] + + *) Overhauled the Perl interface (perl/*): + - ported BN stuff to OpenSSL's different BN library + - made the perl/ source tree CVS-aware + - renamed the package from SSLeay to OpenSSL (the files still contain + their history because I've copied them in the repository) + - removed obsolete files (the test scripts will be replaced + by better Test::Harness variants in the future) + [Ralf S. Engelschall] + + *) First cut for a very conservative source tree cleanup: + 1. merge various obsolete readme texts into doc/ssleay.txt + where we collect the old documents and readme texts. + 2. remove the first part of files where I'm already sure that we no + longer need them because of three reasons: either they are just temporary + files which were left by Eric or they are preserved original files where + I've verified that the diff is also available in the CVS via "cvs diff + -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for + the crypto/md/ stuff). + [Ralf S. Engelschall] + + *) More extension code. Incomplete support for subject and issuer alt + name, issuer and authority key id. Change the i2v function parameters + and add an extra 'crl' parameter in the X509V3_CTX structure: guess + what that's for :-) Fix to ASN1 macro which messed up + IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED. + [Steve Henson] + + *) Preliminary support for ENUMERATED type. This is largely copied from the + INTEGER code. + [Steve Henson] + + *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy. + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Make sure `make rehash' target really finds the `openssl' program. + [Ralf S. Engelschall, Matthias Loepfe ] + + *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd + like to hear about it if this slows down other processors. + [Ben Laurie] + + *) Add CygWin32 platform information to Configure script. + [Alan Batie ] + + *) Fixed ms/32all.bat script: `no_asm' -> `no-asm' + [Rainer W. Gerling ] + + *) New program nseq to manipulate netscape certificate sequences + [Steve Henson] + + *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a + few typos. + [Steve Henson] + + *) Fixes to BN code. Previously the default was to define BN_RECURSION + but the BN code had some problems that would cause failures when + doing certificate verification and some other functions. + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + + *) Add several PKIX and private extended key usage OIDs. + [Steve Henson] + + *) Modify the 'ca' program to handle the new extension code. Modify + openssl.cnf for new extension format, add comments. + [Steve Henson] + + *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req' + and add a sample to openssl.cnf so req -x509 now adds appropriate + CA extensions. + [Steve Henson] + + *) Continued X509 V3 changes. Add to other makefiles, integrate with the + error code, add initial support to X509_print() and x509 application. + [Steve Henson] + + *) Takes a deep breath and start addding X509 V3 extension support code. Add + files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this + stuff is currently isolated and isn't even compiled yet. + [Steve Henson] + + *) Continuing patches for GeneralizedTime. Fix up certificate and CRL + ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. + Removed the versions check from X509 routines when loading extensions: + this allows certain broken certificates that don't set the version + properly to be processed. + [Steve Henson] + + *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another + Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which + can still be regenerated with "make depend". + [Ben Laurie] + + *) Spelling mistake in C version of CAST-128. + [Ben Laurie, reported by Jeremy Hylton ] + + *) Changes to the error generation code. The perl script err-code.pl + now reads in the old error codes and retains the old numbers, only + adding new ones if necessary. It also only changes the .err files if new + codes are added. The makefiles have been modified to only insert errors + when needed (to avoid needlessly modifying header files). This is done + by only inserting errors if the .err file is newer than the auto generated + C file. To rebuild all the error codes from scratch (the old behaviour) + either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl + or delete all the .err files. + [Steve Henson] + + *) CAST-128 was incorrectly implemented for short keys. The C version has + been fixed, but is untested. The assembler versions are also fixed, but + new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing + to regenerate it if needed. + [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun + Hagino ] + + *) File was opened incorrectly in randfile.c. + [Ulf Möller ] + + *) Beginning of support for GeneralizedTime. d2i, i2d, check and print + functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or + GeneralizedTime. ASN1_TIME is the proper type used in certificates et + al: it's just almost always a UTCTime. Note this patch adds new error + codes so do a "make errors" if there are problems. + [Steve Henson] + + *) Correct Linux 1 recognition in config. + [Ulf Möller ] + + *) Remove pointless MD5 hash when using DSA keys in ca. + [Anonymous ] + + *) Generate an error if given an empty string as a cert directory. Also + generate an error if handed NULL (previously returned 0 to indicate an + error, but didn't set one). + [Ben Laurie, reported by Anonymous ] + + *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last. + [Ben Laurie] + + *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct + parameters. This was causing a warning which killed off the Win32 compile. + [Steve Henson] + + *) Remove C++ style comments from crypto/bn/bn_local.h. + [Neil Costigan ] + + *) The function OBJ_txt2nid was broken. It was supposed to return a nid + based on a text string, looking up short and long names and finally + "dot" format. The "dot" format stuff didn't work. Added new function + OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote + OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the + OID is not part of the table. + [Steve Henson] + + *) Add prototypes to X509 lookup/verify methods, fixing a bug in + X509_LOOKUP_by_alias(). + [Ben Laurie] + + *) Sort openssl functions by name. + [Ben Laurie] + + *) Get the gendsa program working (hopefully) and add it to app list. Remove + encryption from sample DSA keys (in case anyone is interested the password + was "1234"). + [Steve Henson] + + *) Make _all_ *_free functions accept a NULL pointer. + [Frans Heymans ] + + *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use + NULL pointers. + [Anonymous ] + + *) s_server should send the CAfile as acceptable CAs, not its own cert. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Don't blow it for numeric -newkey arguments to apps/req. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Temp key "for export" tests were wrong in s3_srvr.c. + [Anonymous ] + + *) Add prototype for temp key callback functions + SSL_CTX_set_tmp_{rsa,dh}_callback(). + [Ben Laurie] + + *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and + DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey(). + [Steve Henson] + + *) X509_name_add_entry() freed the wrong thing after an error. + [Arne Ansper ] + + *) rsa_eay.c would attempt to free a NULL context. + [Arne Ansper ] + + *) BIO_s_socket() had a broken should_retry() on Windoze. + [Arne Ansper ] + + *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH. + [Arne Ansper ] + + *) Make sure the already existing X509_STORE->depth variable is initialized + in X509_STORE_new(), but document the fact that this variable is still + unused in the certificate verification process. + [Ralf S. Engelschall] + + *) Fix the various library and apps files to free up pkeys obtained from + X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions. + [Steve Henson] + + *) Fix reference counting in X509_PUBKEY_get(). This makes + demos/maurice/example2.c work, amongst others, probably. + [Steve Henson and Ben Laurie] + + *) First cut of a cleanup for apps/. First the `ssleay' program is now named + `openssl' and second, the shortcut symlinks for the `openssl ' + are no longer created. This way we have a single and consistent command + line interface `openssl ', similar to `cvs '. + [Ralf S. Engelschall, Paul Sutton and Ben Laurie] + + *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey + BIT STRING wrapper always have zero unused bits. + [Steve Henson] + + *) Add CA.pl, perl version of CA.sh, add extended key usage OID. + [Steve Henson] + + *) Make the top-level INSTALL documentation easier to understand. + [Paul Sutton] + + *) Makefiles updated to exit if an error occurs in a sub-directory + make (including if user presses ^C) [Paul Sutton] + + *) Make Montgomery context stuff explicit in RSA data structure. + [Ben Laurie] + + *) Fix build order of pem and err to allow for generated pem.h. + [Ben Laurie] + + *) Fix renumbering bug in X509_NAME_delete_entry(). + [Ben Laurie] + + *) Enhanced the err-ins.pl script so it makes the error library number + global and can add a library name. This is needed for external ASN1 and + other error libraries. + [Steve Henson] + + *) Fixed sk_insert which never worked properly. + [Steve Henson] + + *) Fix ASN1 macros so they can handle indefinite length construted + EXPLICIT tags. Some non standard certificates use these: they can now + be read in. + [Steve Henson] + + *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc) + into a single doc/ssleay.txt bundle. This way the information is still + preserved but no longer messes up this directory. Now it's new room for + the new set of documenation files. + [Ralf S. Engelschall] + + *) SETs were incorrectly DER encoded. This was a major pain, because they + shared code with SEQUENCEs, which aren't coded the same. This means that + almost everything to do with SETs or SEQUENCEs has either changed name or + number of arguments. + [Ben Laurie, based on a partial fix by GP Jayan ] + + *) Fix test data to work with the above. + [Ben Laurie] + + *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but + was already fixed by Eric for 0.9.1 it seems. + [Ben Laurie - pointed out by Ulf Möller ] + + *) Autodetect FreeBSD3. + [Ben Laurie] + + *) Fix various bugs in Configure. This affects the following platforms: + nextstep + ncr-scde + unixware-2.0 + unixware-2.0-pentium + sco5-cc. + [Ben Laurie] + + *) Eliminate generated files from CVS. Reorder tests to regenerate files + before they are needed. + [Ben Laurie] + + *) Generate Makefile.ssl from Makefile.org (to keep CVS happy). + [Ben Laurie] + + + Changes between 0.9.1b and 0.9.1c [23-Dec-1998] + + *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and + changed SSLeay to OpenSSL in version strings. + [Ralf S. Engelschall] + + *) Some fixups to the top-level documents. + [Paul Sutton] + + *) Fixed the nasty bug where rsaref.h was not found under compile-time + because the symlink to include/ was missing. + [Ralf S. Engelschall] + + *) Incorporated the popular no-RSA/DSA-only patches + which allow to compile a RSA-free SSLeay. + [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall] + + *) Fixed nasty rehash problem under `make -f Makefile.ssl links' + when "ssleay" is still not found. + [Ralf S. Engelschall] + + *) Added more platforms to Configure: Cray T3E, HPUX 11, + [Ralf S. Engelschall, Beckmann ] + + *) Updated the README file. + [Ralf S. Engelschall] + + *) Added various .cvsignore files in the CVS repository subdirs + to make a "cvs update" really silent. + [Ralf S. Engelschall] + + *) Recompiled the error-definition header files and added + missing symbols to the Win32 linker tables. + [Ralf S. Engelschall] + + *) Cleaned up the top-level documents; + o new files: CHANGES and LICENSE + o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay + o merged COPYRIGHT into LICENSE + o removed obsolete TODO file + o renamed MICROSOFT to INSTALL.W32 + [Ralf S. Engelschall] + + *) Removed dummy files from the 0.9.1b source tree: + crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi + crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f + crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f + crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f + util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f + [Ralf S. Engelschall] + + *) Added various platform portability fixes. + [Mark J. Cox] + + *) The Genesis of the OpenSSL rpject: + We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A. + Young and Tim J. Hudson created while they were working for C2Net until + summer 1998. + [The OpenSSL Project] + + + Changes between 0.9.0b and 0.9.1b [not released] + + *) Updated a few CA certificates under certs/ + [Eric A. Young] + + *) Changed some BIGNUM api stuff. + [Eric A. Young] + + *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, + DGUX x86, Linux Alpha, etc. + [Eric A. Young] + + *) New COMP library [crypto/comp/] for SSL Record Layer Compression: + RLE (dummy implemented) and ZLIB (really implemented when ZLIB is + available). + [Eric A. Young] + + *) Add -strparse option to asn1pars program which parses nested + binary structures + [Dr Stephen Henson ] + + *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs. + [Eric A. Young] + + *) DSA fix for "ca" program. + [Eric A. Young] + + *) Added "-genkey" option to "dsaparam" program. + [Eric A. Young] + + *) Added RIPE MD160 (rmd160) message digest. + [Eric A. Young] + + *) Added -a (all) option to "ssleay version" command. + [Eric A. Young] + + *) Added PLATFORM define which is the id given to Configure. + [Eric A. Young] + + *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking. + [Eric A. Young] + + *) Extended the ASN.1 parser routines. + [Eric A. Young] + + *) Extended BIO routines to support REUSEADDR, seek, tell, etc. + [Eric A. Young] + + *) Added a BN_CTX to the BN library. + [Eric A. Young] + + *) Fixed the weak key values in DES library + [Eric A. Young] + + *) Changed API in EVP library for cipher aliases. + [Eric A. Young] + + *) Added support for RC2/64bit cipher. + [Eric A. Young] + + *) Converted the lhash library to the crypto/mem.c functions. + [Eric A. Young] + + *) Added more recognized ASN.1 object ids. + [Eric A. Young] + + *) Added more RSA padding checks for SSL/TLS. + [Eric A. Young] + + *) Added BIO proxy/filter functionality. + [Eric A. Young] + + *) Added extra_certs to SSL_CTX which can be used + send extra CA certificates to the client in the CA cert chain sending + process. It can be configured with SSL_CTX_add_extra_chain_cert(). + [Eric A. Young] + + *) Now Fortezza is denied in the authentication phase because + this is key exchange mechanism is not supported by SSLeay at all. + [Eric A. Young] + + *) Additional PKCS1 checks. + [Eric A. Young] + + *) Support the string "TLSv1" for all TLS v1 ciphers. + [Eric A. Young] + + *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the + ex_data index of the SSL context in the X509_STORE_CTX ex_data. + [Eric A. Young] + + *) Fixed a few memory leaks. + [Eric A. Young] + + *) Fixed various code and comment typos. + [Eric A. Young] + + *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 + bytes sent in the client random. + [Edward Bishop ] + diff --git a/src/lib/libssl/src/CHANGES.SSLeay b/src/lib/libssl/src/CHANGES.SSLeay new file mode 100644 index 0000000000..dbb80b003d --- /dev/null +++ b/src/lib/libssl/src/CHANGES.SSLeay @@ -0,0 +1,968 @@ +This file contains the changes for the SSLeay library up to version +0.9.0b. For later changes, see the file "CHANGES". + + SSLeay CHANGES + ______________ + +Changes between 0.8.x and 0.9.0b + +10-Apr-1998 + +I said the next version would go out at easter, and so it shall. +I expect a 0.9.1 will follow with portability fixes in the next few weeks. + +This is a quick, meet the deadline. Look to ssl-users for comments on what +is new etc. + +eric (about to go bushwalking for the 4 day easter break :-) + +16-Mar-98 + - Patch for Cray T90 from Wayne Schroeder + - Lots and lots of changes + +29-Jan-98 + - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from + Goetz Babin-Ebell . + - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or + TLS1_VERSION. + +7-Jan-98 + - Finally reworked the cipher string to ciphers again, so it + works correctly + - All the app_data stuff is now ex_data with funcion calls to access. + The index is supplied by a function and 'methods' can be setup + for the types that are called on XXX_new/XXX_free. This lets + applications get notified on creation and destruction. Some of + the RSA methods could be implemented this way and I may do so. + - Oh yes, SSL under perl5 is working at the basic level. + +15-Dec-97 + - Warning - the gethostbyname cache is not fully thread safe, + but it should work well enough. + - Major internal reworking of the app_data stuff. More functions + but if you were accessing ->app_data directly, things will + stop working. + - The perlv5 stuff is working. Currently on message digests, + ciphers and the bignum library. + +9-Dec-97 + - Modified re-negotiation so that server initated re-neg + will cause a SSL_read() to return -1 should retry. + The danger otherwise was that the server and the + client could end up both trying to read when using non-blocking + sockets. + +4-Dec-97 + - Lots of small changes + - Fix for binaray mode in Windows for the FILE BIO, thanks to + Bob Denny + +17-Nov-97 + - Quite a few internal cleanups, (removal of errno, and using macros + defined in e_os.h). + - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where + the automactic naming out output files was being stuffed up. + +29-Oct-97 + - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember + for x86. + +21-Oct-97 + - Fixed a bug in the BIO_gethostbyname() cache. + +15-Oct-97 + - cbc mode for blowfish/des/3des is now in assember. Blowfish asm + has also been improved. At this point in time, on the pentium, + md5 is %80 faster, the unoptimesed sha-1 is %79 faster, + des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc + is %62 faster. + +12-Oct-97 + - MEM_BUF_grow() has been fixed so that it always sets the buf->length + to the value we are 'growing' to. Think of MEM_BUF_grow() as the + way to set the length value correctly. + +10-Oct-97 + - I now hash for certificate lookup on the raw DER encoded RDN (md5). + This breaks things again :-(. This is efficent since I cache + the DER encoding of the RDN. + - The text DN now puts in the numeric OID instead of UNKNOWN. + - req can now process arbitary OIDs in the config file. + - I've been implementing md5 in x86 asm, much faster :-). + - Started sha1 in x86 asm, needs more work. + - Quite a few speedups in the BN stuff. RSA public operation + has been made faster by caching the BN_MONT_CTX structure. + The calulating of the Ai where A*Ai === 1 mod m was rather + expensive. Basically a 40-50% speedup on public operations. + The RSA speedup is now 15% on pentiums and %20 on pentium + pro. + +30-Sep-97 + - After doing some profiling, I added x86 adm for bn_add_words(), + which just adds 2 arrays of longs together. A %10 speedup + for 512 and 1024 bit RSA on the pentium pro. + +29-Sep-97 + - Converted the x86 bignum assembler to us the perl scripts + for generation. + +23-Sep-97 + - If SSL_set_session() is passed a NULL session, it now clears the + current session-id. + +22-Sep-97 + - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned + certificates. + - Bug in crypto/evp/encode.c where by decoding of 65 base64 + encoded lines, one line at a time (via a memory BIO) would report + EOF after the first line was decoded. + - Fix in X509_find_by_issuer_and_serial() from + Dr Stephen Henson + +19-Sep-97 + - NO_FP_API and NO_STDIO added. + - Put in sh config command. It auto runs Configure with the correct + parameters. + +18-Sep-97 + - Fix x509.c so if a DSA cert has different parameters to its parent, + they are left in place. Not tested yet. + +16-Sep-97 + - ssl_create_cipher_list() had some bugs, fixes from + Patrick Eisenacher + - Fixed a bug in the Base64 BIO, where it would return 1 instead + of -1 when end of input was encountered but should retry. + Basically a Base64/Memory BIO interaction problem. + - Added a HMAC set of functions in preporarion for TLS work. + +15-Sep-97 + - Top level makefile tweak - Cameron Simpson + - Prime generation spead up %25 (512 bit prime, pentium pro linux) + by using montgomery multiplication in the prime number test. + +11-Sep-97 + - Ugly bug in ssl3_write_bytes(). Basically if application land + does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code + did not check the size and tried to copy the entire buffer. + This would tend to cause memory overwrites since SSLv3 has + a maximum packet size of 16k. If your program uses + buffers <= 16k, you would probably never see this problem. + - Fixed a new errors that were cause by malloc() not returning + 0 initialised memory.. + - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using + SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing + since this flags stops SSLeay being able to handle client + cert requests correctly. + +08-Sep-97 + - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched + on, the SSL server routines will not use a SSL_SESSION that is + held in it's cache. This in intended to be used with the session-id + callbacks so that while the session-ids are still stored in the + cache, the decision to use them and how to look them up can be + done by the callbacks. The are the 'new', 'get' and 'remove' + callbacks. This can be used to determine the session-id + to use depending on information like which port/host the connection + is coming from. Since the are also SSL_SESSION_set_app_data() and + SSL_SESSION_get_app_data() functions, the application can hold + information against the session-id as well. + +03-Sep-97 + - Added lookup of CRLs to the by_dir method, + X509_load_crl_file() also added. Basically it means you can + lookup CRLs via the same system used to lookup certificates. + - Changed things so that the X509_NAME structure can contain + ASN.1 BIT_STRINGS which is required for the unique + identifier OID. + - Fixed some problems with the auto flushing of the session-id + cache. It was not occuring on the server side. + +02-Sep-97 + - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) + which is the maximum number of entries allowed in the + session-id cache. This is enforced with a simple FIFO list. + The default size is 20*1024 entries which is rather large :-). + The Timeout code is still always operating. + +01-Sep-97 + - Added an argument to all the 'generate private key/prime` + callbacks. It is the last parameter so this should not + break existing code but it is needed for C++. + - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() + BIO. This lets the BIO read and write base64 encoded data + without inserting or looking for '\n' characters. The '-A' + flag turns this on when using apps/enc.c. + - RSA_NO_PADDING added to help BSAFE functionality. This is a + very dangerous thing to use, since RSA private key + operations without random padding bytes (as PKCS#1 adds) can + be attacked such that the private key can be revealed. + - ASN.1 bug and rc2-40-cbc and rc4-40 added by + Dr Stephen Henson + +31-Aug-97 (stuff added while I was away) + - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). + - RSA_flags() added allowing bypass of pub/priv match check + in ssl/ssl_rsa.c - Tim Hudson. + - A few minor bugs. + +SSLeay 0.8.1 released. + +19-Jul-97 + - Server side initated dynamic renegotiation is broken. I will fix + it when I get back from holidays. + +15-Jul-97 + - Quite a few small changes. + - INVALID_SOCKET usage cleanups from Alex Kiernan + +09-Jul-97 + - Added 2 new values to the SSL info callback. + SSL_CB_START which is passed when the SSL protocol is started + and SSL_CB_DONE when it has finished sucsessfully. + +08-Jul-97 + - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c + that related to DSA public/private keys. + - Added all the relevent PEM and normal IO functions to support + reading and writing RSAPublic keys. + - Changed makefiles to use ${AR} instead of 'ar r' + +07-Jul-97 + - Error in ERR_remove_state() that would leave a dangling reference + to a free()ed location - thanks to Alex Kiernan + - s_client now prints the X509_NAMEs passed from the server + when requesting a client cert. + - Added a ssl->type, which is one of SSL_ST_CONNECT or + SSL_ST_ACCEPT. I had to add it so I could tell if I was + a connect or an accept after the handshake had finished. + - SSL_get_client_CA_list(SSL *s) now returns the CA names + passed by the server if called by a client side SSL. + +05-Jul-97 + - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index + 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). + +04-Jul-97 + - Fixed some things in X509_NAME_add_entry(), thanks to + Matthew Donald . + - I had a look at the cipher section and though that it was a + bit confused, so I've changed it. + - I was not setting up the RC4-64-MD5 cipher correctly. It is + a MS special that appears in exported MS Money. + - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 + spec. I was missing the two byte length header for the + ClientDiffieHellmanPublic value. This is a packet sent from + the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG + option will enable SSLeay server side SSLv3 accept either + the correct or my 080 packet format. + - Fixed a few typos in crypto/pem.org. + +02-Jul-97 + - Alias mapping for EVP_get_(digest|cipher)byname is now + performed before a lookup for actual cipher. This means + that an alias can be used to 're-direct' a cipher or a + digest. + - ASN1_read_bio() had a bug that only showed up when using a + memory BIO. When EOF is reached in the memory BIO, it is + reported as a -1 with BIO_should_retry() set to true. + +01-Jul-97 + - Fixed an error in X509_verify_cert() caused by my + miss-understanding how 'do { contine } while(0);' works. + Thanks to Emil Sit for educating me :-) + +30-Jun-97 + - Base64 decoding error. If the last data line did not end with + a '=', sometimes extra data would be returned. + - Another 'cut and paste' bug in x509.c related to setting up the + STDout BIO. + +27-Jun-97 + - apps/ciphers.c was not printing due to an editing error. + - Alex Kiernan send in a nice fix for + a library build error in util/mk1mf.pl + +26-Jun-97 + - Still did not have the auto 'experimental' code removal + script correct. + - A few header tweaks for Watcom 11.0 under Win32 from + Rolf Lindemann + - 0 length OCTET_STRING bug in asn1_parse + - A minor fix with an non-existent function in the MS .def files. + - A few changes to the PKCS7 stuff. + +25-Jun-97 + SSLeay 0.8.0 finally it gets released. + +24-Jun-97 + Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to + use a temporary RSA key. This is experimental and needs some more work. + Fixed a few Win16 build problems. + +23-Jun-97 + SSLv3 bug. I was not doing the 'lookup' of the CERT structure + correctly. I was taking the SSL->ctx->default_cert when I should + have been using SSL->cert. The bug was in ssl/s3_srvr.c + +20-Jun-97 + X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the + rest of the library. Even though I had the code required to do + it correctly, apps/req.c was doing the wrong thing. I have fixed + and tested everything. + + Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. + +19-Jun-97 + Fixed a bug in the SSLv2 server side first packet handling. When + using the non-blocking test BIO, the ssl->s2->first_packet flag + was being reset when a would-block failure occurred when reading + the first 5 bytes of the first packet. This caused the checking + logic to run at the wrong time and cause an error. + + Fixed a problem with specifying cipher. If RC4-MD5 were used, + only the SSLv3 version would be picked up. Now this will pick + up both SSLv2 and SSLv3 versions. This required changing the + SSL_CIPHER->mask values so that they only mask the ciphers, + digests, authentication, export type and key-exchange algorithms. + + I found that when a SSLv23 session is established, a reused + session, of type SSLv3 was attempting to write the SSLv2 + ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char + method has been modified so it will only write out cipher which + that method knows about. + + + Changes between 0.8.0 and 0.8.1 + + *) Mostly bug fixes. + There is an Ephemeral DH cipher problem which is fixed. + + SSLeay 0.8.0 + +This version of SSLeay has quite a lot of things different from the +previous version. + +Basically check all callback parameters, I will be producing documentation +about how to use things in th future. Currently I'm just getting 080 out +the door. Please not that there are several ways to do everything, and +most of the applications in the apps directory are hybrids, some using old +methods and some using new methods. + +Have a look in demos/bio for some very simple programs and +apps/s_client.c and apps/s_server.c for some more advanced versions. +Notes are definitly needed but they are a week or so away. + +Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) +--- +Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to +get those people that want to move to using the new code base off to +a quick start. + +Note that Eric has tidied up a lot of the areas of the API that were +less than desirable and renamed quite a few things (as he had to break +the API in lots of places anyrate). There are a whole pile of additional +functions for making dealing with (and creating) certificates a lot +cleaner. + +01-Jul-97 +Tim Hudson +tjh@cryptsoft.com + +---8<--- + +To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could +use something like the following (assuming you #include "crypto.h" which +is something that you really should be doing). + +#if SSLEAY_VERSION_NUMBER >= 0x0800 +#define SSLEAY8 +#endif + +buffer.h -> splits into buffer.h and bio.h so you need to include bio.h + too if you are working with BIO internal stuff (as distinct + from simply using the interface in an opaque manner) + +#include "bio.h" - required along with "buffer.h" if you write + your own BIO routines as the buffer and bio + stuff that was intermixed has been separated + out + +envelope.h -> evp.h (which should have been done ages ago) + +Initialisation ... don't forget these or you end up with code that +is missing the bits required to do useful things (like ciphers): + +SSLeay_add_ssl_algorithms() +(probably also want SSL_load_error_strings() too but you should have + already had that call in place) + +SSL_CTX_new() - requires an extra method parameter + SSL_CTX_new(SSLv23_method()) + SSL_CTX_new(SSLv2_method()) + SSL_CTX_new(SSLv3_method()) + + OR to only have the server or the client code + SSL_CTX_new(SSLv23_server_method()) + SSL_CTX_new(SSLv2_server_method()) + SSL_CTX_new(SSLv3_server_method()) + or + SSL_CTX_new(SSLv23_client_method()) + SSL_CTX_new(SSLv2_client_method()) + SSL_CTX_new(SSLv3_client_method()) + +SSL_set_default_verify_paths() ... renamed to the more appropriate +SSL_CTX_set_default_verify_paths() + +If you want to use client certificates then you have to add in a bit +of extra stuff in that a SSLv3 server sends a list of those CAs that +it will accept certificates from ... so you have to provide a list to +SSLeay otherwise certain browsers will not send client certs. + +SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + + +X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) + or provide a buffer and size to copy the + result into + +X509_add_cert -> X509_STORE_add_cert (and you might want to read the + notes on X509_NAME structure changes too) + + +VERIFICATION CODE +================= + +The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to +more accurately reflect things. + +The verification callback args are now packaged differently so that +extra fields for verification can be added easily in future without +having to break things by adding extra parameters each release :-) + +X509_cert_verify_error_string -> X509_verify_cert_error_string + + +BIO INTERNALS +============= + +Eric has fixed things so that extra flags can be introduced in +the BIO layer in future without having to play with all the BIO +modules by adding in some macros. + +The ugly stuff using + b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_clear_retry_flags(b) + + b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_set_retry_read(b) + +Also ... BIO_get_retry_flags(b), BIO_set_flags(b) + + + +OTHER THINGS +============ + +X509_NAME has been altered so that it isn't just a STACK ... the STACK +is now in the "entries" field ... and there are a pile of nice functions +for getting at the details in a much cleaner manner. + +SSL_CTX has been altered ... "cert" is no longer a direct member of this +structure ... things are now down under "cert_store" (see x509_vfy.h) and +things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. +If your code "knows" about this level of detail then it will need some +surgery. + +If you depending on the incorrect spelling of a number of the error codes +then you will have to change your code as these have been fixed. + +ENV_CIPHER "type" got renamed to "nid" and as that is what it actually +has been all along so this makes things clearer. +ify_cert_error_string(ctx->error)); + +SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST + and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO + + + + Changes between 0.7.x and 0.8.0 + + *) There have been lots of changes, mostly the addition of SSLv3. + There have been many additions from people and amongst + others, C2Net has assisted greatly. + + Changes between 0.7.x and 0.7.x + + *) Internal development version only + +SSLeay 0.6.6 13-Jan-1997 + +The main additions are + +- assember for x86 DES improvments. + From 191,000 per second on a pentium 100, I now get 281,000. The inner + loop and the IP/FP modifications are from + Svend Olaf Mikkelsen . Many thanks for his + contribution. +- The 'DES macros' introduced in 0.6.5 now have 3 types. + DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which + is best and there is a summery of mine in crypto/des/options.txt +- A few bug fixes. +- Added blowfish. It is not used by SSL but all the other stuff that + deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. + There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. + BF_PTR2 is pentium/x86 specific. The correct option is setup in + the 'Configure' script. +- There is now a 'get client certificate' callback which can be + 'non-blocking'. If more details are required, let me know. It will + documented more in SSLv3 when I finish it. +- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' + now tests the ca program. +- Lots of little things modified and tweaked. + + SSLeay 0.6.5 + +After quite some time (3 months), the new release. I have been very busy +for the last few months and so this is mostly bug fixes and improvments. + +The main additions are + +- assember for x86 DES. For all those gcc based systems, this is a big + improvement. From 117,000 DES operation a second on a pentium 100, + I now get 191,000. I have also reworked the C version so it + now gives 148,000 DESs per second. +- As mentioned above, the inner DES macros now have some more variant that + sometimes help, sometimes hinder performance. There are now 3 options + DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) + and DES_RISC (a more register intensive version of the inner macro). + The crypto/des/des_opts.c program, when compiled and run, will give + an indication of the correct options to use. +- The BIO stuff has been improved. Read doc/bio.doc. There are now + modules for encryption and base64 encoding and a BIO_printf() function. +- The CA program will accept simple one line X509v3 extensions in the + ssleay.cnf file. Have a look at the example. Currently this just + puts the text into the certificate as an OCTET_STRING so currently + the more advanced X509v3 data types are not handled but this is enough + for the netscape extensions. +- There is the start of a nicer higher level interface to the X509 + strucutre. +- Quite a lot of bug fixes. +- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used + to define the malloc(), free() and realloc() routines to use + (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when + using DLLs and mixing CRT libraries. + +In general, read the 'VERSION' file for changes and be aware that some of +the new stuff may not have been tested quite enough yet, so don't just plonk +in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. + +SSLeay 0.6.4 30/08/96 eay + +I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, +Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). + +The main changes in this release + +- Thread safe. have a read of doc/threads.doc and play in the mt directory. + For anyone using 0.6.3 with threads, I found 2 major errors so consider + moving to 0.6.4. I have a test program that builds under NT and + solaris. +- The get session-id callback has changed. Have a read of doc/callback.doc. +- The X509_cert_verify callback (the SSL_verify callback) now + has another argument. Have a read of doc/callback.doc +- 'ca -preserve', sign without re-ordering the DN. Not tested much. +- VMS support. +- Compile time memory leak detection can now be built into SSLeay. + Read doc/memory.doc +- CONF routines now understand '\', '\n', '\r' etc. What this means is that + the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. +- 'ssleay ciphers' added, lists the default cipher list for SSLeay. +- RC2 key setup is now compatable with Netscape. +- Modifed server side of SSL implementation, big performance difference when + using session-id reuse. + +0.6.3 + +Bug fixes and the addition of some nice stuff to the 'ca' program. +Have a read of doc/ns-ca.doc for how hit has been modified so +it can be driven from a CGI script. The CGI script is not provided, +but that is just being left as an excersize for the reader :-). + +0.6.2 + +This is most bug fixes and functionality improvements. + +Additions are +- More thread debugging patches, the thread stuff is still being + tested, but for those keep to play with stuff, have a look in + crypto/cryptlib.c. The application needs to define 1 (or optionaly + a second) callback that is used to implement locking. Compiling + with LOCK_DEBUG spits out lots of locking crud :-). + This is what I'm currently working on. +- SSL_CTX_set_default_passwd_cb() can be used to define the callback + function used in the SSL*_file() functions used to load keys. I was + always of the opinion that people should call + PEM_read_RSAPrivateKey() and pass the callback they want to use, but + it appears they just want to use the SSL_*_file() function() :-(. +- 'enc' now has a -kfile so a key can be read from a file. This is + mostly used so that the passwd does not appear when using 'ps', + which appears imposible to stop under solaris. +- X509v3 certificates now work correctly. I even have more examples + in my tests :-). There is now a X509_EXTENSION type that is used in + X509v3 certificates and CRLv2. +- Fixed that signature type error :-( +- Fixed quite a few potential memory leaks and problems when reusing + X509, CRL and REQ structures. +- EVP_set_pw_prompt() now sets the library wide default password + prompt. +- The 'pkcs7' command will now, given the -print_certs flag, output in + pem format, all certificates and CRL contained within. This is more + of a pre-emtive thing for the new verisign distribution method. I + should also note, that this also gives and example in code, of how + to do this :-), or for that matter, what is involved in going the + other way (list of certs and crl -> pkcs7). +- Added RSA's DESX to the DES library. It is also available via the + EVP_desx_cbc() method and via 'enc desx'. + +SSLeay 0.6.1 + +The main functional changes since 0.6.0 are as follows +- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is + that from now on, I'll keep the .def numbers the same so they will be. +- RSA private key operations are about 2 times faster that 0.6.0 +- The SSL_CTX now has more fields so default values can be put against + it. When an SSL structure is created, these default values are used + but can be overwritten. There are defaults for cipher, certificate, + private key, verify mode and callback. This means SSL session + creation can now be + ssl=SSL_new() + SSL_set_fd(ssl,sock); + SSL_accept(ssl) + .... + All the other uglyness with having to keep a global copy of the + private key and certificate/verify mode in the server is now gone. +- ssl/ssltest.c - one process talking SSL to its self for testing. +- Storage of Session-id's can be controled via a session_cache_mode + flag. There is also now an automatic default flushing of + old session-id's. +- The X509_cert_verify() function now has another parameter, this + should not effect most people but it now means that the reason for + the failure to verify is now available via SSL_get_verify_result(ssl). + You don't have to use a global variable. +- SSL_get_app_data() and SSL_set_app_data() can be used to keep some + application data against the SSL structure. It is upto the application + to free the data. I don't use it, but it is available. +- SSL_CTX_set_cert_verify_callback() can be used to specify a + verify callback function that completly replaces my certificate + verification code. Xcert should be able to use this :-). + The callback is of the form int app_verify_callback(arg,ssl,cert). + This needs to be documented more. +- I have started playing with shared library builds, have a look in + the shlib directory. It is very simple. If you need a numbered + list of functions, have a look at misc/crypto.num and misc/ssl.num. +- There is some stuff to do locking to make the library thread safe. + I have only started this stuff and have not finished. If anyone is + keen to do so, please send me the patches when finished. + +So I have finally made most of the additions to the SSL interface that +I thought were needed. + +There will probably be a pause before I make any non-bug/documentation +related changes to SSLeay since I'm feeling like a bit of a break. + +eric - 12 Jul 1996 +I saw recently a comment by some-one that we now seem to be entering +the age of perpetual Beta software. +Pioneered by packages like linux but refined to an art form by +netscape. + +I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). + +There are quite a large number of sections that are 'works in +progress' in this package. I will also list the major changes and +what files you should read. + +BIO - this is the new IO structure being used everywhere in SSLeay. I +started out developing this because of microsoft, I wanted a mechanism +to callback to the application for all IO, so Windows 3.1 DLL +perversion could be hidden from me and the 15 different ways to write +to a file under NT would also not be dictated by me at library build +time. What the 'package' is is an API for a data structure containing +functions. IO interfaces can be written to conform to the +specification. This in not intended to hide the underlying data type +from the application, but to hide it from SSLeay :-). +I have only really finished testing the FILE * and socket/fd modules. +There are also 'filter' BIO's. Currently I have only implemented +message digests, and it is in use in the dgst application. This +functionality will allow base64/encrypto/buffering modules to be +'push' into a BIO without it affecting the semantics. I'm also +working on an SSL BIO which will hide the SSL_accept()/SLL_connet() +from an event loop which uses the interface. +It is also possible to 'attach' callbacks to a BIO so they get called +before and after each operation, alowing extensive debug output +to be generated (try running dgst with -d). + +Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few +functions that used to take FILE *, now take BIO *. +The wrappers are easy to write + +function_fp(fp,x) +FILE *fp; + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) error..... + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=function_bio(b,x); + BIO_free(b); + return(ret); + } +Remember, there are no functions that take FILE * in SSLeay when +compiled for Windows 3.1 DLL's. + +-- +I have added a general EVP_PKEY type that can hold a public/private +key. This is now what is used by the EVP_ functions and is passed +around internally. I still have not done the PKCS#8 stuff, but +X509_PKEY is defined and waiting :-) + +-- +For a full function name listings, have a look at ms/crypt32.def and +ms/ssl32.def. These are auto-generated but are complete. +Things like ASN1_INTEGER_get() have been added and are in here if you +look. I have renamed a few things, again, have a look through the +function list and you will probably find what you are after. I intend +to at least put a one line descrition for each one..... + +-- +Microsoft - thats what this release is about, read the MICROSOFT file. + +-- +Multi-threading support. I have started hunting through the code and +flaging where things need to be done. In a state of work but high on +the list. + +-- +For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) +be be you random data device, otherwise 'RFILE' in e_os.h +will be used, in your home directory. It will be updated +periodically. The environment variable RANDFILE will override this +choice and read/write to that file instead. DEVRANDOM is used in +conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random +number generator, pick on one of these files. + +-- + +The list of things to read and do + +dgst -d +s_client -state (this uses a callback placed in the SSL state loop and + will be used else-where to help debug/monitor what + is happening.) + +doc/why.doc +doc/bio.doc <- hmmm, needs lots of work. +doc/bss_file.doc <- one that is working :-) +doc/session.doc <- it has changed +doc/speed.doc + also play with ssleay version -a. I have now added a SSLeay() + function that returns a version number, eg 0600 for this release + which is primarily to be used to check DLL version against the + application. +util/* Quite a few will not interest people, but some may, like + mk1mf.pl, mkdef.pl, +util/do_ms.sh + +try +cc -Iinclude -Icrypto -c crypto/crypto.c +cc -Iinclude -Issl -c ssl/ssl.c +You have just built the SSLeay libraries as 2 object files :-) + +Have a general rummage around in the bin stall directory and look at +what is in there, like CA.sh and c_rehash + +There are lots more things but it is 12:30am on a Friday night and I'm +heading home :-). + +eric 22-Jun-1996 +This version has quite a few major bug fixes and improvements. It DOES NOT +do SSLv3 yet. + +The main things changed +- A Few days ago I added the s_mult application to ssleay which is + a demo of an SSL server running in an event loop type thing. + It supports non-blocking IO, I have finally gotten it right, SSL_accept() + can operate in non-blocking IO mode, look at the code to see how :-). + Have a read of doc/s_mult as well. This program leaks memory and + file descriptors everywhere but I have not cleaned it up yet. + This is a demo of how to do non-blocking IO. +- The SSL session management has been 'worked over' and there is now + quite an expansive set of functions to manipulate them. Have a read of + doc/session.doc for some-things I quickly whipped up about how it now works. + This assume you know the SSLv2 protocol :-) +- I can now read/write the netscape certificate format, use the + -inform/-outform 'net' options to the x509 command. I have not put support + for this type in the other demo programs, but it would be easy to add. +- asn1parse and 'enc' have been modified so that when reading base64 + encoded files (pem format), they do not require '-----BEGIN' header lines. + The 'enc' program had a buffering bug fixed, it can be used as a general + base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' + respecivly. Leaving out the '-a' flag in this case makes the 'enc' command + into a form of 'cat'. +- The 'x509' and 'req' programs have been fixed and modified a little so + that they generate self-signed certificates correctly. The test + script actually generates a 'CA' certificate and then 'signs' a + 'user' certificate. Have a look at this shell script (test/sstest) + to see how things work, it tests most possible combinations of what can + be done. +- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name + of SSL_set_cipher_list() is now the correct API (stops confusion :-). + If this function is used in the client, only the specified ciphers can + be used, with preference given to the order the ciphers were listed. + For the server, if this is used, only the specified ciphers will be used + to accept connections. If this 'option' is not used, a default set of + ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this + list for all ciphers started against the SSL_CTX. So the order is + SSL cipher_list, if not present, SSL_CTX cipher list, if not + present, then the library default. + What this means is that normally ciphers like + NULL-MD5 will never be used. The only way this cipher can be used + for both ends to specify to use it. + To enable or disable ciphers in the library at build time, modify the + first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. + This file also contains the 'pref_cipher' list which is the default + cipher preference order. +- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' + options work. They should, and they enable loading and writing the + netscape rsa private key format. I will be re-working this section of + SSLeay for the next version. What is currently in place is a quick and + dirty hack. +- I've re-written parts of the bignum library. This gives speedups + for all platforms. I now provide assembler for use under Windows NT. + I have not tested the Windows 3.1 assembler but it is quite simple code. + This gives RSAprivate_key operation encryption times of 0.047s (512bit key) + and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. + Basically the times available under linux/solaris x86 can be achieve under + Windows NT. I still don't know how these times compare to RSA's BSAFE + library but I have been emailing with people and with their help, I should + be able to get my library's quite a bit faster still (more algorithm changes). + The object file crypto/bn/asm/x86-32.obj should be used when linking + under NT. +- 'make makefile.one' in the top directory will generate a single makefile + called 'makefile.one' This makefile contains no perl references and + will build the SSLeay library into the 'tmp' and 'out' directories. + util/mk1mf.pl >makefile.one is how this makefile is + generated. The mk1mf.pl command take several option to generate the + makefile for use with cc, gcc, Visual C++ and Borland C++. This is + still under development. I have only build .lib's for NT and MSDOS + I will be working on this more. I still need to play with the + correct compiler setups for these compilers and add some more stuff but + basically if you just want to compile the library + on a 'non-unix' platform, this is a very very good file to start with :-). + Have a look in the 'microsoft' directory for my current makefiles. + I have not yet modified things to link with sockets under Windows NT. + You guys should be able to do this since this is actually outside of the + SSLeay scope :-). I will be doing it for myself soon. + util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock + to build without RC2/RC4, to require RSAref for linking, and to + build with no socket code. + +- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher + that was posted to sci.crypt has been added to the library and SSL. + I take the view that if RC2 is going to be included in a standard, + I'll include the cipher to make my package complete. + There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers + at compile time. I have not tested this recently but it should all work + and if you are in the USA and don't want RSA threatening to sue you, + you could probably remove the RC4/RC2 code inside these sections. + I may in the future include a perl script that does this code + removal automatically for those in the USA :-). +- I have removed all references to sed in the makefiles. So basically, + the development environment requires perl and sh. The build environment + does not (use the makefile.one makefile). + The Configure script still requires perl, this will probably stay that way + since I have perl for Windows NT :-). + +eric (03-May-1996) + +PS Have a look in the VERSION file for more details on the changes and + bug fixes. +I have fixed a few bugs, added alpha and x86 assembler and generally cleaned +things up. This version will be quite stable, mostly because I'm on +holidays until 10-March-1996. For any problems in the interum, send email +to Tim Hudson . + +SSLeay 0.5.0 + +12-12-95 +This is going out before it should really be released. + +I leave for 11 weeks holidays on the 22-12-95 and so I either sit on +this for 11 weeks or get things out. It is still going to change a +lot in the next week so if you do grab this version, please test and +give me feed back ASAP, inculuding questions on how to do things with +the library. This will prompt me to write documentation so I don't +have to answer the same question again :-). + +This 'pre' release version is for people who are interested in the +library. The applications will have to be changed to use +the new version of the SSL interface. I intend to finish more +documentation before I leave but until then, look at the programs in +the apps directory. As far as code goes, it is much much nicer than +the old version. + +The current library works, has no memory leaks (as far as I can tell) +and is far more bug free that 0.4.5d. There are no global variable of +consequence (I believe) and I will produce some documentation that +tell where to look for those people that do want to do multi-threaded +stuff. + +There should be more documentation. Have a look in the +doc directory. I'll be adding more before I leave, it is a start +by mostly documents the crypto library. Tim Hudson will update +the web page ASAP. The spelling and grammar are crap but +it is better than nothing :-) + +Reasons to start playing with version 0.5.0 +- All the programs in the apps directory build into one ssleay binary. +- There is a new version of the 'req' program that generates certificate + requests, there is even documentation for this one :-) +- There is a demo certification authorithy program. Currently it will + look at the simple database and update it. It will generate CRL from + the data base. You need to edit the database by hand to revoke a + certificate, it is my aim to use perl5/Tk but I don't have time to do + this right now. It will generate the certificates but the management + scripts still need to be written. This is not a hard task. +- Things have been cleaned up alot. +- Have a look at the enc and dgst programs in the apps directory. +- It supports v3 of x509 certiticates. + + +Major things missing. +- I have been working on (and thinging about) the distributed x509 + hierachy problem. I have not had time to put my solution in place. + It will have to wait until I come back. +- I have not put in CRL checking in the certificate verification but + it would not be hard to do. I was waiting until I could generate my + own CRL (which has only been in the last week) and I don't have time + to put it in correctly. +- Montgomery multiplication need to be implemented. I know the + algorithm, just ran out of time. +- PKCS#7. I can load and write the DER version. I need to re-work + things to support BER (if that means nothing, read the ASN1 spec :-). +- Testing of the higher level digital envelope routines. I have not + played with the *_seal() and *_open() type functions. They are + written but need testing. The *_sign() and *_verify() functions are + rock solid. +- PEM. Doing this and PKCS#7 have been dependant on the distributed + x509 heirachy problem. I started implementing my ideas, got + distracted writing a CA program and then ran out of time. I provide + the functionality of RSAref at least. +- Re work the asm. code for the x86. I've changed by low level bignum + interface again, so I really need to tweak the x86 stuff. gcc is + good enough for the other boxes. + diff --git a/src/lib/libssl/src/COPYRIGHT b/src/lib/libssl/src/COPYRIGHT deleted file mode 100644 index 4faa8c0a46..0000000000 --- a/src/lib/libssl/src/COPYRIGHT +++ /dev/null @@ -1,65 +0,0 @@ -Copyright (C) 1997 Eric Young (eay@cryptsoft.com) -All rights reserved. - -This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). -The implementation was written so as to conform with Netscapes SSL. - -This library is free for commercial and non-commercial use as long as -the following conditions are aheared to. The following conditions -apply to all code found in this distribution, be it the RC4, RSA, -lhash, DES, etc., code; not just the SSL code. The SSL documentation -included with this distribution is covered by the same copyright terms -except that the holder is Tim Hudson (tjh@cryptsoft.com). - -Please note that MD2, MD5 and IDEA are publically available standards -that contain sample implementations, I have re-coded them in my own -way but there is nothing special about those implementations. The DES -library is another mater :-). - -Copyright remains Eric Young's, and as such any Copyright notices in -the code are not to be removed. -If this package is used in a product, Eric Young should be given attribution -as the author of the parts of the library used. -This can be in the form of a textual message at program startup or -in documentation (online or textual) provided with the package. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - "This product includes cryptographic software written by - Eric Young (eay@cryptsoft.com)" - The word 'cryptographic' can be left out if the rouines from the library - being used are not cryptographic related :-). -4. If you include any Windows specific code (or a derivative thereof) from - the apps directory (application code) you must include an acknowledgement: - "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - -THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The licence and distribution terms for any publically available version or -derivative of this code cannot be changed. i.e. this code cannot simply be -copied and put under another distribution licence -[including the GNU Public Licence.] - -The reason behind this being stated in this direct manner is past -experience in code simply being copied and the attribution removed -from it and then being distributed as part of other packages. This -implementation was a non-trivial and unpaid effort. - diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure index 8b9ecbcdef..fdad0c238c 100644 --- a/src/lib/libssl/src/Configure +++ b/src/lib/libssl/src/Configure @@ -1,17 +1,37 @@ -#!/usr/bin/perl +: +eval 'exec perl -S $0 ${1+"$@"}' + if $running_under_some_shell; +## +## Configure -- OpenSSL source tree configuration script +## -# see PROBLEMS for instructions on what sort of things to do when -# tracking a bug --tjh +require 5.000; +use strict; + +# see INSTALL for instructions. + +my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n"; + +# Options: # -# extra options -# -DRSAref build to use RSAref -# -DNO_IDEA build with no IDEA algorithm -# -DNO_RC4 build with no RC4 algorithm -# -DNO_RC2 build with no RC2 algorithm -# -DNO_BF build with no Blowfish algorithm -# -DNO_DES build with no DES/3DES algorithm -# -DNO_MD2 build with no MD2 algorithm +# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the +# --prefix option is given; /usr/local/ssl otherwise) +# --prefix prefix for the OpenSSL include, lib and bin directories +# (Default: the OPENSSLDIR directory) # +# --install_prefix Additional prefix for package builders (empty by +# default). This needn't be set in advance, you can +# just as well use "make INSTALL_PREFIX=/whatever install". +# +# rsaref use RSAref +# [no-]threads [don't] try to create a library that is suitable for +# multithreaded applications (default is "threads" if we +# know how to do it) +# no-asm do not use assembler +# 386 generate 80386 code +# no- build without specified algorithm (rsa, idea, rc5, ...) +# - + compiler options are passed through +# # DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h # DES_RISC1 use different DES_ENCRYPT macro that helps reduce register # dependancies but needs to more registers, good for RISC CPU's @@ -32,124 +52,181 @@ # RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on # array lookups instead of pointer use. # BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha). -# BF_PTR2 use a pentium/intel specific version. +# BF_PTR2 intel specific version (generic version is more efficient). # MD5_ASM use some extra md5 assember, # SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86 # RMD160_ASM use some extra ripemd160 assember, -# BN_ASM use some extra bn assember, -$x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; +my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; # MD2_CHAR slags pentium pros -$x86_gcc_opts="RC4_INDEX MD2_INT BF_PTR2"; +my $x86_gcc_opts="RC4_INDEX MD2_INT"; # MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT # Don't worry about these normally -$tcc="cc"; -$tflags="-fast -Xa"; -$tbn_mul=""; -$tlib="-lnsl -lsocket"; +my $tcc="cc"; +my $tflags="-fast -Xa"; +my $tbn_mul=""; +my $tlib="-lnsl -lsocket"; #$bits1="SIXTEEN_BIT "; #$bits2="THIRTY_TWO_BIT "; -$bits1="THIRTY_TWO_BIT "; -$bits2="SIXTY_FOUR_BIT "; +my $bits1="THIRTY_TWO_BIT "; +my $bits2="SIXTY_FOUR_BIT "; -$x86_sol_asm="asm/bn86-sol.o:asm/dx86-sol.o:asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o"; -$x86_elf_asm="asm/bn86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o"; -$x86_out_asm="asm/bn86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o"; -$x86_bsdi_asm="asm/bn86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o"; +my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o"; +my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o"; +my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o"; +my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o"; # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1. # So the md5_locl.h file has an undef B_ENDIAN if sun is defined #config-string CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \ # des_asm:bf_asm -%table=( -#"b", "$tcc:$tflags:$tlib:$bits1:$tbn_mul::", -#"bl-4c-2c", "$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::", -#"bl-4c-ri", "$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::", -#"b2-is-ri-dp", "$tcc:$tflags:$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::", - -# A few of my development configs -"purify", "purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::", -"debug", "gcc:-DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::::", -"dist", "cc:-O -DNOPROTO::::", +my %table=( +#"b", "$tcc:$tflags::$tlib:$bits1:$tbn_mul::", +#"bl-4c-2c", "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::", +#"bl-4c-ri", "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::", +#"b2-is-ri-dp", "$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::", + +# Our development configs +"purify", "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::", +"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::", +"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", +"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", +"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::", +"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"debug-bodo", "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -g -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"dist", "cc:-O::(unknown):::::", # Basic configs that should work on any box -"gcc", "gcc:-O3::BN_LLONG:::", -"cc", "cc:-O -DNOPROTO -DNOCONST:::::", - - -# My solaris setups -"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DBN_ASM:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm:", -"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::", -# DO NOT use /xO[34] on sparc with SC3.0. -# It is broken, and will not pass the tests -"solaris-sparc-cc","cc:-fast -O -Xa -DB_ENDIAN:\ - -lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:asm/sparc.o::", -# SC4.0 is ok, better than gcc, except for the bignum stuff. -# -fast slows things like DES down quite a lot -"solaris-sparc-sc4","cc:-xO5 -Xa -DB_ENDIAN:-lsocket -lnsl:\ - BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::", -"solaris-usparc-sc4","cc:-xtarget=ultra -xarch=v8plus -Xa -xO5 -DB_ENDIAN:\ - -lsocket -lnsl:\ - BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::", +"gcc", "gcc:-O3::(unknown)::BN_LLONG:::", +"cc", "cc:-O::(unknown):::::", + +#### Solaris x86 setups +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm", + +#### SPARC Solaris with GNU C setups +"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::", +"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::", +"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:", +# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8 +# but keep the assembler modules. +"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:", +#### +"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::", +"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o::", + +#### SPARC Solaris with Sun C setups +# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests +"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:::", +# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. +# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 +# SC5.0 note: Compiler common patch 107357-01 or later is required! +"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::", +"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::", +"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:", + +#### SPARC Linux setups +"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::", +# Ray Miller has patiently +# assisted with debugging of following two configs. +"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::::", +# it's a real mess with -mcpu=ultrasparc option under Linux, but +# -Wa,-Av8plus should do the trick no matter what. +"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:", +# !!!Folowing can't be even tested yet!!! +# We have to wait till 64-bit glibc for SPARC is operational!!! +#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:", # Sunos configs, assuming sparc for the gcc one. -"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::DES_UNROLL:::", -"sunos-gcc","gcc:-O3 -mv8::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::", - -# SGI configurations. If the box is rather old (r3000 cpu), you will -# probably have to remove the '-mips2' flag. I've only been using -# IRIX 5.[23]. -#"irix-gcc","gcc:-O2 -mips2::BN_LLONG RC4_INDEX RC4_CHAR:::", -"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::", -"irix-cc", "cc:-O2 -DTERMIOS -DB_ENDIAN::DES_PTR DES_RISC2 DES_UNROLL BF_PTR:asm/r3000.o::", -"debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:::asm/r3000.o::", - -# HPUX config. I've been building on HPUX 9, so the options may be -# different on version 10. The pa-risc2.o assember file is 2 times -# faster than the old asm/pa-risc.o version but it may not run on old -# PA-RISC CPUs. If you have problems, swap back to the old one. -# Both were generated by gcc, so use the C version with the PA-RISC specific -# options turned on if you are using gcc. -"hpux-cc", "cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::", -"hpux-kr-cc", "cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::", -"hpux-gcc", "gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", - -# Dec Alpha, OSF/1 - the alpha400-cc is the flags for a 21164A with +##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::", +"sunos-gcc","gcc:-O3 -mv8::(unknown)::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::", + +#### IRIX 5.x configs +# -mips2 flag is added by ./config when appropriate. +"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::", +"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::", +#### IRIX 6.x configs +# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke +# './Configure irix-[g]cc' manually. +# -mips4 flag is added by ./config when appropriate. +"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", +"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", +# N64 ABI builds. +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", + +# HPUX 9.X config. +# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or +# egcs. gcc 2.8.1 is also broken. + +"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise, +# please report your OS and compiler version to the bugs@openssl.org +# mailing list. +"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::", + +"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +# If hpux-gcc fails, try this one: +"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::", + +# HPUX 10.X config. Supports threads. +"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG): +"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", + +"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +# If hpux10-gcc fails, try this one: +"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::", + +# HPUX 11.X from www.globus.org. +# Only works on PA-RISC 2.0 cpus, and not optimized. Why? +"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::", +"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::", + +# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with # the new compiler -"alpha-gcc","gcc:-O3::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:asm/alpha.o::", -"alpha-cc", "cc:-O2::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:asm/alpha.o::", -"alpha400-cc", "cc:-arch host -tune host -fast -std -O4 -inline speed::SIXTY_FOUR_BIT_LONG:asm/alpha.o::", +# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version +"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:::", +"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::", +"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::", +"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::", + +# assembler versions -- currently defunct: +##"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::", +##"alpha-cc", "cc:-tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::", +##"alpha164-cc", "cc:-tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::", +##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::", # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the # bn86-elf.o file file since it is hand tweaked assembler. -"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", -"debug-linux-elf","gcc:-DREF_CHECK -DBN_ASM -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", -"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", -"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", -"NetBSD-m86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", -"NetBSD-x86", "gcc:-DTERMIOS -DBN_ASM -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:", -"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:::", -"OpenBSD-x86", "gcc:-DTERMIOS -DBN_ASM -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", -"OpenBSD-bigendian", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", -"OpenBSD-pmax", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DL_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", -"OpenBSD-arc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DL_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", -"FreeBSD", "gcc:-DTERMIOS -DBN_ASM -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", -#"bsdi-gcc", "gcc:-O3 -ffast-math -DBN_ASM -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm", -"nextstep", "cc:-O3 -Wall -DBN_ASM::BN_LLONG $x86_gcc_des $x86_gcc_opts:::", +"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", +"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", +"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::::", +"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", +"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", +"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:", +"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", +"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm", +"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"nextstep", "cc:-O -Wall::(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", +"nextstep3.3", "cc:-O3 -Wall::(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # NCR MP-RAS UNIX ver 02.03.01 -"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::", +"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::", # UnixWare 2.0 -"unixware-2.0","cc:-O -DFILIO_H:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::", -"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX $x86_des_des::", +"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::", +"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", # IBM's AIX. -"aix-cc", "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::", +"aix-cc", "cc:-O -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::", +"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::", # # Cray T90 (SDSC) @@ -162,104 +239,257 @@ $x86_bsdi_asm="asm/bn86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/m #'Taking the address of a bit field is not allowed. ' #'An expression with bit field exists as the operand of "sizeof" ' # (written by Wayne Schroeder ) -"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::", +"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::", + +# +# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov) +# +# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added +# another use. Basically, the problem is that the T3E uses some bit fields +# for some st_addr stuff, and then sizeof and address-of fails +# I could not use the ams/alpha.o option because the Cray assembler, 'cam' +# did not like it. +"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::", # DGUX, 88100. -"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::", -"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::", -"dgux-R4-x86-gcc", "gcc:-O3 -DBN_ASM -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::", +"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::", +"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", -# SCO 5 -"sco5-cc", "cc:-O:-lsocket:$x86_gcc_des $x86_gcc_opts:::", # des options? +# SCO 5 - Ben Laurie says the -O breaks the +# SCO cc. +"sco5-cc", "cc:::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options? +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... -# Sinix RM400 -"SINIX-N","/usr/ucb/cc:-O2 -misaligned:-lucb:RC4_INDEX RC4_CHAR:::", +# Sinix/ReliantUNIX RM400 +# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ +"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN::-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::", +"SINIX","cc:-O -DSNI::(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::", +"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown):-lucb:RC4_INDEX RC4_CHAR:::", + +# SIEMENS BS2000/OSD: an EBCDIC-based mainframe +"BS2000-OSD","c89:-XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", # Windows NT, Microsoft Visual C++ 4.0 -# hmm... bug in perl under NT, I need to concatinate :-( -"VC-NT","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::", -"VC-WIN32","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::", -"VC-WIN16","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", -"VC-W31-16","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", -"VC-W31-32","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", -"VC-MSDOS","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", +"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::", +"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::", +"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", +"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", +"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", +"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", # Borland C++ 4.5 -"BC-32","bcc32:::DES_PTR RC4_INDEX:::", -"BC-16","bcc:::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", -); +"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::", +"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", + +# CygWin32 +# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl +# and its library files in util/pl/*) +"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:", +"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:", + +# Ultrix from Bernhard Simon +"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::", +"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::::::", +# K&R C is no longer supported; you need gcc on old Ultrix installations +##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::", + +# Some OpenBSD from Bob Beck +"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::", +"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", +"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::", +"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::", -$postfix="org"; -$Makefile="Makefile.ssl"; -$des_locl="crypto/des/des_locl.h"; -$des ="crypto/des/des.h"; -$bn ="crypto/bn/bn.h"; -$md2 ="crypto/md2/md2.h"; -$rc4 ="crypto/rc4/rc4.h"; -$rc4_locl="crypto/rc4/rc4_locl.h"; -$idea ="crypto/idea/idea.h"; -$rc2 ="crypto/rc2/rc2.h"; -$bf ="crypto/bf/bf_locl.h"; -$bn_mulw="bn_mulw.o"; -$des_enc="des_enc.o fcrypt_b.o"; -$bf_enc ="bf_enc.o"; -$cast_enc="c_enc.o"; -$rc4_enc="rc4_enc.o"; -$rc5_enc="rc5_enc.o"; -$md5_obj=""; -$sha1_obj=""; -$rmd160_obj=""; - -if ($#ARGV < 0) - { - &bad_target; - exit(1); - } +); -$flags=""; +my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32 + BC-16 CygWin32 Mingw32); + +my $prefix=""; +my $openssldir=""; +my $install_prefix=""; +my $no_threads=0; +my $threads=0; +my $no_asm=0; +my @skip=(); +my $Makefile="Makefile.ssl"; +my $des_locl="crypto/des/des_locl.h"; +my $des ="crypto/des/des.h"; +my $bn ="crypto/bn/bn.h"; +my $md2 ="crypto/md2/md2.h"; +my $rc4 ="crypto/rc4/rc4.h"; +my $rc4_locl="crypto/rc4/rc4_locl.h"; +my $idea ="crypto/idea/idea.h"; +my $rc2 ="crypto/rc2/rc2.h"; +my $bf ="crypto/bf/bf_locl.h"; +my $bn_asm ="bn_asm.o"; +my $des_enc="des_enc.o fcrypt_b.o"; +my $bf_enc ="bf_enc.o"; +my $cast_enc="c_enc.o"; +my $rc4_enc="rc4_enc.o"; +my $rc5_enc="rc5_enc.o"; +my $md5_obj=""; +my $sha1_obj=""; +my $rmd160_obj=""; +my $processor=""; +my $ranlib; +my $perl; + +$ranlib=&which("ranlib") or $ranlib="true"; +$perl=&which("perl5") or $perl=&which("perl") or $perl="perl"; + +&usage if ($#ARGV < 0); + +my $flags=""; +my $depflags=""; +my $libs=""; +my $target=""; +my $options=""; foreach (@ARGV) { - if ($_ =~ /^-/) + if (/^no-asm$/) + { + $no_asm=1; + $flags .= "-DNO_ASM "; + } + elsif (/^no-threads$/) + { $no_threads=1; } + elsif (/^threads$/) + { $threads=1; } + elsif (/^no-(.+)$/) + { + my $algo=$1; + push @skip,$algo; + $algo =~ tr/[a-z]/[A-Z]/; + $flags .= "-DNO_$algo "; + $depflags .= "-DNO_$algo "; + if ($algo eq "DES") + { + $options .= " no-mdc2"; + $flags .= "-DNO_MDC2 "; + $depflags .= "-DNO_MDC2 "; + } + } + elsif (/^386$/) + { $processor=386; } + elsif (/^rsaref$/) + { + $libs.= "-lRSAglue -lrsaref "; + $flags.= "-DRSAref "; + } + elsif (/^[-+]/) { - if ($_ =~ /^-[lL](.*)$/) + if (/^-[lL](.*)$/) { $libs.=$_." "; } - elsif ($_ =~ /^-D(.*)$/) + elsif (/^-[^-]/ or /^\+/) { $flags.=$_." "; } + elsif (/^--prefix=(.*)$/) + { + $prefix=$1; + } + elsif (/^--openssldir=(.*)$/) + { + $openssldir=$1; + } + elsif (/^--install.prefix=(.*)$/) + { + $install_prefix=$1; + } else { - die "unknown options, only -Dxxx, -Lxxx -lxxx supported\n"; + print STDERR $usage; + exit(1); } } + elsif ($_ =~ /^([^:]+):(.+)$/) + { + eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string + $target=$1; + } else { die "target already defined - $target\n" if ($target ne ""); $target=$_; - if (!defined($table{$target})) - { - &bad_target; - exit(1); - } + } + unless ($_ eq $target) { + if ($options eq "") { + $options = $_; + } else { + $options .= " ".$_; } } +} -if (!defined($table{$target})) - { - &bad_target; - exit(1); +if ($target eq "TABLE") { + foreach $target (sort keys %table) { + print_table_entry($target); } + exit 0; +} + +&usage if (!defined($table{$target})); + +my $IsWindows=scalar grep /^$target$/,@WinTargets; + +$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); +$prefix=$openssldir if $prefix eq ""; + +chop $openssldir if $openssldir =~ /\/$/; +chop $prefix if $prefix =~ /\/$/; -($cc,$cflags,$lflags,$bn_ops,$bn_obj,$des_obj,$bf_obj,$md5_obj,$sha1_obj, - $cast_obj,$rc4_obj,$rmd160_obj,$rc5_obj)= - split(/\s*:\s*/,$table{$target}); +$openssldir=$prefix . "/ssl" if $openssldir eq ""; +$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//; + + +print "IsWindows=$IsWindows\n"; + +(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj, + $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)= + split(/\s*:\s*/,$table{$target} . ":" x 20 , -1); $cflags="$flags$cflags" if ($flags ne ""); + +my $thread_cflags; +if ($thread_cflag ne "(unknown)" && !$no_threads) + { + # If we know how to do it, support threads by default. + $threads = 1; + } +if ($thread_cflag eq "(unknown)") + { + # If the user asked for "threads", hopefully they also provided + # any system-dependent compiler options that are necessary. + $thread_cflags="-DTHREADS $cflags" + } +else + { + $thread_cflags="-DTHREADS $thread_cflag $cflags" + } + $lflags="$libs$lflags"if ($libs ne ""); -$bn_obj=$bn_mulw unless ($bn_obj =~ /\.o$/); +if ($no_asm) + { + $bn_obj=$des_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; + $sha1_obj=$md5_obj=$rmd160_obj=""; + } + +if ($threads) + { + $cflags=$thread_cflags; + } + +#my ($bn1)=split(/\s+/,$bn_obj); +#$bn1 = "" unless defined $bn1; +#$bn1=$bn_asm unless ($bn1 =~ /\.o$/); +#$bn_obj="$bn1"; + +$bn_obj = $bn_asm unless $bn_obj ne ""; + $des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); @@ -281,16 +511,50 @@ if ($rmd160_obj =~ /\.o$/) $cflags.=" -DRMD160_ASM"; } -$n=&file_new($Makefile); -open(IN,"<".$Makefile) || die "unable to read $Makefile:$!\n"; -open(OUT,">".$n) || die "unable to read $n:$!\n"; +my $version = "unknown"; +my $major = "unknown"; +my $minor = "unknown"; + +open(IN,') + { + $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; + } +close(IN); + +if ($version =~ /(^[0-9]*)\.([0-9\.]*)/) + { + $major=$1; + $minor=$2; + } + +open(IN,'$Makefile") || die "unable to create $Makefile:$!\n"; +my $sdirs=0; while () { chop; + $sdirs = 1 if /^SDIRS=/; + if ($sdirs) { + my $dir; + foreach $dir (@skip) { + s/$dir//; + } + } + $sdirs = 0 unless /\\$/; + s/^VERSION=.*/VERSION=$version/; + s/^MAJOR=.*/MAJOR=$major/; + s/^MINOR=.*/MINOR=$minor/; + s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/; + s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/; + s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/; + s/^PLATFORM=.*$/PLATFORM=$target/; + s/^OPTIONS=.*$/OPTIONS=$options/; s/^CC=.*$/CC= $cc/; s/^CFLAG=.*$/CFLAG= $cflags/; + s/^DEPFLAG=.*$/DEPFLAG= $depflags/; s/^EX_LIBS=.*$/EX_LIBS= $lflags/; - s/^BN_MULW=.*$/BN_MULW= $bn_obj/; + s/^BN_ASM=.*$/BN_ASM= $bn_obj/; s/^DES_ENC=.*$/DES_ENC= $des_obj/; s/^BF_ENC=.*$/BF_ENC= $bf_obj/; s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; @@ -299,16 +563,18 @@ while () s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; + s/^PROCESSOR=.*/PROCESSOR= $processor/; + s/^RANLIB=.*/RANLIB= $ranlib/; + s/^PERL=.*/PERL= $perl/; print OUT $_."\n"; } close(IN); close(OUT); -&Rename($Makefile,&file_old($Makefile)); -&Rename($n,$Makefile); + print "CC =$cc\n"; print "CFLAG =$cflags\n"; print "EX_LIBS =$lflags\n"; -print "BN_MULW =$bn_obj\n"; +print "BN_ASM =$bn_obj\n"; print "DES_ENC =$des_obj\n"; print "BF_ENC =$bf_obj\n"; print "CAST_ENC =$cast_obj\n"; @@ -317,21 +583,26 @@ print "RC5_ENC =$rc5_obj\n"; print "MD5_OBJ_ASM =$md5_obj\n"; print "SHA1_OBJ_ASM =$sha1_obj\n"; print "RMD160_OBJ_ASM=$rmd160_obj\n"; - -$des_ptr=0; -$des_risc1=0; -$des_risc2=0; -$des_unroll=0; -$bn_ll=0; -$def_int=2; -$rc4_int=$def_int; -$md2_int=$def_int; -$idea_int=$def_int; -$rc2_int=$def_int; -$rc4_idx=0; -$bf_ptr=0; -@type=("char","short","int","long"); -($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0); +print "PROCESSOR =$processor\n"; +print "RANLIB =$ranlib\n"; +print "PERL =$perl\n"; + +my $des_ptr=0; +my $des_risc1=0; +my $des_risc2=0; +my $des_unroll=0; +my $bn_ll=0; +my $def_int=2; +my $rc4_int=$def_int; +my $md2_int=$def_int; +my $idea_int=$def_int; +my $rc2_int=$def_int; +my $rc4_idx=0; +my $bf_ptr=0; +my @type=("char","short","int","long"); +my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0); + +my $des_int; foreach (sort split(/\s+/,$bn_ops)) { @@ -359,13 +630,18 @@ foreach (sort split(/\s+/,$bn_ops)) ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/; } -(($in=$bn) =~ s/\.([^.]+)/.$postfix/); -$n=&file_new($bn); -open(IN,"<".$in) || die "unable to read $bn:$!\n"; -open(OUT,">$n") || die "unable to read $n:$!\n"; +open(IN,'crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n"; while () { - if (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/) + if (/^#define\s+OPENSSLDIR/) + { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } + elsif (/^#define\s+OPENSSL_UNISTD/) + { + $unistd = "" if $unistd eq ""; + print OUT "#define OPENSSL_UNISTD $unistd\n"; + } + elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/) { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; } elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/) { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; } @@ -377,38 +653,10 @@ while () { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; } elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/) { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; } - else - { print OUT $_; } - } -close(IN); -close(OUT); -&Rename($bn,&file_old($bn)); -&Rename($n,$bn); - -(($in=$des) =~ s/\.([^.]+)/.$postfix/); -$n=&file_new($des); -open(IN,"<".$in) || die "unable to read $des:$!\n"; -open(OUT,">$n") || die "unable to read $n:$!\n"; -while () - { - if (/^\#define\s+DES_LONG\s+.*/) + elsif (/^\#define\s+DES_LONG\s+.*/) { printf OUT "#define DES_LONG unsigned %s\n", ($des_int)?'int':'long'; } - else - { print OUT $_; } - } -close(IN); -close(OUT); -&Rename($des,&file_old($des)); -&Rename($n,$des); - -(($in=$des_locl) =~ s/\.([^.]+)/.$postfix/); -$n=&file_new($des_locl); -open(IN,"<".$in) || die "unable to read $des_locl:$!\n"; -open(OUT,">$n") || die "unable to read $n:$!\n"; -while () - { - if (/^\#(define|undef)\s+DES_PTR/) + elsif (/^\#(define|undef)\s+DES_PTR/) { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; } elsif (/^\#(define|undef)\s+DES_RISC1/) { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; } @@ -416,113 +664,33 @@ while () { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; } elsif (/^\#(define|undef)\s+DES_UNROLL/) { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; } - else - { print OUT $_; } - } -close(IN); -close(OUT); -&Rename($des_locl,&file_old($des_locl)); -&Rename($n,$des_locl); - -(($in=$rc4) =~ s/\.([^.]+)/.$postfix/); -$n=&file_new($rc4); -open(IN,"<".$in) || die "unable to read $rc4:$!\n"; -open(OUT,">$n") || die "unable to read $n:$!\n"; -while () - { - if (/^#define\s+RC4_INT\s/) + elsif (/^#define\s+RC4_INT\s/) { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; } - else - { print OUT $_; } - } -close(IN); -close(OUT); -&Rename($rc4,&file_old($rc4)); -&Rename($n,$rc4); - -(($in=$rc4_locl) =~ s/\.([^.]+)/.$postfix/); -$n=&file_new($rc4_locl); -open(IN,"<".$in) || die "unable to read $rc4_locl:$!\n"; -open(OUT,">$n") || die "unable to read $n:$!\n"; -while () - { - if (/^#((define)|(undef))\s+RC4_INDEX/) + elsif (/^#((define)|(undef))\s+RC4_INDEX/) { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; } - else - { print OUT $_; } - } -close(IN); -close(OUT); -&Rename($rc4_locl,&file_old($rc4_locl)); -&Rename($n,$rc4_locl); - -(($in=$md2) =~ s/\.([^.]+)/.$postfix/); -$n=&file_new($md2); -open(IN,"<".$in) || die "unable to read $bn:$!\n"; -open(OUT,">$n") || die "unable to read $n:$!\n"; -while () - { - if (/^#define\s+MD2_INT\s/) + elsif (/^#(define|undef)\s+I386_ONLY/) + { printf OUT "#%s I386_ONLY\n", ($processor == 386)? + "define":"undef"; } + elsif (/^#define\s+MD2_INT\s/) { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; } - else - { print OUT $_; } - } -close(IN); -close(OUT); -&Rename($md2,&file_old($md2)); -&Rename($n,$md2); - -(($in=$idea) =~ s/\.([^.]+)/.$postfix/); -$n=&file_new($idea); -open(IN,"<".$in) || die "unable to read $idea:$!\n"; -open(OUT,">$n") || die "unable to read $n:$!\n"; -while () - { - if (/^#define\s+IDEA_INT\s/) + elsif (/^#define\s+IDEA_INT\s/) {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];} - else - { print OUT $_; } - } -close(IN); -close(OUT); -&Rename($idea,&file_old($idea)); -&Rename($n,$idea); - -(($in=$rc2) =~ s/\.([^.]+)/.$postfix/); -$n=&file_new($rc2); -open(IN,"<".$in) || die "unable to read $rc2:$!\n"; -open(OUT,">$n") || die "unable to read $n:$!\n"; -while () - { - if (/^#define\s+RC2_INT\s/) + elsif (/^#define\s+RC2_INT\s/) {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];} - else - { print OUT $_; } - } -close(IN); -close(OUT); -&Rename($rc2,&file_old($rc2)); -&Rename($n,$rc2); - -(($in=$bf) =~ s/\.([^.]+)/.$postfix/); -$n=&file_new($bf); -open(IN,"<".$in) || die "unable to read $bf:$!\n"; -open(OUT,">$n") || die "unable to read $n:$!\n"; -while () - { - if (/^#(define|undef)\s+BF_PTR/) + elsif (/^#(define|undef)\s+BF_PTR/) { printf OUT "#undef BF_PTR\n" if $bf_ptr == 0; printf OUT "#define BF_PTR\n" if $bf_ptr == 1; printf OUT "#define BF_PTR2\n" if $bf_ptr == 2; - } + } else { print OUT $_; } } close(IN); close(OUT); -&Rename($bf,&file_old($bf)); -&Rename($n,$bf); + + +# Fix the date print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l; print "SIXTY_FOUR_BIT mode\n" if $b64; @@ -542,30 +710,160 @@ print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int; print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; print "BF_PTR used\n" if $bf_ptr == 1; print "BF_PTR2 used\n" if $bf_ptr == 2; + +if($IsWindows) { + open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; + printf OUT <crypto\\objects\\obj_dat.h"; +} else { + (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?; + ### (system 'make depend') == 0 or exit $? if $depflags ne ""; + # Run "make depend" manually if you want to be able to delete + # the source code files of ciphers you left out. + &dofile("tools/c_rehash",$openssldir,'^DIR=', 'DIR=%s',); + if ( $perl =~ m@^/@) { + &dofile("apps/der_chop",$perl,'^#!/', '#!%s'); + } else { + # No path for Perl known ... + &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s'); + } +} + +my $pwd; + +if($IsWindows) { + $pwd="(current directory)"; +} else { + $pwd =`pwd`; + chop($pwd); +} +print < +should be used instead of #include . +These new file locations allow installing the OpenSSL header +files in /usr/local/include/openssl/ and should help avoid +conflicts with other libraries. + +To compile programs that use the old form , +usually an additional compiler option will suffice: E.g., add + -I$prefix/include/openssl +or + -I$pwd/include/openssl +to the CFLAGS in the Makefile of the program that you want to compile +(and leave all the original -I...'s in place!). + +Please make sure that no old OpenSSL header files are around: +The include directory should now be empty except for the openssl +subdirectory. + +EOF + +print <<\EOF if (!$no_threads && !$threads); + +The library could not be configured for supporting multi-threaded +applications as the compiler options required on this system are not known. +See file INSTALL for details if you need multi-threading. + +EOF + exit(0); -sub bad_target +sub usage { - print STDERR "Usage: Configure [-Dxxx] [-Lxxx] [-lxxx] os/compiler\n"; + print STDERR $usage; print STDERR "pick os/compiler from:"; - $j=0; + my $j=0; + my $i; + foreach $i (sort keys %table) + { + next if $i =~ /^debug/; + print STDERR "\n" if ($j++ % 4) == 0; + printf(STDERR "%-18s ",$i); + } foreach $i (sort keys %table) { - next if /^b-/; + next if $i !~ /^debug/; print STDERR "\n" if ($j++ % 4) == 0; printf(STDERR "%-18s ",$i); } print STDERR "\n"; + exit(1); } -sub Rename +sub which { - local($from,$to)=@_; + my($name)=@_; + my $path; + foreach $path (split /:/, $ENV{PATH}) + { + if (-f "$path/$name" and -x _) + { + return "$path/$name" unless ($name eq "perl" and + system("$path/$name -e " . '\'exit($]<5.0);\'')); + } + } + } + +sub dofile + { + my $f; my $p; my %m; my @a; my $k; my $ff; + ($f,$p,%m)=@_; - unlink($to); -# rename($from,$to) || die "unable to rename $from to $to:$!\n"; - rename($from,$to) # Don't care if it fails.. + open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n"; + @a=; + close(IN); + foreach $k (keys %m) + { + grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a); + } + ($ff=$f) =~ s/\..*$//; + open(OUT,">$ff.new") || die "unable to open $f:$!\n"; + print OUT @a; + close(OUT); + rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f; + rename("$ff.new",$f) || die "unable to rename $ff.new\n"; } -sub file_new { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.new/; $a; } -sub file_old { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.old/; $a; } +sub print_table_entry + { + my $target = shift; + + (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops, + my $bn_obj,my $des_obj,my $bf_obj, + $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)= + split(/\s*:\s*/,$table{$target} . ":" x 20 , -1); + + print < - - Lots and lots of changes - -29-Jan-98 - - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from - Goetz Babin-Ebell . - - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or - TLS1_VERSION. - -7-Jan-98 - - Finally reworked the cipher string to ciphers again, so it - works correctly - - All the app_data stuff is now ex_data with funcion calls to access. - The index is supplied by a function and 'methods' can be setup - for the types that are called on XXX_new/XXX_free. This lets - applications get notified on creation and destruction. Some of - the RSA methods could be implemented this way and I may do so. - - Oh yes, SSL under perl5 is working at the basic level. - -15-Dec-97 - - Warning - the gethostbyname cache is not fully thread safe, - but it should work well enough. - - Major internal reworking of the app_data stuff. More functions - but if you were accessing ->app_data directly, things will - stop working. - - The perlv5 stuff is working. Currently on message digests, - ciphers and the bignum library. - -9-Dec-97 - - Modified re-negotiation so that server initated re-neg - will cause a SSL_read() to return -1 should retry. - The danger otherwise was that the server and the - client could end up both trying to read when using non-blocking - sockets. - -4-Dec-97 - - Lots of small changes - - Fix for binaray mode in Windows for the FILE BIO, thanks to - Bob Denny - -17-Nov-97 - - Quite a few internal cleanups, (removal of errno, and using macros - defined in e_os.h). - - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where - the automactic naming out output files was being stuffed up. - -29-Oct-97 - - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember - for x86. - -21-Oct-97 - - Fixed a bug in the BIO_gethostbyname() cache. - -15-Oct-97 - - cbc mode for blowfish/des/3des is now in assember. Blowfish asm - has also been improved. At this point in time, on the pentium, - md5 is %80 faster, the unoptimesed sha-1 is %79 faster, - des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc - is %62 faster. - -12-Oct-97 - - MEM_BUF_grow() has been fixed so that it always sets the buf->length - to the value we are 'growing' to. Think of MEM_BUF_grow() as the - way to set the length value correctly. - -10-Oct-97 - - I now hash for certificate lookup on the raw DER encoded RDN (md5). - This breaks things again :-(. This is efficent since I cache - the DER encoding of the RDN. - - The text DN now puts in the numeric OID instead of UNKNOWN. - - req can now process arbitary OIDs in the config file. - - I've been implementing md5 in x86 asm, much faster :-). - - Started sha1 in x86 asm, needs more work. - - Quite a few speedups in the BN stuff. RSA public operation - has been made faster by caching the BN_MONT_CTX structure. - The calulating of the Ai where A*Ai === 1 mod m was rather - expensive. Basically a 40-50% speedup on public operations. - The RSA speedup is now 15% on pentiums and %20 on pentium - pro. - -30-Sep-97 - - After doing some profiling, I added x86 adm for bn_add_words(), - which just adds 2 arrays of longs together. A %10 speedup - for 512 and 1024 bit RSA on the pentium pro. - -29-Sep-97 - - Converted the x86 bignum assembler to us the perl scripts - for generation. - -23-Sep-97 - - If SSL_set_session() is passed a NULL session, it now clears the - current session-id. - -22-Sep-97 - - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned - certificates. - - Bug in crypto/evp/encode.c where by decoding of 65 base64 - encoded lines, one line at a time (via a memory BIO) would report - EOF after the first line was decoded. - - Fix in X509_find_by_issuer_and_serial() from - Dr Stephen Henson - -19-Sep-97 - - NO_FP_API and NO_STDIO added. - - Put in sh config command. It auto runs Configure with the correct - parameters. - -18-Sep-97 - - Fix x509.c so if a DSA cert has different parameters to its parent, - they are left in place. Not tested yet. - -16-Sep-97 - - ssl_create_cipher_list() had some bugs, fixes from - Patrick Eisenacher - - Fixed a bug in the Base64 BIO, where it would return 1 instead - of -1 when end of input was encountered but should retry. - Basically a Base64/Memory BIO interaction problem. - - Added a HMAC set of functions in preporarion for TLS work. - -15-Sep-97 - - Top level makefile tweak - Cameron Simpson - - Prime generation spead up %25 (512 bit prime, pentium pro linux) - by using montgomery multiplication in the prime number test. - -11-Sep-97 - - Ugly bug in ssl3_write_bytes(). Basically if application land - does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code - did not check the size and tried to copy the entire buffer. - This would tend to cause memory overwrites since SSLv3 has - a maximum packet size of 16k. If your program uses - buffers <= 16k, you would probably never see this problem. - - Fixed a new errors that were cause by malloc() not returning - 0 initialised memory.. - - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using - SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing - since this flags stops SSLeay being able to handle client - cert requests correctly. - -08-Sep-97 - - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched - on, the SSL server routines will not use a SSL_SESSION that is - held in it's cache. This in intended to be used with the session-id - callbacks so that while the session-ids are still stored in the - cache, the decision to use them and how to look them up can be - done by the callbacks. The are the 'new', 'get' and 'remove' - callbacks. This can be used to determine the session-id - to use depending on information like which port/host the connection - is coming from. Since the are also SSL_SESSION_set_app_data() and - SSL_SESSION_get_app_data() functions, the application can hold - information against the session-id as well. - -03-Sep-97 - - Added lookup of CRLs to the by_dir method, - X509_load_crl_file() also added. Basically it means you can - lookup CRLs via the same system used to lookup certificates. - - Changed things so that the X509_NAME structure can contain - ASN.1 BIT_STRINGS which is required for the unique - identifier OID. - - Fixed some problems with the auto flushing of the session-id - cache. It was not occuring on the server side. - -02-Sep-97 - - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) - which is the maximum number of entries allowed in the - session-id cache. This is enforced with a simple FIFO list. - The default size is 20*1024 entries which is rather large :-). - The Timeout code is still always operating. - -01-Sep-97 - - Added an argument to all the 'generate private key/prime` - callbacks. It is the last parameter so this should not - break existing code but it is needed for C++. - - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() - BIO. This lets the BIO read and write base64 encoded data - without inserting or looking for '\n' characters. The '-A' - flag turns this on when using apps/enc.c. - - RSA_NO_PADDING added to help BSAFE functionality. This is a - very dangerous thing to use, since RSA private key - operations without random padding bytes (as PKCS#1 adds) can - be attacked such that the private key can be revealed. - - ASN.1 bug and rc2-40-cbc and rc4-40 added by - Dr Stephen Henson - -31-Aug-97 (stuff added while I was away) - - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). - - RSA_flags() added allowing bypass of pub/priv match check - in ssl/ssl_rsa.c - Tim Hudson. - - A few minor bugs. - -SSLeay 0.8.1 released. - -19-Jul-97 - - Server side initated dynamic renegotiation is broken. I will fix - it when I get back from holidays. - -15-Jul-97 - - Quite a few small changes. - - INVALID_SOCKET usage cleanups from Alex Kiernan - -09-Jul-97 - - Added 2 new values to the SSL info callback. - SSL_CB_START which is passed when the SSL protocol is started - and SSL_CB_DONE when it has finished sucsessfully. - -08-Jul-97 - - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c - that related to DSA public/private keys. - - Added all the relevent PEM and normal IO functions to support - reading and writing RSAPublic keys. - - Changed makefiles to use ${AR} instead of 'ar r' - -07-Jul-97 - - Error in ERR_remove_state() that would leave a dangling reference - to a free()ed location - thanks to Alex Kiernan - - s_client now prints the X509_NAMEs passed from the server - when requesting a client cert. - - Added a ssl->type, which is one of SSL_ST_CONNECT or - SSL_ST_ACCEPT. I had to add it so I could tell if I was - a connect or an accept after the handshake had finished. - - SSL_get_client_CA_list(SSL *s) now returns the CA names - passed by the server if called by a client side SSL. - -05-Jul-97 - - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index - 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). - -04-Jul-97 - - Fixed some things in X509_NAME_add_entry(), thanks to - Matthew Donald . - - I had a look at the cipher section and though that it was a - bit confused, so I've changed it. - - I was not setting up the RC4-64-MD5 cipher correctly. It is - a MS special that appears in exported MS Money. - - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 - spec. I was missing the two byte length header for the - ClientDiffieHellmanPublic value. This is a packet sent from - the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG - option will enable SSLeay server side SSLv3 accept either - the correct or my 080 packet format. - - Fixed a few typos in crypto/pem.org. - -02-Jul-97 - - Alias mapping for EVP_get_(digest|cipher)byname is now - performed before a lookup for actual cipher. This means - that an alias can be used to 're-direct' a cipher or a - digest. - - ASN1_read_bio() had a bug that only showed up when using a - memory BIO. When EOF is reached in the memory BIO, it is - reported as a -1 with BIO_should_retry() set to true. - -01-Jul-97 - - Fixed an error in X509_verify_cert() caused by my - miss-understanding how 'do { contine } while(0);' works. - Thanks to Emil Sit for educating me :-) - -30-Jun-97 - - Base64 decoding error. If the last data line did not end with - a '=', sometimes extra data would be returned. - - Another 'cut and paste' bug in x509.c related to setting up the - STDout BIO. - -27-Jun-97 - - apps/ciphers.c was not printing due to an editing error. - - Alex Kiernan send in a nice fix for - a library build error in util/mk1mf.pl - -26-Jun-97 - - Still did not have the auto 'experimental' code removal - script correct. - - A few header tweaks for Watcom 11.0 under Win32 from - Rolf Lindemann - - 0 length OCTET_STRING bug in asn1_parse - - A minor fix with an non-existent function in the MS .def files. - - A few changes to the PKCS7 stuff. - -25-Jun-97 - SSLeay 0.8.0 finally it gets released. - -24-Jun-97 - Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to - use a temporary RSA key. This is experimental and needs some more work. - Fixed a few Win16 build problems. - -23-Jun-97 - SSLv3 bug. I was not doing the 'lookup' of the CERT structure - correctly. I was taking the SSL->ctx->default_cert when I should - have been using SSL->cert. The bug was in ssl/s3_srvr.c - -20-Jun-97 - X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the - rest of the library. Even though I had the code required to do - it correctly, apps/req.c was doing the wrong thing. I have fixed - and tested everything. - - Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. - -19-Jun-97 - Fixed a bug in the SSLv2 server side first packet handling. When - using the non-blocking test BIO, the ssl->s2->first_packet flag - was being reset when a would-block failure occurred when reading - the first 5 bytes of the first packet. This caused the checking - logic to run at the wrong time and cause an error. - - Fixed a problem with specifying cipher. If RC4-MD5 were used, - only the SSLv3 version would be picked up. Now this will pick - up both SSLv2 and SSLv3 versions. This required changing the - SSL_CIPHER->mask values so that they only mask the ciphers, - digests, authentication, export type and key-exchange algorithms. - - I found that when a SSLv23 session is established, a reused - session, of type SSLv3 was attempting to write the SSLv2 - ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char - method has been modified so it will only write out cipher which - that method knows about. - diff --git a/src/lib/libssl/src/HISTORY.066 b/src/lib/libssl/src/HISTORY.066 deleted file mode 100644 index f85224977a..0000000000 --- a/src/lib/libssl/src/HISTORY.066 +++ /dev/null @@ -1,443 +0,0 @@ -SSLeay 0.6.5 - -After quite some time (3 months), the new release. I have been very busy -for the last few months and so this is mostly bug fixes and improvments. - -The main additions are - -- assember for x86 DES. For all those gcc based systems, this is a big - improvement. From 117,000 DES operation a second on a pentium 100, - I now get 191,000. I have also reworked the C version so it - now gives 148,000 DESs per second. -- As mentioned above, the inner DES macros now have some more variant that - sometimes help, sometimes hinder performance. There are now 3 options - DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) - and DES_RISC (a more register intensive version of the inner macro). - The crypto/des/des_opts.c program, when compiled and run, will give - an indication of the correct options to use. -- The BIO stuff has been improved. Read doc/bio.doc. There are now - modules for encryption and base64 encoding and a BIO_printf() function. -- The CA program will accept simple one line X509v3 extensions in the - ssleay.cnf file. Have a look at the example. Currently this just - puts the text into the certificate as an OCTET_STRING so currently - the more advanced X509v3 data types are not handled but this is enough - for the netscape extensions. -- There is the start of a nicer higher level interface to the X509 - strucutre. -- Quite a lot of bug fixes. -- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used - to define the malloc(), free() and realloc() routines to use - (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when - using DLLs and mixing CRT libraries. - -In general, read the 'VERSION' file for changes and be aware that some of -the new stuff may not have been tested quite enough yet, so don't just plonk -in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. - -SSLeay 0.6.4 30/08/96 eay - -I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, -Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). - -The main changes in this release - -- Thread safe. have a read of doc/threads.doc and play in the mt directory. - For anyone using 0.6.3 with threads, I found 2 major errors so consider - moving to 0.6.4. I have a test program that builds under NT and - solaris. -- The get session-id callback has changed. Have a read of doc/callback.doc. -- The X509_cert_verify callback (the SSL_verify callback) now - has another argument. Have a read of doc/callback.doc -- 'ca -preserve', sign without re-ordering the DN. Not tested much. -- VMS support. -- Compile time memory leak detection can now be built into SSLeay. - Read doc/memory.doc -- CONF routines now understand '\', '\n', '\r' etc. What this means is that - the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. -- 'ssleay ciphers' added, lists the default cipher list for SSLeay. -- RC2 key setup is now compatable with Netscape. -- Modifed server side of SSL implementation, big performance difference when - using session-id reuse. - -0.6.3 - -Bug fixes and the addition of some nice stuff to the 'ca' program. -Have a read of doc/ns-ca.doc for how hit has been modified so -it can be driven from a CGI script. The CGI script is not provided, -but that is just being left as an excersize for the reader :-). - -0.6.2 - -This is most bug fixes and functionality improvements. - -Additions are -- More thread debugging patches, the thread stuff is still being - tested, but for those keep to play with stuff, have a look in - crypto/cryptlib.c. The application needs to define 1 (or optionaly - a second) callback that is used to implement locking. Compiling - with LOCK_DEBUG spits out lots of locking crud :-). - This is what I'm currently working on. -- SSL_CTX_set_default_passwd_cb() can be used to define the callback - function used in the SSL*_file() functions used to load keys. I was - always of the opinion that people should call - PEM_read_RSAPrivateKey() and pass the callback they want to use, but - it appears they just want to use the SSL_*_file() function() :-(. -- 'enc' now has a -kfile so a key can be read from a file. This is - mostly used so that the passwd does not appear when using 'ps', - which appears imposible to stop under solaris. -- X509v3 certificates now work correctly. I even have more examples - in my tests :-). There is now a X509_EXTENSION type that is used in - X509v3 certificates and CRLv2. -- Fixed that signature type error :-( -- Fixed quite a few potential memory leaks and problems when reusing - X509, CRL and REQ structures. -- EVP_set_pw_prompt() now sets the library wide default password - prompt. -- The 'pkcs7' command will now, given the -print_certs flag, output in - pem format, all certificates and CRL contained within. This is more - of a pre-emtive thing for the new verisign distribution method. I - should also note, that this also gives and example in code, of how - to do this :-), or for that matter, what is involved in going the - other way (list of certs and crl -> pkcs7). -- Added RSA's DESX to the DES library. It is also available via the - EVP_desx_cbc() method and via 'enc desx'. - -SSLeay 0.6.1 - -The main functional changes since 0.6.0 are as follows -- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is - that from now on, I'll keep the .def numbers the same so they will be. -- RSA private key operations are about 2 times faster that 0.6.0 -- The SSL_CTX now has more fields so default values can be put against - it. When an SSL structure is created, these default values are used - but can be overwritten. There are defaults for cipher, certificate, - private key, verify mode and callback. This means SSL session - creation can now be - ssl=SSL_new() - SSL_set_fd(ssl,sock); - SSL_accept(ssl) - .... - All the other uglyness with having to keep a global copy of the - private key and certificate/verify mode in the server is now gone. -- ssl/ssltest.c - one process talking SSL to its self for testing. -- Storage of Session-id's can be controled via a session_cache_mode - flag. There is also now an automatic default flushing of - old session-id's. -- The X509_cert_verify() function now has another parameter, this - should not effect most people but it now means that the reason for - the failure to verify is now available via SSL_get_verify_result(ssl). - You don't have to use a global variable. -- SSL_get_app_data() and SSL_set_app_data() can be used to keep some - application data against the SSL structure. It is upto the application - to free the data. I don't use it, but it is available. -- SSL_CTX_set_cert_verify_callback() can be used to specify a - verify callback function that completly replaces my certificate - verification code. Xcert should be able to use this :-). - The callback is of the form int app_verify_callback(arg,ssl,cert). - This needs to be documented more. -- I have started playing with shared library builds, have a look in - the shlib directory. It is very simple. If you need a numbered - list of functions, have a look at misc/crypto.num and misc/ssl.num. -- There is some stuff to do locking to make the library thread safe. - I have only started this stuff and have not finished. If anyone is - keen to do so, please send me the patches when finished. - -So I have finally made most of the additions to the SSL interface that -I thought were needed. - -There will probably be a pause before I make any non-bug/documentation -related changes to SSLeay since I'm feeling like a bit of a break. - -eric - 12 Jul 1996 -I saw recently a comment by some-one that we now seem to be entering -the age of perpetual Beta software. -Pioneered by packages like linux but refined to an art form by -netscape. - -I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). - -There are quite a large number of sections that are 'works in -progress' in this package. I will also list the major changes and -what files you should read. - -BIO - this is the new IO structure being used everywhere in SSLeay. I -started out developing this because of microsoft, I wanted a mechanism -to callback to the application for all IO, so Windows 3.1 DLL -perversion could be hidden from me and the 15 different ways to write -to a file under NT would also not be dictated by me at library build -time. What the 'package' is is an API for a data structure containing -functions. IO interfaces can be written to conform to the -specification. This in not intended to hide the underlying data type -from the application, but to hide it from SSLeay :-). -I have only really finished testing the FILE * and socket/fd modules. -There are also 'filter' BIO's. Currently I have only implemented -message digests, and it is in use in the dgst application. This -functionality will allow base64/encrypto/buffering modules to be -'push' into a BIO without it affecting the semantics. I'm also -working on an SSL BIO which will hide the SSL_accept()/SLL_connet() -from an event loop which uses the interface. -It is also possible to 'attach' callbacks to a BIO so they get called -before and after each operation, alowing extensive debug output -to be generated (try running dgst with -d). - -Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few -functions that used to take FILE *, now take BIO *. -The wrappers are easy to write - -function_fp(fp,x) -FILE *fp; - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) error..... - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=function_bio(b,x); - BIO_free(b); - return(ret); - } -Remember, there are no functions that take FILE * in SSLeay when -compiled for Windows 3.1 DLL's. - --- -I have added a general EVP_PKEY type that can hold a public/private -key. This is now what is used by the EVP_ functions and is passed -around internally. I still have not done the PKCS#8 stuff, but -X509_PKEY is defined and waiting :-) - --- -For a full function name listings, have a look at ms/crypt32.def and -ms/ssl32.def. These are auto-generated but are complete. -Things like ASN1_INTEGER_get() have been added and are in here if you -look. I have renamed a few things, again, have a look through the -function list and you will probably find what you are after. I intend -to at least put a one line descrition for each one..... - --- -Microsoft - thats what this release is about, read the MICROSOFT file. - --- -Multi-threading support. I have started hunting through the code and -flaging where things need to be done. In a state of work but high on -the list. - --- -For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) -be be you random data device, otherwise 'RFILE' in e_os.h -will be used, in your home directory. It will be updated -periodically. The environment variable RANDFILE will override this -choice and read/write to that file instead. DEVRANDOM is used in -conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random -number generator, pick on one of these files. - --- - -The list of things to read and do - -dgst -d -s_client -state (this uses a callback placed in the SSL state loop and - will be used else-where to help debug/monitor what - is happening.) - -doc/why.doc -doc/bio.doc <- hmmm, needs lots of work. -doc/bss_file.doc <- one that is working :-) -doc/session.doc <- it has changed -doc/speed.doc - also play with ssleay version -a. I have now added a SSLeay() - function that returns a version number, eg 0600 for this release - which is primarily to be used to check DLL version against the - application. -util/* Quite a few will not interest people, but some may, like - mk1mf.pl, mkdef.pl, -util/do_ms.sh - -try -cc -Iinclude -Icrypto -c crypto/crypto.c -cc -Iinclude -Issl -c ssl/ssl.c -You have just built the SSLeay libraries as 2 object files :-) - -Have a general rummage around in the bin stall directory and look at -what is in there, like CA.sh and c_rehash - -There are lots more things but it is 12:30am on a Friday night and I'm -heading home :-). - -eric 22-Jun-1996 -This version has quite a few major bug fixes and improvements. It DOES NOT -do SSLv3 yet. - -The main things changed -- A Few days ago I added the s_mult application to ssleay which is - a demo of an SSL server running in an event loop type thing. - It supports non-blocking IO, I have finally gotten it right, SSL_accept() - can operate in non-blocking IO mode, look at the code to see how :-). - Have a read of doc/s_mult as well. This program leaks memory and - file descriptors everywhere but I have not cleaned it up yet. - This is a demo of how to do non-blocking IO. -- The SSL session management has been 'worked over' and there is now - quite an expansive set of functions to manipulate them. Have a read of - doc/session.doc for some-things I quickly whipped up about how it now works. - This assume you know the SSLv2 protocol :-) -- I can now read/write the netscape certificate format, use the - -inform/-outform 'net' options to the x509 command. I have not put support - for this type in the other demo programs, but it would be easy to add. -- asn1parse and 'enc' have been modified so that when reading base64 - encoded files (pem format), they do not require '-----BEGIN' header lines. - The 'enc' program had a buffering bug fixed, it can be used as a general - base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' - respecivly. Leaving out the '-a' flag in this case makes the 'enc' command - into a form of 'cat'. -- The 'x509' and 'req' programs have been fixed and modified a little so - that they generate self-signed certificates correctly. The test - script actually generates a 'CA' certificate and then 'signs' a - 'user' certificate. Have a look at this shell script (test/sstest) - to see how things work, it tests most possible combinations of what can - be done. -- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name - of SSL_set_cipher_list() is now the correct API (stops confusion :-). - If this function is used in the client, only the specified ciphers can - be used, with preference given to the order the ciphers were listed. - For the server, if this is used, only the specified ciphers will be used - to accept connections. If this 'option' is not used, a default set of - ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this - list for all ciphers started against the SSL_CTX. So the order is - SSL cipher_list, if not present, SSL_CTX cipher list, if not - present, then the library default. - What this means is that normally ciphers like - NULL-MD5 will never be used. The only way this cipher can be used - for both ends to specify to use it. - To enable or disable ciphers in the library at build time, modify the - first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. - This file also contains the 'pref_cipher' list which is the default - cipher preference order. -- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' - options work. They should, and they enable loading and writing the - netscape rsa private key format. I will be re-working this section of - SSLeay for the next version. What is currently in place is a quick and - dirty hack. -- I've re-written parts of the bignum library. This gives speedups - for all platforms. I now provide assembler for use under Windows NT. - I have not tested the Windows 3.1 assembler but it is quite simple code. - This gives RSAprivate_key operation encryption times of 0.047s (512bit key) - and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. - Basically the times available under linux/solaris x86 can be achieve under - Windows NT. I still don't know how these times compare to RSA's BSAFE - library but I have been emailing with people and with their help, I should - be able to get my library's quite a bit faster still (more algorithm changes). - The object file crypto/bn/asm/x86-32.obj should be used when linking - under NT. -- 'make makefile.one' in the top directory will generate a single makefile - called 'makefile.one' This makefile contains no perl references and - will build the SSLeay library into the 'tmp' and 'out' directories. - util/mk1mf.pl >makefile.one is how this makefile is - generated. The mk1mf.pl command take several option to generate the - makefile for use with cc, gcc, Visual C++ and Borland C++. This is - still under development. I have only build .lib's for NT and MSDOS - I will be working on this more. I still need to play with the - correct compiler setups for these compilers and add some more stuff but - basically if you just want to compile the library - on a 'non-unix' platform, this is a very very good file to start with :-). - Have a look in the 'microsoft' directory for my current makefiles. - I have not yet modified things to link with sockets under Windows NT. - You guys should be able to do this since this is actually outside of the - SSLeay scope :-). I will be doing it for myself soon. - util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock - to build without RC2/RC4, to require RSAref for linking, and to - build with no socket code. - -- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher - that was posted to sci.crypt has been added to the library and SSL. - I take the view that if RC2 is going to be included in a standard, - I'll include the cipher to make my package complete. - There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers - at compile time. I have not tested this recently but it should all work - and if you are in the USA and don't want RSA threatening to sue you, - you could probably remove the RC4/RC2 code inside these sections. - I may in the future include a perl script that does this code - removal automatically for those in the USA :-). -- I have removed all references to sed in the makefiles. So basically, - the development environment requires perl and sh. The build environment - does not (use the makefile.one makefile). - The Configure script still requires perl, this will probably stay that way - since I have perl for Windows NT :-). - -eric (03-May-1996) - -PS Have a look in the VERSION file for more details on the changes and - bug fixes. -I have fixed a few bugs, added alpha and x86 assembler and generally cleaned -things up. This version will be quite stable, mostly because I'm on -holidays until 10-March-1996. For any problems in the interum, send email -to Tim Hudson . - -SSLeay 0.5.0 - -12-12-95 -This is going out before it should really be released. - -I leave for 11 weeks holidays on the 22-12-95 and so I either sit on -this for 11 weeks or get things out. It is still going to change a -lot in the next week so if you do grab this version, please test and -give me feed back ASAP, inculuding questions on how to do things with -the library. This will prompt me to write documentation so I don't -have to answer the same question again :-). - -This 'pre' release version is for people who are interested in the -library. The applications will have to be changed to use -the new version of the SSL interface. I intend to finish more -documentation before I leave but until then, look at the programs in -the apps directory. As far as code goes, it is much much nicer than -the old version. - -The current library works, has no memory leaks (as far as I can tell) -and is far more bug free that 0.4.5d. There are no global variable of -consequence (I believe) and I will produce some documentation that -tell where to look for those people that do want to do multi-threaded -stuff. - -There should be more documentation. Have a look in the -doc directory. I'll be adding more before I leave, it is a start -by mostly documents the crypto library. Tim Hudson will update -the web page ASAP. The spelling and grammar are crap but -it is better than nothing :-) - -Reasons to start playing with version 0.5.0 -- All the programs in the apps directory build into one ssleay binary. -- There is a new version of the 'req' program that generates certificate - requests, there is even documentation for this one :-) -- There is a demo certification authorithy program. Currently it will - look at the simple database and update it. It will generate CRL from - the data base. You need to edit the database by hand to revoke a - certificate, it is my aim to use perl5/Tk but I don't have time to do - this right now. It will generate the certificates but the management - scripts still need to be written. This is not a hard task. -- Things have been cleaned up alot. -- Have a look at the enc and dgst programs in the apps directory. -- It supports v3 of x509 certiticates. - - -Major things missing. -- I have been working on (and thinging about) the distributed x509 - hierachy problem. I have not had time to put my solution in place. - It will have to wait until I come back. -- I have not put in CRL checking in the certificate verification but - it would not be hard to do. I was waiting until I could generate my - own CRL (which has only been in the last week) and I don't have time - to put it in correctly. -- Montgomery multiplication need to be implemented. I know the - algorithm, just ran out of time. -- PKCS#7. I can load and write the DER version. I need to re-work - things to support BER (if that means nothing, read the ASN1 spec :-). -- Testing of the higher level digital envelope routines. I have not - played with the *_seal() and *_open() type functions. They are - written but need testing. The *_sign() and *_verify() functions are - rock solid. -- PEM. Doing this and PKCS#7 have been dependant on the distributed - x509 heirachy problem. I started implementing my ideas, got - distracted writing a CA program and then ran out of time. I provide - the functionality of RSAref at least. -- Re work the asm. code for the x86. I've changed by low level bignum - interface again, so I really need to tweak the x86 stuff. gcc is - good enough for the other boxes. - diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL index d394bf8a7b..6066fddc4a 100644 --- a/src/lib/libssl/src/INSTALL +++ b/src/lib/libssl/src/INSTALL @@ -1,6 +1,260 @@ -# Installation of SSLeay. -# It depends on perl for a few bits but those steps can be skipped and -# the top level makefile edited by hand + + INSTALLATION ON THE UNIX PLATFORM + --------------------------------- + + [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems, + and INSTALL.VMS for installing on OpenVMS systems.] + + To install OpenSSL, you will need: + + * Perl 5 + * an ANSI C compiler + * a supported Unix operating system + + Quick Start + ----------- + + If you want to just get on with it, do: + + $ ./config + $ make + $ make test + $ make install + + [If any of these steps fails, see section Installation in Detail below.] + + This will build and install OpenSSL in the default location, which is (for + historical reasons) /usr/local/ssl. If you want to install it anywhere else, + run config like this: + + $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl + + + Configuration Options + --------------------- + + There are several options to ./config to customize the build: + + --prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl. + Configuration files used by OpenSSL will be in DIR/ssl + or the directory specified by --openssldir. + + --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, + the library files and binaries are also installed there. + + rsaref Build with RSADSI's RSAREF toolkit (this assumes that + librsaref.a is in the library search path). + + no-threads Don't try to build with support for multi-threaded + applications. + + threads Build with support for multi-threaded applications. + This will usually require additional system-dependent options! + See "Note on multi-threading" below. + + no-asm Do not use assembler code. + + 386 Use the 80386 instruction set only (the default x86 code is + more efficient, but requires at least a 486). + + no- Build without the specified cipher (bf, cast, des, dh, dsa, + hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). + The crypto/ directory can be removed after running + "make depend". + + -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will + be passed through to the compiler to allow you to + define preprocessor symbols, specify additional libraries, + library directories or other compiler options. + + + Installation in Detail + ---------------------- + + 1a. Configure OpenSSL for your operation system automatically: + + $ ./config [options] + + This guesses at your operating system (and compiler, if necessary) and + configures OpenSSL based on this guess. Run ./config -t to see + if it guessed correctly. If it did not get it correct or you want to + use a different compiler then go to step 1b. Otherwise go to step 2. + + On some systems, you can include debugging information as follows: + + $ ./config -d [options] + + 1b. Configure OpenSSL for your operating system manually + + OpenSSL knows about a range of different operating system, hardware and + compiler combinations. To see the ones it knows about, run + + $ ./Configure + + Pick a suitable name from the list that matches your system. For most + operating systems there is a choice between using "cc" or "gcc". When + you have identified your system (and if necessary compiler) use this name + as the argument to ./Configure. For example, a "linux-elf" user would + run: + + $ ./Configure linux-elf [options] + + If your system is not available, you will have to edit the Configure + program and add the correct configuration for your system. The + generic configurations "cc" or "gcc" should usually work. + + Configure creates the file Makefile.ssl from Makefile.org and + defines various macros in crypto/opensslconf.h (generated from + crypto/opensslconf.h.in). + + 2. Build OpenSSL by running: + + $ make + + This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the + OpenSSL binary ("openssl"). The libraries will be built in the top-level + directory, and the binary will be in the "apps" directory. + + If "make" fails, please report the problem to . + Include the output of "./config -t" and the OpenSSL version + number in your message. + + [If you encounter assembler error messages, try the "no-asm" + configuration option as an immediate fix. Note that on Solaris x86 + (not on Sparcs!) you may have to install the GNU assembler to use + OpenSSL assembler code -- /usr/ccs/bin/as won't do.] + + Compiling parts of OpenSSL with gcc and others with the system + compiler will result in unresolved symbols on some systems. + + 3. After a successful build, the libraries should be tested. Run: + + $ make test + + If a test fails, try removing any compiler optimization flags from + the CFLAGS line in Makefile.ssl and run "make clean; make". Please + send a bug report to , including the + output of "openssl version -a" and of the failed test. + + 4. If everything tests ok, install OpenSSL with + + $ make install + + This will create the installation directory (if it does not exist) and + then the following subdirectories: + + certs Initially empty, this is the default location + for certificate files. + misc Various scripts. + private Initially empty, this is the default location + for private key files. + + If you didn't chose a different installation prefix, the + following additional subdirectories will be created: + + bin Contains the openssl binary and a few other + utility programs. + include/openssl Contains the header files needed if you want to + compile programs with libcrypto or libssl. + lib Contains the OpenSSL library files themselves. + + Package builders who want to configure the library for standard + locations, but have the package installed somewhere else so that + it can easily be packaged, can use + + $ make INSTALL_PREFIX=/tmp/package-root install + + (or specify "--install_prefix=/tmp/package-root" as a configure + option). The specified prefix will be prepended to all + installation target filenames. + + + NOTE: The header files used to reside directly in the include + directory, but have now been moved to include/openssl so that + OpenSSL can co-exist with other libraries which use some of the + same filenames. This means that applications that use OpenSSL + should now use C preprocessor directives of the form + + #include + + instead of "#include ", which was used with library versions + up to OpenSSL 0.9.2b. + + If you install a new version of OpenSSL over an old library version, + you should delete the old header files in the include directory. + + Compatibility issues: + + * COMPILING existing applications + + To compile an application that uses old filenames -- e.g. + "#include " --, it will usually be enough to find + the CFLAGS definition in the application's Makefile and + add a C option such as + + -I/usr/local/ssl/include/openssl + + to it. + + But don't delete the existing -I option that points to + the ..../include directory! Otherwise, OpenSSL header files + could not #include each other. + + * WRITING applications + + To write an application that is able to handle both the new + and the old directory layout, so that it can still be compiled + with library versions up to OpenSSL 0.9.2b without bothering + the user, you can proceed as follows: + + - Always use the new filename of OpenSSL header files, + e.g. #include . + + - Create a directory "incl" that contains only a symbolic + link named "openssl", which points to the "include" directory + of OpenSSL. + For example, your application's Makefile might contain the + following rule, if OPENSSLDIR is a pathname (absolute or + relative) of the directory where OpenSSL resides: + + incl/openssl: + -mkdir incl + cd $(OPENSSLDIR) # Check whether the directory really exists + -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl + + You will have to add "incl/openssl" to the dependencies + of those C files that include some OpenSSL header file. + + - Add "-Iincl" to your CFLAGS. + + With these additions, the OpenSSL header files will be available + under both name variants if an old library version is used: + Your application can reach them under names like , + while the header files still are able to #include each other + with names of the form . + + + Note on multi-threading + ----------------------- + + For some systems, the OpenSSL Configure script knows what compiler options + are needed to generate a library that is suitable for multi-threaded + applications. On these systems, support for multi-threading is enabled + by default; use the "no-threads" option to disable (this should never be + necessary). + + On other systems, to enable support for multi-threading, you will have + to specify at least two options: "threads", and a system-dependent option. + (The latter is "-D_REENTRANT" on various systems.) The default in this + case, obviously, is not to include support for multi-threading (but + you can still use "no-threads" to suppress an annoying warning message + from the Configure script.) + + +-------------------------------------------------------------------------------- +The orignal Unix build instructions from SSLeay follow. +Note: some of this may be out of date and no longer applicable +-------------------------------------------------------------------------------- # When bringing the SSLeay distribution back from the evil intel world # of Windows NT, do the following to make it nice again under unix :-) @@ -126,3 +380,8 @@ The examples for solaris and windows NT/95 are in the mt directory. have fun eric 25-Jun-1997 + +IRIX 5.x will build as a 32 bit system with mips1 assember. +IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms +to n32 standards. In theory you can compile the 64 bit assember under +IRIX 5.x but you will have to have the correct system software installed. diff --git a/src/lib/libssl/src/INSTALL.VMS b/src/lib/libssl/src/INSTALL.VMS new file mode 100644 index 0000000000..4c01560d3d --- /dev/null +++ b/src/lib/libssl/src/INSTALL.VMS @@ -0,0 +1,245 @@ + VMS Installation instructions + written by Richard Levitte + + + +Intro: +====== + +This file is divided in the following parts: + + Compilation - Mandatory reading. + Test - Mandatory reading. + Installation - Mandatory reading. + Backward portability - Read if it's an issue. + Possible bugs or quirks - A few warnings on things that + may go wrong or may surprise you. + Report - How to get in touch with me. + +Compilation: +============ + +I've used the very good command procedures written by Robert Byer +, and just slightly modified them, making +them slightly more general and easier to maintain. + +You can actually compile in almost any directory separately. Look +for a command procedure name xxx-LIB.COM (in the library directories) +or MAKExxx.COM (in the program directories) and read the comments at +the top to understand how to use them. However, if you want to +compile all you can get, the simplest is to use MAKEVMS.COM in the top +directory. The syntax is trhe following: + + @MAKEVMS