From 335ca9eb0d2337314cbbec5eb19f9aeea0eaaca7 Mon Sep 17 00:00:00 2001 From: William Joye Date: Tue, 2 May 2017 12:06:33 -0400 Subject: initial commit --- openssl/ACKNOWLEDGMENTS | 2 + openssl/CHANGES | 11444 +++++++++++++++++++ openssl/CHANGES.SSLeay | 968 ++ openssl/CONTRIBUTING | 54 + openssl/Configure | 2311 ++++ openssl/FAQ | 2 + openssl/GitConfigure | 8 + openssl/GitMake | 5 + openssl/INSTALL | 367 + openssl/INSTALL.DJGPP | 47 + openssl/INSTALL.MacOS | 72 + openssl/INSTALL.NW | 454 + openssl/INSTALL.OS2 | 31 + openssl/INSTALL.VMS | 293 + openssl/INSTALL.W32 | 325 + openssl/INSTALL.W64 | 66 + openssl/INSTALL.WCE | 95 + openssl/LICENSE | 127 + openssl/MacOS/GUSI_Init.cpp | 62 + openssl/MacOS/GetHTTPS.src/CPStringUtils.cpp | 2753 +++++ openssl/MacOS/GetHTTPS.src/CPStringUtils.hpp | 104 + openssl/MacOS/GetHTTPS.src/ErrorHandling.cpp | 170 + openssl/MacOS/GetHTTPS.src/ErrorHandling.hpp | 147 + openssl/MacOS/GetHTTPS.src/GetHTTPS.cpp | 209 + openssl/MacOS/GetHTTPS.src/MacSocket.cpp | 1607 +++ openssl/MacOS/GetHTTPS.src/MacSocket.h | 104 + openssl/MacOS/OpenSSL.mcp.hqx | 4940 ++++++++ openssl/MacOS/Randomizer.cpp | 476 + openssl/MacOS/Randomizer.h | 42 + openssl/MacOS/TODO | 18 + openssl/MacOS/_MWERKS_GUSI_prefix.h | 9 + openssl/MacOS/_MWERKS_prefix.h | 9 + openssl/MacOS/buildinf.h | 5 + openssl/MacOS/mklinks.as.hqx | 820 ++ openssl/MacOS/opensslconf.h | 126 + openssl/Makefile | 684 ++ openssl/Makefile.bak | 684 ++ openssl/Makefile.org | 682 ++ openssl/Makefile.shared | 655 ++ openssl/NEWS | 799 ++ openssl/Netware/build.bat | 235 + openssl/Netware/cpy_tests.bat | 113 + openssl/Netware/do_tests.pl | 624 + openssl/Netware/globals.txt | 254 + openssl/Netware/readme.txt | 19 + openssl/Netware/set_env.bat | 112 + openssl/PROBLEMS | 213 + openssl/README | 101 + openssl/README.ASN1 | 187 + openssl/README.ENGINE | 289 + openssl/VMS/TODO | 18 + openssl/VMS/VMSify-conf.pl | 34 + openssl/VMS/WISHLIST.TXT | 4 + openssl/VMS/install-vms.com | 67 + openssl/VMS/mkshared.com | 476 + openssl/VMS/multinet_shr.opt | 1 + openssl/VMS/openssl_startup.com | 108 + openssl/VMS/openssl_undo.com | 20 + openssl/VMS/openssl_utils.com | 46 + openssl/VMS/socketshr_shr.opt | 1 + openssl/VMS/tcpip_shr_decc.opt | 1 + openssl/VMS/test-includes.com | 28 + openssl/VMS/ucx_shr_decc.opt | 1 + openssl/VMS/ucx_shr_decc_log.opt | 1 + openssl/VMS/ucx_shr_vaxc.opt | 1 + openssl/apps/CA.com | 236 + openssl/apps/CA.pl | 188 + openssl/apps/CA.pl.in | 188 + openssl/apps/CA.sh | 198 + openssl/apps/Makefile | 1059 ++ openssl/apps/app_rand.c | 217 + openssl/apps/apps.c | 3279 ++++++ openssl/apps/apps.h | 389 + openssl/apps/asn1pars.c | 430 + openssl/apps/ca-cert.srl | 1 + openssl/apps/ca-key.pem | 15 + openssl/apps/ca-req.pem | 11 + openssl/apps/ca.c | 2915 +++++ openssl/apps/cert.pem | 11 + openssl/apps/ciphers.c | 239 + openssl/apps/client.pem | 52 + openssl/apps/cms.c | 1354 +++ openssl/apps/crl.c | 442 + openssl/apps/crl2p7.c | 334 + openssl/apps/demoCA/cacert.pem | 14 + openssl/apps/demoCA/index.txt | 39 + openssl/apps/demoCA/private/cakey.pem | 24 + openssl/apps/demoCA/serial | 1 + openssl/apps/demoSRP/srp_verifier.txt | 6 + openssl/apps/demoSRP/srp_verifier.txt.attr | 1 + openssl/apps/dgst.c | 620 + openssl/apps/dh.c | 331 + openssl/apps/dh1024.pem | 10 + openssl/apps/dh2048.pem | 12 + openssl/apps/dh4096.pem | 18 + openssl/apps/dh512.pem | 9 + openssl/apps/dhparam.c | 544 + openssl/apps/dsa-ca.pem | 40 + openssl/apps/dsa-pca.pem | 46 + openssl/apps/dsa.c | 369 + openssl/apps/dsa1024.pem | 9 + openssl/apps/dsa512.pem | 6 + openssl/apps/dsap.pem | 6 + openssl/apps/dsaparam.c | 467 + openssl/apps/ec.c | 365 + openssl/apps/ecparam.c | 661 ++ openssl/apps/enc.c | 713 ++ openssl/apps/engine.c | 512 + openssl/apps/errstr.c | 121 + openssl/apps/gendh.c | 244 + openssl/apps/gendsa.c | 285 + openssl/apps/genpkey.c | 405 + openssl/apps/genrsa.c | 345 + openssl/apps/install-apps.com | 107 + openssl/apps/makeapps.com | 1184 ++ openssl/apps/nseq.c | 170 + openssl/apps/ocsp.c | 1367 +++ openssl/apps/oid.cnf | 6 + openssl/apps/openssl-vms.cnf | 350 + openssl/apps/openssl.c | 696 ++ openssl/apps/openssl.cnf | 350 + openssl/apps/passwd.c | 494 + openssl/apps/pca-cert.srl | 1 + openssl/apps/pca-key.pem | 15 + openssl/apps/pca-req.pem | 11 + openssl/apps/pkcs12.c | 1112 ++ openssl/apps/pkcs7.c | 310 + openssl/apps/pkcs8.c | 399 + openssl/apps/pkey.c | 248 + openssl/apps/pkeyparam.c | 183 + openssl/apps/pkeyutl.c | 556 + openssl/apps/prime.c | 159 + openssl/apps/privkey.pem | 18 + openssl/apps/progs.h | 366 + openssl/apps/progs.pl | 104 + openssl/apps/rand.c | 227 + openssl/apps/req.c | 1729 +++ openssl/apps/req.pem | 11 + openssl/apps/rsa.c | 436 + openssl/apps/rsa8192.pem | 101 + openssl/apps/rsautl.c | 372 + openssl/apps/s1024key.pem | 15 + openssl/apps/s1024req.pem | 11 + openssl/apps/s512-key.pem | 9 + openssl/apps/s512-req.pem | 8 + openssl/apps/s_apps.h | 212 + openssl/apps/s_cb.c | 1664 +++ openssl/apps/s_client.c | 2360 ++++ openssl/apps/s_server.c | 3518 ++++++ openssl/apps/s_socket.c | 613 + openssl/apps/s_time.c | 641 ++ openssl/apps/server.pem | 52 + openssl/apps/server.srl | 1 + openssl/apps/server2.pem | 52 + openssl/apps/sess_id.c | 300 + openssl/apps/set/set-g-ca.pem | 21 + openssl/apps/set/set-m-ca.pem | 21 + openssl/apps/set/set_b_ca.pem | 23 + openssl/apps/set/set_c_ca.pem | 21 + openssl/apps/set/set_d_ct.pem | 21 + openssl/apps/set/set_root.pem | 21 + openssl/apps/smime.c | 775 ++ openssl/apps/speed.c | 2878 +++++ openssl/apps/spkac.c | 309 + openssl/apps/srp.c | 768 ++ openssl/apps/testCA.pem | 8 + openssl/apps/testdsa.h | 233 + openssl/apps/testrsa.h | 518 + openssl/apps/timeouts.h | 67 + openssl/apps/ts.c | 1119 ++ openssl/apps/tsget | 196 + openssl/apps/verify.c | 350 + openssl/apps/version.c | 214 + openssl/apps/vms_decc_init.c | 172 + openssl/apps/vms_term_sock.c | 590 + openssl/apps/vms_term_sock.h | 30 + openssl/apps/winrand.c | 146 + openssl/apps/x509.c | 1278 +++ openssl/appveyor.yml | 60 + openssl/bugs/MS | 7 + openssl/bugs/SSLv3 | 49 + openssl/bugs/alpha.c | 92 + openssl/bugs/dggccbug.c | 45 + openssl/bugs/sgiccbug.c | 60 + openssl/bugs/sslref.dif | 26 + openssl/bugs/stream.c | 132 + openssl/bugs/ultrixcc.c | 44 + openssl/certs/README.RootCerts | 4 + openssl/certs/demo/ca-cert.pem | 33 + openssl/certs/demo/dsa-ca.pem | 43 + openssl/certs/demo/dsa-pca.pem | 49 + openssl/certs/demo/pca-cert.pem | 33 + openssl/certs/expired/ICE.crl | 9 + openssl/config | 987 ++ openssl/crypto/LPdir_nyi.c | 44 + openssl/crypto/LPdir_unix.c | 122 + openssl/crypto/LPdir_vms.c | 195 + openssl/crypto/LPdir_win.c | 170 + openssl/crypto/LPdir_win32.c | 29 + openssl/crypto/LPdir_wince.c | 32 + openssl/crypto/Makefile | 221 + openssl/crypto/aes/Makefile | 171 + openssl/crypto/aes/README | 3 + openssl/crypto/aes/aes.h | 149 + openssl/crypto/aes/aes_cbc.c | 66 + openssl/crypto/aes/aes_cfb.c | 85 + openssl/crypto/aes/aes_core.c | 1363 +++ openssl/crypto/aes/aes_ctr.c | 63 + openssl/crypto/aes/aes_ecb.c | 73 + openssl/crypto/aes/aes_ige.c | 323 + openssl/crypto/aes/aes_locl.h | 89 + openssl/crypto/aes/aes_misc.c | 86 + openssl/crypto/aes/aes_ofb.c | 61 + openssl/crypto/aes/aes_wrap.c | 72 + openssl/crypto/aes/aes_x86core.c | 1072 ++ openssl/crypto/aes/asm/aes-586.pl | 2987 +++++ openssl/crypto/aes/asm/aes-armv4.pl | 1217 ++ openssl/crypto/aes/asm/aes-ia64.S | 1123 ++ openssl/crypto/aes/asm/aes-mips.pl | 2122 ++++ openssl/crypto/aes/asm/aes-parisc.pl | 1022 ++ openssl/crypto/aes/asm/aes-ppc.pl | 1452 +++ openssl/crypto/aes/asm/aes-s390x.pl | 2228 ++++ openssl/crypto/aes/asm/aes-sparcv9.pl | 1182 ++ openssl/crypto/aes/asm/aes-x86_64.pl | 2813 +++++ openssl/crypto/aes/asm/aesni-mb-x86_64.pl | 1395 +++ openssl/crypto/aes/asm/aesni-sha1-x86_64.pl | 2057 ++++ openssl/crypto/aes/asm/aesni-sha256-x86_64.pl | 1705 +++ openssl/crypto/aes/asm/aesni-x86.pl | 2525 ++++ openssl/crypto/aes/asm/aesni-x86_64.pl | 4048 +++++++ openssl/crypto/aes/asm/aesp8-ppc.pl | 1942 ++++ openssl/crypto/aes/asm/aest4-sparcv9.pl | 919 ++ openssl/crypto/aes/asm/aesv8-armx.pl | 989 ++ openssl/crypto/aes/asm/bsaes-armv7.pl | 2451 ++++ openssl/crypto/aes/asm/bsaes-x86_64.pl | 3102 +++++ openssl/crypto/aes/asm/vpaes-ppc.pl | 1586 +++ openssl/crypto/aes/asm/vpaes-x86.pl | 903 ++ openssl/crypto/aes/asm/vpaes-x86_64.pl | 1207 ++ openssl/crypto/alphacpuid.pl | 126 + openssl/crypto/arm64cpuid.S | 46 + openssl/crypto/arm_arch.h | 78 + openssl/crypto/armcap.c | 164 + openssl/crypto/armv4cpuid.S | 209 + openssl/crypto/asn1/Makefile | 933 ++ openssl/crypto/asn1/a_bitstr.c | 262 + openssl/crypto/asn1/a_bool.c | 111 + openssl/crypto/asn1/a_bytes.c | 334 + openssl/crypto/asn1/a_d2i_fp.c | 284 + openssl/crypto/asn1/a_digest.c | 111 + openssl/crypto/asn1/a_dup.c | 117 + openssl/crypto/asn1/a_enum.c | 181 + openssl/crypto/asn1/a_gentm.c | 312 + openssl/crypto/asn1/a_i2d_fp.c | 157 + openssl/crypto/asn1/a_int.c | 464 + openssl/crypto/asn1/a_mbstr.c | 423 + openssl/crypto/asn1/a_object.c | 406 + openssl/crypto/asn1/a_octet.c | 78 + openssl/crypto/asn1/a_print.c | 129 + openssl/crypto/asn1/a_set.c | 243 + openssl/crypto/asn1/a_sign.c | 331 + openssl/crypto/asn1/a_strex.c | 649 ++ openssl/crypto/asn1/a_strnid.c | 314 + openssl/crypto/asn1/a_time.c | 228 + openssl/crypto/asn1/a_type.c | 155 + openssl/crypto/asn1/a_utctm.c | 352 + openssl/crypto/asn1/a_utf8.c | 237 + openssl/crypto/asn1/a_verify.c | 231 + openssl/crypto/asn1/ameth_lib.c | 486 + openssl/crypto/asn1/asn1.h | 1419 +++ openssl/crypto/asn1/asn1_err.c | 354 + openssl/crypto/asn1/asn1_gen.c | 831 ++ openssl/crypto/asn1/asn1_lib.c | 483 + openssl/crypto/asn1/asn1_locl.h | 135 + openssl/crypto/asn1/asn1_mac.h | 579 + openssl/crypto/asn1/asn1_par.c | 424 + openssl/crypto/asn1/asn1t.h | 973 ++ openssl/crypto/asn1/asn_mime.c | 976 ++ openssl/crypto/asn1/asn_moid.c | 153 + openssl/crypto/asn1/asn_pack.c | 207 + openssl/crypto/asn1/bio_asn1.c | 484 + openssl/crypto/asn1/bio_ndef.c | 249 + openssl/crypto/asn1/charmap.h | 15 + openssl/crypto/asn1/charmap.pl | 85 + openssl/crypto/asn1/d2i_pr.c | 177 + openssl/crypto/asn1/d2i_pu.c | 136 + openssl/crypto/asn1/evp_asn1.c | 195 + openssl/crypto/asn1/f_enum.c | 203 + openssl/crypto/asn1/f_int.c | 215 + openssl/crypto/asn1/f_string.c | 209 + openssl/crypto/asn1/i2d_pr.c | 81 + openssl/crypto/asn1/i2d_pu.c | 93 + openssl/crypto/asn1/n_pkey.c | 345 + openssl/crypto/asn1/nsseq.c | 84 + openssl/crypto/asn1/p5_pbe.c | 143 + openssl/crypto/asn1/p5_pbev2.c | 276 + openssl/crypto/asn1/p8_pkey.c | 145 + openssl/crypto/asn1/t_bitst.c | 105 + openssl/crypto/asn1/t_crl.c | 133 + openssl/crypto/asn1/t_pkey.c | 113 + openssl/crypto/asn1/t_req.c | 255 + openssl/crypto/asn1/t_spki.c | 108 + openssl/crypto/asn1/t_x509.c | 556 + openssl/crypto/asn1/t_x509a.c | 115 + openssl/crypto/asn1/tasn_dec.c | 1229 ++ openssl/crypto/asn1/tasn_enc.c | 667 ++ openssl/crypto/asn1/tasn_fre.c | 249 + openssl/crypto/asn1/tasn_new.c | 381 + openssl/crypto/asn1/tasn_prn.c | 593 + openssl/crypto/asn1/tasn_typ.c | 149 + openssl/crypto/asn1/tasn_utl.c | 275 + openssl/crypto/asn1/x_algor.c | 148 + openssl/crypto/asn1/x_attrib.c | 124 + openssl/crypto/asn1/x_bignum.c | 166 + openssl/crypto/asn1/x_crl.c | 518 + openssl/crypto/asn1/x_exten.c | 77 + openssl/crypto/asn1/x_info.c | 117 + openssl/crypto/asn1/x_long.c | 196 + openssl/crypto/asn1/x_name.c | 536 + openssl/crypto/asn1/x_nx509.c | 72 + openssl/crypto/asn1/x_pkey.c | 153 + openssl/crypto/asn1/x_pubkey.c | 374 + openssl/crypto/asn1/x_req.c | 116 + openssl/crypto/asn1/x_sig.c | 69 + openssl/crypto/asn1/x_spki.c | 82 + openssl/crypto/asn1/x_val.c | 69 + openssl/crypto/asn1/x_x509.c | 289 + openssl/crypto/asn1/x_x509a.c | 196 + openssl/crypto/bf/COPYRIGHT | 46 + openssl/crypto/bf/INSTALL | 14 + openssl/crypto/bf/Makefile | 103 + openssl/crypto/bf/README | 8 + openssl/crypto/bf/VERSION | 6 + openssl/crypto/bf/asm/bf-586.pl | 137 + openssl/crypto/bf/asm/bf-686.pl | 127 + openssl/crypto/bf/asm/readme | 10 + openssl/crypto/bf/bf_cbc.c | 135 + openssl/crypto/bf/bf_cfb64.c | 123 + openssl/crypto/bf/bf_ecb.c | 100 + openssl/crypto/bf/bf_enc.c | 300 + openssl/crypto/bf/bf_locl.h | 221 + openssl/crypto/bf/bf_ofb64.c | 110 + openssl/crypto/bf/bf_opts.c | 324 + openssl/crypto/bf/bf_pi.h | 579 + openssl/crypto/bf/bf_skey.c | 125 + openssl/crypto/bf/bfs.cpp | 67 + openssl/crypto/bf/bfspeed.c | 265 + openssl/crypto/bf/bftest.c | 538 + openssl/crypto/bf/blowfish.h | 130 + openssl/crypto/bio/Makefile | 224 + openssl/crypto/bio/b_dump.c | 208 + openssl/crypto/bio/b_print.c | 869 ++ openssl/crypto/bio/b_sock.c | 962 ++ openssl/crypto/bio/bf_buff.c | 517 + openssl/crypto/bio/bf_lbuf.c | 391 + openssl/crypto/bio/bf_nbio.c | 253 + openssl/crypto/bio/bf_null.c | 189 + openssl/crypto/bio/bio.h | 883 ++ openssl/crypto/bio/bio_cb.c | 145 + openssl/crypto/bio/bio_err.c | 157 + openssl/crypto/bio/bio_lcl.h | 36 + openssl/crypto/bio/bio_lib.c | 596 + openssl/crypto/bio/bss_acpt.c | 463 + openssl/crypto/bio/bss_bio.c | 889 ++ openssl/crypto/bio/bss_conn.c | 612 + openssl/crypto/bio/bss_dgram.c | 2081 ++++ openssl/crypto/bio/bss_fd.c | 330 + openssl/crypto/bio/bss_file.c | 476 + openssl/crypto/bio/bss_log.c | 453 + openssl/crypto/bio/bss_mem.c | 313 + openssl/crypto/bio/bss_null.c | 149 + openssl/crypto/bio/bss_rtcp.c | 321 + openssl/crypto/bio/bss_sock.c | 287 + openssl/crypto/bn/Makefile | 389 + openssl/crypto/bn/asm/README | 27 + openssl/crypto/bn/asm/alpha-mont.pl | 321 + openssl/crypto/bn/asm/armv4-gf2m.pl | 289 + openssl/crypto/bn/asm/armv4-mont.pl | 676 ++ openssl/crypto/bn/asm/bn-586.pl | 774 ++ openssl/crypto/bn/asm/co-586.pl | 287 + openssl/crypto/bn/asm/ia64-mont.pl | 851 ++ openssl/crypto/bn/asm/ia64.S | 1555 +++ openssl/crypto/bn/asm/mips-mont.pl | 426 + openssl/crypto/bn/asm/mips.pl | 2234 ++++ openssl/crypto/bn/asm/mips3-mont.pl | 327 + openssl/crypto/bn/asm/mips3.s | 2201 ++++ openssl/crypto/bn/asm/pa-risc2.s | 1618 +++ openssl/crypto/bn/asm/pa-risc2W.s | 1605 +++ openssl/crypto/bn/asm/parisc-mont.pl | 995 ++ openssl/crypto/bn/asm/ppc-mont.pl | 335 + openssl/crypto/bn/asm/ppc.pl | 2008 ++++ openssl/crypto/bn/asm/ppc64-mont.pl | 1628 +++ openssl/crypto/bn/asm/rsaz-avx2.pl | 1961 ++++ openssl/crypto/bn/asm/rsaz-x86_64.pl | 2351 ++++ openssl/crypto/bn/asm/s390x-gf2m.pl | 221 + openssl/crypto/bn/asm/s390x-mont.pl | 277 + openssl/crypto/bn/asm/s390x.S | 713 ++ openssl/crypto/bn/asm/sparct4-mont.pl | 1222 ++ openssl/crypto/bn/asm/sparcv8.S | 1458 +++ openssl/crypto/bn/asm/sparcv8plus.S | 1558 +++ openssl/crypto/bn/asm/sparcv9-gf2m.pl | 190 + openssl/crypto/bn/asm/sparcv9-mont.pl | 606 + openssl/crypto/bn/asm/sparcv9a-mont.pl | 882 ++ openssl/crypto/bn/asm/via-mont.pl | 242 + openssl/crypto/bn/asm/vis3-mont.pl | 373 + openssl/crypto/bn/asm/vms.mar | 6440 +++++++++++ openssl/crypto/bn/asm/x86-gf2m.pl | 313 + openssl/crypto/bn/asm/x86-mont.pl | 615 + openssl/crypto/bn/asm/x86.pl | 28 + openssl/crypto/bn/asm/x86/add.pl | 76 + openssl/crypto/bn/asm/x86/comba.pl | 277 + openssl/crypto/bn/asm/x86/div.pl | 15 + openssl/crypto/bn/asm/x86/f | 3 + openssl/crypto/bn/asm/x86/mul.pl | 77 + openssl/crypto/bn/asm/x86/mul_add.pl | 87 + openssl/crypto/bn/asm/x86/sqr.pl | 60 + openssl/crypto/bn/asm/x86/sub.pl | 76 + openssl/crypto/bn/asm/x86_64-gcc.c | 638 ++ openssl/crypto/bn/asm/x86_64-gf2m.pl | 390 + openssl/crypto/bn/asm/x86_64-mont.pl | 1512 +++ openssl/crypto/bn/asm/x86_64-mont5.pl | 3818 +++++++ openssl/crypto/bn/bn.h | 951 ++ openssl/crypto/bn/bn.mul | 19 + openssl/crypto/bn/bn_add.c | 313 + openssl/crypto/bn/bn_asm.c | 1093 ++ openssl/crypto/bn/bn_blind.c | 385 + openssl/crypto/bn/bn_const.c | 547 + openssl/crypto/bn/bn_ctx.c | 448 + openssl/crypto/bn/bn_depr.c | 115 + openssl/crypto/bn/bn_div.c | 477 + openssl/crypto/bn/bn_err.c | 154 + openssl/crypto/bn/bn_exp.c | 1458 +++ openssl/crypto/bn/bn_exp2.c | 303 + openssl/crypto/bn/bn_gcd.c | 702 ++ openssl/crypto/bn/bn_gf2m.c | 1300 +++ openssl/crypto/bn/bn_kron.c | 186 + openssl/crypto/bn/bn_lcl.h | 537 + openssl/crypto/bn/bn_lib.c | 916 ++ openssl/crypto/bn/bn_mod.c | 316 + openssl/crypto/bn/bn_mont.c | 558 + openssl/crypto/bn/bn_mpi.c | 128 + openssl/crypto/bn/bn_mul.c | 1165 ++ openssl/crypto/bn/bn_nist.c | 1262 ++ openssl/crypto/bn/bn_prime.c | 516 + openssl/crypto/bn/bn_prime.h | 326 + openssl/crypto/bn/bn_prime.pl | 119 + openssl/crypto/bn/bn_print.c | 404 + openssl/crypto/bn/bn_rand.c | 294 + openssl/crypto/bn/bn_recp.c | 252 + openssl/crypto/bn/bn_shift.c | 224 + openssl/crypto/bn/bn_sqr.c | 291 + openssl/crypto/bn/bn_sqrt.c | 409 + openssl/crypto/bn/bn_word.c | 249 + openssl/crypto/bn/bn_x931p.c | 277 + openssl/crypto/bn/bnspeed.c | 232 + openssl/crypto/bn/bntest.c | 2160 ++++ openssl/crypto/bn/divtest.c | 42 + openssl/crypto/bn/exp.c | 61 + openssl/crypto/bn/expspeed.c | 381 + openssl/crypto/bn/exptest.c | 313 + openssl/crypto/bn/rsaz_exp.c | 346 + openssl/crypto/bn/rsaz_exp.h | 68 + openssl/crypto/bn/todo | 3 + openssl/crypto/bn/vms-helper.c | 68 + openssl/crypto/buffer/Makefile | 99 + openssl/crypto/buffer/buf_err.c | 97 + openssl/crypto/buffer/buf_str.c | 137 + openssl/crypto/buffer/buffer.c | 187 + openssl/crypto/buffer/buffer.h | 125 + openssl/crypto/camellia/Makefile | 114 + openssl/crypto/camellia/asm/cmll-x86.pl | 1138 ++ openssl/crypto/camellia/asm/cmll-x86_64.pl | 1081 ++ openssl/crypto/camellia/asm/cmllt4-sparcv9.pl | 929 ++ openssl/crypto/camellia/camellia.c | 584 + openssl/crypto/camellia/camellia.h | 132 + openssl/crypto/camellia/cmll_cbc.c | 66 + openssl/crypto/camellia/cmll_cfb.c | 141 + openssl/crypto/camellia/cmll_ctr.c | 64 + openssl/crypto/camellia/cmll_ecb.c | 73 + openssl/crypto/camellia/cmll_locl.h | 88 + openssl/crypto/camellia/cmll_misc.c | 80 + openssl/crypto/camellia/cmll_ofb.c | 122 + openssl/crypto/camellia/cmll_utl.c | 64 + openssl/crypto/cast/Makefile | 104 + openssl/crypto/cast/asm/cast-586.pl | 177 + openssl/crypto/cast/asm/readme | 7 + openssl/crypto/cast/c_cfb64.c | 123 + openssl/crypto/cast/c_ecb.c | 83 + openssl/crypto/cast/c_enc.c | 200 + openssl/crypto/cast/c_ofb64.c | 110 + openssl/crypto/cast/c_skey.c | 175 + openssl/crypto/cast/cast.h | 107 + openssl/crypto/cast/cast_lcl.h | 227 + openssl/crypto/cast/cast_s.h | 592 + openssl/crypto/cast/cast_spd.c | 262 + openssl/crypto/cast/castopts.c | 334 + openssl/crypto/cast/casts.cpp | 70 + openssl/crypto/cast/casttest.c | 241 + openssl/crypto/cmac/Makefile | 113 + openssl/crypto/cmac/cm_ameth.c | 96 + openssl/crypto/cmac/cm_pmeth.c | 216 + openssl/crypto/cmac/cmac.c | 306 + openssl/crypto/cmac/cmac.h | 82 + openssl/crypto/cms/Makefile | 305 + openssl/crypto/cms/cms.h | 555 + openssl/crypto/cms/cms_asn1.c | 459 + openssl/crypto/cms/cms_att.c | 197 + openssl/crypto/cms/cms_cd.c | 134 + openssl/crypto/cms/cms_dd.c | 145 + openssl/crypto/cms/cms_enc.c | 264 + openssl/crypto/cms/cms_env.c | 974 ++ openssl/crypto/cms/cms_err.c | 309 + openssl/crypto/cms/cms_ess.c | 394 + openssl/crypto/cms/cms_io.c | 133 + openssl/crypto/cms/cms_kari.c | 468 + openssl/crypto/cms/cms_lcl.h | 471 + openssl/crypto/cms/cms_lib.c | 656 ++ openssl/crypto/cms/cms_pwri.c | 435 + openssl/crypto/cms/cms_sd.c | 957 ++ openssl/crypto/cms/cms_smime.c | 836 ++ openssl/crypto/comp/Makefile | 110 + openssl/crypto/comp/c_rle.c | 62 + openssl/crypto/comp/c_zlib.c | 763 ++ openssl/crypto/comp/comp.h | 83 + openssl/crypto/comp/comp_err.c | 98 + openssl/crypto/comp/comp_lib.c | 66 + openssl/crypto/conf/Makefile | 154 + openssl/crypto/conf/README | 73 + openssl/crypto/conf/cnf_save.c | 104 + openssl/crypto/conf/conf.h | 267 + openssl/crypto/conf/conf_api.c | 305 + openssl/crypto/conf/conf_api.h | 89 + openssl/crypto/conf/conf_def.c | 706 ++ openssl/crypto/conf/conf_def.h | 181 + openssl/crypto/conf/conf_err.c | 133 + openssl/crypto/conf/conf_lib.c | 391 + openssl/crypto/conf/conf_mall.c | 81 + openssl/crypto/conf/conf_mod.c | 601 + openssl/crypto/conf/conf_sap.c | 99 + openssl/crypto/conf/keysets.pl | 187 + openssl/crypto/conf/ssleay.cnf | 78 + openssl/crypto/conf/test.c | 97 + openssl/crypto/constant_time_locl.h | 211 + openssl/crypto/constant_time_test.c | 304 + openssl/crypto/cpt_err.c | 104 + openssl/crypto/cryptlib.c | 1030 ++ openssl/crypto/cryptlib.h | 111 + openssl/crypto/crypto-lib.com | 1537 +++ openssl/crypto/crypto.h | 661 ++ openssl/crypto/cversion.c | 107 + openssl/crypto/des/COPYRIGHT | 50 + openssl/crypto/des/DES.pm | 19 + openssl/crypto/des/DES.xs | 268 + openssl/crypto/des/FILES0 | 96 + openssl/crypto/des/INSTALL | 69 + openssl/crypto/des/Imakefile | 35 + openssl/crypto/des/KERBEROS | 41 + openssl/crypto/des/Makefile | 283 + openssl/crypto/des/README | 54 + openssl/crypto/des/VERSION | 412 + openssl/crypto/des/asm/crypt586.pl | 209 + openssl/crypto/des/asm/des-586.pl | 455 + openssl/crypto/des/asm/des_enc.m4 | 2101 ++++ openssl/crypto/des/asm/desboth.pl | 79 + openssl/crypto/des/asm/dest4-sparcv9.pl | 617 + openssl/crypto/des/asm/readme | 131 + openssl/crypto/des/cbc3_enc.c | 95 + openssl/crypto/des/cbc_cksm.c | 103 + openssl/crypto/des/cbc_enc.c | 61 + openssl/crypto/des/cfb64ede.c | 249 + openssl/crypto/des/cfb64enc.c | 122 + openssl/crypto/des/cfb_enc.c | 199 + openssl/crypto/des/des-lib.com | 1005 ++ openssl/crypto/des/des.c | 868 ++ openssl/crypto/des/des.h | 257 + openssl/crypto/des/des.pod | 217 + openssl/crypto/des/des3s.cpp | 67 + openssl/crypto/des/des_enc.c | 389 + openssl/crypto/des/des_locl.h | 443 + openssl/crypto/des/des_old.c | 345 + openssl/crypto/des/des_old.h | 497 + openssl/crypto/des/des_old2.c | 80 + openssl/crypto/des/des_opts.c | 641 ++ openssl/crypto/des/des_ver.h | 73 + openssl/crypto/des/dess.cpp | 67 + openssl/crypto/des/destest.c | 929 ++ openssl/crypto/des/ecb3_enc.c | 82 + openssl/crypto/des/ecb_enc.c | 124 + openssl/crypto/des/ede_cbcm_enc.c | 189 + openssl/crypto/des/enc_read.c | 235 + openssl/crypto/des/enc_writ.c | 182 + openssl/crypto/des/fcrypt.c | 167 + openssl/crypto/des/fcrypt_b.c | 140 + openssl/crypto/des/makefile.bc | 50 + openssl/crypto/des/ncbc_enc.c | 154 + openssl/crypto/des/ofb64ede.c | 123 + openssl/crypto/des/ofb64enc.c | 109 + openssl/crypto/des/ofb_enc.c | 131 + openssl/crypto/des/options.txt | 39 + openssl/crypto/des/pcbc_enc.c | 115 + openssl/crypto/des/qud_cksm.c | 143 + openssl/crypto/des/rand_key.c | 67 + openssl/crypto/des/read2pwd.c | 140 + openssl/crypto/des/read_pwd.c | 533 + openssl/crypto/des/rpc_des.h | 130 + openssl/crypto/des/rpc_enc.c | 100 + openssl/crypto/des/rpw.c | 94 + openssl/crypto/des/set_key.c | 447 + openssl/crypto/des/speed.c | 299 + openssl/crypto/des/spr.h | 212 + openssl/crypto/des/str2key.c | 164 + openssl/crypto/des/times/486-50.sol | 16 + openssl/crypto/des/times/586-100.lnx | 20 + openssl/crypto/des/times/686-200.fre | 18 + openssl/crypto/des/times/aix.cc | 26 + openssl/crypto/des/times/alpha.cc | 18 + openssl/crypto/des/times/hpux.cc | 17 + openssl/crypto/des/times/sparc.gcc | 17 + openssl/crypto/des/times/usparc.cc | 31 + openssl/crypto/des/typemap | 34 + openssl/crypto/des/xcbc_enc.c | 216 + openssl/crypto/dh/Makefile | 204 + openssl/crypto/dh/dh.h | 393 + openssl/crypto/dh/dh1024.pem | 5 + openssl/crypto/dh/dh192.pem | 3 + openssl/crypto/dh/dh2048.pem | 16 + openssl/crypto/dh/dh4096.pem | 14 + openssl/crypto/dh/dh512.pem | 4 + openssl/crypto/dh/dh_ameth.c | 957 ++ openssl/crypto/dh/dh_asn1.c | 189 + openssl/crypto/dh/dh_check.c | 187 + openssl/crypto/dh/dh_depr.c | 82 + openssl/crypto/dh/dh_err.c | 126 + openssl/crypto/dh/dh_gen.c | 204 + openssl/crypto/dh/dh_kdf.c | 187 + openssl/crypto/dh/dh_key.c | 291 + openssl/crypto/dh/dh_lib.c | 263 + openssl/crypto/dh/dh_pmeth.c | 551 + openssl/crypto/dh/dh_prn.c | 79 + openssl/crypto/dh/dh_rfc5114.c | 285 + openssl/crypto/dh/dhtest.c | 643 ++ openssl/crypto/dh/example | 50 + openssl/crypto/dh/generate | 65 + openssl/crypto/dh/p1024.c | 92 + openssl/crypto/dh/p192.c | 80 + openssl/crypto/dh/p512.c | 85 + openssl/crypto/dsa/Makefile | 211 + openssl/crypto/dsa/README | 4 + openssl/crypto/dsa/dsa.h | 332 + openssl/crypto/dsa/dsa_ameth.c | 678 ++ openssl/crypto/dsa/dsa_asn1.c | 202 + openssl/crypto/dsa/dsa_depr.c | 113 + openssl/crypto/dsa/dsa_err.c | 133 + openssl/crypto/dsa/dsa_gen.c | 751 ++ openssl/crypto/dsa/dsa_key.c | 145 + openssl/crypto/dsa/dsa_lib.c | 329 + openssl/crypto/dsa/dsa_locl.h | 69 + openssl/crypto/dsa/dsa_ossl.c | 427 + openssl/crypto/dsa/dsa_pmeth.c | 312 + openssl/crypto/dsa/dsa_prn.c | 119 + openssl/crypto/dsa/dsa_sign.c | 110 + openssl/crypto/dsa/dsa_vrf.c | 75 + openssl/crypto/dsa/dsagen.c | 115 + openssl/crypto/dsa/dsatest.c | 268 + openssl/crypto/dsa/fips186a.txt | 122 + openssl/crypto/dso/Makefile | 152 + openssl/crypto/dso/README | 22 + openssl/crypto/dso/dso.h | 451 + openssl/crypto/dso/dso_beos.c | 253 + openssl/crypto/dso/dso_dl.c | 380 + openssl/crypto/dso/dso_dlfcn.c | 465 + openssl/crypto/dso/dso_err.c | 158 + openssl/crypto/dso/dso_lib.c | 448 + openssl/crypto/dso/dso_null.c | 92 + openssl/crypto/dso/dso_openssl.c | 83 + openssl/crypto/dso/dso_vms.c | 547 + openssl/crypto/dso/dso_win32.c | 788 ++ openssl/crypto/ebcdic.c | 284 + openssl/crypto/ebcdic.h | 26 + openssl/crypto/ec/Makefile | 274 + openssl/crypto/ec/asm/ecp_nistz256-avx2.pl | 2093 ++++ openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl | 3007 +++++ openssl/crypto/ec/ec.h | 1282 +++ openssl/crypto/ec/ec2_mult.c | 465 + openssl/crypto/ec/ec2_oct.c | 403 + openssl/crypto/ec/ec2_smpl.c | 798 ++ openssl/crypto/ec/ec_ameth.c | 965 ++ openssl/crypto/ec/ec_asn1.c | 1326 +++ openssl/crypto/ec/ec_check.c | 120 + openssl/crypto/ec/ec_curve.c | 3248 ++++++ openssl/crypto/ec/ec_cvt.c | 180 + openssl/crypto/ec/ec_err.c | 332 + openssl/crypto/ec/ec_key.c | 564 + openssl/crypto/ec/ec_lcl.h | 568 + openssl/crypto/ec/ec_lib.c | 1134 ++ openssl/crypto/ec/ec_mult.c | 913 ++ openssl/crypto/ec/ec_oct.c | 192 + openssl/crypto/ec/ec_pmeth.c | 530 + openssl/crypto/ec/ec_print.c | 179 + openssl/crypto/ec/eck_prn.c | 377 + openssl/crypto/ec/ecp_mont.c | 308 + openssl/crypto/ec/ecp_nist.c | 220 + openssl/crypto/ec/ecp_nistp224.c | 1769 +++ openssl/crypto/ec/ecp_nistp256.c | 2369 ++++ openssl/crypto/ec/ecp_nistp521.c | 2148 ++++ openssl/crypto/ec/ecp_nistputil.c | 218 + openssl/crypto/ec/ecp_nistz256.c | 1568 +++ openssl/crypto/ec/ecp_nistz256_table.c | 9533 +++++++++++++++ openssl/crypto/ec/ecp_oct.c | 428 + openssl/crypto/ec/ecp_smpl.c | 1418 +++ openssl/crypto/ec/ectest.c | 1870 +++ openssl/crypto/ecdh/Makefile | 126 + openssl/crypto/ecdh/ecdh.h | 134 + openssl/crypto/ecdh/ecdhtest.c | 580 + openssl/crypto/ecdh/ech_err.c | 98 + openssl/crypto/ecdh/ech_kdf.c | 111 + openssl/crypto/ecdh/ech_key.c | 81 + openssl/crypto/ecdh/ech_lib.c | 265 + openssl/crypto/ecdh/ech_locl.h | 104 + openssl/crypto/ecdh/ech_ossl.c | 220 + openssl/crypto/ecdsa/Makefile | 142 + openssl/crypto/ecdsa/ecdsa.h | 335 + openssl/crypto/ecdsa/ecdsatest.c | 556 + openssl/crypto/ecdsa/ecs_asn1.c | 67 + openssl/crypto/ecdsa/ecs_err.c | 107 + openssl/crypto/ecdsa/ecs_lib.c | 354 + openssl/crypto/ecdsa/ecs_locl.h | 120 + openssl/crypto/ecdsa/ecs_ossl.c | 464 + openssl/crypto/ecdsa/ecs_sign.c | 106 + openssl/crypto/ecdsa/ecs_vrf.c | 112 + openssl/crypto/engine/Makefile | 435 + openssl/crypto/engine/README | 211 + openssl/crypto/engine/eng_all.c | 136 + openssl/crypto/engine/eng_cnf.c | 242 + openssl/crypto/engine/eng_cryptodev.c | 1548 +++ openssl/crypto/engine/eng_ctrl.c | 385 + openssl/crypto/engine/eng_dyn.c | 570 + openssl/crypto/engine/eng_err.c | 181 + openssl/crypto/engine/eng_fat.c | 181 + openssl/crypto/engine/eng_init.c | 157 + openssl/crypto/engine/eng_int.h | 224 + openssl/crypto/engine/eng_lib.c | 347 + openssl/crypto/engine/eng_list.c | 405 + openssl/crypto/engine/eng_openssl.c | 402 + openssl/crypto/engine/eng_pkey.c | 186 + openssl/crypto/engine/eng_rdrand.c | 149 + openssl/crypto/engine/eng_table.c | 358 + openssl/crypto/engine/engine.h | 960 ++ openssl/crypto/engine/enginetest.c | 269 + openssl/crypto/engine/tb_asnmth.c | 246 + openssl/crypto/engine/tb_cipher.c | 143 + openssl/crypto/engine/tb_dh.c | 124 + openssl/crypto/engine/tb_digest.c | 143 + openssl/crypto/engine/tb_dsa.c | 124 + openssl/crypto/engine/tb_ecdh.c | 139 + openssl/crypto/engine/tb_ecdsa.c | 124 + openssl/crypto/engine/tb_pkmeth.c | 166 + openssl/crypto/engine/tb_rand.c | 124 + openssl/crypto/engine/tb_rsa.c | 124 + openssl/crypto/engine/tb_store.c | 129 + openssl/crypto/err/Makefile | 112 + openssl/crypto/err/err.c | 1148 ++ openssl/crypto/err/err.h | 389 + openssl/crypto/err/err_all.c | 168 + openssl/crypto/err/err_prn.c | 113 + openssl/crypto/err/openssl.ec | 98 + openssl/crypto/evp/Makefile | 795 ++ openssl/crypto/evp/bio_b64.c | 573 + openssl/crypto/evp/bio_enc.c | 437 + openssl/crypto/evp/bio_md.c | 272 + openssl/crypto/evp/bio_ok.c | 624 + openssl/crypto/evp/c_all.c | 85 + openssl/crypto/evp/c_allc.c | 241 + openssl/crypto/evp/c_alld.c | 114 + openssl/crypto/evp/digest.c | 408 + openssl/crypto/evp/e_aes.c | 2024 ++++ openssl/crypto/evp/e_aes_cbc_hmac_sha1.c | 1008 ++ openssl/crypto/evp/e_aes_cbc_hmac_sha256.c | 985 ++ openssl/crypto/evp/e_bf.c | 87 + openssl/crypto/evp/e_camellia.c | 394 + openssl/crypto/evp/e_cast.c | 89 + openssl/crypto/evp/e_des.c | 269 + openssl/crypto/evp/e_des3.c | 495 + openssl/crypto/evp/e_dsa.c | 69 + openssl/crypto/evp/e_idea.c | 119 + openssl/crypto/evp/e_null.c | 100 + openssl/crypto/evp/e_old.c | 164 + openssl/crypto/evp/e_rc2.c | 235 + openssl/crypto/evp/e_rc4.c | 133 + openssl/crypto/evp/e_rc4_hmac_md5.c | 312 + openssl/crypto/evp/e_rc5.c | 122 + openssl/crypto/evp/e_seed.c | 83 + openssl/crypto/evp/e_xcbc_d.c | 130 + openssl/crypto/evp/encode.c | 460 + openssl/crypto/evp/evp.h | 1536 +++ openssl/crypto/evp/evp_acnf.c | 73 + openssl/crypto/evp/evp_cnf.c | 118 + openssl/crypto/evp/evp_enc.c | 666 ++ openssl/crypto/evp/evp_err.c | 255 + openssl/crypto/evp/evp_extra_test.c | 489 + openssl/crypto/evp/evp_key.c | 195 + openssl/crypto/evp/evp_lib.c | 391 + openssl/crypto/evp/evp_locl.h | 373 + openssl/crypto/evp/evp_pbe.c | 312 + openssl/crypto/evp/evp_pkey.c | 229 + openssl/crypto/evp/evp_test.c | 598 + openssl/crypto/evp/evptests.txt | 401 + openssl/crypto/evp/m_dss.c | 104 + openssl/crypto/evp/m_dss1.c | 105 + openssl/crypto/evp/m_ecdsa.c | 154 + openssl/crypto/evp/m_md2.c | 106 + openssl/crypto/evp/m_md4.c | 108 + openssl/crypto/evp/m_md5.c | 107 + openssl/crypto/evp/m_mdc2.c | 108 + openssl/crypto/evp/m_null.c | 98 + openssl/crypto/evp/m_ripemd.c | 107 + openssl/crypto/evp/m_sha.c | 106 + openssl/crypto/evp/m_sha1.c | 235 + openssl/crypto/evp/m_sigver.c | 203 + openssl/crypto/evp/m_wp.c | 48 + openssl/crypto/evp/names.c | 215 + openssl/crypto/evp/openbsd_hw.c | 453 + openssl/crypto/evp/p5_crpt.c | 149 + openssl/crypto/evp/p5_crpt2.c | 334 + openssl/crypto/evp/p_dec.c | 87 + openssl/crypto/evp/p_enc.c | 87 + openssl/crypto/evp/p_lib.c | 464 + openssl/crypto/evp/p_open.c | 129 + openssl/crypto/evp/p_seal.c | 121 + openssl/crypto/evp/p_sign.c | 133 + openssl/crypto/evp/p_verify.c | 116 + openssl/crypto/evp/pmeth_fn.c | 348 + openssl/crypto/evp/pmeth_gn.c | 222 + openssl/crypto/evp/pmeth_lib.c | 589 + openssl/crypto/ex_data.c | 646 ++ openssl/crypto/fips_err.h | 223 + openssl/crypto/fips_ers.c | 7 + openssl/crypto/hmac/Makefile | 112 + openssl/crypto/hmac/hm_ameth.c | 167 + openssl/crypto/hmac/hm_pmeth.c | 262 + openssl/crypto/hmac/hmac.c | 268 + openssl/crypto/hmac/hmac.h | 109 + openssl/crypto/hmac/hmactest.c | 335 + openssl/crypto/ia64cpuid.S | 167 + openssl/crypto/idea/Makefile | 91 + openssl/crypto/idea/i_cbc.c | 171 + openssl/crypto/idea/i_cfb64.c | 123 + openssl/crypto/idea/i_ecb.c | 88 + openssl/crypto/idea/i_ofb64.c | 110 + openssl/crypto/idea/i_skey.c | 171 + openssl/crypto/idea/idea.h | 105 + openssl/crypto/idea/idea_lcl.h | 216 + openssl/crypto/idea/idea_spd.c | 283 + openssl/crypto/idea/ideatest.c | 232 + openssl/crypto/idea/version | 12 + openssl/crypto/install-crypto.com | 196 + openssl/crypto/jpake/Makefile | 66 + openssl/crypto/jpake/jpake.c | 516 + openssl/crypto/jpake/jpake.h | 128 + openssl/crypto/jpake/jpake_err.c | 108 + openssl/crypto/jpake/jpaketest.c | 185 + openssl/crypto/krb5/Makefile | 86 + openssl/crypto/krb5/krb5_asn.c | 162 + openssl/crypto/krb5/krb5_asn.h | 240 + openssl/crypto/lhash/Makefile | 90 + openssl/crypto/lhash/lh_stats.c | 246 + openssl/crypto/lhash/lh_test.c | 88 + openssl/crypto/lhash/lhash.c | 458 + openssl/crypto/lhash/lhash.h | 240 + openssl/crypto/lhash/num.pl | 17 + openssl/crypto/md2/Makefile | 91 + openssl/crypto/md2/md2.c | 119 + openssl/crypto/md2/md2.h | 94 + openssl/crypto/md2/md2_dgst.c | 224 + openssl/crypto/md2/md2_one.c | 96 + openssl/crypto/md2/md2test.c | 142 + openssl/crypto/md32_common.h | 436 + openssl/crypto/md4/Makefile | 91 + openssl/crypto/md4/md4.c | 121 + openssl/crypto/md4/md4.h | 119 + openssl/crypto/md4/md4_dgst.c | 199 + openssl/crypto/md4/md4_locl.h | 113 + openssl/crypto/md4/md4_one.c | 96 + openssl/crypto/md4/md4s.cpp | 78 + openssl/crypto/md4/md4test.c | 133 + openssl/crypto/md5/Makefile | 107 + openssl/crypto/md5/asm/md5-586.pl | 307 + openssl/crypto/md5/asm/md5-ia64.S | 992 ++ openssl/crypto/md5/asm/md5-sparcv9.pl | 430 + openssl/crypto/md5/asm/md5-x86_64.pl | 370 + openssl/crypto/md5/md5.c | 121 + openssl/crypto/md5/md5.h | 119 + openssl/crypto/md5/md5_dgst.c | 216 + openssl/crypto/md5/md5_locl.h | 133 + openssl/crypto/md5/md5_one.c | 96 + openssl/crypto/md5/md5s.cpp | 78 + openssl/crypto/md5/md5test.c | 138 + openssl/crypto/mdc2/Makefile | 95 + openssl/crypto/mdc2/mdc2.h | 94 + openssl/crypto/mdc2/mdc2_one.c | 76 + openssl/crypto/mdc2/mdc2dgst.c | 196 + openssl/crypto/mdc2/mdc2test.c | 146 + openssl/crypto/mem.c | 458 + openssl/crypto/mem_clr.c | 75 + openssl/crypto/mem_dbg.c | 830 ++ openssl/crypto/modes/Makefile | 160 + openssl/crypto/modes/asm/aesni-gcm-x86_64.pl | 1057 ++ openssl/crypto/modes/asm/ghash-alpha.pl | 460 + openssl/crypto/modes/asm/ghash-armv4.pl | 498 + openssl/crypto/modes/asm/ghash-ia64.pl | 463 + openssl/crypto/modes/asm/ghash-parisc.pl | 731 ++ openssl/crypto/modes/asm/ghash-s390x.pl | 260 + openssl/crypto/modes/asm/ghash-sparcv9.pl | 573 + openssl/crypto/modes/asm/ghash-x86.pl | 1393 +++ openssl/crypto/modes/asm/ghash-x86_64.pl | 1753 +++ openssl/crypto/modes/asm/ghashp8-ppc.pl | 234 + openssl/crypto/modes/asm/ghashv8-armx.pl | 409 + openssl/crypto/modes/cbc128.c | 207 + openssl/crypto/modes/ccm128.c | 479 + openssl/crypto/modes/cfb128.c | 254 + openssl/crypto/modes/ctr128.c | 263 + openssl/crypto/modes/cts128.c | 544 + openssl/crypto/modes/gcm128.c | 2371 ++++ openssl/crypto/modes/modes.h | 163 + openssl/crypto/modes/modes_lcl.h | 143 + openssl/crypto/modes/ofb128.c | 124 + openssl/crypto/modes/wrap128.c | 138 + openssl/crypto/modes/xts128.c | 204 + openssl/crypto/o_dir.c | 86 + openssl/crypto/o_dir.h | 55 + openssl/crypto/o_dir_test.c | 68 + openssl/crypto/o_fips.c | 96 + openssl/crypto/o_init.c | 86 + openssl/crypto/o_str.c | 116 + openssl/crypto/o_str.h | 69 + openssl/crypto/o_time.c | 477 + openssl/crypto/o_time.h | 70 + openssl/crypto/objects/Makefile | 132 + openssl/crypto/objects/o_names.c | 367 + openssl/crypto/objects/obj_dat.c | 801 ++ openssl/crypto/objects/obj_dat.h | 5319 +++++++++ openssl/crypto/objects/obj_dat.pl | 307 + openssl/crypto/objects/obj_err.c | 100 + openssl/crypto/objects/obj_lib.c | 135 + openssl/crypto/objects/obj_mac.h | 4194 +++++++ openssl/crypto/objects/obj_mac.num | 957 ++ openssl/crypto/objects/obj_xref.c | 222 + openssl/crypto/objects/obj_xref.h | 99 + openssl/crypto/objects/obj_xref.txt | 58 + openssl/crypto/objects/objects.README | 44 + openssl/crypto/objects/objects.h | 1143 ++ openssl/crypto/objects/objects.pl | 240 + openssl/crypto/objects/objects.txt | 1350 +++ openssl/crypto/objects/objxref.pl | 116 + openssl/crypto/ocsp/Makefile | 215 + openssl/crypto/ocsp/ocsp.h | 637 ++ openssl/crypto/ocsp/ocsp_asn.c | 183 + openssl/crypto/ocsp/ocsp_cl.c | 385 + openssl/crypto/ocsp/ocsp_err.c | 149 + openssl/crypto/ocsp/ocsp_ext.c | 566 + openssl/crypto/ocsp/ocsp_ht.c | 555 + openssl/crypto/ocsp/ocsp_lib.c | 290 + openssl/crypto/ocsp/ocsp_prn.c | 299 + openssl/crypto/ocsp/ocsp_srv.c | 271 + openssl/crypto/ocsp/ocsp_vfy.c | 454 + openssl/crypto/opensslconf.h | 265 + openssl/crypto/opensslconf.h.in | 154 + openssl/crypto/opensslv.h | 97 + openssl/crypto/ossl_typ.h | 213 + openssl/crypto/pariscid.pl | 225 + openssl/crypto/pem/Makefile | 261 + openssl/crypto/pem/message | 16 + openssl/crypto/pem/pem.h | 617 + openssl/crypto/pem/pem2.h | 70 + openssl/crypto/pem/pem_all.c | 427 + openssl/crypto/pem/pem_err.c | 169 + openssl/crypto/pem/pem_info.c | 394 + openssl/crypto/pem/pem_lib.c | 871 ++ openssl/crypto/pem/pem_oth.c | 86 + openssl/crypto/pem/pem_pk8.c | 259 + openssl/crypto/pem/pem_pkey.c | 293 + openssl/crypto/pem/pem_seal.c | 191 + openssl/crypto/pem/pem_sign.c | 101 + openssl/crypto/pem/pem_x509.c | 68 + openssl/crypto/pem/pem_xaux.c | 70 + openssl/crypto/pem/pkcs7.lis | 22 + openssl/crypto/pem/pvkfmt.c | 895 ++ openssl/crypto/perlasm/cbc.pl | 349 + openssl/crypto/perlasm/ppc-xlate.pl | 246 + openssl/crypto/perlasm/readme | 124 + openssl/crypto/perlasm/sparcv9_modes.pl | 1691 +++ openssl/crypto/perlasm/x86_64-xlate.pl | 1158 ++ openssl/crypto/perlasm/x86asm.pl | 298 + openssl/crypto/perlasm/x86gas.pl | 258 + openssl/crypto/perlasm/x86masm.pl | 200 + openssl/crypto/perlasm/x86nasm.pl | 179 + openssl/crypto/pkcs12/Makefile | 288 + openssl/crypto/pkcs12/p12_add.c | 258 + openssl/crypto/pkcs12/p12_asn.c | 125 + openssl/crypto/pkcs12/p12_attr.c | 147 + openssl/crypto/pkcs12/p12_crpt.c | 119 + openssl/crypto/pkcs12/p12_crt.c | 358 + openssl/crypto/pkcs12/p12_decr.c | 202 + openssl/crypto/pkcs12/p12_init.c | 92 + openssl/crypto/pkcs12/p12_key.c | 238 + openssl/crypto/pkcs12/p12_kiss.c | 299 + openssl/crypto/pkcs12/p12_mutl.c | 195 + openssl/crypto/pkcs12/p12_npas.c | 230 + openssl/crypto/pkcs12/p12_p8d.c | 70 + openssl/crypto/pkcs12/p12_p8e.c | 105 + openssl/crypto/pkcs12/p12_utl.c | 165 + openssl/crypto/pkcs12/pk12err.c | 149 + openssl/crypto/pkcs12/pkcs12.h | 342 + openssl/crypto/pkcs7/Makefile | 182 + openssl/crypto/pkcs7/bio_pk7.c | 70 + openssl/crypto/pkcs7/pk7_asn1.c | 251 + openssl/crypto/pkcs7/pk7_attr.c | 165 + openssl/crypto/pkcs7/pk7_dgst.c | 65 + openssl/crypto/pkcs7/pk7_doit.c | 1297 +++ openssl/crypto/pkcs7/pk7_enc.c | 75 + openssl/crypto/pkcs7/pk7_lib.c | 646 ++ openssl/crypto/pkcs7/pk7_mime.c | 96 + openssl/crypto/pkcs7/pk7_smime.c | 590 + openssl/crypto/pkcs7/pkcs7.h | 481 + openssl/crypto/pkcs7/pkcs7err.c | 207 + openssl/crypto/ppc_arch.h | 10 + openssl/crypto/ppccap.c | 159 + openssl/crypto/ppccpuid.pl | 148 + openssl/crypto/pqueue/Makefile | 85 + openssl/crypto/pqueue/pq_test.c | 94 + openssl/crypto/pqueue/pqueue.c | 235 + openssl/crypto/pqueue/pqueue.h | 99 + openssl/crypto/rand/Makefile | 166 + openssl/crypto/rand/md_rand.c | 592 + openssl/crypto/rand/rand.h | 150 + openssl/crypto/rand/rand_egd.c | 292 + openssl/crypto/rand/rand_err.c | 100 + openssl/crypto/rand/rand_lcl.h | 158 + openssl/crypto/rand/rand_lib.c | 300 + openssl/crypto/rand/rand_nw.c | 179 + openssl/crypto/rand/rand_os2.c | 170 + openssl/crypto/rand/rand_unix.c | 447 + openssl/crypto/rand/rand_vms.c | 180 + openssl/crypto/rand/rand_win.c | 752 ++ openssl/crypto/rand/randfile.c | 372 + openssl/crypto/rand/randtest.c | 209 + openssl/crypto/rc2/Makefile | 92 + openssl/crypto/rc2/rc2.h | 103 + openssl/crypto/rc2/rc2_cbc.c | 228 + openssl/crypto/rc2/rc2_ecb.c | 92 + openssl/crypto/rc2/rc2_locl.h | 155 + openssl/crypto/rc2/rc2_skey.c | 157 + openssl/crypto/rc2/rc2cfb64.c | 123 + openssl/crypto/rc2/rc2ofb64.c | 110 + openssl/crypto/rc2/rc2speed.c | 262 + openssl/crypto/rc2/rc2test.c | 274 + openssl/crypto/rc2/rrc2.doc | 219 + openssl/crypto/rc2/tab.c | 84 + openssl/crypto/rc2/version | 22 + openssl/crypto/rc4/Makefile | 127 + openssl/crypto/rc4/asm/rc4-586.pl | 414 + openssl/crypto/rc4/asm/rc4-ia64.pl | 755 ++ openssl/crypto/rc4/asm/rc4-md5-x86_64.pl | 632 + openssl/crypto/rc4/asm/rc4-parisc.pl | 314 + openssl/crypto/rc4/asm/rc4-s390x.pl | 234 + openssl/crypto/rc4/asm/rc4-x86_64.pl | 677 ++ openssl/crypto/rc4/rc4.c | 179 + openssl/crypto/rc4/rc4.h | 88 + openssl/crypto/rc4/rc4_enc.c | 334 + openssl/crypto/rc4/rc4_locl.h | 5 + openssl/crypto/rc4/rc4_skey.c | 116 + openssl/crypto/rc4/rc4_utl.c | 62 + openssl/crypto/rc4/rc4s.cpp | 73 + openssl/crypto/rc4/rc4speed.c | 239 + openssl/crypto/rc4/rc4test.c | 235 + openssl/crypto/rc4/rrc4.doc | 278 + openssl/crypto/rc5/Makefile | 96 + openssl/crypto/rc5/asm/rc5-586.pl | 110 + openssl/crypto/rc5/rc5.h | 115 + openssl/crypto/rc5/rc5_ecb.c | 83 + openssl/crypto/rc5/rc5_enc.c | 209 + openssl/crypto/rc5/rc5_locl.h | 207 + openssl/crypto/rc5/rc5_skey.c | 110 + openssl/crypto/rc5/rc5cfb64.c | 123 + openssl/crypto/rc5/rc5ofb64.c | 110 + openssl/crypto/rc5/rc5s.cpp | 70 + openssl/crypto/rc5/rc5speed.c | 265 + openssl/crypto/rc5/rc5test.c | 381 + openssl/crypto/ripemd/Makefile | 97 + openssl/crypto/ripemd/README | 15 + openssl/crypto/ripemd/asm/rips.cpp | 82 + openssl/crypto/ripemd/asm/rmd-586.pl | 591 + openssl/crypto/ripemd/ripemd.h | 105 + openssl/crypto/ripemd/rmd160.c | 121 + openssl/crypto/ripemd/rmd_dgst.c | 334 + openssl/crypto/ripemd/rmd_locl.h | 149 + openssl/crypto/ripemd/rmd_one.c | 77 + openssl/crypto/ripemd/rmdconst.h | 398 + openssl/crypto/ripemd/rmdtest.c | 143 + openssl/crypto/rsa/Makefile | 312 + openssl/crypto/rsa/rsa.h | 664 ++ openssl/crypto/rsa/rsa_ameth.c | 967 ++ openssl/crypto/rsa/rsa_asn1.c | 131 + openssl/crypto/rsa/rsa_chk.c | 191 + openssl/crypto/rsa/rsa_crpt.c | 247 + openssl/crypto/rsa/rsa_depr.c | 107 + openssl/crypto/rsa/rsa_eay.c | 904 ++ openssl/crypto/rsa/rsa_err.c | 247 + openssl/crypto/rsa/rsa_gen.c | 251 + openssl/crypto/rsa/rsa_lib.c | 337 + openssl/crypto/rsa/rsa_locl.h | 4 + openssl/crypto/rsa/rsa_none.c | 94 + openssl/crypto/rsa/rsa_null.c | 155 + openssl/crypto/rsa/rsa_oaep.c | 287 + openssl/crypto/rsa/rsa_pk1.c | 275 + openssl/crypto/rsa/rsa_pmeth.c | 790 ++ openssl/crypto/rsa/rsa_prn.c | 92 + openssl/crypto/rsa/rsa_pss.c | 290 + openssl/crypto/rsa/rsa_saos.c | 148 + openssl/crypto/rsa/rsa_sign.c | 301 + openssl/crypto/rsa/rsa_ssl.c | 149 + openssl/crypto/rsa/rsa_test.c | 339 + openssl/crypto/rsa/rsa_x931.c | 167 + openssl/crypto/s390xcap.c | 42 + openssl/crypto/s390xcpuid.S | 131 + openssl/crypto/seed/Makefile | 108 + openssl/crypto/seed/seed.c | 711 ++ openssl/crypto/seed/seed.h | 149 + openssl/crypto/seed/seed_cbc.c | 65 + openssl/crypto/seed/seed_cfb.c | 118 + openssl/crypto/seed/seed_ecb.c | 61 + openssl/crypto/seed/seed_locl.h | 115 + openssl/crypto/seed/seed_ofb.c | 117 + openssl/crypto/sha/Makefile | 177 + openssl/crypto/sha/asm/README | 1 + openssl/crypto/sha/asm/sha1-586.pl | 1476 +++ openssl/crypto/sha/asm/sha1-alpha.pl | 322 + openssl/crypto/sha/asm/sha1-armv4-large.pl | 683 ++ openssl/crypto/sha/asm/sha1-armv8.pl | 338 + openssl/crypto/sha/asm/sha1-ia64.pl | 305 + openssl/crypto/sha/asm/sha1-mb-x86_64.pl | 1574 +++ openssl/crypto/sha/asm/sha1-mips.pl | 450 + openssl/crypto/sha/asm/sha1-parisc.pl | 260 + openssl/crypto/sha/asm/sha1-ppc.pl | 344 + openssl/crypto/sha/asm/sha1-s390x.pl | 243 + openssl/crypto/sha/asm/sha1-sparcv9.pl | 427 + openssl/crypto/sha/asm/sha1-sparcv9a.pl | 601 + openssl/crypto/sha/asm/sha1-thumb.pl | 259 + openssl/crypto/sha/asm/sha1-x86_64.pl | 2067 ++++ openssl/crypto/sha/asm/sha256-586.pl | 1281 +++ openssl/crypto/sha/asm/sha256-armv4.pl | 713 ++ openssl/crypto/sha/asm/sha256-mb-x86_64.pl | 1560 +++ openssl/crypto/sha/asm/sha512-586.pl | 911 ++ openssl/crypto/sha/asm/sha512-armv4.pl | 609 + openssl/crypto/sha/asm/sha512-armv8.pl | 422 + openssl/crypto/sha/asm/sha512-ia64.pl | 685 ++ openssl/crypto/sha/asm/sha512-mips.pl | 510 + openssl/crypto/sha/asm/sha512-parisc.pl | 793 ++ openssl/crypto/sha/asm/sha512-ppc.pl | 792 ++ openssl/crypto/sha/asm/sha512-s390x.pl | 319 + openssl/crypto/sha/asm/sha512-sparcv9.pl | 850 ++ openssl/crypto/sha/asm/sha512-x86_64.pl | 2398 ++++ openssl/crypto/sha/asm/sha512p8-ppc.pl | 424 + openssl/crypto/sha/sha.c | 118 + openssl/crypto/sha/sha.h | 214 + openssl/crypto/sha/sha1.c | 121 + openssl/crypto/sha/sha1_one.c | 79 + openssl/crypto/sha/sha1dgst.c | 74 + openssl/crypto/sha/sha1test.c | 174 + openssl/crypto/sha/sha256.c | 387 + openssl/crypto/sha/sha256t.c | 158 + openssl/crypto/sha/sha512.c | 684 ++ openssl/crypto/sha/sha512t.c | 196 + openssl/crypto/sha/sha_dgst.c | 74 + openssl/crypto/sha/sha_locl.h | 500 + openssl/crypto/sha/sha_one.c | 79 + openssl/crypto/sha/shatest.c | 174 + openssl/crypto/sparc_arch.h | 101 + openssl/crypto/sparccpuid.S | 531 + openssl/crypto/sparcv9cap.c | 393 + openssl/crypto/srp/Makefile | 103 + openssl/crypto/srp/srp.h | 179 + openssl/crypto/srp/srp_grps.h | 528 + openssl/crypto/srp/srp_lcl.h | 84 + openssl/crypto/srp/srp_lib.c | 363 + openssl/crypto/srp/srp_vfy.c | 724 ++ openssl/crypto/srp/srptest.c | 155 + openssl/crypto/stack/Makefile | 86 + openssl/crypto/stack/safestack.h | 2672 +++++ openssl/crypto/stack/stack.c | 384 + openssl/crypto/stack/stack.h | 107 + openssl/crypto/store/Makefile | 114 + openssl/crypto/store/README | 95 + openssl/crypto/store/store.h | 658 ++ openssl/crypto/store/str_err.c | 258 + openssl/crypto/store/str_lib.c | 1772 +++ openssl/crypto/store/str_locl.h | 125 + openssl/crypto/store/str_mem.c | 383 + openssl/crypto/store/str_meth.c | 280 + openssl/crypto/symhacks.h | 516 + openssl/crypto/threads/README | 14 + openssl/crypto/threads/mttest.c | 1211 ++ openssl/crypto/threads/netware.bat | 79 + openssl/crypto/threads/profile.sh | 4 + openssl/crypto/threads/ptest.bat | 4 + openssl/crypto/threads/pthread.sh | 9 + openssl/crypto/threads/pthread2.sh | 6 + openssl/crypto/threads/pthreads-vms.com | 14 + openssl/crypto/threads/purify.sh | 4 + openssl/crypto/threads/solaris.sh | 4 + openssl/crypto/threads/th-lock.c | 389 + openssl/crypto/threads/win32.bat | 4 + openssl/crypto/ts/Makefile | 271 + openssl/crypto/ts/ts.h | 865 ++ openssl/crypto/ts/ts_asn1.c | 326 + openssl/crypto/ts/ts_conf.c | 491 + openssl/crypto/ts/ts_err.c | 188 + openssl/crypto/ts/ts_lib.c | 142 + openssl/crypto/ts/ts_req_print.c | 104 + openssl/crypto/ts/ts_req_utils.c | 232 + openssl/crypto/ts/ts_rsp_print.c | 281 + openssl/crypto/ts/ts_rsp_sign.c | 1020 ++ openssl/crypto/ts/ts_rsp_utils.c | 396 + openssl/crypto/ts/ts_rsp_verify.c | 746 ++ openssl/crypto/ts/ts_verify_ctx.c | 162 + openssl/crypto/txt_db/Makefile | 86 + openssl/crypto/txt_db/txt_db.c | 381 + openssl/crypto/txt_db/txt_db.h | 112 + openssl/crypto/ui/Makefile | 113 + openssl/crypto/ui/ui.h | 415 + openssl/crypto/ui/ui_compat.c | 69 + openssl/crypto/ui/ui_compat.h | 88 + openssl/crypto/ui/ui_err.c | 111 + openssl/crypto/ui/ui_lib.c | 878 ++ openssl/crypto/ui/ui_locl.h | 145 + openssl/crypto/ui/ui_openssl.c | 734 ++ openssl/crypto/ui/ui_util.c | 93 + openssl/crypto/uid.c | 88 + openssl/crypto/vms_rms.h | 50 + openssl/crypto/whrlpool/Makefile | 98 + openssl/crypto/whrlpool/asm/wp-mmx.pl | 495 + openssl/crypto/whrlpool/asm/wp-x86_64.pl | 593 + openssl/crypto/whrlpool/whrlpool.h | 41 + openssl/crypto/whrlpool/wp_block.c | 780 ++ openssl/crypto/whrlpool/wp_dgst.c | 258 + openssl/crypto/whrlpool/wp_locl.h | 3 + openssl/crypto/whrlpool/wp_test.c | 241 + openssl/crypto/x509/Makefile | 411 + openssl/crypto/x509/by_dir.c | 440 + openssl/crypto/x509/by_file.c | 277 + openssl/crypto/x509/verify_extra_test.c | 208 + openssl/crypto/x509/vpm_int.h | 70 + openssl/crypto/x509/x509.h | 1330 +++ openssl/crypto/x509/x509_att.c | 390 + openssl/crypto/x509/x509_cmp.c | 498 + openssl/crypto/x509/x509_d2.c | 109 + openssl/crypto/x509/x509_def.c | 92 + openssl/crypto/x509/x509_err.c | 188 + openssl/crypto/x509/x509_ext.c | 211 + openssl/crypto/x509/x509_lu.c | 710 ++ openssl/crypto/x509/x509_obj.c | 230 + openssl/crypto/x509/x509_r2x.c | 117 + openssl/crypto/x509/x509_req.c | 328 + openssl/crypto/x509/x509_set.c | 152 + openssl/crypto/x509/x509_trs.c | 318 + openssl/crypto/x509/x509_txt.c | 218 + openssl/crypto/x509/x509_v3.c | 284 + openssl/crypto/x509/x509_vfy.c | 2629 +++++ openssl/crypto/x509/x509_vfy.h | 652 ++ openssl/crypto/x509/x509_vpm.c | 662 ++ openssl/crypto/x509/x509cset.c | 167 + openssl/crypto/x509/x509name.c | 397 + openssl/crypto/x509/x509rset.c | 85 + openssl/crypto/x509/x509spki.c | 125 + openssl/crypto/x509/x509type.c | 127 + openssl/crypto/x509/x_all.c | 558 + openssl/crypto/x509v3/Makefile | 607 + openssl/crypto/x509v3/ext_dat.h | 136 + openssl/crypto/x509v3/pcy_cache.c | 269 + openssl/crypto/x509v3/pcy_data.c | 129 + openssl/crypto/x509v3/pcy_int.h | 217 + openssl/crypto/x509v3/pcy_lib.c | 167 + openssl/crypto/x509v3/pcy_map.c | 130 + openssl/crypto/x509v3/pcy_node.c | 190 + openssl/crypto/x509v3/pcy_tree.c | 831 ++ openssl/crypto/x509v3/tabtest.c | 92 + openssl/crypto/x509v3/v3_addr.c | 1350 +++ openssl/crypto/x509v3/v3_akey.c | 205 + openssl/crypto/x509v3/v3_akeya.c | 73 + openssl/crypto/x509v3/v3_alt.c | 611 + openssl/crypto/x509v3/v3_asid.c | 896 ++ openssl/crypto/x509v3/v3_bcons.c | 132 + openssl/crypto/x509v3/v3_bitst.c | 142 + openssl/crypto/x509v3/v3_conf.c | 534 + openssl/crypto/x509v3/v3_cpols.c | 491 + openssl/crypto/x509v3/v3_crld.c | 562 + openssl/crypto/x509v3/v3_enum.c | 100 + openssl/crypto/x509v3/v3_extku.c | 149 + openssl/crypto/x509v3/v3_genn.c | 250 + openssl/crypto/x509v3/v3_ia5.c | 119 + openssl/crypto/x509v3/v3_info.c | 210 + openssl/crypto/x509v3/v3_int.c | 92 + openssl/crypto/x509v3/v3_lib.c | 363 + openssl/crypto/x509v3/v3_ncons.c | 479 + openssl/crypto/x509v3/v3_ocsp.c | 312 + openssl/crypto/x509v3/v3_pci.c | 317 + openssl/crypto/x509v3/v3_pcia.c | 56 + openssl/crypto/x509v3/v3_pcons.c | 139 + openssl/crypto/x509v3/v3_pku.c | 114 + openssl/crypto/x509v3/v3_pmaps.c | 156 + openssl/crypto/x509v3/v3_prn.c | 259 + openssl/crypto/x509v3/v3_purp.c | 852 ++ openssl/crypto/x509v3/v3_scts.c | 334 + openssl/crypto/x509v3/v3_skey.c | 150 + openssl/crypto/x509v3/v3_sxnet.c | 273 + openssl/crypto/x509v3/v3_utl.c | 1351 +++ openssl/crypto/x509v3/v3conf.c | 129 + openssl/crypto/x509v3/v3err.c | 249 + openssl/crypto/x509v3/v3nametest.c | 346 + openssl/crypto/x509v3/v3prin.c | 99 + openssl/crypto/x509v3/x509v3.h | 1055 ++ openssl/crypto/x86_64cpuid.pl | 309 + openssl/crypto/x86cpuid.pl | 387 + openssl/demos/README | 9 + openssl/demos/asn1/README.ASN1 | 7 + openssl/demos/asn1/ocsp.c | 361 + openssl/demos/b64.c | 255 + openssl/demos/b64.pl | 20 + openssl/demos/bio/Makefile | 22 + openssl/demos/bio/README | 7 + openssl/demos/bio/accept.cnf | 13 + openssl/demos/bio/client-arg.c | 111 + openssl/demos/bio/client-conf.c | 120 + openssl/demos/bio/connect.cnf | 9 + openssl/demos/bio/saccept.c | 117 + openssl/demos/bio/sconnect.c | 113 + openssl/demos/bio/server-arg.c | 144 + openssl/demos/bio/server-conf.c | 138 + openssl/demos/bio/server.pem | 52 + openssl/demos/cms/cacert.pem | 18 + openssl/demos/cms/cakey.pem | 15 + openssl/demos/cms/cms_comp.c | 60 + openssl/demos/cms/cms_ddec.c | 89 + openssl/demos/cms/cms_dec.c | 78 + openssl/demos/cms/cms_denc.c | 98 + openssl/demos/cms/cms_enc.c | 92 + openssl/demos/cms/cms_sign.c | 88 + openssl/demos/cms/cms_sign2.c | 102 + openssl/demos/cms/cms_uncomp.c | 55 + openssl/demos/cms/cms_ver.c | 85 + openssl/demos/cms/comp.txt | 22 + openssl/demos/cms/encr.txt | 3 + openssl/demos/cms/sign.txt | 3 + openssl/demos/cms/signer.pem | 32 + openssl/demos/cms/signer2.pem | 32 + openssl/demos/easy_tls/Makefile | 123 + openssl/demos/easy_tls/README | 65 + openssl/demos/easy_tls/cacerts.pem | 18 + openssl/demos/easy_tls/cert.pem | 31 + openssl/demos/easy_tls/easy-tls.c | 1312 +++ openssl/demos/easy_tls/easy-tls.h | 60 + openssl/demos/easy_tls/test.c | 248 + openssl/demos/easy_tls/test.h | 10 + openssl/demos/engines/cluster_labs/Makefile | 114 + openssl/demos/engines/cluster_labs/cluster_labs.h | 33 + .../demos/engines/cluster_labs/hw_cluster_labs.c | 692 ++ .../demos/engines/cluster_labs/hw_cluster_labs.ec | 8 + .../engines/cluster_labs/hw_cluster_labs_err.c | 152 + .../engines/cluster_labs/hw_cluster_labs_err.h | 100 + openssl/demos/engines/ibmca/Makefile | 114 + openssl/demos/engines/ibmca/hw_ibmca.c | 900 ++ openssl/demos/engines/ibmca/hw_ibmca.ec | 8 + openssl/demos/engines/ibmca/hw_ibmca_err.c | 149 + openssl/demos/engines/ibmca/hw_ibmca_err.h | 103 + openssl/demos/engines/ibmca/ica_openssl_api.h | 183 + openssl/demos/engines/rsaref/Makefile | 135 + openssl/demos/engines/rsaref/README | 22 + openssl/demos/engines/rsaref/build.com | 105 + openssl/demos/engines/rsaref/rsaref.c | 713 ++ openssl/demos/engines/rsaref/rsaref.ec | 8 + openssl/demos/engines/rsaref/rsaref_err.c | 158 + openssl/demos/engines/rsaref/rsaref_err.h | 110 + openssl/demos/engines/zencod/Makefile | 114 + openssl/demos/engines/zencod/hw_zencod.c | 1809 +++ openssl/demos/engines/zencod/hw_zencod.ec | 8 + openssl/demos/engines/zencod/hw_zencod.h | 159 + openssl/demos/engines/zencod/hw_zencod_err.c | 147 + openssl/demos/engines/zencod/hw_zencod_err.h | 100 + openssl/demos/pkcs12/README | 3 + openssl/demos/pkcs12/pkread.c | 61 + openssl/demos/pkcs12/pkwrite.c | 46 + openssl/demos/prime/Makefile | 20 + openssl/demos/prime/prime.c | 102 + openssl/demos/privkey.pem | 9 + openssl/demos/selfsign.c | 176 + openssl/demos/sign/Makefile | 15 + openssl/demos/sign/cert.pem | 14 + openssl/demos/sign/key.pem | 9 + openssl/demos/sign/sig.txt | 158 + openssl/demos/sign/sign.c | 160 + openssl/demos/sign/sign.txt | 170 + openssl/demos/smime/cacert.pem | 18 + openssl/demos/smime/cakey.pem | 15 + openssl/demos/smime/encr.txt | 3 + openssl/demos/smime/sign.txt | 3 + openssl/demos/smime/signer.pem | 32 + openssl/demos/smime/signer2.pem | 32 + openssl/demos/smime/smdec.c | 78 + openssl/demos/smime/smenc.c | 92 + openssl/demos/smime/smsign.c | 88 + openssl/demos/smime/smsign2.c | 102 + openssl/demos/smime/smver.c | 85 + openssl/demos/spkigen.c | 172 + openssl/demos/ssl/cli.cpp | 110 + openssl/demos/ssl/inetdsrv.cpp | 98 + openssl/demos/ssl/serv.cpp | 152 + openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh | 98 + openssl/demos/ssltest-ecc/ECCcertgen.sh | 164 + openssl/demos/ssltest-ecc/README | 15 + openssl/demos/ssltest-ecc/RSAcertgen.sh | 121 + openssl/demos/ssltest-ecc/ssltest.sh | 188 + openssl/demos/state_machine/Makefile | 9 + openssl/demos/state_machine/state_machine.c | 407 + openssl/demos/tunala/A-client.pem | 84 + openssl/demos/tunala/A-server.pem | 84 + openssl/demos/tunala/CA.pem | 24 + openssl/demos/tunala/INSTALL | 107 + openssl/demos/tunala/Makefile | 41 + openssl/demos/tunala/Makefile.am | 7 + openssl/demos/tunala/README | 233 + openssl/demos/tunala/autogunk.sh | 25 + openssl/demos/tunala/autoungunk.sh | 19 + openssl/demos/tunala/breakage.c | 68 + openssl/demos/tunala/buffer.c | 236 + openssl/demos/tunala/cb.c | 173 + openssl/demos/tunala/configure.in | 29 + openssl/demos/tunala/ip.c | 149 + openssl/demos/tunala/sm.c | 164 + openssl/demos/tunala/test.sh | 107 + openssl/demos/tunala/tunala.c | 1183 ++ openssl/demos/tunala/tunala.h | 244 + openssl/demos/x509/README | 3 + openssl/demos/x509/mkcert.c | 169 + openssl/demos/x509/mkreq.c | 168 + openssl/doc/HOWTO/certificates.txt | 110 + openssl/doc/HOWTO/keys.txt | 72 + openssl/doc/HOWTO/proxy_certificates.txt | 306 + openssl/doc/README | 21 + openssl/doc/apps/CA.pl.pod | 179 + openssl/doc/apps/asn1parse.pod | 185 + openssl/doc/apps/c_rehash.pod | 114 + openssl/doc/apps/ca.pod | 696 ++ openssl/doc/apps/ciphers.pod | 645 ++ openssl/doc/apps/cms.pod | 664 ++ openssl/doc/apps/config.pod | 350 + openssl/doc/apps/crl.pod | 128 + openssl/doc/apps/crl2pkcs7.pod | 91 + openssl/doc/apps/dgst.pod | 208 + openssl/doc/apps/dhparam.pod | 149 + openssl/doc/apps/dsa.pod | 164 + openssl/doc/apps/dsaparam.pod | 110 + openssl/doc/apps/ec.pod | 190 + openssl/doc/apps/ecparam.pod | 179 + openssl/doc/apps/enc.pod | 333 + openssl/doc/apps/errstr.pod | 39 + openssl/doc/apps/gendsa.pod | 72 + openssl/doc/apps/genpkey.pod | 228 + openssl/doc/apps/genrsa.pod | 102 + openssl/doc/apps/nseq.pod | 70 + openssl/doc/apps/ocsp.pod | 401 + openssl/doc/apps/openssl.pod | 422 + openssl/doc/apps/passwd.pod | 82 + openssl/doc/apps/pkcs12.pod | 368 + openssl/doc/apps/pkcs7.pod | 105 + openssl/doc/apps/pkcs8.pod | 255 + openssl/doc/apps/pkey.pod | 135 + openssl/doc/apps/pkeyparam.pod | 69 + openssl/doc/apps/pkeyutl.pod | 235 + openssl/doc/apps/rand.pod | 55 + openssl/doc/apps/req.pod | 680 ++ openssl/doc/apps/rsa.pod | 210 + openssl/doc/apps/rsautl.pod | 183 + openssl/doc/apps/s_client.pod | 370 + openssl/doc/apps/s_server.pod | 423 + openssl/doc/apps/s_time.pod | 173 + openssl/doc/apps/sess_id.pod | 151 + openssl/doc/apps/smime.pod | 450 + openssl/doc/apps/speed.pod | 59 + openssl/doc/apps/spkac.pod | 133 + openssl/doc/apps/ts.pod | 594 + openssl/doc/apps/tsget.pod | 194 + openssl/doc/apps/verify.pod | 457 + openssl/doc/apps/version.pod | 65 + openssl/doc/apps/x509.pod | 890 ++ openssl/doc/apps/x509v3_config.pod | 529 + openssl/doc/c-indentation.el | 45 + openssl/doc/crypto/ASN1_OBJECT_new.pod | 45 + openssl/doc/crypto/ASN1_STRING_length.pod | 83 + openssl/doc/crypto/ASN1_STRING_new.pod | 46 + openssl/doc/crypto/ASN1_STRING_print_ex.pod | 96 + openssl/doc/crypto/ASN1_TIME_set.pod | 129 + openssl/doc/crypto/ASN1_generate_nconf.pod | 265 + openssl/doc/crypto/BIO_ctrl.pod | 128 + openssl/doc/crypto/BIO_f_base64.pod | 82 + openssl/doc/crypto/BIO_f_buffer.pod | 74 + openssl/doc/crypto/BIO_f_cipher.pod | 76 + openssl/doc/crypto/BIO_f_md.pod | 144 + openssl/doc/crypto/BIO_f_null.pod | 32 + openssl/doc/crypto/BIO_f_ssl.pod | 322 + openssl/doc/crypto/BIO_find_type.pod | 98 + openssl/doc/crypto/BIO_new.pod | 65 + openssl/doc/crypto/BIO_new_CMS.pod | 66 + openssl/doc/crypto/BIO_push.pod | 69 + openssl/doc/crypto/BIO_read.pod | 66 + openssl/doc/crypto/BIO_s_accept.pod | 195 + openssl/doc/crypto/BIO_s_bio.pod | 185 + openssl/doc/crypto/BIO_s_connect.pod | 192 + openssl/doc/crypto/BIO_s_fd.pod | 89 + openssl/doc/crypto/BIO_s_file.pod | 148 + openssl/doc/crypto/BIO_s_mem.pod | 115 + openssl/doc/crypto/BIO_s_null.pod | 37 + openssl/doc/crypto/BIO_s_socket.pod | 63 + openssl/doc/crypto/BIO_set_callback.pod | 108 + openssl/doc/crypto/BIO_should_retry.pod | 114 + openssl/doc/crypto/BN_BLINDING_new.pod | 115 + openssl/doc/crypto/BN_CTX_new.pod | 57 + openssl/doc/crypto/BN_CTX_start.pod | 52 + openssl/doc/crypto/BN_add.pod | 126 + openssl/doc/crypto/BN_add_word.pod | 61 + openssl/doc/crypto/BN_bn2bin.pod | 97 + openssl/doc/crypto/BN_cmp.pod | 48 + openssl/doc/crypto/BN_copy.pod | 34 + openssl/doc/crypto/BN_generate_prime.pod | 150 + openssl/doc/crypto/BN_mod_inverse.pod | 36 + openssl/doc/crypto/BN_mod_mul_montgomery.pod | 101 + openssl/doc/crypto/BN_mod_mul_reciprocal.pod | 81 + openssl/doc/crypto/BN_new.pod | 53 + openssl/doc/crypto/BN_num_bytes.pod | 57 + openssl/doc/crypto/BN_rand.pod | 63 + openssl/doc/crypto/BN_set_bit.pod | 66 + openssl/doc/crypto/BN_swap.pod | 23 + openssl/doc/crypto/BN_zero.pod | 59 + openssl/doc/crypto/CMS_add0_cert.pod | 66 + openssl/doc/crypto/CMS_add1_recipient_cert.pod | 62 + openssl/doc/crypto/CMS_add1_signer.pod | 101 + openssl/doc/crypto/CMS_compress.pod | 73 + openssl/doc/crypto/CMS_decrypt.pod | 79 + openssl/doc/crypto/CMS_encrypt.pod | 96 + openssl/doc/crypto/CMS_final.pod | 41 + openssl/doc/crypto/CMS_get0_RecipientInfos.pod | 120 + openssl/doc/crypto/CMS_get0_SignerInfos.pod | 81 + openssl/doc/crypto/CMS_get0_type.pod | 77 + openssl/doc/crypto/CMS_get1_ReceiptRequest.pod | 69 + openssl/doc/crypto/CMS_sign.pod | 121 + openssl/doc/crypto/CMS_sign_receipt.pod | 45 + openssl/doc/crypto/CMS_uncompress.pod | 54 + openssl/doc/crypto/CMS_verify.pod | 126 + openssl/doc/crypto/CMS_verify_receipt.pod | 47 + openssl/doc/crypto/CONF_modules_free.pod | 47 + openssl/doc/crypto/CONF_modules_load_file.pod | 137 + openssl/doc/crypto/CRYPTO_set_ex_data.pod | 53 + openssl/doc/crypto/DH_generate_key.pod | 50 + openssl/doc/crypto/DH_generate_parameters.pod | 82 + openssl/doc/crypto/DH_get_ex_new_index.pod | 36 + openssl/doc/crypto/DH_new.pod | 40 + openssl/doc/crypto/DH_set_method.pod | 129 + openssl/doc/crypto/DH_size.pod | 33 + openssl/doc/crypto/DSA_SIG_new.pod | 40 + openssl/doc/crypto/DSA_do_sign.pod | 47 + openssl/doc/crypto/DSA_dup_DH.pod | 36 + openssl/doc/crypto/DSA_generate_key.pod | 34 + openssl/doc/crypto/DSA_generate_parameters.pod | 121 + openssl/doc/crypto/DSA_get_ex_new_index.pod | 36 + openssl/doc/crypto/DSA_new.pod | 42 + openssl/doc/crypto/DSA_set_method.pod | 143 + openssl/doc/crypto/DSA_sign.pod | 66 + openssl/doc/crypto/DSA_size.pod | 33 + openssl/doc/crypto/EC_GFp_simple_method.pod | 60 + openssl/doc/crypto/EC_GROUP_copy.pod | 174 + openssl/doc/crypto/EC_GROUP_new.pod | 95 + openssl/doc/crypto/EC_KEY_new.pod | 108 + openssl/doc/crypto/EC_POINT_add.pod | 72 + openssl/doc/crypto/EC_POINT_new.pod | 128 + openssl/doc/crypto/ERR_GET_LIB.pod | 51 + openssl/doc/crypto/ERR_clear_error.pod | 29 + openssl/doc/crypto/ERR_error_string.pod | 73 + openssl/doc/crypto/ERR_get_error.pod | 79 + openssl/doc/crypto/ERR_load_crypto_strings.pod | 46 + openssl/doc/crypto/ERR_load_strings.pod | 54 + openssl/doc/crypto/ERR_print_errors.pod | 51 + openssl/doc/crypto/ERR_put_error.pod | 44 + openssl/doc/crypto/ERR_remove_state.pod | 45 + openssl/doc/crypto/ERR_set_mark.pod | 38 + openssl/doc/crypto/EVP_BytesToKey.pod | 70 + openssl/doc/crypto/EVP_DigestInit.pod | 282 + openssl/doc/crypto/EVP_DigestSignInit.pod | 87 + openssl/doc/crypto/EVP_DigestVerifyInit.pod | 83 + openssl/doc/crypto/EVP_EncodeInit.pod | 127 + openssl/doc/crypto/EVP_EncryptInit.pod | 594 + openssl/doc/crypto/EVP_OpenInit.pod | 63 + openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod | 134 + openssl/doc/crypto/EVP_PKEY_CTX_new.pod | 52 + openssl/doc/crypto/EVP_PKEY_cmp.pod | 63 + openssl/doc/crypto/EVP_PKEY_decrypt.pod | 93 + openssl/doc/crypto/EVP_PKEY_derive.pod | 93 + openssl/doc/crypto/EVP_PKEY_encrypt.pod | 99 + openssl/doc/crypto/EVP_PKEY_get_default_digest.pod | 41 + openssl/doc/crypto/EVP_PKEY_keygen.pod | 161 + openssl/doc/crypto/EVP_PKEY_new.pod | 47 + openssl/doc/crypto/EVP_PKEY_print_private.pod | 53 + openssl/doc/crypto/EVP_PKEY_set1_RSA.pod | 80 + openssl/doc/crypto/EVP_PKEY_sign.pod | 106 + openssl/doc/crypto/EVP_PKEY_verify.pod | 91 + openssl/doc/crypto/EVP_PKEY_verify_recover.pod | 103 + openssl/doc/crypto/EVP_SealInit.pod | 85 + openssl/doc/crypto/EVP_SignInit.pod | 107 + openssl/doc/crypto/EVP_VerifyInit.pod | 95 + openssl/doc/crypto/OBJ_nid2obj.pod | 170 + openssl/doc/crypto/OPENSSL_Applink.pod | 21 + openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod | 101 + openssl/doc/crypto/OPENSSL_config.pod | 63 + openssl/doc/crypto/OPENSSL_ia32cap.pod | 96 + openssl/doc/crypto/OPENSSL_instrument_bus.pod | 42 + .../doc/crypto/OPENSSL_load_builtin_modules.pod | 51 + openssl/doc/crypto/OpenSSL_add_all_algorithms.pod | 66 + openssl/doc/crypto/PEM_write_bio_CMS_stream.pod | 41 + openssl/doc/crypto/PEM_write_bio_PKCS7_stream.pod | 41 + openssl/doc/crypto/PKCS12_create.pod | 75 + openssl/doc/crypto/PKCS12_parse.pod | 57 + openssl/doc/crypto/PKCS7_decrypt.pod | 55 + openssl/doc/crypto/PKCS7_encrypt.pod | 80 + openssl/doc/crypto/PKCS7_sign.pod | 116 + openssl/doc/crypto/PKCS7_sign_add_signer.pod | 87 + openssl/doc/crypto/PKCS7_verify.pod | 118 + openssl/doc/crypto/RAND_add.pod | 77 + openssl/doc/crypto/RAND_bytes.pod | 50 + openssl/doc/crypto/RAND_cleanup.pod | 29 + openssl/doc/crypto/RAND_egd.pod | 88 + openssl/doc/crypto/RAND_load_file.pod | 53 + openssl/doc/crypto/RAND_set_rand_method.pod | 83 + openssl/doc/crypto/RSA_blinding_on.pod | 43 + openssl/doc/crypto/RSA_check_key.pod | 67 + openssl/doc/crypto/RSA_generate_key.pod | 80 + openssl/doc/crypto/RSA_get_ex_new_index.pod | 120 + openssl/doc/crypto/RSA_new.pod | 41 + .../doc/crypto/RSA_padding_add_PKCS1_type_1.pod | 124 + openssl/doc/crypto/RSA_print.pod | 49 + openssl/doc/crypto/RSA_private_encrypt.pod | 70 + openssl/doc/crypto/RSA_public_encrypt.pod | 84 + openssl/doc/crypto/RSA_set_method.pod | 206 + openssl/doc/crypto/RSA_sign.pod | 66 + openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod | 59 + openssl/doc/crypto/RSA_size.pod | 33 + openssl/doc/crypto/SMIME_read_CMS.pod | 70 + openssl/doc/crypto/SMIME_read_PKCS7.pod | 73 + openssl/doc/crypto/SMIME_write_CMS.pod | 64 + openssl/doc/crypto/SMIME_write_PKCS7.pod | 65 + openssl/doc/crypto/SSLeay_version.pod | 74 + openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod | 74 + openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod | 116 + openssl/doc/crypto/X509_NAME_get_index_by_NID.pod | 118 + openssl/doc/crypto/X509_NAME_print_ex.pod | 107 + openssl/doc/crypto/X509_STORE_CTX_get_error.pod | 305 + .../doc/crypto/X509_STORE_CTX_get_ex_new_index.pod | 41 + openssl/doc/crypto/X509_STORE_CTX_new.pod | 127 + .../doc/crypto/X509_STORE_CTX_set_verify_cb.pod | 161 + .../doc/crypto/X509_STORE_set_verify_cb_func.pod | 54 + openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 244 + openssl/doc/crypto/X509_check_host.pod | 140 + openssl/doc/crypto/X509_new.pod | 39 + openssl/doc/crypto/X509_verify_cert.pod | 55 + openssl/doc/crypto/bio.pod | 54 + openssl/doc/crypto/blowfish.pod | 112 + openssl/doc/crypto/bn.pod | 181 + openssl/doc/crypto/bn_internal.pod | 238 + openssl/doc/crypto/buffer.pod | 76 + openssl/doc/crypto/crypto.pod | 85 + openssl/doc/crypto/d2i_ASN1_OBJECT.pod | 29 + openssl/doc/crypto/d2i_CMS_ContentInfo.pod | 29 + openssl/doc/crypto/d2i_DHparams.pod | 30 + openssl/doc/crypto/d2i_DSAPublicKey.pod | 83 + openssl/doc/crypto/d2i_ECPKParameters.pod | 84 + openssl/doc/crypto/d2i_ECPrivateKey.pod | 67 + openssl/doc/crypto/d2i_PKCS8PrivateKey.pod | 56 + openssl/doc/crypto/d2i_PrivateKey.pod | 59 + openssl/doc/crypto/d2i_RSAPublicKey.pod | 67 + openssl/doc/crypto/d2i_X509.pod | 272 + openssl/doc/crypto/d2i_X509_ALGOR.pod | 30 + openssl/doc/crypto/d2i_X509_CRL.pod | 37 + openssl/doc/crypto/d2i_X509_NAME.pod | 31 + openssl/doc/crypto/d2i_X509_REQ.pod | 36 + openssl/doc/crypto/d2i_X509_SIG.pod | 30 + openssl/doc/crypto/des.pod | 357 + openssl/doc/crypto/des_modes.pod | 255 + openssl/doc/crypto/dh.pod | 78 + openssl/doc/crypto/dsa.pod | 114 + openssl/doc/crypto/ec.pod | 201 + openssl/doc/crypto/ecdsa.pod | 206 + openssl/doc/crypto/engine.pod | 599 + openssl/doc/crypto/err.pod | 186 + openssl/doc/crypto/evp.pod | 108 + openssl/doc/crypto/hmac.pod | 110 + openssl/doc/crypto/i2d_CMS_bio_stream.pod | 44 + openssl/doc/crypto/i2d_PKCS7_bio_stream.pod | 44 + openssl/doc/crypto/lh_stats.pod | 60 + openssl/doc/crypto/lhash.pod | 302 + openssl/doc/crypto/md5.pod | 101 + openssl/doc/crypto/mdc2.pod | 64 + openssl/doc/crypto/pem.pod | 503 + openssl/doc/crypto/rand.pod | 175 + openssl/doc/crypto/rc4.pod | 62 + openssl/doc/crypto/ripemd.pod | 66 + openssl/doc/crypto/rsa.pod | 123 + openssl/doc/crypto/sha.pod | 104 + openssl/doc/crypto/threads.pod | 210 + openssl/doc/crypto/ui.pod | 194 + openssl/doc/crypto/ui_compat.pod | 57 + openssl/doc/crypto/x509.pod | 64 + openssl/doc/dir-locals.example.el | 15 + openssl/doc/fingerprints.txt | 63 + openssl/doc/openssl-c-indent.el | 62 + openssl/doc/openssl-shared.txt | 32 + openssl/doc/openssl.txt | 1254 ++ openssl/doc/ssl/SSL_CIPHER_get_name.pod | 132 + .../doc/ssl/SSL_COMP_add_compression_method.pod | 76 + openssl/doc/ssl/SSL_CONF_CTX_new.pod | 40 + openssl/doc/ssl/SSL_CONF_CTX_set1_prefix.pod | 49 + openssl/doc/ssl/SSL_CONF_CTX_set_flags.pod | 68 + openssl/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod | 47 + openssl/doc/ssl/SSL_CONF_cmd.pod | 439 + openssl/doc/ssl/SSL_CONF_cmd_argv.pod | 42 + openssl/doc/ssl/SSL_CTX_add1_chain_cert.pod | 150 + openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod | 71 + openssl/doc/ssl/SSL_CTX_add_session.pod | 73 + openssl/doc/ssl/SSL_CTX_ctrl.pod | 34 + openssl/doc/ssl/SSL_CTX_flush_sessions.pod | 49 + openssl/doc/ssl/SSL_CTX_free.pod | 41 + openssl/doc/ssl/SSL_CTX_get0_param.pod | 55 + openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod | 53 + openssl/doc/ssl/SSL_CTX_get_verify_mode.pod | 50 + openssl/doc/ssl/SSL_CTX_load_verify_locations.pod | 124 + openssl/doc/ssl/SSL_CTX_new.pod | 174 + openssl/doc/ssl/SSL_CTX_sess_number.pod | 76 + openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod | 53 + openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod | 87 + openssl/doc/ssl/SSL_CTX_sessions.pod | 34 + openssl/doc/ssl/SSL_CTX_set1_curves.pod | 103 + openssl/doc/ssl/SSL_CTX_set1_verify_cert_store.pod | 91 + openssl/doc/ssl/SSL_CTX_set_alpn_select_cb.pod | 126 + openssl/doc/ssl/SSL_CTX_set_cert_cb.pod | 68 + openssl/doc/ssl/SSL_CTX_set_cert_store.pod | 64 + .../doc/ssl/SSL_CTX_set_cert_verify_callback.pod | 75 + openssl/doc/ssl/SSL_CTX_set_cipher_list.pod | 74 + openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod | 94 + openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod | 94 + openssl/doc/ssl/SSL_CTX_set_custom_cli_ext.pod | 133 + openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod | 76 + .../doc/ssl/SSL_CTX_set_generate_session_id.pod | 150 + openssl/doc/ssl/SSL_CTX_set_info_callback.pod | 153 + openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod | 77 + openssl/doc/ssl/SSL_CTX_set_mode.pod | 101 + openssl/doc/ssl/SSL_CTX_set_msg_callback.pod | 99 + openssl/doc/ssl/SSL_CTX_set_options.pod | 355 + .../doc/ssl/SSL_CTX_set_psk_client_callback.pod | 81 + openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod | 63 + openssl/doc/ssl/SSL_CTX_set_read_ahead.pod | 51 + openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod | 137 + openssl/doc/ssl/SSL_CTX_set_session_id_context.pod | 83 + openssl/doc/ssl/SSL_CTX_set_ssl_version.pod | 61 + openssl/doc/ssl/SSL_CTX_set_timeout.pod | 59 + openssl/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod | 73 + .../doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod | 195 + openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 130 + openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 159 + openssl/doc/ssl/SSL_CTX_set_verify.pod | 294 + openssl/doc/ssl/SSL_CTX_use_certificate.pod | 165 + openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 106 + openssl/doc/ssl/SSL_CTX_use_serverinfo.pod | 54 + openssl/doc/ssl/SSL_SESSION_free.pod | 55 + openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod | 61 + openssl/doc/ssl/SSL_SESSION_get_time.pod | 64 + openssl/doc/ssl/SSL_accept.pod | 73 + openssl/doc/ssl/SSL_alert_type_string.pod | 233 + openssl/doc/ssl/SSL_check_chain.pod | 85 + openssl/doc/ssl/SSL_clear.pod | 75 + openssl/doc/ssl/SSL_connect.pod | 73 + openssl/doc/ssl/SSL_do_handshake.pod | 72 + openssl/doc/ssl/SSL_free.pod | 44 + openssl/doc/ssl/SSL_get_SSL_CTX.pod | 26 + openssl/doc/ssl/SSL_get_ciphers.pod | 42 + openssl/doc/ssl/SSL_get_client_CA_list.pod | 53 + openssl/doc/ssl/SSL_get_current_cipher.pod | 43 + openssl/doc/ssl/SSL_get_default_timeout.pod | 41 + openssl/doc/ssl/SSL_get_error.pod | 112 + .../doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod | 61 + openssl/doc/ssl/SSL_get_ex_new_index.pod | 59 + openssl/doc/ssl/SSL_get_fd.pod | 44 + openssl/doc/ssl/SSL_get_peer_cert_chain.pod | 52 + openssl/doc/ssl/SSL_get_peer_certificate.pod | 55 + openssl/doc/ssl/SSL_get_psk_identity.pod | 63 + openssl/doc/ssl/SSL_get_rbio.pod | 40 + openssl/doc/ssl/SSL_get_session.pod | 73 + openssl/doc/ssl/SSL_get_verify_result.pod | 57 + openssl/doc/ssl/SSL_get_version.pod | 54 + openssl/doc/ssl/SSL_library_init.pod | 57 + openssl/doc/ssl/SSL_load_client_CA_file.pod | 62 + openssl/doc/ssl/SSL_new.pod | 44 + openssl/doc/ssl/SSL_pending.pod | 45 + openssl/doc/ssl/SSL_read.pod | 120 + openssl/doc/ssl/SSL_rstate_string.pod | 59 + openssl/doc/ssl/SSL_session_reused.pod | 45 + openssl/doc/ssl/SSL_set_bio.pod | 34 + openssl/doc/ssl/SSL_set_connect_state.pod | 55 + openssl/doc/ssl/SSL_set_fd.pod | 54 + openssl/doc/ssl/SSL_set_session.pod | 57 + openssl/doc/ssl/SSL_set_shutdown.pod | 72 + openssl/doc/ssl/SSL_set_verify_result.pod | 38 + openssl/doc/ssl/SSL_shutdown.pod | 125 + openssl/doc/ssl/SSL_state_string.pod | 45 + openssl/doc/ssl/SSL_want.pod | 77 + openssl/doc/ssl/SSL_write.pod | 106 + openssl/doc/ssl/d2i_SSL_SESSION.pod | 76 + openssl/doc/ssl/ssl.pod | 814 ++ openssl/doc/ssleay.txt | 7030 ++++++++++++ openssl/doc/standards.txt | 285 + openssl/e_os.h | 782 ++ openssl/e_os2.h | 328 + openssl/engines/Makefile | 338 + openssl/engines/alpha.opt | 1 + openssl/engines/axp.opt | 1 + openssl/engines/capierr.bat | 1 + openssl/engines/ccgost/Makefile | 276 + openssl/engines/ccgost/README.gost | 300 + openssl/engines/ccgost/e_gost_err.c | 221 + openssl/engines/ccgost/e_gost_err.h | 158 + openssl/engines/ccgost/e_gost_err.proto | 61 + openssl/engines/ccgost/gost.ec | 5 + openssl/engines/ccgost/gost2001.c | 474 + openssl/engines/ccgost/gost2001_keyx.c | 294 + openssl/engines/ccgost/gost2001_keyx.h | 10 + openssl/engines/ccgost/gost89.c | 576 + openssl/engines/ccgost/gost89.h | 98 + openssl/engines/ccgost/gost94_keyx.c | 282 + openssl/engines/ccgost/gost_ameth.c | 957 ++ openssl/engines/ccgost/gost_asn1.c | 56 + openssl/engines/ccgost/gost_crypt.c | 623 + openssl/engines/ccgost/gost_ctl.c | 93 + openssl/engines/ccgost/gost_eng.c | 281 + openssl/engines/ccgost/gost_keywrap.c | 106 + openssl/engines/ccgost/gost_keywrap.h | 56 + openssl/engines/ccgost/gost_lcl.h | 229 + openssl/engines/ccgost/gost_md.c | 76 + openssl/engines/ccgost/gost_params.c | 207 + openssl/engines/ccgost/gost_params.h | 34 + openssl/engines/ccgost/gost_pmeth.c | 625 + openssl/engines/ccgost/gost_sign.c | 373 + openssl/engines/ccgost/gosthash.c | 268 + openssl/engines/ccgost/gosthash.h | 52 + openssl/engines/ccgost/gostsum.c | 187 + openssl/engines/e_4758cca.c | 960 ++ openssl/engines/e_4758cca.ec | 1 + openssl/engines/e_4758cca_err.c | 153 + openssl/engines/e_4758cca_err.h | 98 + openssl/engines/e_aep.c | 1167 ++ openssl/engines/e_aep.ec | 1 + openssl/engines/e_aep_err.c | 159 + openssl/engines/e_aep_err.h | 106 + openssl/engines/e_atalla.c | 626 + openssl/engines/e_atalla.ec | 1 + openssl/engines/e_atalla_err.c | 145 + openssl/engines/e_atalla_err.h | 94 + openssl/engines/e_capi.c | 1893 +++ openssl/engines/e_capi.ec | 1 + openssl/engines/e_capi_err.c | 187 + openssl/engines/e_capi_err.h | 129 + openssl/engines/e_chil.c | 1366 +++ openssl/engines/e_chil.ec | 1 + openssl/engines/e_chil_err.c | 157 + openssl/engines/e_chil_err.h | 105 + openssl/engines/e_cswift.c | 1103 ++ openssl/engines/e_cswift.ec | 1 + openssl/engines/e_cswift_err.c | 150 + openssl/engines/e_cswift_err.h | 99 + openssl/engines/e_gmp.c | 492 + openssl/engines/e_gmp.ec | 1 + openssl/engines/e_gmp_err.c | 137 + openssl/engines/e_gmp_err.h | 86 + openssl/engines/e_nuron.c | 436 + openssl/engines/e_nuron.ec | 1 + openssl/engines/e_nuron_err.c | 142 + openssl/engines/e_nuron_err.h | 91 + openssl/engines/e_padlock.c | 1266 ++ openssl/engines/e_padlock.ec | 1 + openssl/engines/e_sureware.c | 1101 ++ openssl/engines/e_sureware.ec | 1 + openssl/engines/e_sureware_err.c | 154 + openssl/engines/e_sureware_err.h | 104 + openssl/engines/e_ubsec.c | 1085 ++ openssl/engines/e_ubsec.ec | 1 + openssl/engines/e_ubsec_err.c | 154 + openssl/engines/e_ubsec_err.h | 102 + openssl/engines/engine_vector.mar | 24 + openssl/engines/ia64.opt | 1 + openssl/engines/makeengines.com | 1140 ++ openssl/engines/vax.opt | 9 + openssl/engines/vendor_defns/aep.h | 235 + openssl/engines/vendor_defns/atalla.h | 44 + openssl/engines/vendor_defns/cswift.h | 235 + openssl/engines/vendor_defns/hw_4758_cca.h | 150 + openssl/engines/vendor_defns/hw_ubsec.h | 124 + openssl/engines/vendor_defns/hwcryptohook.h | 502 + openssl/engines/vendor_defns/sureware.h | 250 + openssl/install.com | 136 + openssl/makevms.com | 1556 +++ openssl/ms/.rnd | Bin 0 -> 1024 bytes openssl/ms/32all.bat | 20 + openssl/ms/README | 13 + openssl/ms/applink.c | 129 + openssl/ms/bcb4.bat | 6 + openssl/ms/certCA.srl | 1 + openssl/ms/certCA.ss | 10 + openssl/ms/certU.ss | 10 + openssl/ms/cmp.pl | 47 + openssl/ms/do_ms.bat | 11 + openssl/ms/do_nasm.bat | 8 + openssl/ms/do_nt.bat | 7 + openssl/ms/do_win64a.bat | 19 + openssl/ms/do_win64i.bat | 9 + openssl/ms/keyCA.ss | 9 + openssl/ms/keyU.ss | 9 + openssl/ms/mingw32.bat | 90 + openssl/ms/mw.bat | 26 + openssl/ms/req2CA.ss | 29 + openssl/ms/reqCA.ss | 8 + openssl/ms/reqU.ss | 8 + openssl/ms/speed32.bat | 37 + openssl/ms/tenc.bat | 14 + openssl/ms/tencce.bat | 19 + openssl/ms/test.bat | 185 + openssl/ms/testce.bat | 234 + openssl/ms/testce2.bat | 2 + openssl/ms/testenc.bat | 94 + openssl/ms/testencce.bat | 97 + openssl/ms/testpem.bat | 32 + openssl/ms/testpemce.bat | 42 + openssl/ms/testss.bat | 98 + openssl/ms/testssce.bat | 104 + openssl/ms/tlhelp32.h | 136 + openssl/ms/tpem.bat | 6 + openssl/ms/tpemce.bat | 8 + openssl/ms/uplink-common.pl | 22 + openssl/ms/uplink-ia64.pl | 50 + openssl/ms/uplink-x86.pl | 33 + openssl/ms/uplink-x86_64.pl | 65 + openssl/ms/uplink.c | 126 + openssl/ms/uplink.h | 29 + openssl/ms/uplink.pl | 204 + openssl/ms/x86asm.bat | 57 + openssl/openssl.doxy | 7 + openssl/openssl.spec | 212 + openssl/os2/OS2-EMX.cmd | 102 + openssl/os2/backwardify.pl | 32 + openssl/shlib/Makefile.hpux10-cc | 34 + openssl/shlib/README | 1 + openssl/shlib/hpux10-cc.sh | 92 + openssl/shlib/irix.sh | 7 + openssl/shlib/sco5-shared-gcc.sh | 48 + openssl/shlib/sco5-shared-installed | 28 + openssl/shlib/sco5-shared.sh | 48 + openssl/shlib/solaris-sc4.sh | 42 + openssl/shlib/solaris.sh | 36 + openssl/shlib/sun.sh | 8 + openssl/shlib/svr5-shared-gcc.sh | 48 + openssl/shlib/svr5-shared-installed | 27 + openssl/shlib/svr5-shared.sh | 48 + openssl/shlib/win32.bat | 18 + openssl/shlib/win32dll.bat | 13 + openssl/ssl/Makefile | 1123 ++ openssl/ssl/bad_dtls_test.c | 926 ++ openssl/ssl/bio_ssl.c | 591 + openssl/ssl/clienthellotest.c | 219 + openssl/ssl/d1_both.c | 1585 +++ openssl/ssl/d1_clnt.c | 870 ++ openssl/ssl/d1_lib.c | 588 + openssl/ssl/d1_meth.c | 90 + openssl/ssl/d1_pkt.c | 2020 ++++ openssl/ssl/d1_srtp.c | 448 + openssl/ssl/d1_srvr.c | 981 ++ openssl/ssl/dtls1.h | 272 + openssl/ssl/dtlstest.c | 147 + openssl/ssl/heartbeat_test.c | 474 + openssl/ssl/install-ssl.com | 136 + openssl/ssl/kssl.c | 2260 ++++ openssl/ssl/kssl.h | 197 + openssl/ssl/kssl_lcl.h | 88 + openssl/ssl/s23_clnt.c | 802 ++ openssl/ssl/s23_lib.c | 185 + openssl/ssl/s23_meth.c | 89 + openssl/ssl/s23_pkt.c | 119 + openssl/ssl/s23_srvr.c | 652 ++ openssl/ssl/s2_clnt.c | 1094 ++ openssl/ssl/s2_enc.c | 197 + openssl/ssl/s2_lib.c | 570 + openssl/ssl/s2_meth.c | 91 + openssl/ssl/s2_pkt.c | 731 ++ openssl/ssl/s2_srvr.c | 1167 ++ openssl/ssl/s3_both.c | 758 ++ openssl/ssl/s3_cbc.c | 820 ++ openssl/ssl/s3_clnt.c | 3781 ++++++ openssl/ssl/s3_enc.c | 978 ++ openssl/ssl/s3_lib.c | 4539 ++++++++ openssl/ssl/s3_meth.c | 74 + openssl/ssl/s3_pkt.c | 1766 +++ openssl/ssl/s3_srvr.c | 3651 ++++++ openssl/ssl/srtp.h | 147 + openssl/ssl/ssl-lib.com | 1229 ++ openssl/ssl/ssl.h | 3163 +++++ openssl/ssl/ssl2.h | 265 + openssl/ssl/ssl23.h | 84 + openssl/ssl/ssl3.h | 774 ++ openssl/ssl/ssl_algs.c | 155 + openssl/ssl/ssl_asn1.c | 639 ++ openssl/ssl/ssl_cert.c | 1262 ++ openssl/ssl/ssl_ciph.c | 2092 ++++ openssl/ssl/ssl_conf.c | 691 ++ openssl/ssl/ssl_err.c | 840 ++ openssl/ssl/ssl_err2.c | 69 + openssl/ssl/ssl_lib.c | 3569 ++++++ openssl/ssl/ssl_locl.h | 1495 +++ openssl/ssl/ssl_rsa.c | 1046 ++ openssl/ssl/ssl_sess.c | 1286 +++ openssl/ssl/ssl_stat.c | 1078 ++ openssl/ssl/ssl_task.c | 397 + openssl/ssl/ssl_txt.c | 262 + openssl/ssl/ssl_utst.c | 72 + openssl/ssl/ssltest.c | 3194 ++++++ openssl/ssl/sslv2conftest.c | 231 + openssl/ssl/t1_clnt.c | 90 + openssl/ssl/t1_enc.c | 1376 +++ openssl/ssl/t1_ext.c | 300 + openssl/ssl/t1_lib.c | 4550 ++++++++ openssl/ssl/t1_meth.c | 84 + openssl/ssl/t1_reneg.c | 292 + openssl/ssl/t1_srvr.c | 92 + openssl/ssl/t1_trce.c | 1266 ++ openssl/ssl/tls1.h | 810 ++ openssl/ssl/tls_srp.c | 542 + openssl/test/CAss.cnf | 76 + openssl/test/CAssdh.cnf | 24 + openssl/test/CAssdsa.cnf | 23 + openssl/test/CAssrsa.cnf | 24 + openssl/test/CAtsa.cnf | 163 + openssl/test/Makefile | 986 ++ openssl/test/P1ss.cnf | 37 + openssl/test/P2ss.cnf | 45 + openssl/test/Sssdsa.cnf | 27 + openssl/test/Sssrsa.cnf | 26 + openssl/test/Uss.cnf | 36 + openssl/test/VMSca-response.1 | 1 + openssl/test/VMSca-response.2 | 2 + openssl/test/asn1test.c | 21 + openssl/test/bctest | 111 + openssl/test/bctest.com | 152 + openssl/test/bntest.com | 76 + openssl/test/certs/bad.key | 27 + openssl/test/certs/bad.pem | 21 + openssl/test/certs/interCA.key | 27 + openssl/test/certs/interCA.pem | 21 + openssl/test/certs/leaf.key | 27 + openssl/test/certs/leaf.pem | 21 + openssl/test/certs/pss1.pem | 21 + openssl/test/certs/rootCA.key | 27 + openssl/test/certs/rootCA.pem | 21 + openssl/test/certs/roots.pem | 42 + openssl/test/certs/subinterCA-ss.pem | 21 + openssl/test/certs/subinterCA.key | 27 + openssl/test/certs/subinterCA.pem | 21 + openssl/test/certs/untrusted.pem | 42 + openssl/test/clean_test.com | 35 + openssl/test/cms-examples.pl | 409 + openssl/test/cms-test.pl | 622 + openssl/test/dummytest.c | 57 + openssl/test/evptests.txt | 401 + openssl/test/igetest.c | 484 + openssl/test/maketests.com | 1115 ++ openssl/test/methtest.c | 107 + openssl/test/ocsp-tests/D1.ors | 32 + openssl/test/ocsp-tests/D1_Cert_EE.pem | 38 + openssl/test/ocsp-tests/D1_Issuer_ICA.pem | 27 + openssl/test/ocsp-tests/D2.ors | 32 + openssl/test/ocsp-tests/D2_Cert_ICA.pem | 26 + openssl/test/ocsp-tests/D2_Issuer_Root.pem | 21 + openssl/test/ocsp-tests/D3.ors | 38 + openssl/test/ocsp-tests/D3_Cert_EE.pem | 31 + openssl/test/ocsp-tests/D3_Issuer_Root.pem | 83 + openssl/test/ocsp-tests/ISDOSC_D1.ors | 32 + openssl/test/ocsp-tests/ISDOSC_D2.ors | 32 + openssl/test/ocsp-tests/ISDOSC_D3.ors | 38 + openssl/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem | 27 + openssl/test/ocsp-tests/ISIC_D2_Issuer_Root.pem | 21 + openssl/test/ocsp-tests/ISIC_D3_Issuer_Root.pem | 41 + openssl/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem | 29 + openssl/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem | 23 + openssl/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem | 25 + openssl/test/ocsp-tests/ISOP_D1.ors | 32 + openssl/test/ocsp-tests/ISOP_D2.ors | 32 + openssl/test/ocsp-tests/ISOP_D3.ors | 38 + openssl/test/ocsp-tests/ISOP_ND1.ors | 10 + openssl/test/ocsp-tests/ISOP_ND2.ors | 10 + openssl/test/ocsp-tests/ISOP_ND3.ors | 10 + openssl/test/ocsp-tests/ND1.ors | 10 + openssl/test/ocsp-tests/ND1_Cert_EE.pem | 36 + openssl/test/ocsp-tests/ND1_Issuer_ICA.pem | 29 + openssl/test/ocsp-tests/ND2.ors | 10 + openssl/test/ocsp-tests/ND2_Cert_ICA.pem | 29 + openssl/test/ocsp-tests/ND2_Issuer_Root.pem | 23 + openssl/test/ocsp-tests/ND3.ors | 10 + openssl/test/ocsp-tests/ND3_Cert_EE.pem | 34 + openssl/test/ocsp-tests/ND3_Issuer_Root.pem | 25 + openssl/test/ocsp-tests/WIKH_D1.ors | 32 + openssl/test/ocsp-tests/WIKH_D2.ors | 32 + openssl/test/ocsp-tests/WIKH_D3.ors | 38 + openssl/test/ocsp-tests/WIKH_ND1.ors | 10 + openssl/test/ocsp-tests/WIKH_ND2.ors | 10 + openssl/test/ocsp-tests/WIKH_ND3.ors | 10 + openssl/test/ocsp-tests/WINH_D1.ors | 32 + openssl/test/ocsp-tests/WINH_D2.ors | 32 + openssl/test/ocsp-tests/WINH_D3.ors | 38 + openssl/test/ocsp-tests/WINH_ND1.ors | 10 + openssl/test/ocsp-tests/WINH_ND2.ors | 10 + openssl/test/ocsp-tests/WINH_ND3.ors | 10 + openssl/test/ocsp-tests/WKDOSC_D1.ors | 32 + openssl/test/ocsp-tests/WKDOSC_D2.ors | 32 + openssl/test/ocsp-tests/WKDOSC_D3.ors | 38 + openssl/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem | 27 + openssl/test/ocsp-tests/WKIC_D2_Issuer_Root.pem | 21 + openssl/test/ocsp-tests/WKIC_D3_Issuer_Root.pem | 41 + openssl/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem | 29 + openssl/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem | 23 + openssl/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem | 25 + openssl/test/ocsp-tests/WRID_D1.ors | 32 + openssl/test/ocsp-tests/WRID_D2.ors | 32 + openssl/test/ocsp-tests/WRID_D3.ors | 38 + openssl/test/ocsp-tests/WRID_ND1.ors | 10 + openssl/test/ocsp-tests/WRID_ND2.ors | 10 + openssl/test/ocsp-tests/WRID_ND3.ors | 10 + openssl/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem | 27 + openssl/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem | 21 + openssl/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem | 41 + openssl/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem | 29 + openssl/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem | 23 + openssl/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem | 25 + openssl/test/pkcs7-1.pem | 15 + openssl/test/pkcs7.pem | 54 + openssl/test/pkits-test.pl | 949 ++ openssl/test/r160test.c | 57 + openssl/test/serverinfo.pem | 16 + openssl/test/smcont.txt | 1 + openssl/test/smime-certs/ca.cnf | 66 + openssl/test/smime-certs/mksmime-certs.sh | 74 + openssl/test/smime-certs/smdh.pem | 33 + openssl/test/smime-certs/smdsa1.pem | 47 + openssl/test/smime-certs/smdsa2.pem | 47 + openssl/test/smime-certs/smdsa3.pem | 47 + openssl/test/smime-certs/smdsap.pem | 9 + openssl/test/smime-certs/smec1.pem | 22 + openssl/test/smime-certs/smec2.pem | 23 + openssl/test/smime-certs/smroot.pem | 49 + openssl/test/smime-certs/smrsa1.pem | 49 + openssl/test/smime-certs/smrsa2.pem | 49 + openssl/test/smime-certs/smrsa3.pem | 49 + openssl/test/ssltestlib.c | 687 ++ openssl/test/ssltestlib.h | 36 + openssl/test/tcrl | 78 + openssl/test/tcrl.com | 88 + openssl/test/test.cnf | 88 + openssl/test/test_padlock | 64 + openssl/test/testca | 51 + openssl/test/testca.com | 52 + openssl/test/testcrl.pem | 16 + openssl/test/testenc | 54 + openssl/test/testenc.com | 66 + openssl/test/testfipsssl | 117 + openssl/test/testgen | 44 + openssl/test/testgen.com | 58 + openssl/test/testp7.pem | 46 + openssl/test/testreq2.pem | 7 + openssl/test/testrsa.pem | 9 + openssl/test/tests.com | 420 + openssl/test/testsid.pem | 12 + openssl/test/testss | 163 + openssl/test/testss.com | 123 + openssl/test/testssl | 295 + openssl/test/testssl.com | 208 + openssl/test/testsslproxy | 10 + openssl/test/testtsa | 238 + openssl/test/testtsa.com | 255 + openssl/test/testutil.h | 118 + openssl/test/testx509.pem | 10 + openssl/test/times | 113 + openssl/test/tocsp | 147 + openssl/test/tocsp.com | 152 + openssl/test/tpkcs7 | 48 + openssl/test/tpkcs7.com | 59 + openssl/test/tpkcs7d | 41 + openssl/test/tpkcs7d.com | 52 + openssl/test/treq | 83 + openssl/test/treq.com | 88 + openssl/test/trsa | 83 + openssl/test/trsa.com | 99 + openssl/test/tsid | 78 + openssl/test/tsid.com | 88 + openssl/test/tverify.com | 65 + openssl/test/tx509 | 85 + openssl/test/tx509.com | 88 + openssl/test/v3-cert1.pem | 16 + openssl/test/v3-cert2.pem | 16 + openssl/tools/Makefile | 61 + openssl/tools/c89.sh | 15 + openssl/tools/c_hash | 9 + openssl/tools/c_info | 12 + openssl/tools/c_issuer | 10 + openssl/tools/c_name | 10 + openssl/tools/c_rehash | 210 + openssl/tools/c_rehash.in | 210 + openssl/util/FreeBSD.sh | 6 + openssl/util/add_cr.pl | 123 + openssl/util/bat.sh | 134 + openssl/util/ck_errf.pl | 64 + openssl/util/clean-depend.pl | 58 + openssl/util/copy-if-different.pl | 78 + openssl/util/copy.pl | 70 + openssl/util/cygwin.sh | 154 + openssl/util/deleof.pl | 7 + openssl/util/deltree.com | 34 + openssl/util/dirname.pl | 18 + openssl/util/do_ms.sh | 19 + openssl/util/domd | 46 + openssl/util/err-ins.pl | 33 + openssl/util/extract-names.pl | 26 + openssl/util/extract-section.pl | 12 + openssl/util/files.pl | 67 + openssl/util/fixNT.sh | 14 + openssl/util/indent.pro | 767 ++ openssl/util/install.sh | 108 + openssl/util/libeay.num | 4418 +++++++ openssl/util/mk1mf.pl | 1327 +++ openssl/util/mkbuildinf.pl | 35 + openssl/util/mkcerts.sh | 220 + openssl/util/mkdef.pl | 1561 +++ openssl/util/mkdir-p.pl | 34 + openssl/util/mkerr.pl | 833 ++ openssl/util/mkfiles.pl | 143 + openssl/util/mklink.pl | 75 + openssl/util/mkrc.pl | 71 + openssl/util/mkstack.pl | 194 + openssl/util/openssl-format-source | 148 + openssl/util/opensslwrap.sh | 26 + openssl/util/perlpath.pl | 35 + openssl/util/pl/BC-32.pl | 139 + openssl/util/pl/Mingw32.pl | 104 + openssl/util/pl/OS2-EMX.pl | 120 + openssl/util/pl/VC-32.pl | 423 + openssl/util/pl/linux.pl | 104 + openssl/util/pl/netware.pl | 532 + openssl/util/pl/ultrix.pl | 38 + openssl/util/pl/unix.pl | 442 + openssl/util/pod2man.pl | 1184 ++ openssl/util/pod2mantest | 58 + openssl/util/pod2mantest.pod | 15 + openssl/util/point.sh | 10 + openssl/util/selftest.pl | 202 + openssl/util/shlib_wrap.sh | 106 + openssl/util/sp-diff.pl | 80 + openssl/util/speed.sh | 39 + openssl/util/src-dep.pl | 147 + openssl/util/ssleay.num | 370 + openssl/util/su-filter.pl | 260 + openssl/util/tab_num.pl | 17 + openssl/util/toutf8.sh | 17 + openssl/util/x86asm.sh | 42 + 2279 files changed, 733527 insertions(+) create mode 100644 openssl/ACKNOWLEDGMENTS create mode 100644 openssl/CHANGES create mode 100644 openssl/CHANGES.SSLeay create mode 100644 openssl/CONTRIBUTING create mode 100755 openssl/Configure create mode 100644 openssl/FAQ create mode 100755 openssl/GitConfigure create mode 100755 openssl/GitMake create mode 100644 openssl/INSTALL create mode 100644 openssl/INSTALL.DJGPP create mode 100644 openssl/INSTALL.MacOS create mode 100644 openssl/INSTALL.NW create mode 100644 openssl/INSTALL.OS2 create mode 100644 openssl/INSTALL.VMS create mode 100644 openssl/INSTALL.W32 create mode 100644 openssl/INSTALL.W64 create mode 100644 openssl/INSTALL.WCE create mode 100644 openssl/LICENSE create mode 100644 openssl/MacOS/GUSI_Init.cpp create mode 100644 openssl/MacOS/GetHTTPS.src/CPStringUtils.cpp create mode 100644 openssl/MacOS/GetHTTPS.src/CPStringUtils.hpp create mode 100644 openssl/MacOS/GetHTTPS.src/ErrorHandling.cpp create mode 100644 openssl/MacOS/GetHTTPS.src/ErrorHandling.hpp create mode 100644 openssl/MacOS/GetHTTPS.src/GetHTTPS.cpp create mode 100644 openssl/MacOS/GetHTTPS.src/MacSocket.cpp create mode 100644 openssl/MacOS/GetHTTPS.src/MacSocket.h create mode 100644 openssl/MacOS/OpenSSL.mcp.hqx create mode 100644 openssl/MacOS/Randomizer.cpp create mode 100644 openssl/MacOS/Randomizer.h create mode 100644 openssl/MacOS/TODO create mode 100644 openssl/MacOS/_MWERKS_GUSI_prefix.h create mode 100644 openssl/MacOS/_MWERKS_prefix.h create mode 100644 openssl/MacOS/buildinf.h create mode 100644 openssl/MacOS/mklinks.as.hqx create mode 100644 openssl/MacOS/opensslconf.h create mode 100644 openssl/Makefile create mode 100644 openssl/Makefile.bak create mode 100644 openssl/Makefile.org create mode 100644 openssl/Makefile.shared create mode 100644 openssl/NEWS create mode 100644 openssl/Netware/build.bat create mode 100644 openssl/Netware/cpy_tests.bat create mode 100644 openssl/Netware/do_tests.pl create mode 100644 openssl/Netware/globals.txt create mode 100644 openssl/Netware/readme.txt create mode 100644 openssl/Netware/set_env.bat create mode 100644 openssl/PROBLEMS create mode 100644 openssl/README create mode 100644 openssl/README.ASN1 create mode 100644 openssl/README.ENGINE create mode 100644 openssl/VMS/TODO create mode 100644 openssl/VMS/VMSify-conf.pl create mode 100644 openssl/VMS/WISHLIST.TXT create mode 100755 openssl/VMS/install-vms.com create mode 100644 openssl/VMS/mkshared.com create mode 100644 openssl/VMS/multinet_shr.opt create mode 100755 openssl/VMS/openssl_startup.com create mode 100755 openssl/VMS/openssl_undo.com create mode 100644 openssl/VMS/openssl_utils.com create mode 100644 openssl/VMS/socketshr_shr.opt create mode 100644 openssl/VMS/tcpip_shr_decc.opt create mode 100644 openssl/VMS/test-includes.com create mode 100644 openssl/VMS/ucx_shr_decc.opt create mode 100644 openssl/VMS/ucx_shr_decc_log.opt create mode 100644 openssl/VMS/ucx_shr_vaxc.opt create mode 100644 openssl/apps/CA.com create mode 100644 openssl/apps/CA.pl create mode 100644 openssl/apps/CA.pl.in create mode 100644 openssl/apps/CA.sh create mode 100644 openssl/apps/Makefile create mode 100644 openssl/apps/app_rand.c create mode 100644 openssl/apps/apps.c create mode 100644 openssl/apps/apps.h create mode 100644 openssl/apps/asn1pars.c create mode 100644 openssl/apps/ca-cert.srl create mode 100644 openssl/apps/ca-key.pem create mode 100644 openssl/apps/ca-req.pem create mode 100644 openssl/apps/ca.c create mode 100644 openssl/apps/cert.pem create mode 100644 openssl/apps/ciphers.c create mode 100644 openssl/apps/client.pem create mode 100644 openssl/apps/cms.c create mode 100644 openssl/apps/crl.c create mode 100644 openssl/apps/crl2p7.c create mode 100644 openssl/apps/demoCA/cacert.pem create mode 100644 openssl/apps/demoCA/index.txt create mode 100644 openssl/apps/demoCA/private/cakey.pem create mode 100644 openssl/apps/demoCA/serial create mode 100644 openssl/apps/demoSRP/srp_verifier.txt create mode 100644 openssl/apps/demoSRP/srp_verifier.txt.attr create mode 100644 openssl/apps/dgst.c create mode 100644 openssl/apps/dh.c create mode 100644 openssl/apps/dh1024.pem create mode 100644 openssl/apps/dh2048.pem create mode 100644 openssl/apps/dh4096.pem create mode 100644 openssl/apps/dh512.pem create mode 100644 openssl/apps/dhparam.c create mode 100644 openssl/apps/dsa-ca.pem create mode 100644 openssl/apps/dsa-pca.pem create mode 100644 openssl/apps/dsa.c create mode 100644 openssl/apps/dsa1024.pem create mode 100644 openssl/apps/dsa512.pem create mode 100644 openssl/apps/dsap.pem create mode 100644 openssl/apps/dsaparam.c create mode 100644 openssl/apps/ec.c create mode 100644 openssl/apps/ecparam.c create mode 100644 openssl/apps/enc.c create mode 100644 openssl/apps/engine.c create mode 100644 openssl/apps/errstr.c create mode 100644 openssl/apps/gendh.c create mode 100644 openssl/apps/gendsa.c create mode 100644 openssl/apps/genpkey.c create mode 100644 openssl/apps/genrsa.c create mode 100755 openssl/apps/install-apps.com create mode 100644 openssl/apps/makeapps.com create mode 100644 openssl/apps/nseq.c create mode 100644 openssl/apps/ocsp.c create mode 100644 openssl/apps/oid.cnf create mode 100644 openssl/apps/openssl-vms.cnf create mode 100644 openssl/apps/openssl.c create mode 100644 openssl/apps/openssl.cnf create mode 100644 openssl/apps/passwd.c create mode 100644 openssl/apps/pca-cert.srl create mode 100644 openssl/apps/pca-key.pem create mode 100644 openssl/apps/pca-req.pem create mode 100644 openssl/apps/pkcs12.c create mode 100644 openssl/apps/pkcs7.c create mode 100644 openssl/apps/pkcs8.c create mode 100644 openssl/apps/pkey.c create mode 100644 openssl/apps/pkeyparam.c create mode 100644 openssl/apps/pkeyutl.c create mode 100644 openssl/apps/prime.c create mode 100644 openssl/apps/privkey.pem create mode 100644 openssl/apps/progs.h create mode 100644 openssl/apps/progs.pl create mode 100644 openssl/apps/rand.c create mode 100644 openssl/apps/req.c create mode 100644 openssl/apps/req.pem create mode 100644 openssl/apps/rsa.c create mode 100644 openssl/apps/rsa8192.pem create mode 100644 openssl/apps/rsautl.c create mode 100644 openssl/apps/s1024key.pem create mode 100644 openssl/apps/s1024req.pem create mode 100644 openssl/apps/s512-key.pem create mode 100644 openssl/apps/s512-req.pem create mode 100644 openssl/apps/s_apps.h create mode 100644 openssl/apps/s_cb.c create mode 100644 openssl/apps/s_client.c create mode 100644 openssl/apps/s_server.c create mode 100644 openssl/apps/s_socket.c create mode 100644 openssl/apps/s_time.c create mode 100644 openssl/apps/server.pem create mode 100644 openssl/apps/server.srl create mode 100644 openssl/apps/server2.pem create mode 100644 openssl/apps/sess_id.c create mode 100644 openssl/apps/set/set-g-ca.pem create mode 100644 openssl/apps/set/set-m-ca.pem create mode 100644 openssl/apps/set/set_b_ca.pem create mode 100644 openssl/apps/set/set_c_ca.pem create mode 100644 openssl/apps/set/set_d_ct.pem create mode 100644 openssl/apps/set/set_root.pem create mode 100644 openssl/apps/smime.c create mode 100644 openssl/apps/speed.c create mode 100644 openssl/apps/spkac.c create mode 100644 openssl/apps/srp.c create mode 100644 openssl/apps/testCA.pem create mode 100644 openssl/apps/testdsa.h create mode 100644 openssl/apps/testrsa.h create mode 100644 openssl/apps/timeouts.h create mode 100644 openssl/apps/ts.c create mode 100644 openssl/apps/tsget create mode 100644 openssl/apps/verify.c create mode 100644 openssl/apps/version.c create mode 100644 openssl/apps/vms_decc_init.c create mode 100755 openssl/apps/vms_term_sock.c create mode 100755 openssl/apps/vms_term_sock.h create mode 100644 openssl/apps/winrand.c create mode 100644 openssl/apps/x509.c create mode 100644 openssl/appveyor.yml create mode 100644 openssl/bugs/MS create mode 100644 openssl/bugs/SSLv3 create mode 100644 openssl/bugs/alpha.c create mode 100644 openssl/bugs/dggccbug.c create mode 100644 openssl/bugs/sgiccbug.c create mode 100644 openssl/bugs/sslref.dif create mode 100644 openssl/bugs/stream.c create mode 100644 openssl/bugs/ultrixcc.c create mode 100644 openssl/certs/README.RootCerts create mode 100644 openssl/certs/demo/ca-cert.pem create mode 100644 openssl/certs/demo/dsa-ca.pem create mode 100644 openssl/certs/demo/dsa-pca.pem create mode 100644 openssl/certs/demo/pca-cert.pem create mode 100644 openssl/certs/expired/ICE.crl create mode 100755 openssl/config create mode 100644 openssl/crypto/LPdir_nyi.c create mode 100644 openssl/crypto/LPdir_unix.c create mode 100644 openssl/crypto/LPdir_vms.c create mode 100644 openssl/crypto/LPdir_win.c create mode 100644 openssl/crypto/LPdir_win32.c create mode 100644 openssl/crypto/LPdir_wince.c create mode 100644 openssl/crypto/Makefile create mode 100644 openssl/crypto/aes/Makefile create mode 100644 openssl/crypto/aes/README create mode 100644 openssl/crypto/aes/aes.h create mode 100644 openssl/crypto/aes/aes_cbc.c create mode 100644 openssl/crypto/aes/aes_cfb.c create mode 100644 openssl/crypto/aes/aes_core.c create mode 100644 openssl/crypto/aes/aes_ctr.c create mode 100644 openssl/crypto/aes/aes_ecb.c create mode 100644 openssl/crypto/aes/aes_ige.c create mode 100644 openssl/crypto/aes/aes_locl.h create mode 100644 openssl/crypto/aes/aes_misc.c create mode 100644 openssl/crypto/aes/aes_ofb.c create mode 100644 openssl/crypto/aes/aes_wrap.c create mode 100644 openssl/crypto/aes/aes_x86core.c create mode 100755 openssl/crypto/aes/asm/aes-586.pl create mode 100644 openssl/crypto/aes/asm/aes-armv4.pl create mode 100644 openssl/crypto/aes/asm/aes-ia64.S create mode 100644 openssl/crypto/aes/asm/aes-mips.pl create mode 100644 openssl/crypto/aes/asm/aes-parisc.pl create mode 100644 openssl/crypto/aes/asm/aes-ppc.pl create mode 100644 openssl/crypto/aes/asm/aes-s390x.pl create mode 100755 openssl/crypto/aes/asm/aes-sparcv9.pl create mode 100755 openssl/crypto/aes/asm/aes-x86_64.pl create mode 100644 openssl/crypto/aes/asm/aesni-mb-x86_64.pl create mode 100644 openssl/crypto/aes/asm/aesni-sha1-x86_64.pl create mode 100644 openssl/crypto/aes/asm/aesni-sha256-x86_64.pl create mode 100644 openssl/crypto/aes/asm/aesni-x86.pl create mode 100644 openssl/crypto/aes/asm/aesni-x86_64.pl create mode 100755 openssl/crypto/aes/asm/aesp8-ppc.pl create mode 100644 openssl/crypto/aes/asm/aest4-sparcv9.pl create mode 100755 openssl/crypto/aes/asm/aesv8-armx.pl create mode 100644 openssl/crypto/aes/asm/bsaes-armv7.pl create mode 100644 openssl/crypto/aes/asm/bsaes-x86_64.pl create mode 100644 openssl/crypto/aes/asm/vpaes-ppc.pl create mode 100644 openssl/crypto/aes/asm/vpaes-x86.pl create mode 100644 openssl/crypto/aes/asm/vpaes-x86_64.pl create mode 100644 openssl/crypto/alphacpuid.pl create mode 100644 openssl/crypto/arm64cpuid.S create mode 100644 openssl/crypto/arm_arch.h create mode 100644 openssl/crypto/armcap.c create mode 100644 openssl/crypto/armv4cpuid.S create mode 100644 openssl/crypto/asn1/Makefile create mode 100644 openssl/crypto/asn1/a_bitstr.c create mode 100644 openssl/crypto/asn1/a_bool.c create mode 100644 openssl/crypto/asn1/a_bytes.c create mode 100644 openssl/crypto/asn1/a_d2i_fp.c create mode 100644 openssl/crypto/asn1/a_digest.c create mode 100644 openssl/crypto/asn1/a_dup.c create mode 100644 openssl/crypto/asn1/a_enum.c create mode 100644 openssl/crypto/asn1/a_gentm.c create mode 100644 openssl/crypto/asn1/a_i2d_fp.c create mode 100644 openssl/crypto/asn1/a_int.c create mode 100644 openssl/crypto/asn1/a_mbstr.c create mode 100644 openssl/crypto/asn1/a_object.c create mode 100644 openssl/crypto/asn1/a_octet.c create mode 100644 openssl/crypto/asn1/a_print.c create mode 100644 openssl/crypto/asn1/a_set.c create mode 100644 openssl/crypto/asn1/a_sign.c create mode 100644 openssl/crypto/asn1/a_strex.c create mode 100644 openssl/crypto/asn1/a_strnid.c create mode 100644 openssl/crypto/asn1/a_time.c create mode 100644 openssl/crypto/asn1/a_type.c create mode 100644 openssl/crypto/asn1/a_utctm.c create mode 100644 openssl/crypto/asn1/a_utf8.c create mode 100644 openssl/crypto/asn1/a_verify.c create mode 100644 openssl/crypto/asn1/ameth_lib.c create mode 100644 openssl/crypto/asn1/asn1.h create mode 100644 openssl/crypto/asn1/asn1_err.c create mode 100644 openssl/crypto/asn1/asn1_gen.c create mode 100644 openssl/crypto/asn1/asn1_lib.c create mode 100644 openssl/crypto/asn1/asn1_locl.h create mode 100644 openssl/crypto/asn1/asn1_mac.h create mode 100644 openssl/crypto/asn1/asn1_par.c create mode 100644 openssl/crypto/asn1/asn1t.h create mode 100644 openssl/crypto/asn1/asn_mime.c create mode 100644 openssl/crypto/asn1/asn_moid.c create mode 100644 openssl/crypto/asn1/asn_pack.c create mode 100644 openssl/crypto/asn1/bio_asn1.c create mode 100644 openssl/crypto/asn1/bio_ndef.c create mode 100644 openssl/crypto/asn1/charmap.h create mode 100644 openssl/crypto/asn1/charmap.pl create mode 100644 openssl/crypto/asn1/d2i_pr.c create mode 100644 openssl/crypto/asn1/d2i_pu.c create mode 100644 openssl/crypto/asn1/evp_asn1.c create mode 100644 openssl/crypto/asn1/f_enum.c create mode 100644 openssl/crypto/asn1/f_int.c create mode 100644 openssl/crypto/asn1/f_string.c create mode 100644 openssl/crypto/asn1/i2d_pr.c create mode 100644 openssl/crypto/asn1/i2d_pu.c create mode 100644 openssl/crypto/asn1/n_pkey.c create mode 100644 openssl/crypto/asn1/nsseq.c create mode 100644 openssl/crypto/asn1/p5_pbe.c create mode 100644 openssl/crypto/asn1/p5_pbev2.c create mode 100644 openssl/crypto/asn1/p8_pkey.c create mode 100644 openssl/crypto/asn1/t_bitst.c create mode 100644 openssl/crypto/asn1/t_crl.c create mode 100644 openssl/crypto/asn1/t_pkey.c create mode 100644 openssl/crypto/asn1/t_req.c create mode 100644 openssl/crypto/asn1/t_spki.c create mode 100644 openssl/crypto/asn1/t_x509.c create mode 100644 openssl/crypto/asn1/t_x509a.c create mode 100644 openssl/crypto/asn1/tasn_dec.c create mode 100644 openssl/crypto/asn1/tasn_enc.c create mode 100644 openssl/crypto/asn1/tasn_fre.c create mode 100644 openssl/crypto/asn1/tasn_new.c create mode 100644 openssl/crypto/asn1/tasn_prn.c create mode 100644 openssl/crypto/asn1/tasn_typ.c create mode 100644 openssl/crypto/asn1/tasn_utl.c create mode 100644 openssl/crypto/asn1/x_algor.c create mode 100644 openssl/crypto/asn1/x_attrib.c create mode 100644 openssl/crypto/asn1/x_bignum.c create mode 100644 openssl/crypto/asn1/x_crl.c create mode 100644 openssl/crypto/asn1/x_exten.c create mode 100644 openssl/crypto/asn1/x_info.c create mode 100644 openssl/crypto/asn1/x_long.c create mode 100644 openssl/crypto/asn1/x_name.c create mode 100644 openssl/crypto/asn1/x_nx509.c create mode 100644 openssl/crypto/asn1/x_pkey.c create mode 100644 openssl/crypto/asn1/x_pubkey.c create mode 100644 openssl/crypto/asn1/x_req.c create mode 100644 openssl/crypto/asn1/x_sig.c create mode 100644 openssl/crypto/asn1/x_spki.c create mode 100644 openssl/crypto/asn1/x_val.c create mode 100644 openssl/crypto/asn1/x_x509.c create mode 100644 openssl/crypto/asn1/x_x509a.c create mode 100644 openssl/crypto/bf/COPYRIGHT create mode 100644 openssl/crypto/bf/INSTALL create mode 100644 openssl/crypto/bf/Makefile create mode 100644 openssl/crypto/bf/README create mode 100644 openssl/crypto/bf/VERSION create mode 100644 openssl/crypto/bf/asm/bf-586.pl create mode 100644 openssl/crypto/bf/asm/bf-686.pl create mode 100644 openssl/crypto/bf/asm/readme create mode 100644 openssl/crypto/bf/bf_cbc.c create mode 100644 openssl/crypto/bf/bf_cfb64.c create mode 100644 openssl/crypto/bf/bf_ecb.c create mode 100644 openssl/crypto/bf/bf_enc.c create mode 100644 openssl/crypto/bf/bf_locl.h create mode 100644 openssl/crypto/bf/bf_ofb64.c create mode 100644 openssl/crypto/bf/bf_opts.c create mode 100644 openssl/crypto/bf/bf_pi.h create mode 100644 openssl/crypto/bf/bf_skey.c create mode 100644 openssl/crypto/bf/bfs.cpp create mode 100644 openssl/crypto/bf/bfspeed.c create mode 100644 openssl/crypto/bf/bftest.c create mode 100644 openssl/crypto/bf/blowfish.h create mode 100644 openssl/crypto/bio/Makefile create mode 100644 openssl/crypto/bio/b_dump.c create mode 100644 openssl/crypto/bio/b_print.c create mode 100644 openssl/crypto/bio/b_sock.c create mode 100644 openssl/crypto/bio/bf_buff.c create mode 100644 openssl/crypto/bio/bf_lbuf.c create mode 100644 openssl/crypto/bio/bf_nbio.c create mode 100644 openssl/crypto/bio/bf_null.c create mode 100644 openssl/crypto/bio/bio.h create mode 100644 openssl/crypto/bio/bio_cb.c create mode 100644 openssl/crypto/bio/bio_err.c create mode 100644 openssl/crypto/bio/bio_lcl.h create mode 100644 openssl/crypto/bio/bio_lib.c create mode 100644 openssl/crypto/bio/bss_acpt.c create mode 100644 openssl/crypto/bio/bss_bio.c create mode 100644 openssl/crypto/bio/bss_conn.c create mode 100644 openssl/crypto/bio/bss_dgram.c create mode 100644 openssl/crypto/bio/bss_fd.c create mode 100644 openssl/crypto/bio/bss_file.c create mode 100644 openssl/crypto/bio/bss_log.c create mode 100644 openssl/crypto/bio/bss_mem.c create mode 100644 openssl/crypto/bio/bss_null.c create mode 100644 openssl/crypto/bio/bss_rtcp.c create mode 100644 openssl/crypto/bio/bss_sock.c create mode 100644 openssl/crypto/bn/Makefile create mode 100644 openssl/crypto/bn/asm/README create mode 100644 openssl/crypto/bn/asm/alpha-mont.pl create mode 100644 openssl/crypto/bn/asm/armv4-gf2m.pl create mode 100644 openssl/crypto/bn/asm/armv4-mont.pl create mode 100644 openssl/crypto/bn/asm/bn-586.pl create mode 100644 openssl/crypto/bn/asm/co-586.pl create mode 100644 openssl/crypto/bn/asm/ia64-mont.pl create mode 100644 openssl/crypto/bn/asm/ia64.S create mode 100644 openssl/crypto/bn/asm/mips-mont.pl create mode 100644 openssl/crypto/bn/asm/mips.pl create mode 100644 openssl/crypto/bn/asm/mips3-mont.pl create mode 100644 openssl/crypto/bn/asm/mips3.s create mode 100644 openssl/crypto/bn/asm/pa-risc2.s create mode 100644 openssl/crypto/bn/asm/pa-risc2W.s create mode 100644 openssl/crypto/bn/asm/parisc-mont.pl create mode 100644 openssl/crypto/bn/asm/ppc-mont.pl create mode 100644 openssl/crypto/bn/asm/ppc.pl create mode 100644 openssl/crypto/bn/asm/ppc64-mont.pl create mode 100755 openssl/crypto/bn/asm/rsaz-avx2.pl create mode 100755 openssl/crypto/bn/asm/rsaz-x86_64.pl create mode 100644 openssl/crypto/bn/asm/s390x-gf2m.pl create mode 100644 openssl/crypto/bn/asm/s390x-mont.pl create mode 100755 openssl/crypto/bn/asm/s390x.S create mode 100755 openssl/crypto/bn/asm/sparct4-mont.pl create mode 100644 openssl/crypto/bn/asm/sparcv8.S create mode 100644 openssl/crypto/bn/asm/sparcv8plus.S create mode 100644 openssl/crypto/bn/asm/sparcv9-gf2m.pl create mode 100644 openssl/crypto/bn/asm/sparcv9-mont.pl create mode 100755 openssl/crypto/bn/asm/sparcv9a-mont.pl create mode 100644 openssl/crypto/bn/asm/via-mont.pl create mode 100644 openssl/crypto/bn/asm/vis3-mont.pl create mode 100644 openssl/crypto/bn/asm/vms.mar create mode 100644 openssl/crypto/bn/asm/x86-gf2m.pl create mode 100755 openssl/crypto/bn/asm/x86-mont.pl create mode 100644 openssl/crypto/bn/asm/x86.pl create mode 100644 openssl/crypto/bn/asm/x86/add.pl create mode 100644 openssl/crypto/bn/asm/x86/comba.pl create mode 100644 openssl/crypto/bn/asm/x86/div.pl create mode 100644 openssl/crypto/bn/asm/x86/f create mode 100644 openssl/crypto/bn/asm/x86/mul.pl create mode 100644 openssl/crypto/bn/asm/x86/mul_add.pl create mode 100644 openssl/crypto/bn/asm/x86/sqr.pl create mode 100644 openssl/crypto/bn/asm/x86/sub.pl create mode 100644 openssl/crypto/bn/asm/x86_64-gcc.c create mode 100644 openssl/crypto/bn/asm/x86_64-gf2m.pl create mode 100755 openssl/crypto/bn/asm/x86_64-mont.pl create mode 100755 openssl/crypto/bn/asm/x86_64-mont5.pl create mode 100644 openssl/crypto/bn/bn.h create mode 100644 openssl/crypto/bn/bn.mul create mode 100644 openssl/crypto/bn/bn_add.c create mode 100644 openssl/crypto/bn/bn_asm.c create mode 100644 openssl/crypto/bn/bn_blind.c create mode 100644 openssl/crypto/bn/bn_const.c create mode 100644 openssl/crypto/bn/bn_ctx.c create mode 100644 openssl/crypto/bn/bn_depr.c create mode 100644 openssl/crypto/bn/bn_div.c create mode 100644 openssl/crypto/bn/bn_err.c create mode 100644 openssl/crypto/bn/bn_exp.c create mode 100644 openssl/crypto/bn/bn_exp2.c create mode 100644 openssl/crypto/bn/bn_gcd.c create mode 100644 openssl/crypto/bn/bn_gf2m.c create mode 100644 openssl/crypto/bn/bn_kron.c create mode 100644 openssl/crypto/bn/bn_lcl.h create mode 100644 openssl/crypto/bn/bn_lib.c create mode 100644 openssl/crypto/bn/bn_mod.c create mode 100644 openssl/crypto/bn/bn_mont.c create mode 100644 openssl/crypto/bn/bn_mpi.c create mode 100644 openssl/crypto/bn/bn_mul.c create mode 100644 openssl/crypto/bn/bn_nist.c create mode 100644 openssl/crypto/bn/bn_prime.c create mode 100644 openssl/crypto/bn/bn_prime.h create mode 100644 openssl/crypto/bn/bn_prime.pl create mode 100644 openssl/crypto/bn/bn_print.c create mode 100644 openssl/crypto/bn/bn_rand.c create mode 100644 openssl/crypto/bn/bn_recp.c create mode 100644 openssl/crypto/bn/bn_shift.c create mode 100644 openssl/crypto/bn/bn_sqr.c create mode 100644 openssl/crypto/bn/bn_sqrt.c create mode 100644 openssl/crypto/bn/bn_word.c create mode 100644 openssl/crypto/bn/bn_x931p.c create mode 100644 openssl/crypto/bn/bnspeed.c create mode 100644 openssl/crypto/bn/bntest.c create mode 100644 openssl/crypto/bn/divtest.c create mode 100644 openssl/crypto/bn/exp.c create mode 100644 openssl/crypto/bn/expspeed.c create mode 100644 openssl/crypto/bn/exptest.c create mode 100644 openssl/crypto/bn/rsaz_exp.c create mode 100644 openssl/crypto/bn/rsaz_exp.h create mode 100644 openssl/crypto/bn/todo create mode 100644 openssl/crypto/bn/vms-helper.c create mode 100644 openssl/crypto/buffer/Makefile create mode 100644 openssl/crypto/buffer/buf_err.c create mode 100644 openssl/crypto/buffer/buf_str.c create mode 100644 openssl/crypto/buffer/buffer.c create mode 100644 openssl/crypto/buffer/buffer.h create mode 100644 openssl/crypto/camellia/Makefile create mode 100644 openssl/crypto/camellia/asm/cmll-x86.pl create mode 100644 openssl/crypto/camellia/asm/cmll-x86_64.pl create mode 100644 openssl/crypto/camellia/asm/cmllt4-sparcv9.pl create mode 100644 openssl/crypto/camellia/camellia.c create mode 100644 openssl/crypto/camellia/camellia.h create mode 100644 openssl/crypto/camellia/cmll_cbc.c create mode 100644 openssl/crypto/camellia/cmll_cfb.c create mode 100644 openssl/crypto/camellia/cmll_ctr.c create mode 100644 openssl/crypto/camellia/cmll_ecb.c create mode 100644 openssl/crypto/camellia/cmll_locl.h create mode 100644 openssl/crypto/camellia/cmll_misc.c create mode 100644 openssl/crypto/camellia/cmll_ofb.c create mode 100644 openssl/crypto/camellia/cmll_utl.c create mode 100644 openssl/crypto/cast/Makefile create mode 100644 openssl/crypto/cast/asm/cast-586.pl create mode 100644 openssl/crypto/cast/asm/readme create mode 100644 openssl/crypto/cast/c_cfb64.c create mode 100644 openssl/crypto/cast/c_ecb.c create mode 100644 openssl/crypto/cast/c_enc.c create mode 100644 openssl/crypto/cast/c_ofb64.c create mode 100644 openssl/crypto/cast/c_skey.c create mode 100644 openssl/crypto/cast/cast.h create mode 100644 openssl/crypto/cast/cast_lcl.h create mode 100644 openssl/crypto/cast/cast_s.h create mode 100644 openssl/crypto/cast/cast_spd.c create mode 100644 openssl/crypto/cast/castopts.c create mode 100644 openssl/crypto/cast/casts.cpp create mode 100644 openssl/crypto/cast/casttest.c create mode 100644 openssl/crypto/cmac/Makefile create mode 100644 openssl/crypto/cmac/cm_ameth.c create mode 100644 openssl/crypto/cmac/cm_pmeth.c create mode 100644 openssl/crypto/cmac/cmac.c create mode 100644 openssl/crypto/cmac/cmac.h create mode 100644 openssl/crypto/cms/Makefile create mode 100644 openssl/crypto/cms/cms.h create mode 100644 openssl/crypto/cms/cms_asn1.c create mode 100644 openssl/crypto/cms/cms_att.c create mode 100644 openssl/crypto/cms/cms_cd.c create mode 100644 openssl/crypto/cms/cms_dd.c create mode 100644 openssl/crypto/cms/cms_enc.c create mode 100644 openssl/crypto/cms/cms_env.c create mode 100644 openssl/crypto/cms/cms_err.c create mode 100644 openssl/crypto/cms/cms_ess.c create mode 100644 openssl/crypto/cms/cms_io.c create mode 100644 openssl/crypto/cms/cms_kari.c create mode 100644 openssl/crypto/cms/cms_lcl.h create mode 100644 openssl/crypto/cms/cms_lib.c create mode 100644 openssl/crypto/cms/cms_pwri.c create mode 100644 openssl/crypto/cms/cms_sd.c create mode 100644 openssl/crypto/cms/cms_smime.c create mode 100644 openssl/crypto/comp/Makefile create mode 100644 openssl/crypto/comp/c_rle.c create mode 100644 openssl/crypto/comp/c_zlib.c create mode 100644 openssl/crypto/comp/comp.h create mode 100644 openssl/crypto/comp/comp_err.c create mode 100644 openssl/crypto/comp/comp_lib.c create mode 100644 openssl/crypto/conf/Makefile create mode 100644 openssl/crypto/conf/README create mode 100644 openssl/crypto/conf/cnf_save.c create mode 100644 openssl/crypto/conf/conf.h create mode 100644 openssl/crypto/conf/conf_api.c create mode 100644 openssl/crypto/conf/conf_api.h create mode 100644 openssl/crypto/conf/conf_def.c create mode 100644 openssl/crypto/conf/conf_def.h create mode 100644 openssl/crypto/conf/conf_err.c create mode 100644 openssl/crypto/conf/conf_lib.c create mode 100644 openssl/crypto/conf/conf_mall.c create mode 100644 openssl/crypto/conf/conf_mod.c create mode 100644 openssl/crypto/conf/conf_sap.c create mode 100644 openssl/crypto/conf/keysets.pl create mode 100644 openssl/crypto/conf/ssleay.cnf create mode 100644 openssl/crypto/conf/test.c create mode 100644 openssl/crypto/constant_time_locl.h create mode 100644 openssl/crypto/constant_time_test.c create mode 100644 openssl/crypto/cpt_err.c create mode 100644 openssl/crypto/cryptlib.c create mode 100644 openssl/crypto/cryptlib.h create mode 100644 openssl/crypto/crypto-lib.com create mode 100644 openssl/crypto/crypto.h create mode 100644 openssl/crypto/cversion.c create mode 100644 openssl/crypto/des/COPYRIGHT create mode 100644 openssl/crypto/des/DES.pm create mode 100644 openssl/crypto/des/DES.xs create mode 100644 openssl/crypto/des/FILES0 create mode 100644 openssl/crypto/des/INSTALL create mode 100644 openssl/crypto/des/Imakefile create mode 100644 openssl/crypto/des/KERBEROS create mode 100644 openssl/crypto/des/Makefile create mode 100644 openssl/crypto/des/README create mode 100644 openssl/crypto/des/VERSION create mode 100644 openssl/crypto/des/asm/crypt586.pl create mode 100644 openssl/crypto/des/asm/des-586.pl create mode 100644 openssl/crypto/des/asm/des_enc.m4 create mode 100644 openssl/crypto/des/asm/desboth.pl create mode 100644 openssl/crypto/des/asm/dest4-sparcv9.pl create mode 100644 openssl/crypto/des/asm/readme create mode 100644 openssl/crypto/des/cbc3_enc.c create mode 100644 openssl/crypto/des/cbc_cksm.c create mode 100644 openssl/crypto/des/cbc_enc.c create mode 100644 openssl/crypto/des/cfb64ede.c create mode 100644 openssl/crypto/des/cfb64enc.c create mode 100644 openssl/crypto/des/cfb_enc.c create mode 100644 openssl/crypto/des/des-lib.com create mode 100644 openssl/crypto/des/des.c create mode 100644 openssl/crypto/des/des.h create mode 100644 openssl/crypto/des/des.pod create mode 100644 openssl/crypto/des/des3s.cpp create mode 100644 openssl/crypto/des/des_enc.c create mode 100644 openssl/crypto/des/des_locl.h create mode 100644 openssl/crypto/des/des_old.c create mode 100644 openssl/crypto/des/des_old.h create mode 100644 openssl/crypto/des/des_old2.c create mode 100644 openssl/crypto/des/des_opts.c create mode 100644 openssl/crypto/des/des_ver.h create mode 100644 openssl/crypto/des/dess.cpp create mode 100644 openssl/crypto/des/destest.c create mode 100644 openssl/crypto/des/ecb3_enc.c create mode 100644 openssl/crypto/des/ecb_enc.c create mode 100644 openssl/crypto/des/ede_cbcm_enc.c create mode 100644 openssl/crypto/des/enc_read.c create mode 100644 openssl/crypto/des/enc_writ.c create mode 100644 openssl/crypto/des/fcrypt.c create mode 100644 openssl/crypto/des/fcrypt_b.c create mode 100644 openssl/crypto/des/makefile.bc create mode 100644 openssl/crypto/des/ncbc_enc.c create mode 100644 openssl/crypto/des/ofb64ede.c create mode 100644 openssl/crypto/des/ofb64enc.c create mode 100644 openssl/crypto/des/ofb_enc.c create mode 100644 openssl/crypto/des/options.txt create mode 100644 openssl/crypto/des/pcbc_enc.c create mode 100644 openssl/crypto/des/qud_cksm.c create mode 100644 openssl/crypto/des/rand_key.c create mode 100644 openssl/crypto/des/read2pwd.c create mode 100644 openssl/crypto/des/read_pwd.c create mode 100644 openssl/crypto/des/rpc_des.h create mode 100644 openssl/crypto/des/rpc_enc.c create mode 100644 openssl/crypto/des/rpw.c create mode 100644 openssl/crypto/des/set_key.c create mode 100644 openssl/crypto/des/speed.c create mode 100644 openssl/crypto/des/spr.h create mode 100644 openssl/crypto/des/str2key.c create mode 100644 openssl/crypto/des/times/486-50.sol create mode 100644 openssl/crypto/des/times/586-100.lnx create mode 100644 openssl/crypto/des/times/686-200.fre create mode 100644 openssl/crypto/des/times/aix.cc create mode 100644 openssl/crypto/des/times/alpha.cc create mode 100644 openssl/crypto/des/times/hpux.cc create mode 100644 openssl/crypto/des/times/sparc.gcc create mode 100644 openssl/crypto/des/times/usparc.cc create mode 100644 openssl/crypto/des/typemap create mode 100644 openssl/crypto/des/xcbc_enc.c create mode 100644 openssl/crypto/dh/Makefile create mode 100644 openssl/crypto/dh/dh.h create mode 100644 openssl/crypto/dh/dh1024.pem create mode 100644 openssl/crypto/dh/dh192.pem create mode 100644 openssl/crypto/dh/dh2048.pem create mode 100644 openssl/crypto/dh/dh4096.pem create mode 100644 openssl/crypto/dh/dh512.pem create mode 100644 openssl/crypto/dh/dh_ameth.c create mode 100644 openssl/crypto/dh/dh_asn1.c create mode 100644 openssl/crypto/dh/dh_check.c create mode 100644 openssl/crypto/dh/dh_depr.c create mode 100644 openssl/crypto/dh/dh_err.c create mode 100644 openssl/crypto/dh/dh_gen.c create mode 100644 openssl/crypto/dh/dh_kdf.c create mode 100644 openssl/crypto/dh/dh_key.c create mode 100644 openssl/crypto/dh/dh_lib.c create mode 100644 openssl/crypto/dh/dh_pmeth.c create mode 100644 openssl/crypto/dh/dh_prn.c create mode 100644 openssl/crypto/dh/dh_rfc5114.c create mode 100644 openssl/crypto/dh/dhtest.c create mode 100644 openssl/crypto/dh/example create mode 100644 openssl/crypto/dh/generate create mode 100644 openssl/crypto/dh/p1024.c create mode 100644 openssl/crypto/dh/p192.c create mode 100644 openssl/crypto/dh/p512.c create mode 100644 openssl/crypto/dsa/Makefile create mode 100644 openssl/crypto/dsa/README create mode 100644 openssl/crypto/dsa/dsa.h create mode 100644 openssl/crypto/dsa/dsa_ameth.c create mode 100644 openssl/crypto/dsa/dsa_asn1.c create mode 100644 openssl/crypto/dsa/dsa_depr.c create mode 100644 openssl/crypto/dsa/dsa_err.c create mode 100644 openssl/crypto/dsa/dsa_gen.c create mode 100644 openssl/crypto/dsa/dsa_key.c create mode 100644 openssl/crypto/dsa/dsa_lib.c create mode 100644 openssl/crypto/dsa/dsa_locl.h create mode 100644 openssl/crypto/dsa/dsa_ossl.c create mode 100644 openssl/crypto/dsa/dsa_pmeth.c create mode 100644 openssl/crypto/dsa/dsa_prn.c create mode 100644 openssl/crypto/dsa/dsa_sign.c create mode 100644 openssl/crypto/dsa/dsa_vrf.c create mode 100644 openssl/crypto/dsa/dsagen.c create mode 100644 openssl/crypto/dsa/dsatest.c create mode 100644 openssl/crypto/dsa/fips186a.txt create mode 100644 openssl/crypto/dso/Makefile create mode 100644 openssl/crypto/dso/README create mode 100644 openssl/crypto/dso/dso.h create mode 100644 openssl/crypto/dso/dso_beos.c create mode 100644 openssl/crypto/dso/dso_dl.c create mode 100644 openssl/crypto/dso/dso_dlfcn.c create mode 100644 openssl/crypto/dso/dso_err.c create mode 100644 openssl/crypto/dso/dso_lib.c create mode 100644 openssl/crypto/dso/dso_null.c create mode 100644 openssl/crypto/dso/dso_openssl.c create mode 100644 openssl/crypto/dso/dso_vms.c create mode 100644 openssl/crypto/dso/dso_win32.c create mode 100644 openssl/crypto/ebcdic.c create mode 100644 openssl/crypto/ebcdic.h create mode 100644 openssl/crypto/ec/Makefile create mode 100755 openssl/crypto/ec/asm/ecp_nistz256-avx2.pl create mode 100755 openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl create mode 100644 openssl/crypto/ec/ec.h create mode 100644 openssl/crypto/ec/ec2_mult.c create mode 100644 openssl/crypto/ec/ec2_oct.c create mode 100644 openssl/crypto/ec/ec2_smpl.c create mode 100644 openssl/crypto/ec/ec_ameth.c create mode 100644 openssl/crypto/ec/ec_asn1.c create mode 100644 openssl/crypto/ec/ec_check.c create mode 100644 openssl/crypto/ec/ec_curve.c create mode 100644 openssl/crypto/ec/ec_cvt.c create mode 100644 openssl/crypto/ec/ec_err.c create mode 100644 openssl/crypto/ec/ec_key.c create mode 100644 openssl/crypto/ec/ec_lcl.h create mode 100644 openssl/crypto/ec/ec_lib.c create mode 100644 openssl/crypto/ec/ec_mult.c create mode 100644 openssl/crypto/ec/ec_oct.c create mode 100644 openssl/crypto/ec/ec_pmeth.c create mode 100644 openssl/crypto/ec/ec_print.c create mode 100644 openssl/crypto/ec/eck_prn.c create mode 100644 openssl/crypto/ec/ecp_mont.c create mode 100644 openssl/crypto/ec/ecp_nist.c create mode 100644 openssl/crypto/ec/ecp_nistp224.c create mode 100644 openssl/crypto/ec/ecp_nistp256.c create mode 100644 openssl/crypto/ec/ecp_nistp521.c create mode 100644 openssl/crypto/ec/ecp_nistputil.c create mode 100644 openssl/crypto/ec/ecp_nistz256.c create mode 100644 openssl/crypto/ec/ecp_nistz256_table.c create mode 100644 openssl/crypto/ec/ecp_oct.c create mode 100644 openssl/crypto/ec/ecp_smpl.c create mode 100644 openssl/crypto/ec/ectest.c create mode 100644 openssl/crypto/ecdh/Makefile create mode 100644 openssl/crypto/ecdh/ecdh.h create mode 100644 openssl/crypto/ecdh/ecdhtest.c create mode 100644 openssl/crypto/ecdh/ech_err.c create mode 100644 openssl/crypto/ecdh/ech_kdf.c create mode 100644 openssl/crypto/ecdh/ech_key.c create mode 100644 openssl/crypto/ecdh/ech_lib.c create mode 100644 openssl/crypto/ecdh/ech_locl.h create mode 100644 openssl/crypto/ecdh/ech_ossl.c create mode 100644 openssl/crypto/ecdsa/Makefile create mode 100644 openssl/crypto/ecdsa/ecdsa.h create mode 100644 openssl/crypto/ecdsa/ecdsatest.c create mode 100644 openssl/crypto/ecdsa/ecs_asn1.c create mode 100644 openssl/crypto/ecdsa/ecs_err.c create mode 100644 openssl/crypto/ecdsa/ecs_lib.c create mode 100644 openssl/crypto/ecdsa/ecs_locl.h create mode 100644 openssl/crypto/ecdsa/ecs_ossl.c create mode 100644 openssl/crypto/ecdsa/ecs_sign.c create mode 100644 openssl/crypto/ecdsa/ecs_vrf.c create mode 100644 openssl/crypto/engine/Makefile create mode 100644 openssl/crypto/engine/README create mode 100644 openssl/crypto/engine/eng_all.c create mode 100644 openssl/crypto/engine/eng_cnf.c create mode 100644 openssl/crypto/engine/eng_cryptodev.c create mode 100644 openssl/crypto/engine/eng_ctrl.c create mode 100644 openssl/crypto/engine/eng_dyn.c create mode 100644 openssl/crypto/engine/eng_err.c create mode 100644 openssl/crypto/engine/eng_fat.c create mode 100644 openssl/crypto/engine/eng_init.c create mode 100644 openssl/crypto/engine/eng_int.h create mode 100644 openssl/crypto/engine/eng_lib.c create mode 100644 openssl/crypto/engine/eng_list.c create mode 100644 openssl/crypto/engine/eng_openssl.c create mode 100644 openssl/crypto/engine/eng_pkey.c create mode 100644 openssl/crypto/engine/eng_rdrand.c create mode 100644 openssl/crypto/engine/eng_table.c create mode 100644 openssl/crypto/engine/engine.h create mode 100644 openssl/crypto/engine/enginetest.c create mode 100644 openssl/crypto/engine/tb_asnmth.c create mode 100644 openssl/crypto/engine/tb_cipher.c create mode 100644 openssl/crypto/engine/tb_dh.c create mode 100644 openssl/crypto/engine/tb_digest.c create mode 100644 openssl/crypto/engine/tb_dsa.c create mode 100644 openssl/crypto/engine/tb_ecdh.c create mode 100644 openssl/crypto/engine/tb_ecdsa.c create mode 100644 openssl/crypto/engine/tb_pkmeth.c create mode 100644 openssl/crypto/engine/tb_rand.c create mode 100644 openssl/crypto/engine/tb_rsa.c create mode 100644 openssl/crypto/engine/tb_store.c create mode 100644 openssl/crypto/err/Makefile create mode 100644 openssl/crypto/err/err.c create mode 100644 openssl/crypto/err/err.h create mode 100644 openssl/crypto/err/err_all.c create mode 100644 openssl/crypto/err/err_prn.c create mode 100644 openssl/crypto/err/openssl.ec create mode 100644 openssl/crypto/evp/Makefile create mode 100644 openssl/crypto/evp/bio_b64.c create mode 100644 openssl/crypto/evp/bio_enc.c create mode 100644 openssl/crypto/evp/bio_md.c create mode 100644 openssl/crypto/evp/bio_ok.c create mode 100644 openssl/crypto/evp/c_all.c create mode 100644 openssl/crypto/evp/c_allc.c create mode 100644 openssl/crypto/evp/c_alld.c create mode 100644 openssl/crypto/evp/digest.c create mode 100644 openssl/crypto/evp/e_aes.c create mode 100644 openssl/crypto/evp/e_aes_cbc_hmac_sha1.c create mode 100644 openssl/crypto/evp/e_aes_cbc_hmac_sha256.c create mode 100644 openssl/crypto/evp/e_bf.c create mode 100644 openssl/crypto/evp/e_camellia.c create mode 100644 openssl/crypto/evp/e_cast.c create mode 100644 openssl/crypto/evp/e_des.c create mode 100644 openssl/crypto/evp/e_des3.c create mode 100644 openssl/crypto/evp/e_dsa.c create mode 100644 openssl/crypto/evp/e_idea.c create mode 100644 openssl/crypto/evp/e_null.c create mode 100644 openssl/crypto/evp/e_old.c create mode 100644 openssl/crypto/evp/e_rc2.c create mode 100644 openssl/crypto/evp/e_rc4.c create mode 100644 openssl/crypto/evp/e_rc4_hmac_md5.c create mode 100644 openssl/crypto/evp/e_rc5.c create mode 100644 openssl/crypto/evp/e_seed.c create mode 100644 openssl/crypto/evp/e_xcbc_d.c create mode 100644 openssl/crypto/evp/encode.c create mode 100644 openssl/crypto/evp/evp.h create mode 100644 openssl/crypto/evp/evp_acnf.c create mode 100644 openssl/crypto/evp/evp_cnf.c create mode 100644 openssl/crypto/evp/evp_enc.c create mode 100644 openssl/crypto/evp/evp_err.c create mode 100644 openssl/crypto/evp/evp_extra_test.c create mode 100644 openssl/crypto/evp/evp_key.c create mode 100644 openssl/crypto/evp/evp_lib.c create mode 100644 openssl/crypto/evp/evp_locl.h create mode 100644 openssl/crypto/evp/evp_pbe.c create mode 100644 openssl/crypto/evp/evp_pkey.c create mode 100755 openssl/crypto/evp/evp_test.c create mode 100644 openssl/crypto/evp/evptests.txt create mode 100644 openssl/crypto/evp/m_dss.c create mode 100644 openssl/crypto/evp/m_dss1.c create mode 100644 openssl/crypto/evp/m_ecdsa.c create mode 100644 openssl/crypto/evp/m_md2.c create mode 100644 openssl/crypto/evp/m_md4.c create mode 100644 openssl/crypto/evp/m_md5.c create mode 100644 openssl/crypto/evp/m_mdc2.c create mode 100644 openssl/crypto/evp/m_null.c create mode 100644 openssl/crypto/evp/m_ripemd.c create mode 100644 openssl/crypto/evp/m_sha.c create mode 100644 openssl/crypto/evp/m_sha1.c create mode 100644 openssl/crypto/evp/m_sigver.c create mode 100644 openssl/crypto/evp/m_wp.c create mode 100644 openssl/crypto/evp/names.c create mode 100644 openssl/crypto/evp/openbsd_hw.c create mode 100644 openssl/crypto/evp/p5_crpt.c create mode 100644 openssl/crypto/evp/p5_crpt2.c create mode 100644 openssl/crypto/evp/p_dec.c create mode 100644 openssl/crypto/evp/p_enc.c create mode 100644 openssl/crypto/evp/p_lib.c create mode 100644 openssl/crypto/evp/p_open.c create mode 100644 openssl/crypto/evp/p_seal.c create mode 100644 openssl/crypto/evp/p_sign.c create mode 100644 openssl/crypto/evp/p_verify.c create mode 100644 openssl/crypto/evp/pmeth_fn.c create mode 100644 openssl/crypto/evp/pmeth_gn.c create mode 100644 openssl/crypto/evp/pmeth_lib.c create mode 100644 openssl/crypto/ex_data.c create mode 100644 openssl/crypto/fips_err.h create mode 100644 openssl/crypto/fips_ers.c create mode 100644 openssl/crypto/hmac/Makefile create mode 100644 openssl/crypto/hmac/hm_ameth.c create mode 100644 openssl/crypto/hmac/hm_pmeth.c create mode 100644 openssl/crypto/hmac/hmac.c create mode 100644 openssl/crypto/hmac/hmac.h create mode 100644 openssl/crypto/hmac/hmactest.c create mode 100644 openssl/crypto/ia64cpuid.S create mode 100644 openssl/crypto/idea/Makefile create mode 100644 openssl/crypto/idea/i_cbc.c create mode 100644 openssl/crypto/idea/i_cfb64.c create mode 100644 openssl/crypto/idea/i_ecb.c create mode 100644 openssl/crypto/idea/i_ofb64.c create mode 100644 openssl/crypto/idea/i_skey.c create mode 100644 openssl/crypto/idea/idea.h create mode 100644 openssl/crypto/idea/idea_lcl.h create mode 100644 openssl/crypto/idea/idea_spd.c create mode 100644 openssl/crypto/idea/ideatest.c create mode 100644 openssl/crypto/idea/version create mode 100755 openssl/crypto/install-crypto.com create mode 100644 openssl/crypto/jpake/Makefile create mode 100644 openssl/crypto/jpake/jpake.c create mode 100644 openssl/crypto/jpake/jpake.h create mode 100644 openssl/crypto/jpake/jpake_err.c create mode 100644 openssl/crypto/jpake/jpaketest.c create mode 100644 openssl/crypto/krb5/Makefile create mode 100644 openssl/crypto/krb5/krb5_asn.c create mode 100644 openssl/crypto/krb5/krb5_asn.h create mode 100644 openssl/crypto/lhash/Makefile create mode 100644 openssl/crypto/lhash/lh_stats.c create mode 100644 openssl/crypto/lhash/lh_test.c create mode 100644 openssl/crypto/lhash/lhash.c create mode 100644 openssl/crypto/lhash/lhash.h create mode 100644 openssl/crypto/lhash/num.pl create mode 100644 openssl/crypto/md2/Makefile create mode 100644 openssl/crypto/md2/md2.c create mode 100644 openssl/crypto/md2/md2.h create mode 100644 openssl/crypto/md2/md2_dgst.c create mode 100644 openssl/crypto/md2/md2_one.c create mode 100644 openssl/crypto/md2/md2test.c create mode 100644 openssl/crypto/md32_common.h create mode 100644 openssl/crypto/md4/Makefile create mode 100644 openssl/crypto/md4/md4.c create mode 100644 openssl/crypto/md4/md4.h create mode 100644 openssl/crypto/md4/md4_dgst.c create mode 100644 openssl/crypto/md4/md4_locl.h create mode 100644 openssl/crypto/md4/md4_one.c create mode 100644 openssl/crypto/md4/md4s.cpp create mode 100644 openssl/crypto/md4/md4test.c create mode 100644 openssl/crypto/md5/Makefile create mode 100644 openssl/crypto/md5/asm/md5-586.pl create mode 100644 openssl/crypto/md5/asm/md5-ia64.S create mode 100644 openssl/crypto/md5/asm/md5-sparcv9.pl create mode 100755 openssl/crypto/md5/asm/md5-x86_64.pl create mode 100644 openssl/crypto/md5/md5.c create mode 100644 openssl/crypto/md5/md5.h create mode 100644 openssl/crypto/md5/md5_dgst.c create mode 100644 openssl/crypto/md5/md5_locl.h create mode 100644 openssl/crypto/md5/md5_one.c create mode 100644 openssl/crypto/md5/md5s.cpp create mode 100644 openssl/crypto/md5/md5test.c create mode 100644 openssl/crypto/mdc2/Makefile create mode 100644 openssl/crypto/mdc2/mdc2.h create mode 100644 openssl/crypto/mdc2/mdc2_one.c create mode 100644 openssl/crypto/mdc2/mdc2dgst.c create mode 100644 openssl/crypto/mdc2/mdc2test.c create mode 100644 openssl/crypto/mem.c create mode 100644 openssl/crypto/mem_clr.c create mode 100644 openssl/crypto/mem_dbg.c create mode 100644 openssl/crypto/modes/Makefile create mode 100644 openssl/crypto/modes/asm/aesni-gcm-x86_64.pl create mode 100644 openssl/crypto/modes/asm/ghash-alpha.pl create mode 100644 openssl/crypto/modes/asm/ghash-armv4.pl create mode 100755 openssl/crypto/modes/asm/ghash-ia64.pl create mode 100644 openssl/crypto/modes/asm/ghash-parisc.pl create mode 100644 openssl/crypto/modes/asm/ghash-s390x.pl create mode 100644 openssl/crypto/modes/asm/ghash-sparcv9.pl create mode 100644 openssl/crypto/modes/asm/ghash-x86.pl create mode 100644 openssl/crypto/modes/asm/ghash-x86_64.pl create mode 100755 openssl/crypto/modes/asm/ghashp8-ppc.pl create mode 100644 openssl/crypto/modes/asm/ghashv8-armx.pl create mode 100644 openssl/crypto/modes/cbc128.c create mode 100644 openssl/crypto/modes/ccm128.c create mode 100644 openssl/crypto/modes/cfb128.c create mode 100644 openssl/crypto/modes/ctr128.c create mode 100644 openssl/crypto/modes/cts128.c create mode 100644 openssl/crypto/modes/gcm128.c create mode 100644 openssl/crypto/modes/modes.h create mode 100644 openssl/crypto/modes/modes_lcl.h create mode 100644 openssl/crypto/modes/ofb128.c create mode 100644 openssl/crypto/modes/wrap128.c create mode 100644 openssl/crypto/modes/xts128.c create mode 100644 openssl/crypto/o_dir.c create mode 100644 openssl/crypto/o_dir.h create mode 100644 openssl/crypto/o_dir_test.c create mode 100644 openssl/crypto/o_fips.c create mode 100644 openssl/crypto/o_init.c create mode 100644 openssl/crypto/o_str.c create mode 100644 openssl/crypto/o_str.h create mode 100755 openssl/crypto/o_time.c create mode 100644 openssl/crypto/o_time.h create mode 100644 openssl/crypto/objects/Makefile create mode 100644 openssl/crypto/objects/o_names.c create mode 100644 openssl/crypto/objects/obj_dat.c create mode 100644 openssl/crypto/objects/obj_dat.h create mode 100644 openssl/crypto/objects/obj_dat.pl create mode 100644 openssl/crypto/objects/obj_err.c create mode 100644 openssl/crypto/objects/obj_lib.c create mode 100644 openssl/crypto/objects/obj_mac.h create mode 100644 openssl/crypto/objects/obj_mac.num create mode 100644 openssl/crypto/objects/obj_xref.c create mode 100644 openssl/crypto/objects/obj_xref.h create mode 100644 openssl/crypto/objects/obj_xref.txt create mode 100644 openssl/crypto/objects/objects.README create mode 100644 openssl/crypto/objects/objects.h create mode 100644 openssl/crypto/objects/objects.pl create mode 100644 openssl/crypto/objects/objects.txt create mode 100644 openssl/crypto/objects/objxref.pl create mode 100644 openssl/crypto/ocsp/Makefile create mode 100644 openssl/crypto/ocsp/ocsp.h create mode 100644 openssl/crypto/ocsp/ocsp_asn.c create mode 100644 openssl/crypto/ocsp/ocsp_cl.c create mode 100644 openssl/crypto/ocsp/ocsp_err.c create mode 100644 openssl/crypto/ocsp/ocsp_ext.c create mode 100644 openssl/crypto/ocsp/ocsp_ht.c create mode 100644 openssl/crypto/ocsp/ocsp_lib.c create mode 100644 openssl/crypto/ocsp/ocsp_prn.c create mode 100644 openssl/crypto/ocsp/ocsp_srv.c create mode 100644 openssl/crypto/ocsp/ocsp_vfy.c create mode 100644 openssl/crypto/opensslconf.h create mode 100644 openssl/crypto/opensslconf.h.in create mode 100644 openssl/crypto/opensslv.h create mode 100644 openssl/crypto/ossl_typ.h create mode 100644 openssl/crypto/pariscid.pl create mode 100644 openssl/crypto/pem/Makefile create mode 100644 openssl/crypto/pem/message create mode 100644 openssl/crypto/pem/pem.h create mode 100644 openssl/crypto/pem/pem2.h create mode 100644 openssl/crypto/pem/pem_all.c create mode 100644 openssl/crypto/pem/pem_err.c create mode 100644 openssl/crypto/pem/pem_info.c create mode 100644 openssl/crypto/pem/pem_lib.c create mode 100644 openssl/crypto/pem/pem_oth.c create mode 100644 openssl/crypto/pem/pem_pk8.c create mode 100644 openssl/crypto/pem/pem_pkey.c create mode 100644 openssl/crypto/pem/pem_seal.c create mode 100644 openssl/crypto/pem/pem_sign.c create mode 100644 openssl/crypto/pem/pem_x509.c create mode 100644 openssl/crypto/pem/pem_xaux.c create mode 100644 openssl/crypto/pem/pkcs7.lis create mode 100644 openssl/crypto/pem/pvkfmt.c create mode 100644 openssl/crypto/perlasm/cbc.pl create mode 100755 openssl/crypto/perlasm/ppc-xlate.pl create mode 100644 openssl/crypto/perlasm/readme create mode 100644 openssl/crypto/perlasm/sparcv9_modes.pl create mode 100755 openssl/crypto/perlasm/x86_64-xlate.pl create mode 100644 openssl/crypto/perlasm/x86asm.pl create mode 100644 openssl/crypto/perlasm/x86gas.pl create mode 100644 openssl/crypto/perlasm/x86masm.pl create mode 100644 openssl/crypto/perlasm/x86nasm.pl create mode 100644 openssl/crypto/pkcs12/Makefile create mode 100644 openssl/crypto/pkcs12/p12_add.c create mode 100644 openssl/crypto/pkcs12/p12_asn.c create mode 100644 openssl/crypto/pkcs12/p12_attr.c create mode 100644 openssl/crypto/pkcs12/p12_crpt.c create mode 100644 openssl/crypto/pkcs12/p12_crt.c create mode 100644 openssl/crypto/pkcs12/p12_decr.c create mode 100644 openssl/crypto/pkcs12/p12_init.c create mode 100644 openssl/crypto/pkcs12/p12_key.c create mode 100644 openssl/crypto/pkcs12/p12_kiss.c create mode 100644 openssl/crypto/pkcs12/p12_mutl.c create mode 100644 openssl/crypto/pkcs12/p12_npas.c create mode 100644 openssl/crypto/pkcs12/p12_p8d.c create mode 100644 openssl/crypto/pkcs12/p12_p8e.c create mode 100644 openssl/crypto/pkcs12/p12_utl.c create mode 100644 openssl/crypto/pkcs12/pk12err.c create mode 100644 openssl/crypto/pkcs12/pkcs12.h create mode 100644 openssl/crypto/pkcs7/Makefile create mode 100644 openssl/crypto/pkcs7/bio_pk7.c create mode 100644 openssl/crypto/pkcs7/pk7_asn1.c create mode 100644 openssl/crypto/pkcs7/pk7_attr.c create mode 100644 openssl/crypto/pkcs7/pk7_dgst.c create mode 100644 openssl/crypto/pkcs7/pk7_doit.c create mode 100644 openssl/crypto/pkcs7/pk7_enc.c create mode 100644 openssl/crypto/pkcs7/pk7_lib.c create mode 100644 openssl/crypto/pkcs7/pk7_mime.c create mode 100644 openssl/crypto/pkcs7/pk7_smime.c create mode 100644 openssl/crypto/pkcs7/pkcs7.h create mode 100644 openssl/crypto/pkcs7/pkcs7err.c create mode 100644 openssl/crypto/ppc_arch.h create mode 100644 openssl/crypto/ppccap.c create mode 100755 openssl/crypto/ppccpuid.pl create mode 100644 openssl/crypto/pqueue/Makefile create mode 100644 openssl/crypto/pqueue/pq_test.c create mode 100644 openssl/crypto/pqueue/pqueue.c create mode 100644 openssl/crypto/pqueue/pqueue.h create mode 100644 openssl/crypto/rand/Makefile create mode 100644 openssl/crypto/rand/md_rand.c create mode 100644 openssl/crypto/rand/rand.h create mode 100644 openssl/crypto/rand/rand_egd.c create mode 100644 openssl/crypto/rand/rand_err.c create mode 100644 openssl/crypto/rand/rand_lcl.h create mode 100644 openssl/crypto/rand/rand_lib.c create mode 100644 openssl/crypto/rand/rand_nw.c create mode 100644 openssl/crypto/rand/rand_os2.c create mode 100644 openssl/crypto/rand/rand_unix.c create mode 100755 openssl/crypto/rand/rand_vms.c create mode 100644 openssl/crypto/rand/rand_win.c create mode 100644 openssl/crypto/rand/randfile.c create mode 100644 openssl/crypto/rand/randtest.c create mode 100644 openssl/crypto/rc2/Makefile create mode 100644 openssl/crypto/rc2/rc2.h create mode 100644 openssl/crypto/rc2/rc2_cbc.c create mode 100644 openssl/crypto/rc2/rc2_ecb.c create mode 100644 openssl/crypto/rc2/rc2_locl.h create mode 100644 openssl/crypto/rc2/rc2_skey.c create mode 100644 openssl/crypto/rc2/rc2cfb64.c create mode 100644 openssl/crypto/rc2/rc2ofb64.c create mode 100644 openssl/crypto/rc2/rc2speed.c create mode 100644 openssl/crypto/rc2/rc2test.c create mode 100644 openssl/crypto/rc2/rrc2.doc create mode 100644 openssl/crypto/rc2/tab.c create mode 100644 openssl/crypto/rc2/version create mode 100644 openssl/crypto/rc4/Makefile create mode 100644 openssl/crypto/rc4/asm/rc4-586.pl create mode 100644 openssl/crypto/rc4/asm/rc4-ia64.pl create mode 100644 openssl/crypto/rc4/asm/rc4-md5-x86_64.pl create mode 100644 openssl/crypto/rc4/asm/rc4-parisc.pl create mode 100644 openssl/crypto/rc4/asm/rc4-s390x.pl create mode 100755 openssl/crypto/rc4/asm/rc4-x86_64.pl create mode 100644 openssl/crypto/rc4/rc4.c create mode 100644 openssl/crypto/rc4/rc4.h create mode 100644 openssl/crypto/rc4/rc4_enc.c create mode 100644 openssl/crypto/rc4/rc4_locl.h create mode 100644 openssl/crypto/rc4/rc4_skey.c create mode 100644 openssl/crypto/rc4/rc4_utl.c create mode 100644 openssl/crypto/rc4/rc4s.cpp create mode 100644 openssl/crypto/rc4/rc4speed.c create mode 100644 openssl/crypto/rc4/rc4test.c create mode 100644 openssl/crypto/rc4/rrc4.doc create mode 100644 openssl/crypto/rc5/Makefile create mode 100644 openssl/crypto/rc5/asm/rc5-586.pl create mode 100644 openssl/crypto/rc5/rc5.h create mode 100644 openssl/crypto/rc5/rc5_ecb.c create mode 100644 openssl/crypto/rc5/rc5_enc.c create mode 100644 openssl/crypto/rc5/rc5_locl.h create mode 100644 openssl/crypto/rc5/rc5_skey.c create mode 100644 openssl/crypto/rc5/rc5cfb64.c create mode 100644 openssl/crypto/rc5/rc5ofb64.c create mode 100644 openssl/crypto/rc5/rc5s.cpp create mode 100644 openssl/crypto/rc5/rc5speed.c create mode 100644 openssl/crypto/rc5/rc5test.c create mode 100644 openssl/crypto/ripemd/Makefile create mode 100644 openssl/crypto/ripemd/README create mode 100644 openssl/crypto/ripemd/asm/rips.cpp create mode 100644 openssl/crypto/ripemd/asm/rmd-586.pl create mode 100644 openssl/crypto/ripemd/ripemd.h create mode 100644 openssl/crypto/ripemd/rmd160.c create mode 100644 openssl/crypto/ripemd/rmd_dgst.c create mode 100644 openssl/crypto/ripemd/rmd_locl.h create mode 100644 openssl/crypto/ripemd/rmd_one.c create mode 100644 openssl/crypto/ripemd/rmdconst.h create mode 100644 openssl/crypto/ripemd/rmdtest.c create mode 100644 openssl/crypto/rsa/Makefile create mode 100644 openssl/crypto/rsa/rsa.h create mode 100644 openssl/crypto/rsa/rsa_ameth.c create mode 100644 openssl/crypto/rsa/rsa_asn1.c create mode 100644 openssl/crypto/rsa/rsa_chk.c create mode 100644 openssl/crypto/rsa/rsa_crpt.c create mode 100644 openssl/crypto/rsa/rsa_depr.c create mode 100644 openssl/crypto/rsa/rsa_eay.c create mode 100644 openssl/crypto/rsa/rsa_err.c create mode 100644 openssl/crypto/rsa/rsa_gen.c create mode 100644 openssl/crypto/rsa/rsa_lib.c create mode 100644 openssl/crypto/rsa/rsa_locl.h create mode 100644 openssl/crypto/rsa/rsa_none.c create mode 100644 openssl/crypto/rsa/rsa_null.c create mode 100644 openssl/crypto/rsa/rsa_oaep.c create mode 100644 openssl/crypto/rsa/rsa_pk1.c create mode 100644 openssl/crypto/rsa/rsa_pmeth.c create mode 100644 openssl/crypto/rsa/rsa_prn.c create mode 100644 openssl/crypto/rsa/rsa_pss.c create mode 100644 openssl/crypto/rsa/rsa_saos.c create mode 100644 openssl/crypto/rsa/rsa_sign.c create mode 100644 openssl/crypto/rsa/rsa_ssl.c create mode 100644 openssl/crypto/rsa/rsa_test.c create mode 100644 openssl/crypto/rsa/rsa_x931.c create mode 100644 openssl/crypto/s390xcap.c create mode 100644 openssl/crypto/s390xcpuid.S create mode 100644 openssl/crypto/seed/Makefile create mode 100644 openssl/crypto/seed/seed.c create mode 100644 openssl/crypto/seed/seed.h create mode 100644 openssl/crypto/seed/seed_cbc.c create mode 100644 openssl/crypto/seed/seed_cfb.c create mode 100644 openssl/crypto/seed/seed_ecb.c create mode 100644 openssl/crypto/seed/seed_locl.h create mode 100644 openssl/crypto/seed/seed_ofb.c create mode 100644 openssl/crypto/sha/Makefile create mode 100644 openssl/crypto/sha/asm/README create mode 100644 openssl/crypto/sha/asm/sha1-586.pl create mode 100644 openssl/crypto/sha/asm/sha1-alpha.pl create mode 100644 openssl/crypto/sha/asm/sha1-armv4-large.pl create mode 100644 openssl/crypto/sha/asm/sha1-armv8.pl create mode 100644 openssl/crypto/sha/asm/sha1-ia64.pl create mode 100644 openssl/crypto/sha/asm/sha1-mb-x86_64.pl create mode 100644 openssl/crypto/sha/asm/sha1-mips.pl create mode 100644 openssl/crypto/sha/asm/sha1-parisc.pl create mode 100755 openssl/crypto/sha/asm/sha1-ppc.pl create mode 100644 openssl/crypto/sha/asm/sha1-s390x.pl create mode 100644 openssl/crypto/sha/asm/sha1-sparcv9.pl create mode 100644 openssl/crypto/sha/asm/sha1-sparcv9a.pl create mode 100644 openssl/crypto/sha/asm/sha1-thumb.pl create mode 100755 openssl/crypto/sha/asm/sha1-x86_64.pl create mode 100644 openssl/crypto/sha/asm/sha256-586.pl create mode 100644 openssl/crypto/sha/asm/sha256-armv4.pl create mode 100644 openssl/crypto/sha/asm/sha256-mb-x86_64.pl create mode 100644 openssl/crypto/sha/asm/sha512-586.pl create mode 100644 openssl/crypto/sha/asm/sha512-armv4.pl create mode 100644 openssl/crypto/sha/asm/sha512-armv8.pl create mode 100755 openssl/crypto/sha/asm/sha512-ia64.pl create mode 100644 openssl/crypto/sha/asm/sha512-mips.pl create mode 100755 openssl/crypto/sha/asm/sha512-parisc.pl create mode 100755 openssl/crypto/sha/asm/sha512-ppc.pl create mode 100644 openssl/crypto/sha/asm/sha512-s390x.pl create mode 100644 openssl/crypto/sha/asm/sha512-sparcv9.pl create mode 100755 openssl/crypto/sha/asm/sha512-x86_64.pl create mode 100755 openssl/crypto/sha/asm/sha512p8-ppc.pl create mode 100644 openssl/crypto/sha/sha.c create mode 100644 openssl/crypto/sha/sha.h create mode 100644 openssl/crypto/sha/sha1.c create mode 100644 openssl/crypto/sha/sha1_one.c create mode 100644 openssl/crypto/sha/sha1dgst.c create mode 100644 openssl/crypto/sha/sha1test.c create mode 100644 openssl/crypto/sha/sha256.c create mode 100644 openssl/crypto/sha/sha256t.c create mode 100644 openssl/crypto/sha/sha512.c create mode 100644 openssl/crypto/sha/sha512t.c create mode 100644 openssl/crypto/sha/sha_dgst.c create mode 100644 openssl/crypto/sha/sha_locl.h create mode 100644 openssl/crypto/sha/sha_one.c create mode 100644 openssl/crypto/sha/shatest.c create mode 100644 openssl/crypto/sparc_arch.h create mode 100644 openssl/crypto/sparccpuid.S create mode 100644 openssl/crypto/sparcv9cap.c create mode 100644 openssl/crypto/srp/Makefile create mode 100644 openssl/crypto/srp/srp.h create mode 100644 openssl/crypto/srp/srp_grps.h create mode 100644 openssl/crypto/srp/srp_lcl.h create mode 100644 openssl/crypto/srp/srp_lib.c create mode 100644 openssl/crypto/srp/srp_vfy.c create mode 100644 openssl/crypto/srp/srptest.c create mode 100644 openssl/crypto/stack/Makefile create mode 100644 openssl/crypto/stack/safestack.h create mode 100644 openssl/crypto/stack/stack.c create mode 100644 openssl/crypto/stack/stack.h create mode 100644 openssl/crypto/store/Makefile create mode 100644 openssl/crypto/store/README create mode 100644 openssl/crypto/store/store.h create mode 100644 openssl/crypto/store/str_err.c create mode 100644 openssl/crypto/store/str_lib.c create mode 100644 openssl/crypto/store/str_locl.h create mode 100644 openssl/crypto/store/str_mem.c create mode 100644 openssl/crypto/store/str_meth.c create mode 100644 openssl/crypto/symhacks.h create mode 100644 openssl/crypto/threads/README create mode 100644 openssl/crypto/threads/mttest.c create mode 100644 openssl/crypto/threads/netware.bat create mode 100644 openssl/crypto/threads/profile.sh create mode 100755 openssl/crypto/threads/ptest.bat create mode 100644 openssl/crypto/threads/pthread.sh create mode 100755 openssl/crypto/threads/pthread2.sh create mode 100644 openssl/crypto/threads/pthreads-vms.com create mode 100644 openssl/crypto/threads/purify.sh create mode 100644 openssl/crypto/threads/solaris.sh create mode 100644 openssl/crypto/threads/th-lock.c create mode 100755 openssl/crypto/threads/win32.bat create mode 100644 openssl/crypto/ts/Makefile create mode 100644 openssl/crypto/ts/ts.h create mode 100644 openssl/crypto/ts/ts_asn1.c create mode 100644 openssl/crypto/ts/ts_conf.c create mode 100644 openssl/crypto/ts/ts_err.c create mode 100644 openssl/crypto/ts/ts_lib.c create mode 100644 openssl/crypto/ts/ts_req_print.c create mode 100644 openssl/crypto/ts/ts_req_utils.c create mode 100644 openssl/crypto/ts/ts_rsp_print.c create mode 100644 openssl/crypto/ts/ts_rsp_sign.c create mode 100644 openssl/crypto/ts/ts_rsp_utils.c create mode 100644 openssl/crypto/ts/ts_rsp_verify.c create mode 100644 openssl/crypto/ts/ts_verify_ctx.c create mode 100644 openssl/crypto/txt_db/Makefile create mode 100644 openssl/crypto/txt_db/txt_db.c create mode 100644 openssl/crypto/txt_db/txt_db.h create mode 100644 openssl/crypto/ui/Makefile create mode 100644 openssl/crypto/ui/ui.h create mode 100644 openssl/crypto/ui/ui_compat.c create mode 100644 openssl/crypto/ui/ui_compat.h create mode 100644 openssl/crypto/ui/ui_err.c create mode 100644 openssl/crypto/ui/ui_lib.c create mode 100644 openssl/crypto/ui/ui_locl.h create mode 100644 openssl/crypto/ui/ui_openssl.c create mode 100644 openssl/crypto/ui/ui_util.c create mode 100644 openssl/crypto/uid.c create mode 100644 openssl/crypto/vms_rms.h create mode 100644 openssl/crypto/whrlpool/Makefile create mode 100644 openssl/crypto/whrlpool/asm/wp-mmx.pl create mode 100644 openssl/crypto/whrlpool/asm/wp-x86_64.pl create mode 100644 openssl/crypto/whrlpool/whrlpool.h create mode 100644 openssl/crypto/whrlpool/wp_block.c create mode 100644 openssl/crypto/whrlpool/wp_dgst.c create mode 100644 openssl/crypto/whrlpool/wp_locl.h create mode 100644 openssl/crypto/whrlpool/wp_test.c create mode 100644 openssl/crypto/x509/Makefile create mode 100644 openssl/crypto/x509/by_dir.c create mode 100644 openssl/crypto/x509/by_file.c create mode 100644 openssl/crypto/x509/verify_extra_test.c create mode 100644 openssl/crypto/x509/vpm_int.h create mode 100644 openssl/crypto/x509/x509.h create mode 100644 openssl/crypto/x509/x509_att.c create mode 100644 openssl/crypto/x509/x509_cmp.c create mode 100644 openssl/crypto/x509/x509_d2.c create mode 100644 openssl/crypto/x509/x509_def.c create mode 100644 openssl/crypto/x509/x509_err.c create mode 100644 openssl/crypto/x509/x509_ext.c create mode 100644 openssl/crypto/x509/x509_lu.c create mode 100644 openssl/crypto/x509/x509_obj.c create mode 100644 openssl/crypto/x509/x509_r2x.c create mode 100644 openssl/crypto/x509/x509_req.c create mode 100644 openssl/crypto/x509/x509_set.c create mode 100644 openssl/crypto/x509/x509_trs.c create mode 100644 openssl/crypto/x509/x509_txt.c create mode 100644 openssl/crypto/x509/x509_v3.c create mode 100644 openssl/crypto/x509/x509_vfy.c create mode 100644 openssl/crypto/x509/x509_vfy.h create mode 100644 openssl/crypto/x509/x509_vpm.c create mode 100644 openssl/crypto/x509/x509cset.c create mode 100644 openssl/crypto/x509/x509name.c create mode 100644 openssl/crypto/x509/x509rset.c create mode 100644 openssl/crypto/x509/x509spki.c create mode 100644 openssl/crypto/x509/x509type.c create mode 100644 openssl/crypto/x509/x_all.c create mode 100644 openssl/crypto/x509v3/Makefile create mode 100644 openssl/crypto/x509v3/ext_dat.h create mode 100644 openssl/crypto/x509v3/pcy_cache.c create mode 100644 openssl/crypto/x509v3/pcy_data.c create mode 100644 openssl/crypto/x509v3/pcy_int.h create mode 100644 openssl/crypto/x509v3/pcy_lib.c create mode 100644 openssl/crypto/x509v3/pcy_map.c create mode 100644 openssl/crypto/x509v3/pcy_node.c create mode 100644 openssl/crypto/x509v3/pcy_tree.c create mode 100644 openssl/crypto/x509v3/tabtest.c create mode 100644 openssl/crypto/x509v3/v3_addr.c create mode 100644 openssl/crypto/x509v3/v3_akey.c create mode 100644 openssl/crypto/x509v3/v3_akeya.c create mode 100644 openssl/crypto/x509v3/v3_alt.c create mode 100644 openssl/crypto/x509v3/v3_asid.c create mode 100644 openssl/crypto/x509v3/v3_bcons.c create mode 100644 openssl/crypto/x509v3/v3_bitst.c create mode 100644 openssl/crypto/x509v3/v3_conf.c create mode 100644 openssl/crypto/x509v3/v3_cpols.c create mode 100644 openssl/crypto/x509v3/v3_crld.c create mode 100644 openssl/crypto/x509v3/v3_enum.c create mode 100644 openssl/crypto/x509v3/v3_extku.c create mode 100644 openssl/crypto/x509v3/v3_genn.c create mode 100644 openssl/crypto/x509v3/v3_ia5.c create mode 100644 openssl/crypto/x509v3/v3_info.c create mode 100644 openssl/crypto/x509v3/v3_int.c create mode 100644 openssl/crypto/x509v3/v3_lib.c create mode 100644 openssl/crypto/x509v3/v3_ncons.c create mode 100644 openssl/crypto/x509v3/v3_ocsp.c create mode 100644 openssl/crypto/x509v3/v3_pci.c create mode 100644 openssl/crypto/x509v3/v3_pcia.c create mode 100644 openssl/crypto/x509v3/v3_pcons.c create mode 100644 openssl/crypto/x509v3/v3_pku.c create mode 100644 openssl/crypto/x509v3/v3_pmaps.c create mode 100644 openssl/crypto/x509v3/v3_prn.c create mode 100644 openssl/crypto/x509v3/v3_purp.c create mode 100644 openssl/crypto/x509v3/v3_scts.c create mode 100644 openssl/crypto/x509v3/v3_skey.c create mode 100644 openssl/crypto/x509v3/v3_sxnet.c create mode 100644 openssl/crypto/x509v3/v3_utl.c create mode 100644 openssl/crypto/x509v3/v3conf.c create mode 100644 openssl/crypto/x509v3/v3err.c create mode 100644 openssl/crypto/x509v3/v3nametest.c create mode 100644 openssl/crypto/x509v3/v3prin.c create mode 100644 openssl/crypto/x509v3/x509v3.h create mode 100644 openssl/crypto/x86_64cpuid.pl create mode 100644 openssl/crypto/x86cpuid.pl create mode 100644 openssl/demos/README create mode 100644 openssl/demos/asn1/README.ASN1 create mode 100644 openssl/demos/asn1/ocsp.c create mode 100644 openssl/demos/b64.c create mode 100644 openssl/demos/b64.pl create mode 100644 openssl/demos/bio/Makefile create mode 100644 openssl/demos/bio/README create mode 100644 openssl/demos/bio/accept.cnf create mode 100644 openssl/demos/bio/client-arg.c create mode 100644 openssl/demos/bio/client-conf.c create mode 100644 openssl/demos/bio/connect.cnf create mode 100644 openssl/demos/bio/saccept.c create mode 100644 openssl/demos/bio/sconnect.c create mode 100644 openssl/demos/bio/server-arg.c create mode 100644 openssl/demos/bio/server-conf.c create mode 100644 openssl/demos/bio/server.pem create mode 100644 openssl/demos/cms/cacert.pem create mode 100644 openssl/demos/cms/cakey.pem create mode 100644 openssl/demos/cms/cms_comp.c create mode 100644 openssl/demos/cms/cms_ddec.c create mode 100644 openssl/demos/cms/cms_dec.c create mode 100644 openssl/demos/cms/cms_denc.c create mode 100644 openssl/demos/cms/cms_enc.c create mode 100644 openssl/demos/cms/cms_sign.c create mode 100644 openssl/demos/cms/cms_sign2.c create mode 100644 openssl/demos/cms/cms_uncomp.c create mode 100644 openssl/demos/cms/cms_ver.c create mode 100644 openssl/demos/cms/comp.txt create mode 100644 openssl/demos/cms/encr.txt create mode 100644 openssl/demos/cms/sign.txt create mode 100644 openssl/demos/cms/signer.pem create mode 100644 openssl/demos/cms/signer2.pem create mode 100644 openssl/demos/easy_tls/Makefile create mode 100644 openssl/demos/easy_tls/README create mode 100644 openssl/demos/easy_tls/cacerts.pem create mode 100644 openssl/demos/easy_tls/cert.pem create mode 100644 openssl/demos/easy_tls/easy-tls.c create mode 100644 openssl/demos/easy_tls/easy-tls.h create mode 100644 openssl/demos/easy_tls/test.c create mode 100644 openssl/demos/easy_tls/test.h create mode 100644 openssl/demos/engines/cluster_labs/Makefile create mode 100644 openssl/demos/engines/cluster_labs/cluster_labs.h create mode 100644 openssl/demos/engines/cluster_labs/hw_cluster_labs.c create mode 100644 openssl/demos/engines/cluster_labs/hw_cluster_labs.ec create mode 100644 openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c create mode 100644 openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h create mode 100644 openssl/demos/engines/ibmca/Makefile create mode 100644 openssl/demos/engines/ibmca/hw_ibmca.c create mode 100644 openssl/demos/engines/ibmca/hw_ibmca.ec create mode 100644 openssl/demos/engines/ibmca/hw_ibmca_err.c create mode 100644 openssl/demos/engines/ibmca/hw_ibmca_err.h create mode 100644 openssl/demos/engines/ibmca/ica_openssl_api.h create mode 100644 openssl/demos/engines/rsaref/Makefile create mode 100644 openssl/demos/engines/rsaref/README create mode 100644 openssl/demos/engines/rsaref/build.com create mode 100644 openssl/demos/engines/rsaref/rsaref.c create mode 100644 openssl/demos/engines/rsaref/rsaref.ec create mode 100644 openssl/demos/engines/rsaref/rsaref_err.c create mode 100644 openssl/demos/engines/rsaref/rsaref_err.h create mode 100644 openssl/demos/engines/zencod/Makefile create mode 100644 openssl/demos/engines/zencod/hw_zencod.c create mode 100644 openssl/demos/engines/zencod/hw_zencod.ec create mode 100644 openssl/demos/engines/zencod/hw_zencod.h create mode 100644 openssl/demos/engines/zencod/hw_zencod_err.c create mode 100644 openssl/demos/engines/zencod/hw_zencod_err.h create mode 100644 openssl/demos/pkcs12/README create mode 100644 openssl/demos/pkcs12/pkread.c create mode 100644 openssl/demos/pkcs12/pkwrite.c create mode 100644 openssl/demos/prime/Makefile create mode 100644 openssl/demos/prime/prime.c create mode 100644 openssl/demos/privkey.pem create mode 100644 openssl/demos/selfsign.c create mode 100644 openssl/demos/sign/Makefile create mode 100644 openssl/demos/sign/cert.pem create mode 100644 openssl/demos/sign/key.pem create mode 100644 openssl/demos/sign/sig.txt create mode 100644 openssl/demos/sign/sign.c create mode 100644 openssl/demos/sign/sign.txt create mode 100644 openssl/demos/smime/cacert.pem create mode 100644 openssl/demos/smime/cakey.pem create mode 100644 openssl/demos/smime/encr.txt create mode 100644 openssl/demos/smime/sign.txt create mode 100644 openssl/demos/smime/signer.pem create mode 100644 openssl/demos/smime/signer2.pem create mode 100644 openssl/demos/smime/smdec.c create mode 100644 openssl/demos/smime/smenc.c create mode 100644 openssl/demos/smime/smsign.c create mode 100644 openssl/demos/smime/smsign2.c create mode 100644 openssl/demos/smime/smver.c create mode 100644 openssl/demos/spkigen.c create mode 100644 openssl/demos/ssl/cli.cpp create mode 100644 openssl/demos/ssl/inetdsrv.cpp create mode 100644 openssl/demos/ssl/serv.cpp create mode 100755 openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh create mode 100755 openssl/demos/ssltest-ecc/ECCcertgen.sh create mode 100644 openssl/demos/ssltest-ecc/README create mode 100755 openssl/demos/ssltest-ecc/RSAcertgen.sh create mode 100755 openssl/demos/ssltest-ecc/ssltest.sh create mode 100644 openssl/demos/state_machine/Makefile create mode 100644 openssl/demos/state_machine/state_machine.c create mode 100644 openssl/demos/tunala/A-client.pem create mode 100644 openssl/demos/tunala/A-server.pem create mode 100644 openssl/demos/tunala/CA.pem create mode 100644 openssl/demos/tunala/INSTALL create mode 100644 openssl/demos/tunala/Makefile create mode 100644 openssl/demos/tunala/Makefile.am create mode 100644 openssl/demos/tunala/README create mode 100755 openssl/demos/tunala/autogunk.sh create mode 100755 openssl/demos/tunala/autoungunk.sh create mode 100644 openssl/demos/tunala/breakage.c create mode 100644 openssl/demos/tunala/buffer.c create mode 100644 openssl/demos/tunala/cb.c create mode 100644 openssl/demos/tunala/configure.in create mode 100644 openssl/demos/tunala/ip.c create mode 100644 openssl/demos/tunala/sm.c create mode 100755 openssl/demos/tunala/test.sh create mode 100644 openssl/demos/tunala/tunala.c create mode 100644 openssl/demos/tunala/tunala.h create mode 100644 openssl/demos/x509/README create mode 100644 openssl/demos/x509/mkcert.c create mode 100644 openssl/demos/x509/mkreq.c create mode 100644 openssl/doc/HOWTO/certificates.txt create mode 100644 openssl/doc/HOWTO/keys.txt create mode 100644 openssl/doc/HOWTO/proxy_certificates.txt create mode 100644 openssl/doc/README create mode 100644 openssl/doc/apps/CA.pl.pod create mode 100644 openssl/doc/apps/asn1parse.pod create mode 100644 openssl/doc/apps/c_rehash.pod create mode 100644 openssl/doc/apps/ca.pod create mode 100644 openssl/doc/apps/ciphers.pod create mode 100644 openssl/doc/apps/cms.pod create mode 100644 openssl/doc/apps/config.pod create mode 100644 openssl/doc/apps/crl.pod create mode 100644 openssl/doc/apps/crl2pkcs7.pod create mode 100644 openssl/doc/apps/dgst.pod create mode 100644 openssl/doc/apps/dhparam.pod create mode 100644 openssl/doc/apps/dsa.pod create mode 100644 openssl/doc/apps/dsaparam.pod create mode 100644 openssl/doc/apps/ec.pod create mode 100644 openssl/doc/apps/ecparam.pod create mode 100644 openssl/doc/apps/enc.pod create mode 100644 openssl/doc/apps/errstr.pod create mode 100644 openssl/doc/apps/gendsa.pod create mode 100644 openssl/doc/apps/genpkey.pod create mode 100644 openssl/doc/apps/genrsa.pod create mode 100644 openssl/doc/apps/nseq.pod create mode 100644 openssl/doc/apps/ocsp.pod create mode 100644 openssl/doc/apps/openssl.pod create mode 100644 openssl/doc/apps/passwd.pod create mode 100644 openssl/doc/apps/pkcs12.pod create mode 100644 openssl/doc/apps/pkcs7.pod create mode 100644 openssl/doc/apps/pkcs8.pod create mode 100644 openssl/doc/apps/pkey.pod create mode 100644 openssl/doc/apps/pkeyparam.pod create mode 100644 openssl/doc/apps/pkeyutl.pod create mode 100644 openssl/doc/apps/rand.pod create mode 100644 openssl/doc/apps/req.pod create mode 100644 openssl/doc/apps/rsa.pod create mode 100644 openssl/doc/apps/rsautl.pod create mode 100644 openssl/doc/apps/s_client.pod create mode 100644 openssl/doc/apps/s_server.pod create mode 100644 openssl/doc/apps/s_time.pod create mode 100644 openssl/doc/apps/sess_id.pod create mode 100644 openssl/doc/apps/smime.pod create mode 100644 openssl/doc/apps/speed.pod create mode 100644 openssl/doc/apps/spkac.pod create mode 100644 openssl/doc/apps/ts.pod create mode 100644 openssl/doc/apps/tsget.pod create mode 100644 openssl/doc/apps/verify.pod create mode 100644 openssl/doc/apps/version.pod create mode 100644 openssl/doc/apps/x509.pod create mode 100644 openssl/doc/apps/x509v3_config.pod create mode 100644 openssl/doc/c-indentation.el create mode 100644 openssl/doc/crypto/ASN1_OBJECT_new.pod create mode 100644 openssl/doc/crypto/ASN1_STRING_length.pod create mode 100644 openssl/doc/crypto/ASN1_STRING_new.pod create mode 100644 openssl/doc/crypto/ASN1_STRING_print_ex.pod create mode 100644 openssl/doc/crypto/ASN1_TIME_set.pod create mode 100644 openssl/doc/crypto/ASN1_generate_nconf.pod create mode 100644 openssl/doc/crypto/BIO_ctrl.pod create mode 100644 openssl/doc/crypto/BIO_f_base64.pod create mode 100644 openssl/doc/crypto/BIO_f_buffer.pod create mode 100644 openssl/doc/crypto/BIO_f_cipher.pod create mode 100644 openssl/doc/crypto/BIO_f_md.pod create mode 100644 openssl/doc/crypto/BIO_f_null.pod create mode 100644 openssl/doc/crypto/BIO_f_ssl.pod create mode 100644 openssl/doc/crypto/BIO_find_type.pod create mode 100644 openssl/doc/crypto/BIO_new.pod create mode 100644 openssl/doc/crypto/BIO_new_CMS.pod create mode 100644 openssl/doc/crypto/BIO_push.pod create mode 100644 openssl/doc/crypto/BIO_read.pod create mode 100644 openssl/doc/crypto/BIO_s_accept.pod create mode 100644 openssl/doc/crypto/BIO_s_bio.pod create mode 100644 openssl/doc/crypto/BIO_s_connect.pod create mode 100644 openssl/doc/crypto/BIO_s_fd.pod create mode 100644 openssl/doc/crypto/BIO_s_file.pod create mode 100644 openssl/doc/crypto/BIO_s_mem.pod create mode 100644 openssl/doc/crypto/BIO_s_null.pod create mode 100644 openssl/doc/crypto/BIO_s_socket.pod create mode 100644 openssl/doc/crypto/BIO_set_callback.pod create mode 100644 openssl/doc/crypto/BIO_should_retry.pod create mode 100644 openssl/doc/crypto/BN_BLINDING_new.pod create mode 100644 openssl/doc/crypto/BN_CTX_new.pod create mode 100644 openssl/doc/crypto/BN_CTX_start.pod create mode 100644 openssl/doc/crypto/BN_add.pod create mode 100644 openssl/doc/crypto/BN_add_word.pod create mode 100644 openssl/doc/crypto/BN_bn2bin.pod create mode 100644 openssl/doc/crypto/BN_cmp.pod create mode 100644 openssl/doc/crypto/BN_copy.pod create mode 100644 openssl/doc/crypto/BN_generate_prime.pod create mode 100644 openssl/doc/crypto/BN_mod_inverse.pod create mode 100644 openssl/doc/crypto/BN_mod_mul_montgomery.pod create mode 100644 openssl/doc/crypto/BN_mod_mul_reciprocal.pod create mode 100644 openssl/doc/crypto/BN_new.pod create mode 100644 openssl/doc/crypto/BN_num_bytes.pod create mode 100644 openssl/doc/crypto/BN_rand.pod create mode 100644 openssl/doc/crypto/BN_set_bit.pod create mode 100644 openssl/doc/crypto/BN_swap.pod create mode 100644 openssl/doc/crypto/BN_zero.pod create mode 100644 openssl/doc/crypto/CMS_add0_cert.pod create mode 100644 openssl/doc/crypto/CMS_add1_recipient_cert.pod create mode 100644 openssl/doc/crypto/CMS_add1_signer.pod create mode 100644 openssl/doc/crypto/CMS_compress.pod create mode 100644 openssl/doc/crypto/CMS_decrypt.pod create mode 100644 openssl/doc/crypto/CMS_encrypt.pod create mode 100644 openssl/doc/crypto/CMS_final.pod create mode 100644 openssl/doc/crypto/CMS_get0_RecipientInfos.pod create mode 100644 openssl/doc/crypto/CMS_get0_SignerInfos.pod create mode 100644 openssl/doc/crypto/CMS_get0_type.pod create mode 100644 openssl/doc/crypto/CMS_get1_ReceiptRequest.pod create mode 100644 openssl/doc/crypto/CMS_sign.pod create mode 100644 openssl/doc/crypto/CMS_sign_receipt.pod create mode 100644 openssl/doc/crypto/CMS_uncompress.pod create mode 100644 openssl/doc/crypto/CMS_verify.pod create mode 100644 openssl/doc/crypto/CMS_verify_receipt.pod create mode 100644 openssl/doc/crypto/CONF_modules_free.pod create mode 100644 openssl/doc/crypto/CONF_modules_load_file.pod create mode 100644 openssl/doc/crypto/CRYPTO_set_ex_data.pod create mode 100644 openssl/doc/crypto/DH_generate_key.pod create mode 100644 openssl/doc/crypto/DH_generate_parameters.pod create mode 100644 openssl/doc/crypto/DH_get_ex_new_index.pod create mode 100644 openssl/doc/crypto/DH_new.pod create mode 100644 openssl/doc/crypto/DH_set_method.pod create mode 100644 openssl/doc/crypto/DH_size.pod create mode 100644 openssl/doc/crypto/DSA_SIG_new.pod create mode 100644 openssl/doc/crypto/DSA_do_sign.pod create mode 100644 openssl/doc/crypto/DSA_dup_DH.pod create mode 100644 openssl/doc/crypto/DSA_generate_key.pod create mode 100644 openssl/doc/crypto/DSA_generate_parameters.pod create mode 100644 openssl/doc/crypto/DSA_get_ex_new_index.pod create mode 100644 openssl/doc/crypto/DSA_new.pod create mode 100644 openssl/doc/crypto/DSA_set_method.pod create mode 100644 openssl/doc/crypto/DSA_sign.pod create mode 100644 openssl/doc/crypto/DSA_size.pod create mode 100644 openssl/doc/crypto/EC_GFp_simple_method.pod create mode 100644 openssl/doc/crypto/EC_GROUP_copy.pod create mode 100644 openssl/doc/crypto/EC_GROUP_new.pod create mode 100644 openssl/doc/crypto/EC_KEY_new.pod create mode 100644 openssl/doc/crypto/EC_POINT_add.pod create mode 100644 openssl/doc/crypto/EC_POINT_new.pod create mode 100644 openssl/doc/crypto/ERR_GET_LIB.pod create mode 100644 openssl/doc/crypto/ERR_clear_error.pod create mode 100644 openssl/doc/crypto/ERR_error_string.pod create mode 100644 openssl/doc/crypto/ERR_get_error.pod create mode 100644 openssl/doc/crypto/ERR_load_crypto_strings.pod create mode 100644 openssl/doc/crypto/ERR_load_strings.pod create mode 100644 openssl/doc/crypto/ERR_print_errors.pod create mode 100644 openssl/doc/crypto/ERR_put_error.pod create mode 100644 openssl/doc/crypto/ERR_remove_state.pod create mode 100644 openssl/doc/crypto/ERR_set_mark.pod create mode 100644 openssl/doc/crypto/EVP_BytesToKey.pod create mode 100644 openssl/doc/crypto/EVP_DigestInit.pod create mode 100644 openssl/doc/crypto/EVP_DigestSignInit.pod create mode 100644 openssl/doc/crypto/EVP_DigestVerifyInit.pod create mode 100644 openssl/doc/crypto/EVP_EncodeInit.pod create mode 100644 openssl/doc/crypto/EVP_EncryptInit.pod create mode 100644 openssl/doc/crypto/EVP_OpenInit.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_CTX_new.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_cmp.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_decrypt.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_derive.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_encrypt.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_get_default_digest.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_keygen.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_new.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_print_private.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_set1_RSA.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_sign.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_verify.pod create mode 100644 openssl/doc/crypto/EVP_PKEY_verify_recover.pod create mode 100644 openssl/doc/crypto/EVP_SealInit.pod create mode 100644 openssl/doc/crypto/EVP_SignInit.pod create mode 100644 openssl/doc/crypto/EVP_VerifyInit.pod create mode 100644 openssl/doc/crypto/OBJ_nid2obj.pod create mode 100644 openssl/doc/crypto/OPENSSL_Applink.pod create mode 100644 openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod create mode 100644 openssl/doc/crypto/OPENSSL_config.pod create mode 100644 openssl/doc/crypto/OPENSSL_ia32cap.pod create mode 100644 openssl/doc/crypto/OPENSSL_instrument_bus.pod create mode 100644 openssl/doc/crypto/OPENSSL_load_builtin_modules.pod create mode 100644 openssl/doc/crypto/OpenSSL_add_all_algorithms.pod create mode 100644 openssl/doc/crypto/PEM_write_bio_CMS_stream.pod create mode 100644 openssl/doc/crypto/PEM_write_bio_PKCS7_stream.pod create mode 100644 openssl/doc/crypto/PKCS12_create.pod create mode 100644 openssl/doc/crypto/PKCS12_parse.pod create mode 100644 openssl/doc/crypto/PKCS7_decrypt.pod create mode 100644 openssl/doc/crypto/PKCS7_encrypt.pod create mode 100644 openssl/doc/crypto/PKCS7_sign.pod create mode 100644 openssl/doc/crypto/PKCS7_sign_add_signer.pod create mode 100644 openssl/doc/crypto/PKCS7_verify.pod create mode 100644 openssl/doc/crypto/RAND_add.pod create mode 100644 openssl/doc/crypto/RAND_bytes.pod create mode 100644 openssl/doc/crypto/RAND_cleanup.pod create mode 100644 openssl/doc/crypto/RAND_egd.pod create mode 100644 openssl/doc/crypto/RAND_load_file.pod create mode 100644 openssl/doc/crypto/RAND_set_rand_method.pod create mode 100644 openssl/doc/crypto/RSA_blinding_on.pod create mode 100644 openssl/doc/crypto/RSA_check_key.pod create mode 100644 openssl/doc/crypto/RSA_generate_key.pod create mode 100644 openssl/doc/crypto/RSA_get_ex_new_index.pod create mode 100644 openssl/doc/crypto/RSA_new.pod create mode 100644 openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod create mode 100644 openssl/doc/crypto/RSA_print.pod create mode 100644 openssl/doc/crypto/RSA_private_encrypt.pod create mode 100644 openssl/doc/crypto/RSA_public_encrypt.pod create mode 100644 openssl/doc/crypto/RSA_set_method.pod create mode 100644 openssl/doc/crypto/RSA_sign.pod create mode 100644 openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod create mode 100644 openssl/doc/crypto/RSA_size.pod create mode 100644 openssl/doc/crypto/SMIME_read_CMS.pod create mode 100644 openssl/doc/crypto/SMIME_read_PKCS7.pod create mode 100644 openssl/doc/crypto/SMIME_write_CMS.pod create mode 100644 openssl/doc/crypto/SMIME_write_PKCS7.pod create mode 100644 openssl/doc/crypto/SSLeay_version.pod create mode 100644 openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod create mode 100644 openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod create mode 100644 openssl/doc/crypto/X509_NAME_get_index_by_NID.pod create mode 100644 openssl/doc/crypto/X509_NAME_print_ex.pod create mode 100644 openssl/doc/crypto/X509_STORE_CTX_get_error.pod create mode 100644 openssl/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod create mode 100644 openssl/doc/crypto/X509_STORE_CTX_new.pod create mode 100644 openssl/doc/crypto/X509_STORE_CTX_set_verify_cb.pod create mode 100644 openssl/doc/crypto/X509_STORE_set_verify_cb_func.pod create mode 100644 openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod create mode 100644 openssl/doc/crypto/X509_check_host.pod create mode 100644 openssl/doc/crypto/X509_new.pod create mode 100644 openssl/doc/crypto/X509_verify_cert.pod create mode 100644 openssl/doc/crypto/bio.pod create mode 100644 openssl/doc/crypto/blowfish.pod create mode 100644 openssl/doc/crypto/bn.pod create mode 100644 openssl/doc/crypto/bn_internal.pod create mode 100644 openssl/doc/crypto/buffer.pod create mode 100644 openssl/doc/crypto/crypto.pod create mode 100644 openssl/doc/crypto/d2i_ASN1_OBJECT.pod create mode 100644 openssl/doc/crypto/d2i_CMS_ContentInfo.pod create mode 100644 openssl/doc/crypto/d2i_DHparams.pod create mode 100644 openssl/doc/crypto/d2i_DSAPublicKey.pod create mode 100644 openssl/doc/crypto/d2i_ECPKParameters.pod create mode 100644 openssl/doc/crypto/d2i_ECPrivateKey.pod create mode 100644 openssl/doc/crypto/d2i_PKCS8PrivateKey.pod create mode 100644 openssl/doc/crypto/d2i_PrivateKey.pod create mode 100644 openssl/doc/crypto/d2i_RSAPublicKey.pod create mode 100644 openssl/doc/crypto/d2i_X509.pod create mode 100644 openssl/doc/crypto/d2i_X509_ALGOR.pod create mode 100644 openssl/doc/crypto/d2i_X509_CRL.pod create mode 100644 openssl/doc/crypto/d2i_X509_NAME.pod create mode 100644 openssl/doc/crypto/d2i_X509_REQ.pod create mode 100644 openssl/doc/crypto/d2i_X509_SIG.pod create mode 100644 openssl/doc/crypto/des.pod create mode 100644 openssl/doc/crypto/des_modes.pod create mode 100644 openssl/doc/crypto/dh.pod create mode 100644 openssl/doc/crypto/dsa.pod create mode 100644 openssl/doc/crypto/ec.pod create mode 100644 openssl/doc/crypto/ecdsa.pod create mode 100644 openssl/doc/crypto/engine.pod create mode 100644 openssl/doc/crypto/err.pod create mode 100644 openssl/doc/crypto/evp.pod create mode 100644 openssl/doc/crypto/hmac.pod create mode 100644 openssl/doc/crypto/i2d_CMS_bio_stream.pod create mode 100644 openssl/doc/crypto/i2d_PKCS7_bio_stream.pod create mode 100644 openssl/doc/crypto/lh_stats.pod create mode 100644 openssl/doc/crypto/lhash.pod create mode 100644 openssl/doc/crypto/md5.pod create mode 100644 openssl/doc/crypto/mdc2.pod create mode 100644 openssl/doc/crypto/pem.pod create mode 100644 openssl/doc/crypto/rand.pod create mode 100644 openssl/doc/crypto/rc4.pod create mode 100644 openssl/doc/crypto/ripemd.pod create mode 100644 openssl/doc/crypto/rsa.pod create mode 100644 openssl/doc/crypto/sha.pod create mode 100644 openssl/doc/crypto/threads.pod create mode 100644 openssl/doc/crypto/ui.pod create mode 100644 openssl/doc/crypto/ui_compat.pod create mode 100644 openssl/doc/crypto/x509.pod create mode 100644 openssl/doc/dir-locals.example.el create mode 100644 openssl/doc/fingerprints.txt create mode 100644 openssl/doc/openssl-c-indent.el create mode 100644 openssl/doc/openssl-shared.txt create mode 100644 openssl/doc/openssl.txt create mode 100644 openssl/doc/ssl/SSL_CIPHER_get_name.pod create mode 100644 openssl/doc/ssl/SSL_COMP_add_compression_method.pod create mode 100644 openssl/doc/ssl/SSL_CONF_CTX_new.pod create mode 100644 openssl/doc/ssl/SSL_CONF_CTX_set1_prefix.pod create mode 100644 openssl/doc/ssl/SSL_CONF_CTX_set_flags.pod create mode 100644 openssl/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod create mode 100644 openssl/doc/ssl/SSL_CONF_cmd.pod create mode 100644 openssl/doc/ssl/SSL_CONF_cmd_argv.pod create mode 100644 openssl/doc/ssl/SSL_CTX_add1_chain_cert.pod create mode 100644 openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod create mode 100644 openssl/doc/ssl/SSL_CTX_add_session.pod create mode 100644 openssl/doc/ssl/SSL_CTX_ctrl.pod create mode 100644 openssl/doc/ssl/SSL_CTX_flush_sessions.pod create mode 100644 openssl/doc/ssl/SSL_CTX_free.pod create mode 100644 openssl/doc/ssl/SSL_CTX_get0_param.pod create mode 100644 openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod create mode 100644 openssl/doc/ssl/SSL_CTX_get_verify_mode.pod create mode 100644 openssl/doc/ssl/SSL_CTX_load_verify_locations.pod create mode 100644 openssl/doc/ssl/SSL_CTX_new.pod create mode 100644 openssl/doc/ssl/SSL_CTX_sess_number.pod create mode 100644 openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod create mode 100644 openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod create mode 100644 openssl/doc/ssl/SSL_CTX_sessions.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set1_curves.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set1_verify_cert_store.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_alpn_select_cb.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_cert_cb.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_cert_store.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_cipher_list.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_custom_cli_ext.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_info_callback.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_mode.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_msg_callback.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_options.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_psk_client_callback.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_read_ahead.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_session_id_context.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_ssl_version.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_timeout.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod create mode 100644 openssl/doc/ssl/SSL_CTX_set_verify.pod create mode 100644 openssl/doc/ssl/SSL_CTX_use_certificate.pod create mode 100644 openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod create mode 100644 openssl/doc/ssl/SSL_CTX_use_serverinfo.pod create mode 100644 openssl/doc/ssl/SSL_SESSION_free.pod create mode 100644 openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod create mode 100644 openssl/doc/ssl/SSL_SESSION_get_time.pod create mode 100644 openssl/doc/ssl/SSL_accept.pod create mode 100644 openssl/doc/ssl/SSL_alert_type_string.pod create mode 100644 openssl/doc/ssl/SSL_check_chain.pod create mode 100644 openssl/doc/ssl/SSL_clear.pod create mode 100644 openssl/doc/ssl/SSL_connect.pod create mode 100644 openssl/doc/ssl/SSL_do_handshake.pod create mode 100644 openssl/doc/ssl/SSL_free.pod create mode 100644 openssl/doc/ssl/SSL_get_SSL_CTX.pod create mode 100644 openssl/doc/ssl/SSL_get_ciphers.pod create mode 100644 openssl/doc/ssl/SSL_get_client_CA_list.pod create mode 100644 openssl/doc/ssl/SSL_get_current_cipher.pod create mode 100644 openssl/doc/ssl/SSL_get_default_timeout.pod create mode 100644 openssl/doc/ssl/SSL_get_error.pod create mode 100644 openssl/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod create mode 100644 openssl/doc/ssl/SSL_get_ex_new_index.pod create mode 100644 openssl/doc/ssl/SSL_get_fd.pod create mode 100644 openssl/doc/ssl/SSL_get_peer_cert_chain.pod create mode 100644 openssl/doc/ssl/SSL_get_peer_certificate.pod create mode 100644 openssl/doc/ssl/SSL_get_psk_identity.pod create mode 100644 openssl/doc/ssl/SSL_get_rbio.pod create mode 100644 openssl/doc/ssl/SSL_get_session.pod create mode 100644 openssl/doc/ssl/SSL_get_verify_result.pod create mode 100644 openssl/doc/ssl/SSL_get_version.pod create mode 100644 openssl/doc/ssl/SSL_library_init.pod create mode 100644 openssl/doc/ssl/SSL_load_client_CA_file.pod create mode 100644 openssl/doc/ssl/SSL_new.pod create mode 100644 openssl/doc/ssl/SSL_pending.pod create mode 100644 openssl/doc/ssl/SSL_read.pod create mode 100644 openssl/doc/ssl/SSL_rstate_string.pod create mode 100644 openssl/doc/ssl/SSL_session_reused.pod create mode 100644 openssl/doc/ssl/SSL_set_bio.pod create mode 100644 openssl/doc/ssl/SSL_set_connect_state.pod create mode 100644 openssl/doc/ssl/SSL_set_fd.pod create mode 100644 openssl/doc/ssl/SSL_set_session.pod create mode 100644 openssl/doc/ssl/SSL_set_shutdown.pod create mode 100644 openssl/doc/ssl/SSL_set_verify_result.pod create mode 100644 openssl/doc/ssl/SSL_shutdown.pod create mode 100644 openssl/doc/ssl/SSL_state_string.pod create mode 100644 openssl/doc/ssl/SSL_want.pod create mode 100644 openssl/doc/ssl/SSL_write.pod create mode 100644 openssl/doc/ssl/d2i_SSL_SESSION.pod create mode 100644 openssl/doc/ssl/ssl.pod create mode 100644 openssl/doc/ssleay.txt create mode 100644 openssl/doc/standards.txt create mode 100644 openssl/e_os.h create mode 100644 openssl/e_os2.h create mode 100644 openssl/engines/Makefile create mode 100644 openssl/engines/alpha.opt create mode 100644 openssl/engines/axp.opt create mode 100644 openssl/engines/capierr.bat create mode 100644 openssl/engines/ccgost/Makefile create mode 100644 openssl/engines/ccgost/README.gost create mode 100644 openssl/engines/ccgost/e_gost_err.c create mode 100644 openssl/engines/ccgost/e_gost_err.h create mode 100644 openssl/engines/ccgost/e_gost_err.proto create mode 100644 openssl/engines/ccgost/gost.ec create mode 100644 openssl/engines/ccgost/gost2001.c create mode 100644 openssl/engines/ccgost/gost2001_keyx.c create mode 100644 openssl/engines/ccgost/gost2001_keyx.h create mode 100644 openssl/engines/ccgost/gost89.c create mode 100644 openssl/engines/ccgost/gost89.h create mode 100644 openssl/engines/ccgost/gost94_keyx.c create mode 100644 openssl/engines/ccgost/gost_ameth.c create mode 100644 openssl/engines/ccgost/gost_asn1.c create mode 100644 openssl/engines/ccgost/gost_crypt.c create mode 100644 openssl/engines/ccgost/gost_ctl.c create mode 100644 openssl/engines/ccgost/gost_eng.c create mode 100644 openssl/engines/ccgost/gost_keywrap.c create mode 100644 openssl/engines/ccgost/gost_keywrap.h create mode 100644 openssl/engines/ccgost/gost_lcl.h create mode 100644 openssl/engines/ccgost/gost_md.c create mode 100644 openssl/engines/ccgost/gost_params.c create mode 100644 openssl/engines/ccgost/gost_params.h create mode 100644 openssl/engines/ccgost/gost_pmeth.c create mode 100644 openssl/engines/ccgost/gost_sign.c create mode 100644 openssl/engines/ccgost/gosthash.c create mode 100644 openssl/engines/ccgost/gosthash.h create mode 100644 openssl/engines/ccgost/gostsum.c create mode 100644 openssl/engines/e_4758cca.c create mode 100644 openssl/engines/e_4758cca.ec create mode 100644 openssl/engines/e_4758cca_err.c create mode 100644 openssl/engines/e_4758cca_err.h create mode 100644 openssl/engines/e_aep.c create mode 100644 openssl/engines/e_aep.ec create mode 100644 openssl/engines/e_aep_err.c create mode 100644 openssl/engines/e_aep_err.h create mode 100644 openssl/engines/e_atalla.c create mode 100644 openssl/engines/e_atalla.ec create mode 100644 openssl/engines/e_atalla_err.c create mode 100644 openssl/engines/e_atalla_err.h create mode 100644 openssl/engines/e_capi.c create mode 100644 openssl/engines/e_capi.ec create mode 100644 openssl/engines/e_capi_err.c create mode 100644 openssl/engines/e_capi_err.h create mode 100644 openssl/engines/e_chil.c create mode 100644 openssl/engines/e_chil.ec create mode 100644 openssl/engines/e_chil_err.c create mode 100644 openssl/engines/e_chil_err.h create mode 100644 openssl/engines/e_cswift.c create mode 100644 openssl/engines/e_cswift.ec create mode 100644 openssl/engines/e_cswift_err.c create mode 100644 openssl/engines/e_cswift_err.h create mode 100644 openssl/engines/e_gmp.c create mode 100644 openssl/engines/e_gmp.ec create mode 100644 openssl/engines/e_gmp_err.c create mode 100644 openssl/engines/e_gmp_err.h create mode 100644 openssl/engines/e_nuron.c create mode 100644 openssl/engines/e_nuron.ec create mode 100644 openssl/engines/e_nuron_err.c create mode 100644 openssl/engines/e_nuron_err.h create mode 100644 openssl/engines/e_padlock.c create mode 100644 openssl/engines/e_padlock.ec create mode 100644 openssl/engines/e_sureware.c create mode 100644 openssl/engines/e_sureware.ec create mode 100644 openssl/engines/e_sureware_err.c create mode 100644 openssl/engines/e_sureware_err.h create mode 100644 openssl/engines/e_ubsec.c create mode 100644 openssl/engines/e_ubsec.ec create mode 100644 openssl/engines/e_ubsec_err.c create mode 100644 openssl/engines/e_ubsec_err.h create mode 100644 openssl/engines/engine_vector.mar create mode 100644 openssl/engines/ia64.opt create mode 100644 openssl/engines/makeengines.com create mode 100644 openssl/engines/vax.opt create mode 100644 openssl/engines/vendor_defns/aep.h create mode 100644 openssl/engines/vendor_defns/atalla.h create mode 100644 openssl/engines/vendor_defns/cswift.h create mode 100644 openssl/engines/vendor_defns/hw_4758_cca.h create mode 100644 openssl/engines/vendor_defns/hw_ubsec.h create mode 100644 openssl/engines/vendor_defns/hwcryptohook.h create mode 100644 openssl/engines/vendor_defns/sureware.h create mode 100644 openssl/install.com create mode 100755 openssl/makevms.com create mode 100644 openssl/ms/.rnd create mode 100755 openssl/ms/32all.bat create mode 100644 openssl/ms/README create mode 100644 openssl/ms/applink.c create mode 100755 openssl/ms/bcb4.bat create mode 100644 openssl/ms/certCA.srl create mode 100644 openssl/ms/certCA.ss create mode 100644 openssl/ms/certU.ss create mode 100644 openssl/ms/cmp.pl create mode 100755 openssl/ms/do_ms.bat create mode 100755 openssl/ms/do_nasm.bat create mode 100755 openssl/ms/do_nt.bat create mode 100755 openssl/ms/do_win64a.bat create mode 100755 openssl/ms/do_win64i.bat create mode 100644 openssl/ms/keyCA.ss create mode 100644 openssl/ms/keyU.ss create mode 100644 openssl/ms/mingw32.bat create mode 100644 openssl/ms/mw.bat create mode 100644 openssl/ms/req2CA.ss create mode 100644 openssl/ms/reqCA.ss create mode 100644 openssl/ms/reqU.ss create mode 100755 openssl/ms/speed32.bat create mode 100755 openssl/ms/tenc.bat create mode 100644 openssl/ms/tencce.bat create mode 100755 openssl/ms/test.bat create mode 100644 openssl/ms/testce.bat create mode 100644 openssl/ms/testce2.bat create mode 100755 openssl/ms/testenc.bat create mode 100644 openssl/ms/testencce.bat create mode 100755 openssl/ms/testpem.bat create mode 100644 openssl/ms/testpemce.bat create mode 100755 openssl/ms/testss.bat create mode 100644 openssl/ms/testssce.bat create mode 100644 openssl/ms/tlhelp32.h create mode 100755 openssl/ms/tpem.bat create mode 100644 openssl/ms/tpemce.bat create mode 100755 openssl/ms/uplink-common.pl create mode 100755 openssl/ms/uplink-ia64.pl create mode 100755 openssl/ms/uplink-x86.pl create mode 100755 openssl/ms/uplink-x86_64.pl create mode 100644 openssl/ms/uplink.c create mode 100644 openssl/ms/uplink.h create mode 100755 openssl/ms/uplink.pl create mode 100755 openssl/ms/x86asm.bat create mode 100644 openssl/openssl.doxy create mode 100644 openssl/openssl.spec create mode 100644 openssl/os2/OS2-EMX.cmd create mode 100644 openssl/os2/backwardify.pl create mode 100644 openssl/shlib/Makefile.hpux10-cc create mode 100644 openssl/shlib/README create mode 100644 openssl/shlib/hpux10-cc.sh create mode 100644 openssl/shlib/irix.sh create mode 100755 openssl/shlib/sco5-shared-gcc.sh create mode 100755 openssl/shlib/sco5-shared-installed create mode 100755 openssl/shlib/sco5-shared.sh create mode 100755 openssl/shlib/solaris-sc4.sh create mode 100644 openssl/shlib/solaris.sh create mode 100644 openssl/shlib/sun.sh create mode 100755 openssl/shlib/svr5-shared-gcc.sh create mode 100755 openssl/shlib/svr5-shared-installed create mode 100755 openssl/shlib/svr5-shared.sh create mode 100755 openssl/shlib/win32.bat create mode 100755 openssl/shlib/win32dll.bat create mode 100644 openssl/ssl/Makefile create mode 100644 openssl/ssl/bad_dtls_test.c create mode 100644 openssl/ssl/bio_ssl.c create mode 100644 openssl/ssl/clienthellotest.c create mode 100644 openssl/ssl/d1_both.c create mode 100644 openssl/ssl/d1_clnt.c create mode 100644 openssl/ssl/d1_lib.c create mode 100644 openssl/ssl/d1_meth.c create mode 100644 openssl/ssl/d1_pkt.c create mode 100644 openssl/ssl/d1_srtp.c create mode 100644 openssl/ssl/d1_srvr.c create mode 100644 openssl/ssl/dtls1.h create mode 100644 openssl/ssl/dtlstest.c create mode 100644 openssl/ssl/heartbeat_test.c create mode 100755 openssl/ssl/install-ssl.com create mode 100644 openssl/ssl/kssl.c create mode 100644 openssl/ssl/kssl.h create mode 100644 openssl/ssl/kssl_lcl.h create mode 100644 openssl/ssl/s23_clnt.c create mode 100644 openssl/ssl/s23_lib.c create mode 100644 openssl/ssl/s23_meth.c create mode 100644 openssl/ssl/s23_pkt.c create mode 100644 openssl/ssl/s23_srvr.c create mode 100644 openssl/ssl/s2_clnt.c create mode 100644 openssl/ssl/s2_enc.c create mode 100644 openssl/ssl/s2_lib.c create mode 100644 openssl/ssl/s2_meth.c create mode 100644 openssl/ssl/s2_pkt.c create mode 100644 openssl/ssl/s2_srvr.c create mode 100644 openssl/ssl/s3_both.c create mode 100644 openssl/ssl/s3_cbc.c create mode 100644 openssl/ssl/s3_clnt.c create mode 100644 openssl/ssl/s3_enc.c create mode 100644 openssl/ssl/s3_lib.c create mode 100644 openssl/ssl/s3_meth.c create mode 100644 openssl/ssl/s3_pkt.c create mode 100644 openssl/ssl/s3_srvr.c create mode 100644 openssl/ssl/srtp.h create mode 100644 openssl/ssl/ssl-lib.com create mode 100644 openssl/ssl/ssl.h create mode 100644 openssl/ssl/ssl2.h create mode 100644 openssl/ssl/ssl23.h create mode 100644 openssl/ssl/ssl3.h create mode 100644 openssl/ssl/ssl_algs.c create mode 100644 openssl/ssl/ssl_asn1.c create mode 100644 openssl/ssl/ssl_cert.c create mode 100644 openssl/ssl/ssl_ciph.c create mode 100644 openssl/ssl/ssl_conf.c create mode 100644 openssl/ssl/ssl_err.c create mode 100644 openssl/ssl/ssl_err2.c create mode 100644 openssl/ssl/ssl_lib.c create mode 100644 openssl/ssl/ssl_locl.h create mode 100644 openssl/ssl/ssl_rsa.c create mode 100644 openssl/ssl/ssl_sess.c create mode 100644 openssl/ssl/ssl_stat.c create mode 100644 openssl/ssl/ssl_task.c create mode 100644 openssl/ssl/ssl_txt.c create mode 100644 openssl/ssl/ssl_utst.c create mode 100644 openssl/ssl/ssltest.c create mode 100644 openssl/ssl/sslv2conftest.c create mode 100644 openssl/ssl/t1_clnt.c create mode 100644 openssl/ssl/t1_enc.c create mode 100644 openssl/ssl/t1_ext.c create mode 100644 openssl/ssl/t1_lib.c create mode 100644 openssl/ssl/t1_meth.c create mode 100644 openssl/ssl/t1_reneg.c create mode 100644 openssl/ssl/t1_srvr.c create mode 100644 openssl/ssl/t1_trce.c create mode 100644 openssl/ssl/tls1.h create mode 100644 openssl/ssl/tls_srp.c create mode 100644 openssl/test/CAss.cnf create mode 100644 openssl/test/CAssdh.cnf create mode 100644 openssl/test/CAssdsa.cnf create mode 100644 openssl/test/CAssrsa.cnf create mode 100644 openssl/test/CAtsa.cnf create mode 100644 openssl/test/Makefile create mode 100644 openssl/test/P1ss.cnf create mode 100644 openssl/test/P2ss.cnf create mode 100644 openssl/test/Sssdsa.cnf create mode 100644 openssl/test/Sssrsa.cnf create mode 100644 openssl/test/Uss.cnf create mode 100644 openssl/test/VMSca-response.1 create mode 100644 openssl/test/VMSca-response.2 create mode 100644 openssl/test/asn1test.c create mode 100755 openssl/test/bctest create mode 100644 openssl/test/bctest.com create mode 100644 openssl/test/bntest.com create mode 100644 openssl/test/certs/bad.key create mode 100644 openssl/test/certs/bad.pem create mode 100644 openssl/test/certs/interCA.key create mode 100644 openssl/test/certs/interCA.pem create mode 100644 openssl/test/certs/leaf.key create mode 100644 openssl/test/certs/leaf.pem create mode 100644 openssl/test/certs/pss1.pem create mode 100644 openssl/test/certs/rootCA.key create mode 100644 openssl/test/certs/rootCA.pem create mode 100644 openssl/test/certs/roots.pem create mode 100644 openssl/test/certs/subinterCA-ss.pem create mode 100644 openssl/test/certs/subinterCA.key create mode 100644 openssl/test/certs/subinterCA.pem create mode 100644 openssl/test/certs/untrusted.pem create mode 100755 openssl/test/clean_test.com create mode 100644 openssl/test/cms-examples.pl create mode 100644 openssl/test/cms-test.pl create mode 100644 openssl/test/dummytest.c create mode 100644 openssl/test/evptests.txt create mode 100644 openssl/test/igetest.c create mode 100644 openssl/test/maketests.com create mode 100644 openssl/test/methtest.c create mode 100644 openssl/test/ocsp-tests/D1.ors create mode 100644 openssl/test/ocsp-tests/D1_Cert_EE.pem create mode 100644 openssl/test/ocsp-tests/D1_Issuer_ICA.pem create mode 100644 openssl/test/ocsp-tests/D2.ors create mode 100644 openssl/test/ocsp-tests/D2_Cert_ICA.pem create mode 100644 openssl/test/ocsp-tests/D2_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/D3.ors create mode 100644 openssl/test/ocsp-tests/D3_Cert_EE.pem create mode 100644 openssl/test/ocsp-tests/D3_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/ISDOSC_D1.ors create mode 100644 openssl/test/ocsp-tests/ISDOSC_D2.ors create mode 100644 openssl/test/ocsp-tests/ISDOSC_D3.ors create mode 100644 openssl/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem create mode 100644 openssl/test/ocsp-tests/ISIC_D2_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/ISIC_D3_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem create mode 100644 openssl/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/ISOP_D1.ors create mode 100644 openssl/test/ocsp-tests/ISOP_D2.ors create mode 100644 openssl/test/ocsp-tests/ISOP_D3.ors create mode 100644 openssl/test/ocsp-tests/ISOP_ND1.ors create mode 100644 openssl/test/ocsp-tests/ISOP_ND2.ors create mode 100644 openssl/test/ocsp-tests/ISOP_ND3.ors create mode 100644 openssl/test/ocsp-tests/ND1.ors create mode 100644 openssl/test/ocsp-tests/ND1_Cert_EE.pem create mode 100644 openssl/test/ocsp-tests/ND1_Issuer_ICA.pem create mode 100644 openssl/test/ocsp-tests/ND2.ors create mode 100644 openssl/test/ocsp-tests/ND2_Cert_ICA.pem create mode 100644 openssl/test/ocsp-tests/ND2_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/ND3.ors create mode 100644 openssl/test/ocsp-tests/ND3_Cert_EE.pem create mode 100644 openssl/test/ocsp-tests/ND3_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/WIKH_D1.ors create mode 100644 openssl/test/ocsp-tests/WIKH_D2.ors create mode 100644 openssl/test/ocsp-tests/WIKH_D3.ors create mode 100644 openssl/test/ocsp-tests/WIKH_ND1.ors create mode 100644 openssl/test/ocsp-tests/WIKH_ND2.ors create mode 100644 openssl/test/ocsp-tests/WIKH_ND3.ors create mode 100644 openssl/test/ocsp-tests/WINH_D1.ors create mode 100644 openssl/test/ocsp-tests/WINH_D2.ors create mode 100644 openssl/test/ocsp-tests/WINH_D3.ors create mode 100644 openssl/test/ocsp-tests/WINH_ND1.ors create mode 100644 openssl/test/ocsp-tests/WINH_ND2.ors create mode 100644 openssl/test/ocsp-tests/WINH_ND3.ors create mode 100644 openssl/test/ocsp-tests/WKDOSC_D1.ors create mode 100644 openssl/test/ocsp-tests/WKDOSC_D2.ors create mode 100644 openssl/test/ocsp-tests/WKDOSC_D3.ors create mode 100644 openssl/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem create mode 100644 openssl/test/ocsp-tests/WKIC_D2_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/WKIC_D3_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem create mode 100644 openssl/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/WRID_D1.ors create mode 100644 openssl/test/ocsp-tests/WRID_D2.ors create mode 100644 openssl/test/ocsp-tests/WRID_D3.ors create mode 100644 openssl/test/ocsp-tests/WRID_ND1.ors create mode 100644 openssl/test/ocsp-tests/WRID_ND2.ors create mode 100644 openssl/test/ocsp-tests/WRID_ND3.ors create mode 100644 openssl/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem create mode 100644 openssl/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem create mode 100644 openssl/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem create mode 100644 openssl/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem create mode 100644 openssl/test/pkcs7-1.pem create mode 100644 openssl/test/pkcs7.pem create mode 100644 openssl/test/pkits-test.pl create mode 100644 openssl/test/r160test.c create mode 100644 openssl/test/serverinfo.pem create mode 100644 openssl/test/smcont.txt create mode 100644 openssl/test/smime-certs/ca.cnf create mode 100644 openssl/test/smime-certs/mksmime-certs.sh create mode 100644 openssl/test/smime-certs/smdh.pem create mode 100644 openssl/test/smime-certs/smdsa1.pem create mode 100644 openssl/test/smime-certs/smdsa2.pem create mode 100644 openssl/test/smime-certs/smdsa3.pem create mode 100644 openssl/test/smime-certs/smdsap.pem create mode 100644 openssl/test/smime-certs/smec1.pem create mode 100644 openssl/test/smime-certs/smec2.pem create mode 100644 openssl/test/smime-certs/smroot.pem create mode 100644 openssl/test/smime-certs/smrsa1.pem create mode 100644 openssl/test/smime-certs/smrsa2.pem create mode 100644 openssl/test/smime-certs/smrsa3.pem create mode 100644 openssl/test/ssltestlib.c create mode 100644 openssl/test/ssltestlib.h create mode 100644 openssl/test/tcrl create mode 100644 openssl/test/tcrl.com create mode 100644 openssl/test/test.cnf create mode 100755 openssl/test/test_padlock create mode 100644 openssl/test/testca create mode 100644 openssl/test/testca.com create mode 100644 openssl/test/testcrl.pem create mode 100644 openssl/test/testenc create mode 100644 openssl/test/testenc.com create mode 100644 openssl/test/testfipsssl create mode 100644 openssl/test/testgen create mode 100644 openssl/test/testgen.com create mode 100644 openssl/test/testp7.pem create mode 100644 openssl/test/testreq2.pem create mode 100644 openssl/test/testrsa.pem create mode 100644 openssl/test/tests.com create mode 100644 openssl/test/testsid.pem create mode 100644 openssl/test/testss create mode 100644 openssl/test/testss.com create mode 100644 openssl/test/testssl create mode 100644 openssl/test/testssl.com create mode 100644 openssl/test/testsslproxy create mode 100644 openssl/test/testtsa create mode 100644 openssl/test/testtsa.com create mode 100644 openssl/test/testutil.h create mode 100644 openssl/test/testx509.pem create mode 100644 openssl/test/times create mode 100644 openssl/test/tocsp create mode 100644 openssl/test/tocsp.com create mode 100644 openssl/test/tpkcs7 create mode 100644 openssl/test/tpkcs7.com create mode 100644 openssl/test/tpkcs7d create mode 100644 openssl/test/tpkcs7d.com create mode 100644 openssl/test/treq create mode 100644 openssl/test/treq.com create mode 100644 openssl/test/trsa create mode 100644 openssl/test/trsa.com create mode 100644 openssl/test/tsid create mode 100644 openssl/test/tsid.com create mode 100644 openssl/test/tverify.com create mode 100644 openssl/test/tx509 create mode 100644 openssl/test/tx509.com create mode 100644 openssl/test/v3-cert1.pem create mode 100644 openssl/test/v3-cert2.pem create mode 100644 openssl/tools/Makefile create mode 100755 openssl/tools/c89.sh create mode 100644 openssl/tools/c_hash create mode 100644 openssl/tools/c_info create mode 100644 openssl/tools/c_issuer create mode 100644 openssl/tools/c_name create mode 100644 openssl/tools/c_rehash create mode 100644 openssl/tools/c_rehash.in create mode 100755 openssl/util/FreeBSD.sh create mode 100755 openssl/util/add_cr.pl create mode 100755 openssl/util/bat.sh create mode 100755 openssl/util/ck_errf.pl create mode 100755 openssl/util/clean-depend.pl create mode 100644 openssl/util/copy-if-different.pl create mode 100644 openssl/util/copy.pl create mode 100755 openssl/util/cygwin.sh create mode 100755 openssl/util/deleof.pl create mode 100644 openssl/util/deltree.com create mode 100644 openssl/util/dirname.pl create mode 100755 openssl/util/do_ms.sh create mode 100755 openssl/util/domd create mode 100755 openssl/util/err-ins.pl create mode 100644 openssl/util/extract-names.pl create mode 100644 openssl/util/extract-section.pl create mode 100755 openssl/util/files.pl create mode 100755 openssl/util/fixNT.sh create mode 100644 openssl/util/indent.pro create mode 100755 openssl/util/install.sh create mode 100755 openssl/util/libeay.num create mode 100755 openssl/util/mk1mf.pl create mode 100755 openssl/util/mkbuildinf.pl create mode 100755 openssl/util/mkcerts.sh create mode 100755 openssl/util/mkdef.pl create mode 100755 openssl/util/mkdir-p.pl create mode 100644 openssl/util/mkerr.pl create mode 100755 openssl/util/mkfiles.pl create mode 100755 openssl/util/mklink.pl create mode 100755 openssl/util/mkrc.pl create mode 100755 openssl/util/mkstack.pl create mode 100755 openssl/util/openssl-format-source create mode 100755 openssl/util/opensslwrap.sh create mode 100755 openssl/util/perlpath.pl create mode 100644 openssl/util/pl/BC-32.pl create mode 100644 openssl/util/pl/Mingw32.pl create mode 100644 openssl/util/pl/OS2-EMX.pl create mode 100644 openssl/util/pl/VC-32.pl create mode 100644 openssl/util/pl/linux.pl create mode 100644 openssl/util/pl/netware.pl create mode 100644 openssl/util/pl/ultrix.pl create mode 100644 openssl/util/pl/unix.pl create mode 100755 openssl/util/pod2man.pl create mode 100755 openssl/util/pod2mantest create mode 100644 openssl/util/pod2mantest.pod create mode 100755 openssl/util/point.sh create mode 100644 openssl/util/selftest.pl create mode 100755 openssl/util/shlib_wrap.sh create mode 100755 openssl/util/sp-diff.pl create mode 100755 openssl/util/speed.sh create mode 100755 openssl/util/src-dep.pl create mode 100755 openssl/util/ssleay.num create mode 100644 openssl/util/su-filter.pl create mode 100755 openssl/util/tab_num.pl create mode 100644 openssl/util/toutf8.sh create mode 100755 openssl/util/x86asm.sh diff --git a/openssl/ACKNOWLEDGMENTS b/openssl/ACKNOWLEDGMENTS new file mode 100644 index 0000000..d21dccb --- /dev/null +++ b/openssl/ACKNOWLEDGMENTS @@ -0,0 +1,2 @@ +Please https://www.openssl.org/community/thanks.html for the current +acknowledgements. diff --git a/openssl/CHANGES b/openssl/CHANGES new file mode 100644 index 0000000..95aabc6 --- /dev/null +++ b/openssl/CHANGES @@ -0,0 +1,11444 @@ + + OpenSSL CHANGES + _______________ + + Changes between 1.0.2j and 1.0.2k [26 Jan 2017] + + *) Truncated packet could crash via OOB read + + If one side of an SSL/TLS path is running on a 32-bit host and a specific + cipher is being used, then a truncated packet can cause that host to + perform an out-of-bounds read, usually resulting in a crash. + + This issue was reported to OpenSSL by Robert Święcki of Google. + (CVE-2017-3731) + [Andy Polyakov] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very + similar to CVE-2015-3193 but must be treated as a separate problem. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3732) + [Andy Polyakov] + + *) Montgomery multiplication may produce incorrect results + + There is a carry propagating bug in the Broadwell-specific Montgomery + multiplication procedure that handles input lengths divisible by, but + longer than 256 bits. Analysis suggests that attacks against RSA, DSA + and DH private keys are impossible. This is because the subroutine in + question is not used in operations with the private key itself and an input + of the attacker's direct choice. Otherwise the bug can manifest itself as + transient authentication and key negotiation failures or reproducible + erroneous outcome of public-key operations with specially crafted input. + Among EC algorithms only Brainpool P-512 curves are affected and one + presumably can attack ECDH key negotiation. Impact was not analyzed in + detail, because pre-requisites for attack are considered unlikely. Namely + multiple clients have to choose the curve in question and the server has to + share the private key among them, neither of which is default behaviour. + Even then only clients that chose the curve will be affected. + + This issue was publicly reported as transient failures and was not + initially recognized as a security issue. Thanks to Richard Morgan for + providing reproducible case. + (CVE-2016-7055) + [Andy Polyakov] + + *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 + or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to + prevent issues where no progress is being made and the peer continually + sends unrecognised record types, using up resources processing them. + [Matt Caswell] + + Changes between 1.0.2i and 1.0.2j [26 Sep 2016] + + *) Missing CRL sanity check + + A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 + but was omitted from OpenSSL 1.0.2i. As a result any attempt to use + CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. + + This issue only affects the OpenSSL 1.0.2i + (CVE-2016-7052) + [Matt Caswell] + + Changes between 1.0.2h and 1.0.2i [22 Sep 2016] + + *) OCSP Status Request extension unbounded memory growth + + A malicious client can send an excessively large OCSP Status Request + extension. If that client continually requests renegotiation, sending a + large OCSP Status Request extension each time, then there will be unbounded + memory growth on the server. This will eventually lead to a Denial Of + Service attack through memory exhaustion. Servers with a default + configuration are vulnerable even if they do not support OCSP. Builds using + the "no-ocsp" build time option are not affected. + + This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.) + (CVE-2016-6304) + [Matt Caswell] + + *) In order to mitigate the SWEET32 attack, the DES ciphers were moved from + HIGH to MEDIUM. + + This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan + Leurent (INRIA) + (CVE-2016-2183) + [Rich Salz] + + *) OOB write in MDC2_Update() + + An overflow can occur in MDC2_Update() either if called directly or + through the EVP_DigestUpdate() function using MDC2. If an attacker + is able to supply very large amounts of input data after a previous + call to EVP_EncryptUpdate() with a partial block then a length check + can overflow resulting in a heap corruption. + + The amount of data needed is comparable to SIZE_MAX which is impractical + on most platforms. + + This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.) + (CVE-2016-6303) + [Stephen Henson] + + *) Malformed SHA512 ticket DoS + + If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a + DoS attack where a malformed ticket will result in an OOB read which will + ultimately crash. + + The use of SHA512 in TLS session tickets is comparatively rare as it requires + a custom server callback and ticket lookup mechanism. + + This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.) + (CVE-2016-6302) + [Stephen Henson] + + *) OOB write in BN_bn2dec() + + The function BN_bn2dec() does not check the return value of BN_div_word(). + This can cause an OOB write if an application uses this function with an + overly large BIGNUM. This could be a problem if an overly large certificate + or CRL is printed out from an untrusted source. TLS is not affected because + record limits will reject an oversized certificate before it is parsed. + + This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.) + (CVE-2016-2182) + [Stephen Henson] + + *) OOB read in TS_OBJ_print_bio() + + The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is + the total length the OID text representation would use and not the amount + of data written. This will result in OOB reads when large OIDs are + presented. + + This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.) + (CVE-2016-2180) + [Stephen Henson] + + *) Pointer arithmetic undefined behaviour + + Avoid some undefined pointer arithmetic + + A common idiom in the codebase is to check limits in the following manner: + "p + len > limit" + + Where "p" points to some malloc'd data of SIZE bytes and + limit == p + SIZE + + "len" here could be from some externally supplied data (e.g. from a TLS + message). + + The rules of C pointer arithmetic are such that "p + len" is only well + defined where len <= SIZE. Therefore the above idiom is actually + undefined behaviour. + + For example this could cause problems if some malloc implementation + provides an address for "p" such that "p + len" actually overflows for + values of len that are too big and therefore p + len < limit. + + This issue was reported to OpenSSL by Guido Vranken + (CVE-2016-2177) + [Matt Caswell] + + *) Constant time flag not preserved in DSA signing + + Operations in the DSA signing algorithm should run in constant time in + order to avoid side channel attacks. A flaw in the OpenSSL DSA + implementation means that a non-constant time codepath is followed for + certain operations. This has been demonstrated through a cache-timing + attack to be sufficient for an attacker to recover the private DSA key. + + This issue was reported by César Pereida (Aalto University), Billy Brumley + (Tampere University of Technology), and Yuval Yarom (The University of + Adelaide and NICTA). + (CVE-2016-2178) + [César Pereida] + + *) DTLS buffered message DoS + + In a DTLS connection where handshake messages are delivered out-of-order + those messages that OpenSSL is not yet ready to process will be buffered + for later use. Under certain circumstances, a flaw in the logic means that + those messages do not get removed from the buffer even though the handshake + has been completed. An attacker could force up to approx. 15 messages to + remain in the buffer when they are no longer required. These messages will + be cleared when the DTLS connection is closed. The default maximum size for + a message is 100k. Therefore the attacker could force an additional 1500k + to be consumed per connection. By opening many simulataneous connections an + attacker could cause a DoS attack through memory exhaustion. + + This issue was reported to OpenSSL by Quan Luo. + (CVE-2016-2179) + [Matt Caswell] + + *) DTLS replay protection DoS + + A flaw in the DTLS replay attack protection mechanism means that records + that arrive for future epochs update the replay protection "window" before + the MAC for the record has been validated. This could be exploited by an + attacker by sending a record for the next epoch (which does not have to + decrypt or have a valid MAC), with a very large sequence number. This means + that all subsequent legitimate packets are dropped causing a denial of + service for a specific DTLS connection. + + This issue was reported to OpenSSL by the OCAP audit team. + (CVE-2016-2181) + [Matt Caswell] + + *) Certificate message OOB reads + + In OpenSSL 1.0.2 and earlier some missing message length checks can result + in OOB reads of up to 2 bytes beyond an allocated buffer. There is a + theoretical DoS risk but this has not been observed in practice on common + platforms. + + The messages affected are client certificate, client certificate request + and server certificate. As a result the attack can only be performed + against a client or a server which enables client authentication. + + This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.) + (CVE-2016-6306) + [Stephen Henson] + + Changes between 1.0.2g and 1.0.2h [3 May 2016] + + *) Prevent padding oracle in AES-NI CBC MAC check + + A MITM attacker can use a padding oracle attack to decrypt traffic + when the connection uses an AES CBC cipher and the server support + AES-NI. + + This issue was introduced as part of the fix for Lucky 13 padding + attack (CVE-2013-0169). The padding check was rewritten to be in + constant time by making sure that always the same bytes are read and + compared against either the MAC or padding bytes. But it no longer + checked that there was enough data to have both the MAC and padding + bytes. + + This issue was reported by Juraj Somorovsky using TLS-Attacker. + (CVE-2016-2107) + [Kurt Roeckx] + + *) Fix EVP_EncodeUpdate overflow + + An overflow can occur in the EVP_EncodeUpdate() function which is used for + Base64 encoding of binary data. If an attacker is able to supply very large + amounts of input data then a length check can overflow resulting in a heap + corruption. + + Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by + the PEM_write_bio* family of functions. These are mainly used within the + OpenSSL command line applications, so any application which processes data + from an untrusted source and outputs it as a PEM file should be considered + vulnerable to this issue. User applications that call these APIs directly + with large amounts of untrusted data may also be vulnerable. + + This issue was reported by Guido Vranken. + (CVE-2016-2105) + [Matt Caswell] + + *) Fix EVP_EncryptUpdate overflow + + An overflow can occur in the EVP_EncryptUpdate() function. If an attacker + is able to supply very large amounts of input data after a previous call to + EVP_EncryptUpdate() with a partial block then a length check can overflow + resulting in a heap corruption. Following an analysis of all OpenSSL + internal usage of the EVP_EncryptUpdate() function all usage is one of two + forms. The first form is where the EVP_EncryptUpdate() call is known to be + the first called function after an EVP_EncryptInit(), and therefore that + specific call must be safe. The second form is where the length passed to + EVP_EncryptUpdate() can be seen from the code to be some small value and + therefore there is no possibility of an overflow. Since all instances are + one of these two forms, it is believed that there can be no overflows in + internal code due to this problem. It should be noted that + EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. + Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances + of these calls have also been analysed too and it is believed there are no + instances in internal usage where an overflow could occur. + + This issue was reported by Guido Vranken. + (CVE-2016-2106) + [Matt Caswell] + + *) Prevent ASN.1 BIO excessive memory allocation + + When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() + a short invalid encoding can casuse allocation of large amounts of memory + potentially consuming excessive resources or exhausting memory. + + Any application parsing untrusted data through d2i BIO functions is + affected. The memory based functions such as d2i_X509() are *not* affected. + Since the memory based functions are used by the TLS library, TLS + applications are not affected. + + This issue was reported by Brian Carpenter. + (CVE-2016-2109) + [Stephen Henson] + + *) EBCDIC overread + + ASN1 Strings that are over 1024 bytes can cause an overread in applications + using the X509_NAME_oneline() function on EBCDIC systems. This could result + in arbitrary stack data being returned in the buffer. + + This issue was reported by Guido Vranken. + (CVE-2016-2176) + [Matt Caswell] + + *) Modify behavior of ALPN to invoke callback after SNI/servername + callback, such that updates to the SSL_CTX affect ALPN. + [Todd Short] + + *) Remove LOW from the DEFAULT cipher list. This removes singles DES from the + default. + [Kurt Roeckx] + + *) Only remove the SSLv2 methods with the no-ssl2-method option. When the + methods are enabled and ssl2 is disabled the methods return NULL. + [Kurt Roeckx] + + Changes between 1.0.2f and 1.0.2g [1 Mar 2016] + + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + Builds that are not configured with "enable-weak-ssl-ciphers" will not + provide any "EXPORT" or "LOW" strength ciphers. + [Viktor Dukhovni] + + * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 + is by default disabled at build-time. Builds that are not configured with + "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, + users who want to negotiate SSLv2 via the version-flexible SSLv23_method() + will need to explicitly call either of: + + SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); + or + SSL_clear_options(ssl, SSL_OP_NO_SSLv2); + + as appropriate. Even if either of those is used, or the application + explicitly uses the version-specific SSLv2_method() or its client and + server variants, SSLv2 ciphers vulnerable to exhaustive search key + recovery have been removed. Specifically, the SSLv2 40-bit EXPORT + ciphers, and SSLv2 56-bit DES are no longer available. + (CVE-2016-0800) + [Viktor Dukhovni] + + *) Fix a double-free in DSA code + + A double free bug was discovered when OpenSSL parses malformed DSA private + keys and could lead to a DoS attack or memory corruption for applications + that receive DSA private keys from untrusted sources. This scenario is + considered rare. + + This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using + libFuzzer. + (CVE-2016-0705) + [Stephen Henson] + + *) Disable SRP fake user seed to address a server memory leak. + + Add a new method SRP_VBASE_get1_by_user that handles the seed properly. + + SRP_VBASE_get_by_user had inconsistent memory management behaviour. + In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user + was changed to ignore the "fake user" SRP seed, even if the seed + is configured. + + Users should use SRP_VBASE_get1_by_user instead. Note that in + SRP_VBASE_get1_by_user, caller must free the returned value. Note + also that even though configuring the SRP seed attempts to hide + invalid usernames by continuing the handshake with fake + credentials, this behaviour is not constant time and no strong + guarantees are made that the handshake is indistinguishable from + that of a valid user. + (CVE-2016-0798) + [Emilia Käsper] + + *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + + In the BN_hex2bn function the number of hex digits is calculated using an + int value |i|. Later |bn_expand| is called with a value of |i * 4|. For + large values of |i| this can result in |bn_expand| not allocating any + memory because |i * 4| is negative. This can leave the internal BIGNUM data + field as NULL leading to a subsequent NULL ptr deref. For very large values + of |i|, the calculation |i * 4| could be a positive value smaller than |i|. + In this case memory is allocated to the internal BIGNUM data field, but it + is insufficiently sized leading to heap corruption. A similar issue exists + in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn + is ever called by user applications with very large untrusted hex/dec data. + This is anticipated to be a rare occurrence. + + All OpenSSL internal usage of these functions use data that is not expected + to be untrusted, e.g. config file data or application command line + arguments. If user developed applications generate config file data based + on untrusted data then it is possible that this could also lead to security + consequences. This is also anticipated to be rare. + + This issue was reported to OpenSSL by Guido Vranken. + (CVE-2016-0797) + [Matt Caswell] + + *) Fix memory issues in BIO_*printf functions + + The internal |fmtstr| function used in processing a "%s" format string in + the BIO_*printf functions could overflow while calculating the length of a + string and cause an OOB read when printing very long strings. + + Additionally the internal |doapr_outch| function can attempt to write to an + OOB memory location (at an offset from the NULL pointer) in the event of a + memory allocation failure. In 1.0.2 and below this could be caused where + the size of a buffer to be allocated is greater than INT_MAX. E.g. this + could be in processing a very long "%s" format string. Memory leaks can + also occur. + + The first issue may mask the second issue dependent on compiler behaviour. + These problems could enable attacks where large amounts of untrusted data + is passed to the BIO_*printf functions. If applications use these functions + in this way then they could be vulnerable. OpenSSL itself uses these + functions when printing out human-readable dumps of ASN.1 data. Therefore + applications that print this data could be vulnerable if the data is from + untrusted sources. OpenSSL command line applications could also be + vulnerable where they print out ASN.1 data, or if untrusted data is passed + as command line arguments. + + Libssl is not considered directly vulnerable. Additionally certificates etc + received via remote connections via libssl are also unlikely to be able to + trigger these issues because of message size limits enforced within libssl. + + This issue was reported to OpenSSL Guido Vranken. + (CVE-2016-0799) + [Matt Caswell] + + *) Side channel attack on modular exponentiation + + A side-channel attack was found which makes use of cache-bank conflicts on + the Intel Sandy-Bridge microarchitecture which could lead to the recovery + of RSA keys. The ability to exploit this issue is limited as it relies on + an attacker who has control of code in a thread running on the same + hyper-threaded core as the victim thread which is performing decryptions. + + This issue was reported to OpenSSL by Yuval Yarom, The University of + Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and + Nadia Heninger, University of Pennsylvania with more information at + http://cachebleed.info. + (CVE-2016-0702) + [Andy Polyakov] + + *) Change the req app to generate a 2048-bit RSA/DSA key by default, + if no keysize is specified with default_bits. This fixes an + omission in an earlier change that changed all RSA/DSA key generation + apps to use 2048 bits by default. + [Emilia Käsper] + + Changes between 1.0.2e and 1.0.2f [28 Jan 2016] + + *) DH small subgroups + + Historically OpenSSL only ever generated DH parameters based on "safe" + primes. More recently (in version 1.0.2) support was provided for + generating X9.42 style parameter files such as those required for RFC 5114 + support. The primes used in such files may not be "safe". Where an + application is using DH configured with parameters based on primes that are + not "safe" then an attacker could use this fact to find a peer's private + DH exponent. This attack requires that the attacker complete multiple + handshakes in which the peer uses the same private DH exponent. For example + this could be used to discover a TLS server's private DH exponent if it's + reusing the private DH exponent or it's using a static DH ciphersuite. + + OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in + TLS. It is not on by default. If the option is not set then the server + reuses the same private DH exponent for the life of the server process and + would be vulnerable to this attack. It is believed that many popular + applications do set this option and would therefore not be at risk. + + The fix for this issue adds an additional check where a "q" parameter is + available (as is the case in X9.42 based parameters). This detects the + only known attack, and is the only possible defense for static DH + ciphersuites. This could have some performance impact. + + Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by + default and cannot be disabled. This could have some performance impact. + + This issue was reported to OpenSSL by Antonio Sanso (Adobe). + (CVE-2016-0701) + [Matt Caswell] + + *) SSLv2 doesn't block disabled ciphers + + A malicious client can negotiate SSLv2 ciphers that have been disabled on + the server and complete SSLv2 handshakes even if all SSLv2 ciphers have + been disabled, provided that the SSLv2 protocol was not also disabled via + SSL_OP_NO_SSLv2. + + This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram + and Sebastian Schinzel. + (CVE-2015-3197) + [Viktor Dukhovni] + + *) Reject DH handshakes with parameters shorter than 1024 bits. + [Kurt Roeckx] + + Changes between 1.0.2d and 1.0.2e [3 Dec 2015] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. + + This issue was reported to OpenSSL by Hanno Böck. + (CVE-2015-3193) + [Andy Polyakov] + + *) Certificate verify crash with missing PSS parameter + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and absent mask generation function parameter. Since these + routines are used to verify certificate signature algorithms this can be + used to crash any certificate verification operation and exploited in a + DoS attack. Any application which performs certificate verification is + vulnerable including OpenSSL clients and servers which enable client + authentication. + + This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG). + (CVE-2015-3194) + [Stephen Henson] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. + This changes the decoding behaviour for some invalid messages, + though the change is mostly in the more lenient direction, and + legacy behaviour is preserved as much as possible. + [Emilia Käsper] + + *) In DSA_generate_parameters_ex, if the provided seed is too short, + use a random seed, as already documented. + [Rich Salz and Ismo Puustinen ] + + Changes between 1.0.2c and 1.0.2d [9 Jul 2015] + + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + (CVE-2015-1793) + [Matt Caswell] + + *) Race condition handling PSK identify hint + + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] + + *) Fix HMAC ABI incompatibility. The previous version introduced an ABI + incompatibility in the handling of HMAC. The previous ABI has now been + restored. + + Changes between 1.0.2a and 1.0.2b [11 Jun 2015] + + *) Malformed ECParameters causes infinite loop + + When processing an ECParameters structure OpenSSL enters an infinite loop + if the curve specified is over a specially malformed binary polynomial + field. + + This can be used to perform denial of service against any + system which processes public keys, certificate requests or + certificates. This includes TLS clients and TLS servers with + client authentication enabled. + + This issue was reported to OpenSSL by Joseph Barr-Pixton. + (CVE-2015-1788) + [Andy Polyakov] + + *) Exploitable out-of-bounds read in X509_cmp_time + + X509_cmp_time does not properly check the length of the ASN1_TIME + string and can read a few bytes out of bounds. In addition, + X509_cmp_time accepts an arbitrary number of fractional seconds in the + time string. + + An attacker can use this to craft malformed certificates and CRLs of + various sizes and potentially cause a segmentation fault, resulting in + a DoS on applications that verify certificates or CRLs. TLS clients + that verify CRLs are affected. TLS clients and servers with client + authentication enabled may be affected if they use custom verification + callbacks. + + This issue was reported to OpenSSL by Robert Swiecki (Google), and + independently by Hanno Böck. + (CVE-2015-1789) + [Emilia Käsper] + + *) PKCS7 crash with missing EnvelopedContent + + The PKCS#7 parsing code does not handle missing inner EncryptedContent + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs + with missing content and trigger a NULL pointer dereference on parsing. + + Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 + structures from untrusted sources are affected. OpenSSL clients and + servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-1790) + [Emilia Käsper] + + *) CMS verify infinite loop with unknown hash function + + When verifying a signedData message the CMS code can enter an infinite loop + if presented with an unknown hash function OID. This can be used to perform + denial of service against any system which verifies signedData messages using + the CMS code. + This issue was reported to OpenSSL by Johannes Bauer. + (CVE-2015-1792) + [Stephen Henson] + + *) Race condition handling NewSessionTicket + + If a NewSessionTicket is received by a multi-threaded client when attempting to + reuse a previous ticket then a race condition can occur potentially leading to + a double free of the ticket data. + (CVE-2015-1791) + [Matt Caswell] + + *) Removed support for the two export grade static DH ciphersuites + EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites + were newly added (along with a number of other static DH ciphersuites) to + 1.0.2. However the two export ones have *never* worked since they were + introduced. It seems strange in any case to be adding new export + ciphersuites, and given "logjam" it also does not seem correct to fix them. + [Matt Caswell] + + *) Only support 256-bit or stronger elliptic curves with the + 'ecdh_auto' setting (server) or by default (client). Of supported + curves, prefer P-256 (both). + [Emilia Kasper] + + *) Reject DH handshakes with parameters shorter than 768 bits. + [Kurt Roeckx and Emilia Kasper] + + Changes between 1.0.2 and 1.0.2a [19 Mar 2015] + + *) ClientHello sigalgs DoS fix + + If a client connects to an OpenSSL 1.0.2 server and renegotiates with an + invalid signature algorithms extension a NULL pointer dereference will + occur. This can be exploited in a DoS attack against the server. + + This issue was was reported to OpenSSL by David Ramos of Stanford + University. + (CVE-2015-0291) + [Stephen Henson and Matt Caswell] + + *) Multiblock corrupted pointer fix + + OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This + feature only applies on 64 bit x86 architecture platforms that support AES + NI instructions. A defect in the implementation of "multiblock" can cause + OpenSSL's internal write buffer to become incorrectly set to NULL when + using non-blocking IO. Typically, when the user application is using a + socket BIO for writing, this will only result in a failed connection. + However if some other BIO is used then it is likely that a segmentation + fault will be triggered, thus enabling a potential DoS attack. + + This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller. + (CVE-2015-0290) + [Matt Caswell] + + *) Segmentation fault in DTLSv1_listen fix + + The DTLSv1_listen function is intended to be stateless and processes the + initial ClientHello from many peers. It is common for user code to loop + over the call to DTLSv1_listen until a valid ClientHello is received with + an associated cookie. A defect in the implementation of DTLSv1_listen means + that state is preserved in the SSL object from one invocation to the next + that can lead to a segmentation fault. Errors processing the initial + ClientHello can trigger this scenario. An example of such an error could be + that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only + server. + + This issue was reported to OpenSSL by Per Allansson. + (CVE-2015-0207) + [Matt Caswell] + + *) Segmentation fault in ASN1_TYPE_cmp fix + + The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is + made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check + certificate signature algorithm consistency this can be used to crash any + certificate verification operation and exploited in a DoS attack. Any + application which performs certificate verification is vulnerable including + OpenSSL clients and servers which enable client authentication. + (CVE-2015-0286) + [Stephen Henson] + + *) Segmentation fault for invalid PSS parameters fix + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and invalid parameters. Since these routines are used to verify + certificate signature algorithms this can be used to crash any + certificate verification operation and exploited in a DoS attack. Any + application which performs certificate verification is vulnerable including + OpenSSL clients and servers which enable client authentication. + + This issue was was reported to OpenSSL by Brian Carpenter. + (CVE-2015-0208) + [Stephen Henson] + + *) ASN.1 structure reuse memory corruption fix + + Reusing a structure in ASN.1 parsing may allow an attacker to cause + memory corruption via an invalid write. Such reuse is and has been + strongly discouraged and is believed to be rare. + + Applications that parse structures containing CHOICE or ANY DEFINED BY + components may be affected. Certificate parsing (d2i_X509 and related + functions) are however not affected. OpenSSL clients and servers are + not affected. + (CVE-2015-0287) + [Stephen Henson] + + *) PKCS7 NULL pointer dereferences fix + + The PKCS#7 parsing code does not handle missing outer ContentInfo + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with + missing content and trigger a NULL pointer dereference on parsing. + + Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or + otherwise parse PKCS#7 structures from untrusted sources are + affected. OpenSSL clients and servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-0289) + [Emilia Käsper] + + *) DoS via reachable assert in SSLv2 servers fix + + A malicious client can trigger an OPENSSL_assert (i.e., an abort) in + servers that both support SSLv2 and enable export cipher suites by sending + a specially crafted SSLv2 CLIENT-MASTER-KEY message. + + This issue was discovered by Sean Burford (Google) and Emilia Käsper + (OpenSSL development team). + (CVE-2015-0293) + [Emilia Käsper] + + *) Empty CKE with client auth and DHE fix + + If client auth is used then a server can seg fault in the event of a DHE + ciphersuite being selected and a zero length ClientKeyExchange message + being sent by the client. This could be exploited in a DoS attack. + (CVE-2015-1787) + [Matt Caswell] + + *) Handshake with unseeded PRNG fix + + Under certain conditions an OpenSSL 1.0.2 client can complete a handshake + with an unseeded PRNG. The conditions are: + - The client is on a platform where the PRNG has not been seeded + automatically, and the user has not seeded manually + - A protocol specific client method version has been used (i.e. not + SSL_client_methodv23) + - A ciphersuite is used that does not require additional random data from + the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). + + If the handshake succeeds then the client random that has been used will + have been generated from a PRNG with insufficient entropy and therefore the + output may be predictable. + + For example using the following command with an unseeded openssl will + succeed on an unpatched platform: + + openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA + (CVE-2015-0285) + [Matt Caswell] + + *) Use After Free following d2i_ECPrivatekey error fix + + A malformed EC private key file consumed via the d2i_ECPrivateKey function + could cause a use after free condition. This, in turn, could cause a double + free in several private key parsing functions (such as d2i_PrivateKey + or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption + for applications that receive EC private keys from untrusted + sources. This scenario is considered rare. + + This issue was discovered by the BoringSSL project and fixed in their + commit 517073cd4b. + (CVE-2015-0209) + [Matt Caswell] + + *) X509_to_X509_REQ NULL pointer deref fix + + The function X509_to_X509_REQ will crash with a NULL pointer dereference if + the certificate key is invalid. This function is rarely used in practice. + + This issue was discovered by Brian Carpenter. + (CVE-2015-0288) + [Stephen Henson] + + *) Removed the export ciphers from the DEFAULT ciphers + [Kurt Roeckx] + + Changes between 1.0.1l and 1.0.2 [22 Jan 2015] + + *) Change RSA and DH/DSA key generation apps to generate 2048-bit + keys by default. + [Kurt Roeckx] + + *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. + ARMv5 through ARMv8, as opposite to "locking" it to single one. + So far those who have to target multiple plaforms would compromise + and argue that binary targeting say ARMv5 would still execute on + ARMv8. "Universal" build resolves this compromise by providing + near-optimal performance even on newer platforms. + [Andy Polyakov] + + *) Accelerated NIST P-256 elliptic curve implementation for x86_64 + (other platforms pending). + [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] + + *) Add support for the SignedCertificateTimestampList certificate and + OCSP response extensions from RFC6962. + [Rob Stradling] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + + *) Initial support for PowerISA 2.0.7, first implemented in POWER8. + This covers AES, SHA256/512 and GHASH. "Initial" means that most + common cases are optimized and there still is room for further + improvements. Vector Permutation AES for Altivec is also added. + [Andy Polyakov] + + *) Add support for little-endian ppc64 Linux target. + [Marcelo Cerri (IBM)] + + *) Initial support for AMRv8 ISA crypto extensions. This covers AES, + SHA1, SHA256 and GHASH. "Initial" means that most common cases + are optimized and there still is room for further improvements. + Both 32- and 64-bit modes are supported. + [Andy Polyakov, Ard Biesheuvel (Linaro)] + + *) Improved ARMv7 NEON support. + [Andy Polyakov] + + *) Support for SPARC Architecture 2011 crypto extensions, first + implemented in SPARC T4. This covers AES, DES, Camellia, SHA1, + SHA256/512, MD5, GHASH and modular exponentiation. + [Andy Polyakov, David Miller] + + *) Accelerated modular exponentiation for Intel processors, a.k.a. + RSAZ. + [Shay Gueron & Vlad Krasnov (Intel Corp)] + + *) Support for new and upcoming Intel processors, including AVX2, + BMI and SHA ISA extensions. This includes additional "stitched" + implementations, AESNI-SHA256 and GCM, and multi-buffer support + for TLS encrypt. + + This work was sponsored by Intel Corp. + [Andy Polyakov] + + *) Support for DTLS 1.2. This adds two sets of DTLS methods: DTLS_*_method() + supports both DTLS 1.2 and 1.0 and should use whatever version the peer + supports and DTLSv1_2_*_method() which supports DTLS 1.2 only. + [Steve Henson] + + *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file(): + this fixes a limiation in previous versions of OpenSSL. + [Steve Henson] + + *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest, + MGF1 digest and OAEP label. + [Steve Henson] + + *) Add EVP support for key wrapping algorithms, to avoid problems with + existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in + the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap + algorithms and include tests cases. + [Steve Henson] + + *) Add functions to allocate and set the fields of an ECDSA_METHOD + structure. + [Douglas E. Engert, Steve Henson] + + *) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the + difference in days and seconds between two tm or ASN1_TIME structures. + [Steve Henson] + + *) Add -rev test option to s_server to just reverse order of characters + received by client and send back to server. Also prints an abbreviated + summary of the connection parameters. + [Steve Henson] + + *) New option -brief for s_client and s_server to print out a brief summary + of connection parameters. + [Steve Henson] + + *) Add callbacks for arbitrary TLS extensions. + [Trevor Perrin and Ben Laurie] + + *) New option -crl_download in several openssl utilities to download CRLs + from CRLDP extension in certificates. + [Steve Henson] + + *) New options -CRL and -CRLform for s_client and s_server for CRLs. + [Steve Henson] + + *) New function X509_CRL_diff to generate a delta CRL from the difference + of two full CRLs. Add support to "crl" utility. + [Steve Henson] + + *) New functions to set lookup_crls function and to retrieve + X509_STORE from X509_STORE_CTX. + [Steve Henson] + + *) Print out deprecated issuer and subject unique ID fields in + certificates. + [Steve Henson] + + *) Extend OCSP I/O functions so they can be used for simple general purpose + HTTP as well as OCSP. New wrapper function which can be used to download + CRLs using the OCSP API. + [Steve Henson] + + *) Delegate command line handling in s_client/s_server to SSL_CONF APIs. + [Steve Henson] + + *) SSL_CONF* functions. These provide a common framework for application + configuration using configuration files or command lines. + [Steve Henson] + + *) SSL/TLS tracing code. This parses out SSL/TLS records using the + message callback and prints the results. Needs compile time option + "enable-ssl-trace". New options to s_client and s_server to enable + tracing. + [Steve Henson] + + *) New ctrl and macro to retrieve supported points extensions. + Print out extension in s_server and s_client. + [Steve Henson] + + *) New functions to retrieve certificate signature and signature + OID NID. + [Steve Henson] + + *) Add functions to retrieve and manipulate the raw cipherlist sent by a + client to OpenSSL. + [Steve Henson] + + *) New Suite B modes for TLS code. These use and enforce the requirements + of RFC6460: restrict ciphersuites, only permit Suite B algorithms and + only use Suite B curves. The Suite B modes can be set by using the + strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring. + [Steve Henson] + + *) New chain verification flags for Suite B levels of security. Check + algorithms are acceptable when flags are set in X509_verify_cert. + [Steve Henson] + + *) Make tls1_check_chain return a set of flags indicating checks passed + by a certificate chain. Add additional tests to handle client + certificates: checks for matching certificate type and issuer name + comparison. + [Steve Henson] + + *) If an attempt is made to use a signature algorithm not in the peer + preference list abort the handshake. If client has no suitable + signature algorithms in response to a certificate request do not + use the certificate. + [Steve Henson] + + *) If server EC tmp key is not in client preference list abort handshake. + [Steve Henson] + + *) Add support for certificate stores in CERT structure. This makes it + possible to have different stores per SSL structure or one store in + the parent SSL_CTX. Include distint stores for certificate chain + verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN + to build and store a certificate chain in CERT structure: returing + an error if the chain cannot be built: this will allow applications + to test if a chain is correctly configured. + + Note: if the CERT based stores are not set then the parent SSL_CTX + store is used to retain compatibility with existing behaviour. + + [Steve Henson] + + *) New function ssl_set_client_disabled to set a ciphersuite disabled + mask based on the current session, check mask when sending client + hello and checking the requested ciphersuite. + [Steve Henson] + + *) New ctrls to retrieve and set certificate types in a certificate + request message. Print out received values in s_client. If certificate + types is not set with custom values set sensible values based on + supported signature algorithms. + [Steve Henson] + + *) Support for distinct client and server supported signature algorithms. + [Steve Henson] + + *) Add certificate callback. If set this is called whenever a certificate + is required by client or server. An application can decide which + certificate chain to present based on arbitrary criteria: for example + supported signature algorithms. Add very simple example to s_server. + This fixes many of the problems and restrictions of the existing client + certificate callback: for example you can now clear an existing + certificate and specify the whole chain. + [Steve Henson] + + *) Add new "valid_flags" field to CERT_PKEY structure which determines what + the certificate can be used for (if anything). Set valid_flags field + in new tls1_check_chain function. Simplify ssl_set_cert_masks which used + to have similar checks in it. + + Add new "cert_flags" field to CERT structure and include a "strict mode". + This enforces some TLS certificate requirements (such as only permitting + certificate signature algorithms contained in the supported algorithms + extension) which some implementations ignore: this option should be used + with caution as it could cause interoperability issues. + [Steve Henson] + + *) Update and tidy signature algorithm extension processing. Work out + shared signature algorithms based on preferences and peer algorithms + and print them out in s_client and s_server. Abort handshake if no + shared signature algorithms. + [Steve Henson] + + *) Add new functions to allow customised supported signature algorithms + for SSL and SSL_CTX structures. Add options to s_client and s_server + to support them. + [Steve Henson] + + *) New function SSL_certs_clear() to delete all references to certificates + from an SSL structure. Before this once a certificate had been added + it couldn't be removed. + [Steve Henson] + + *) Integrate hostname, email address and IP address checking with certificate + verification. New verify options supporting checking in opensl utility. + [Steve Henson] + + *) Fixes and wildcard matching support to hostname and email checking + functions. Add manual page. + [Florian Weimer (Red Hat Product Security Team)] + + *) New functions to check a hostname email or IP address against a + certificate. Add options x509 utility to print results of checks against + a certificate. + [Steve Henson] + + *) Fix OCSP checking. + [Rob Stradling and Ben Laurie] + + *) Initial experimental support for explicitly trusted non-root CAs. + OpenSSL still tries to build a complete chain to a root but if an + intermediate CA has a trust setting included that is used. The first + setting is used: whether to trust (e.g., -addtrust option to the x509 + utility) or reject. + [Steve Henson] + + *) Add -trusted_first option which attempts to find certificates in the + trusted store even if an untrusted chain is also supplied. + [Steve Henson] + + *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE, + platform support for Linux and Android. + [Andy Polyakov] + + *) Support for linux-x32, ILP32 environment in x86_64 framework. + [Andy Polyakov] + + *) Experimental multi-implementation support for FIPS capable OpenSSL. + When in FIPS mode the approved implementations are used as normal, + when not in FIPS mode the internal unapproved versions are used instead. + This means that the FIPS capable OpenSSL isn't forced to use the + (often lower perfomance) FIPS implementations outside FIPS mode. + [Steve Henson] + + *) Transparently support X9.42 DH parameters when calling + PEM_read_bio_DHparameters. This means existing applications can handle + the new parameter format automatically. + [Steve Henson] + + *) Initial experimental support for X9.42 DH parameter format: mainly + to support use of 'q' parameter for RFC5114 parameters. + [Steve Henson] + + *) Add DH parameters from RFC5114 including test data to dhtest. + [Steve Henson] + + *) Support for automatic EC temporary key parameter selection. If enabled + the most preferred EC parameters are automatically used instead of + hardcoded fixed parameters. Now a server just has to call: + SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically + support ECDH and use the most appropriate parameters. + [Steve Henson] + + *) Enhance and tidy EC curve and point format TLS extension code. Use + static structures instead of allocation if default values are used. + New ctrls to set curves we wish to support and to retrieve shared curves. + Print out shared curves in s_server. New options to s_server and s_client + to set list of supported curves. + [Steve Henson] + + *) New ctrls to retrieve supported signature algorithms and + supported curve values as an array of NIDs. Extend openssl utility + to print out received values. + [Steve Henson] + + *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert + between NIDs and the more common NIST names such as "P-256". Enhance + ecparam utility and ECC method to recognise the NIST names for curves. + [Steve Henson] + + *) Enhance SSL/TLS certificate chain handling to support different + chains for each certificate instead of one chain in the parent SSL_CTX. + [Steve Henson] + + *) Support for fixed DH ciphersuite client authentication: where both + server and client use DH certificates with common parameters. + [Steve Henson] + + *) Support for fixed DH ciphersuites: those requiring DH server + certificates. + [Steve Henson] + + *) New function i2d_re_X509_tbs for re-encoding the TBS portion of + the certificate. + Note: Related 1.0.2-beta specific macros X509_get_cert_info, + X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and + X509_CINF_get_signature were reverted post internal team review. + + Changes between 1.0.1k and 1.0.1l [15 Jan 2015] + + *) Build fixes for the Windows and OpenVMS platforms + [Matt Caswell and Richard Levitte] + + Changes between 1.0.1j and 1.0.1k [8 Jan 2015] + + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the + dtls1_buffer_record function under certain conditions. In particular this + could occur if an attacker sent repeated DTLS records with the same + sequence number but for the next epoch. The memory leak could be exploited + by an attacker in a Denial of Service attack through memory exhaustion. + Thanks to Chris Mueller for reporting this issue. + (CVE-2015-0206) + [Matt Caswell] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] + + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. + (CVE-2014-3572) + [Steve Henson] + + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. + (CVE-2015-0204) + [Steve Henson] + + *) Fixed issue where DH client certificates are accepted without verification. + An OpenSSL server will accept a DH certificate for client authentication + without the certificate verify message. This effectively allows a client to + authenticate without the use of a private key. This only affects servers + which trust a client certificate authority which issues certificates + containing DH keys: these are extremely rare and hardly ever encountered. + Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting + this issue. + (CVE-2015-0205) + [Steve Henson] + + *) Ensure that the session ID context of an SSL is updated when its + SSL_CTX is updated via SSL_set_SSL_CTX. + + The session ID context is typically set from the parent SSL_CTX, + and can vary with the CTX. + [Adam Langley] + + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] + + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + + *) Do not resume sessions on the server if the negotiated protocol + version does not match the session's version. Resuming with a different + version, while not strictly forbidden by the RFC, is of questionable + sanity and breaks all known clients. + [David Benjamin, Emilia Käsper] + + *) Tighten handling of the ChangeCipherSpec (CCS) message: reject + early CCS messages during renegotiation. (Note that because + renegotiation is encrypted, this early CCS was not exploitable.) + [Emilia Käsper] + + *) Tighten client-side session ticket handling during renegotiation: + ensure that the client only accepts a session ticket if the server sends + the extension anew in the ServerHello. Previously, a TLS client would + reuse the old extension state and thus accept a session ticket if one was + announced in the initial ServerHello. + + Similarly, ensure that the client requires a session ticket if one + was advertised in the ServerHello. Previously, a TLS client would + ignore a missing NewSessionTicket message. + [Emilia Käsper] + + Changes between 1.0.1i and 1.0.1j [15 Oct 2014] + + *) SRTP Memory Leak. + + A flaw in the DTLS SRTP extension parsing code allows an attacker, who + sends a carefully crafted handshake message, to cause OpenSSL to fail + to free up to 64k of memory causing a memory leak. This could be + exploited in a Denial Of Service attack. This issue affects OpenSSL + 1.0.1 server implementations for both SSL/TLS and DTLS regardless of + whether SRTP is used or configured. Implementations of OpenSSL that + have been compiled with OPENSSL_NO_SRTP defined are not affected. + + The fix was developed by the OpenSSL team. + (CVE-2014-3513) + [OpenSSL team] + + *) Session Ticket Memory Leak. + + When an OpenSSL SSL/TLS/DTLS server receives a session ticket the + integrity of that ticket is first verified. In the event of a session + ticket integrity check failing, OpenSSL will fail to free memory + causing a memory leak. By sending a large number of invalid session + tickets an attacker could exploit this issue in a Denial Of Service + attack. + (CVE-2014-3567) + [Steve Henson] + + *) Build option no-ssl3 is incomplete. + + When OpenSSL is configured with "no-ssl3" as a build option, servers + could accept and complete a SSL 3.0 handshake, and clients could be + configured to send them. + (CVE-2014-3568) + [Akamai and the OpenSSL team] + + *) Add support for TLS_FALLBACK_SCSV. + Client applications doing fallback retries should call + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). + (CVE-2014-3566) + [Adam Langley, Bodo Moeller] + + *) Add additional DigestInfo checks. + + Reencode DigestInto in DER and check against the original when + verifying RSA signature: this will reject any improperly encoded + DigestInfo structures. + + Note: this is a precautionary measure and no attacks are currently known. + + [Steve Henson] + + Changes between 1.0.1h and 1.0.1i [6 Aug 2014] + + *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the + SRP code can be overrun an internal buffer. Add sanity check that + g, A, B < N to SRP code. + + Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC + Group for discovering this issue. + (CVE-2014-3512) + [Steve Henson] + + *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate + TLS 1.0 instead of higher protocol versions when the ClientHello message + is badly fragmented. This allows a man-in-the-middle attacker to force a + downgrade to TLS 1.0 even if both the server and the client support a + higher protocol version, by modifying the client's TLS records. + + Thanks to David Benjamin and Adam Langley (Google) for discovering and + researching this issue. + (CVE-2014-3511) + [David Benjamin] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gröbert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia Käsper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) If a multithreaded client connects to a malicious server using a resumed + session and the server sends an ec point format extension it could write + up to 255 bytes to freed memory. + + Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this + issue. + (CVE-2014-3509) + [Gabor Tyukasz] + + *) A malicious server can crash an OpenSSL client with a null pointer + dereference (read) by specifying an SRP ciphersuite even though it was not + properly negotiated with the client. This can be exploited through a + Denial of Service attack. + + Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for + discovering and researching this issue. + (CVE-2014-5139) + [Steve Henson] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia Käsper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + + Changes between 1.0.1g and 1.0.1h [5 Jun 2014] + + *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted + handshake can force the use of weak keying material in OpenSSL + SSL/TLS clients and servers. + + Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and + researching this issue. (CVE-2014-0224) + [KIKUCHI Masashi, Steve Henson] + + *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an + OpenSSL DTLS client the code can be made to recurse eventually crashing + in a DoS attack. + + Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. + (CVE-2014-0221) + [Imre Rad, Steve Henson] + + *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can + be triggered by sending invalid DTLS fragments to an OpenSSL DTLS + client or server. This is potentially exploitable to run arbitrary + code on a vulnerable client or server. + + Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) + [Jüri Aedla, Steve Henson] + + *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites + are subject to a denial of service attack. + + Thanks to Felix Gröbert and Ivan Fratric at Google for discovering + this issue. (CVE-2014-3470) + [Felix Gröbert, Ivan Fratric, Steve Henson] + + *) Harmonize version and its documentation. -f flag is used to display + compilation flags. + [mancha ] + + *) Fix eckey_priv_encode so it immediately returns an error upon a failure + in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue. + [mancha ] + + *) Fix some double frees. These are not thought to be exploitable. + [mancha ] + + Changes between 1.0.1f and 1.0.1g [7 Apr 2014] + + *) A missing bounds check in the handling of the TLS heartbeat extension + can be used to reveal up to 64k of memory to a connected client or + server. + + Thanks for Neel Mehta of Google Security for discovering this bug and to + Adam Langley and Bodo Moeller for + preparing the fix (CVE-2014-0160) + [Adam Langley, Bodo Moeller] + + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + + *) TLS pad extension: draft-agl-tls-padding-03 + + Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the + TLS client Hello record length value would otherwise be > 255 and + less that 512 pad with a dummy extension containing zeroes so it + is at least 512 bytes long. + + [Adam Langley, Steve Henson] + + Changes between 1.0.1e and 1.0.1f [6 Jan 2014] + + *) Fix for TLS record tampering bug. A carefully crafted invalid + handshake could crash OpenSSL with a NULL pointer exception. + Thanks to Anton Johansson for reporting this issues. + (CVE-2013-4353) + + *) Keep original DTLS digest and encryption contexts in retransmission + structures so we can use the previous session parameters if they need + to be resent. (CVE-2013-6450) + [Steve Henson] + + *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which + avoids preferring ECDHE-ECDSA ciphers when the client appears to be + Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for + several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug + is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing + 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. + [Rob Stradling, Adam Langley] + + Changes between 1.0.1d and 1.0.1e [11 Feb 2013] + + *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI + supporting platforms or when small records were transferred. + [Andy Polyakov, Steve Henson] + + Changes between 1.0.1c and 1.0.1d [5 Feb 2013] + + *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. + + This addresses the flaw in CBC record processing discovered by + Nadhem Alfardan and Kenny Paterson. Details of this attack can be found + at: http://www.isg.rhul.ac.uk/tls/ + + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and + Emilia Käsper for the initial patch. + (CVE-2013-0169) + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + + *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode + ciphersuites which can be exploited in a denial of service attack. + Thanks go to and to Adam Langley for discovering + and detecting this bug and to Wolfgang Ettlinger + for independently discovering this issue. + (CVE-2012-2686) + [Adam Langley] + + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + + *) Make openssl verify return errors. + [Chris Palmer and Ben Laurie] + + *) Call OCSP Stapling callback after ciphersuite has been chosen, so + the right response is stapled. Also change SSL_get_certificate() + so it returns the certificate actually sent. + See http://rt.openssl.org/Ticket/Display.html?id=2836. + [Rob Stradling ] + + *) Fix possible deadlock when decoding public keys. + [Steve Henson] + + *) Don't use TLS 1.0 record version number in initial client hello + if renegotiating. + [Steve Henson] + + Changes between 1.0.1b and 1.0.1c [10 May 2012] + + *) Sanity check record length before skipping explicit IV in TLS + 1.2, 1.1 and DTLS to fix DoS attack. + + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic + fuzzing as a service testing platform. + (CVE-2012-2333) + [Steve Henson] + + *) Initialise tkeylen properly when encrypting CMS messages. + Thanks to Solar Designer of Openwall for reporting this issue. + [Steve Henson] + + *) In FIPS mode don't try to use composite ciphers as they are not + approved. + [Steve Henson] + + Changes between 1.0.1a and 1.0.1b [26 Apr 2012] + + *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and + 1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately + mean any application compiled against OpenSSL 1.0.0 headers setting + SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng + TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to + 0x10000000L Any application which was previously compiled against + OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1 + will need to be recompiled as a result. Letting be results in + inability to disable specifically TLS 1.1 and in client context, + in unlike event, limit maximum offered version to TLS 1.0 [see below]. + [Steve Henson] + + *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not + disable just protocol X, but all protocols above X *if* there are + protocols *below* X still enabled. In more practical terms it means + that if application wants to disable TLS1.0 in favor of TLS1.1 and + above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass + SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to + client side. + [Andy Polyakov] + + Changes between 1.0.1 and 1.0.1a [19 Apr 2012] + + *) Check for potentially exploitable overflows in asn1_d2i_read_bio + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer + in CRYPTO_realloc_clean. + + Thanks to Tavis Ormandy, Google Security Team, for discovering this + issue and to Adam Langley for fixing it. + (CVE-2012-2110) + [Adam Langley (Google), Tavis Ormandy, Google Security Team] + + *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections. + [Adam Langley] + + *) Workarounds for some broken servers that "hang" if a client hello + record length exceeds 255 bytes. + + 1. Do not use record version number > TLS 1.0 in initial client + hello: some (but not all) hanging servers will now work. + 2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate + the number of ciphers sent in the client hello. This should be + set to an even number, such as 50, for example by passing: + -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure. + Most broken servers should now work. + 3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable + TLS 1.2 client support entirely. + [Steve Henson] + + *) Fix SEGV in Vector Permutation AES module observed in OpenSSH. + [Andy Polyakov] + + Changes between 1.0.0h and 1.0.1 [14 Mar 2012] + + *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET + STRING form instead of a DigestInfo. + [Steve Henson] + + *) The format used for MDC2 RSA signatures is inconsistent between EVP + and the RSA_sign/RSA_verify functions. This was made more apparent when + OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular + those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect + the correct format in RSA_verify so both forms transparently work. + [Steve Henson] + + *) Some servers which support TLS 1.0 can choke if we initially indicate + support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA + encrypted premaster secret. As a workaround use the maximum pemitted + client version in client hello, this should keep such servers happy + and still work with previous versions of OpenSSL. + [Steve Henson] + + *) Add support for TLS/DTLS heartbeats. + [Robin Seggelmann ] + + *) Add support for SCTP. + [Robin Seggelmann ] + + *) Improved PRNG seeding for VOS. + [Paul Green ] + + *) Extensive assembler packs updates, most notably: + + - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support; + - x86[_64]: SSSE3 support (SHA1, vector-permutation AES); + - x86_64: bit-sliced AES implementation; + - ARM: NEON support, contemporary platforms optimizations; + - s390x: z196 support; + - *: GHASH and GF(2^m) multiplication implementations; + + [Andy Polyakov] + + *) Make TLS-SRP code conformant with RFC 5054 API cleanup + (removal of unnecessary code) + [Peter Sylvester ] + + *) Add TLS key material exporter from RFC 5705. + [Eric Rescorla] + + *) Add DTLS-SRTP negotiation from RFC 5764. + [Eric Rescorla] + + *) Add Next Protocol Negotiation, + http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be + disabled with a no-npn flag to config or Configure. Code donated + by Google. + [Adam Langley and Ben Laurie] + + *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224, + NIST-P256, NIST-P521, with constant-time single point multiplication on + typical inputs. Compiler support for the nonstandard type __uint128_t is + required to use this (present in gcc 4.4 and later, for 64-bit builds). + Code made available under Apache License version 2.0. + + Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command + line to include this in your build of OpenSSL, and run "make depend" (or + "make update"). This enables the following EC_METHODs: + + EC_GFp_nistp224_method() + EC_GFp_nistp256_method() + EC_GFp_nistp521_method() + + EC_GROUP_new_by_curve_name() will automatically use these (while + EC_GROUP_new_curve_GFp() currently prefers the more flexible + implementations). + [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] + + *) Use type ossl_ssize_t instad of ssize_t which isn't available on + all platforms. Move ssize_t definition from e_os.h to the public + header file e_os2.h as it now appears in public header file cms.h + [Steve Henson] + + *) New -sigopt option to the ca, req and x509 utilities. Additional + signature parameters can be passed using this option and in + particular PSS. + [Steve Henson] + + *) Add RSA PSS signing function. This will generate and set the + appropriate AlgorithmIdentifiers for PSS based on those in the + corresponding EVP_MD_CTX structure. No application support yet. + [Steve Henson] + + *) Support for companion algorithm specific ASN1 signing routines. + New function ASN1_item_sign_ctx() signs a pre-initialised + EVP_MD_CTX structure and sets AlgorithmIdentifiers based on + the appropriate parameters. + [Steve Henson] + + *) Add new algorithm specific ASN1 verification initialisation function + to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1 + handling will be the same no matter what EVP_PKEY_METHOD is used. + Add a PSS handler to support verification of PSS signatures: checked + against a number of sample certificates. + [Steve Henson] + + *) Add signature printing for PSS. Add PSS OIDs. + [Steve Henson, Martin Kaiser ] + + *) Add algorithm specific signature printing. An individual ASN1 method + can now print out signatures instead of the standard hex dump. + + More complex signatures (e.g. PSS) can print out more meaningful + information. Include DSA version that prints out the signature + parameters r, s. + [Steve Henson] + + *) Password based recipient info support for CMS library: implementing + RFC3211. + [Steve Henson] + + *) Split password based encryption into PBES2 and PBKDF2 functions. This + neatly separates the code into cipher and PBE sections and is required + for some algorithms that split PBES2 into separate pieces (such as + password based CMS). + [Steve Henson] + + *) Session-handling fixes: + - Fix handling of connections that are resuming with a session ID, + but also support Session Tickets. + - Fix a bug that suppressed issuing of a new ticket if the client + presented a ticket with an expired session. + - Try to set the ticket lifetime hint to something reasonable. + - Make tickets shorter by excluding irrelevant information. + - On the client side, don't ignore renewed tickets. + [Adam Langley, Bodo Moeller (Google)] + + *) Fix PSK session representation. + [Bodo Moeller] + + *) Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. + + This work was sponsored by Intel. + [Andy Polyakov] + + *) Add GCM support to TLS library. Some custom code is needed to split + the IV between the fixed (from PRF) and explicit (from TLS record) + portions. This adds all GCM ciphersuites supported by RFC5288 and + RFC5289. Generalise some AES* cipherstrings to inlclude GCM and + add a special AESGCM string for GCM only. + [Steve Henson] + + *) Expand range of ctrls for AES GCM. Permit setting invocation + field on decrypt and retrieval of invocation field only on encrypt. + [Steve Henson] + + *) Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support. + As required by RFC5289 these ciphersuites cannot be used if for + versions of TLS earlier than 1.2. + [Steve Henson] + + *) For FIPS capable OpenSSL interpret a NULL default public key method + as unset and return the appopriate default but do *not* set the default. + This means we can return the appopriate method in applications that + swicth between FIPS and non-FIPS modes. + [Steve Henson] + + *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an + ENGINE is used then we cannot handle that in the FIPS module so we + keep original code iff non-FIPS operations are allowed. + [Steve Henson] + + *) Add -attime option to openssl utilities. + [Peter Eckersley , Ben Laurie and Steve Henson] + + *) Redirect DSA and DH operations to FIPS module in FIPS mode. + [Steve Henson] + + *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use + FIPS EC methods unconditionally for now. + [Steve Henson] + + *) New build option no-ec2m to disable characteristic 2 code. + [Steve Henson] + + *) Backport libcrypto audit of return value checking from 1.1.0-dev; not + all cases can be covered as some introduce binary incompatibilities. + [Steve Henson] + + *) Redirect RSA operations to FIPS module including keygen, + encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods. + [Steve Henson] + + *) Add similar low level API blocking to ciphers. + [Steve Henson] + + *) Low level digest APIs are not approved in FIPS mode: any attempt + to use these will cause a fatal error. Applications that *really* want + to use them can use the private_* version instead. + [Steve Henson] + + *) Redirect cipher operations to FIPS module for FIPS builds. + [Steve Henson] + + *) Redirect digest operations to FIPS module for FIPS builds. + [Steve Henson] + + *) Update build system to add "fips" flag which will link in fipscanister.o + for static and shared library builds embedding a signature if needed. + [Steve Henson] + + *) Output TLS supported curves in preference order instead of numerical + order. This is currently hardcoded for the highest order curves first. + This should be configurable so applications can judge speed vs strength. + [Steve Henson] + + *) Add TLS v1.2 server support for client authentication. + [Steve Henson] + + *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers + and enable MD5. + [Steve Henson] + + *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying + FIPS modules versions. + [Steve Henson] + + *) Add TLS v1.2 client side support for client authentication. Keep cache + of handshake records longer as we don't know the hash algorithm to use + until after the certificate request message is received. + [Steve Henson] + + *) Initial TLS v1.2 client support. Add a default signature algorithms + extension including all the algorithms we support. Parse new signature + format in client key exchange. Relax some ECC signing restrictions for + TLS v1.2 as indicated in RFC5246. + [Steve Henson] + + *) Add server support for TLS v1.2 signature algorithms extension. Switch + to new signature format when needed using client digest preference. + All server ciphersuites should now work correctly in TLS v1.2. No client + support yet and no support for client certificates. + [Steve Henson] + + *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch + to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based + ciphersuites. At present only RSA key exchange ciphersuites work with + TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete + SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods + and version checking. + [Steve Henson] + + *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled + with this defined it will not be affected by any changes to ssl internal + structures. Add several utility functions to allow openssl application + to work with OPENSSL_NO_SSL_INTERN defined. + [Steve Henson] + + *) Add SRP support. + [Tom Wu and Ben Laurie] + + *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. + [Steve Henson] + + *) Permit abbreviated handshakes when renegotiating using the function + SSL_renegotiate_abbreviated(). + [Robin Seggelmann ] + + *) Add call to ENGINE_register_all_complete() to + ENGINE_load_builtin_engines(), so some implementations get used + automatically instead of needing explicit application support. + [Steve Henson] + + *) Add support for TLS key exporter as described in RFC5705. + [Robin Seggelmann , Steve Henson] + + *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only + a few changes are required: + + Add SSL_OP_NO_TLSv1_1 flag. + Add TLSv1_1 methods. + Update version checking logic to handle version 1.1. + Add explicit IV handling (ported from DTLS code). + Add command line options to s_client/s_server. + [Steve Henson] + + Changes between 1.0.0g and 1.0.0h [12 Mar 2012] + + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness + in CMS and PKCS7 code. When RSA decryption fails use a random key for + content decryption and always return the same error. Note: this attack + needs on average 2^20 messages so it only affects automated senders. The + old behaviour can be reenabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where + an MMA defence is not necessary. + Thanks to Ivan Nestlerode for discovering + this issue. (CVE-2012-0884) + [Steve Henson] + + *) Fix CVE-2011-4619: make sure we really are receiving a + client hello before rejecting multiple SGC restarts. Thanks to + Ivan Nestlerode for discovering this bug. + [Steve Henson] + + Changes between 1.0.0f and 1.0.0g [18 Jan 2012] + + *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. + Thanks to Antonio Martin, Enterprise Secure Access Research and + Development, Cisco Systems, Inc. for discovering this bug and + preparing a fix. (CVE-2012-0050) + [Antonio Martin] + + Changes between 1.0.0e and 1.0.0f [4 Jan 2012] + + *) Nadhem Alfardan and Kenny Paterson have discovered an extension + of the Vaudenay padding oracle attack on CBC mode encryption + which enables an efficient plaintext recovery attack against + the OpenSSL implementation of DTLS. Their attack exploits timing + differences arising during decryption processing. A research + paper describing this attack can be found at: + http://www.isg.rhul.ac.uk/~kp/dtls.pdf + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann + and Michael Tuexen + for preparing the fix. (CVE-2011-4108) + [Robin Seggelmann, Michael Tuexen] + + *) Clear bytes used for block padding of SSL 3.0 records. + (CVE-2011-4576) + [Adam Langley (Google)] + + *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George + Kadianakis for discovering this issue and + Adam Langley for preparing the fix. (CVE-2011-4619) + [Adam Langley (Google)] + + *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027) + [Andrey Kulikov ] + + *) Prevent malformed RFC3779 data triggering an assertion failure. + Thanks to Andrew Chi, BBN Technologies, for discovering the flaw + and Rob Austein for fixing it. (CVE-2011-4577) + [Rob Austein ] + + *) Improved PRNG seeding for VOS. + [Paul Green ] + + *) Fix ssl_ciph.c set-up race. + [Adam Langley (Google)] + + *) Fix spurious failures in ecdsatest.c. + [Emilia Käsper (Google)] + + *) Fix the BIO_f_buffer() implementation (which was mixing different + interpretations of the '..._len' fields). + [Adam Langley (Google)] + + *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than + BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent + threads won't reuse the same blinding coefficients. + + This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING + lock to call BN_BLINDING_invert_ex, and avoids one use of + BN_BLINDING_update for each BN_BLINDING structure (previously, + the last update always remained unused). + [Emilia Käsper (Google)] + + *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. + [Bob Buckholz (Google)] + + Changes between 1.0.0d and 1.0.0e [6 Sep 2011] + + *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted + by initialising X509_STORE_CTX properly. (CVE-2011-3207) + [Kaspar Brand ] + + *) Fix SSL memory handling for (EC)DH ciphersuites, in particular + for multi-threaded use of ECDH. (CVE-2011-3210) + [Adam Langley (Google)] + + *) Fix x509_name_ex_d2i memory leak on bad inputs. + [Bodo Moeller] + + *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check + signature public key algorithm by using OID xref utilities instead. + Before this you could only use some ECC ciphersuites with SHA1 only. + [Steve Henson] + + *) Add protection against ECDSA timing attacks as mentioned in the paper + by Billy Bob Brumley and Nicola Tuveri, see: + + http://eprint.iacr.org/2011/232.pdf + + [Billy Bob Brumley and Nicola Tuveri] + + Changes between 1.0.0c and 1.0.0d [8 Feb 2011] + + *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 + [Neel Mehta, Adam Langley, Bodo Moeller (Google)] + + *) Fix bug in string printing code: if *any* escaping is enabled we must + escape the escape character (backslash) or the resulting string is + ambiguous. + [Steve Henson] + + Changes between 1.0.0b and 1.0.0c [2 Dec 2010] + + *) Disable code workaround for ancient and obsolete Netscape browsers + and servers: an attacker can use it in a ciphersuite downgrade attack. + Thanks to Martin Rex for discovering this bug. CVE-2010-4180 + [Steve Henson] + + *) Fixed J-PAKE implementation error, originally discovered by + Sebastien Martini, further info and confirmation from Stefan + Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 + [Ben Laurie] + + Changes between 1.0.0a and 1.0.0b [16 Nov 2010] + + *) Fix extension code to avoid race conditions which can result in a buffer + overrun vulnerability: resumed sessions must not be modified as they can + be shared by multiple threads. CVE-2010-3864 + [Steve Henson] + + *) Fix WIN32 build system to correctly link an ENGINE directory into + a DLL. + [Steve Henson] + + Changes between 1.0.0 and 1.0.0a [01 Jun 2010] + + *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover + (CVE-2010-1633) + [Steve Henson, Peter-Michael Hager ] + + Changes between 0.9.8n and 1.0.0 [29 Mar 2010] + + *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher + context. The operation can be customised via the ctrl mechanism in + case ENGINEs want to include additional functionality. + [Steve Henson] + + *) Tolerate yet another broken PKCS#8 key format: private key value negative. + [Steve Henson] + + *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to + output hashes compatible with older versions of OpenSSL. + [Willy Weisz ] + + *) Fix compression algorithm handling: if resuming a session use the + compression algorithm of the resumed session instead of determining + it from client hello again. Don't allow server to change algorithm. + [Steve Henson] + + *) Add load_crls() function to apps tidying load_certs() too. Add option + to verify utility to allow additional CRLs to be included. + [Steve Henson] + + *) Update OCSP request code to permit adding custom headers to the request: + some responders need this. + [Steve Henson] + + *) The function EVP_PKEY_sign() returns <=0 on error: check return code + correctly. + [Julia Lawall ] + + *) Update verify callback code in apps/s_cb.c and apps/verify.c, it + needlessly dereferenced structures, used obsolete functions and + didn't handle all updated verify codes correctly. + [Steve Henson] + + *) Disable MD2 in the default configuration. + [Steve Henson] + + *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to + indicate the initial BIO being pushed or popped. This makes it possible + to determine whether the BIO is the one explicitly called or as a result + of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so + it handles reference counts correctly and doesn't zero out the I/O bio + when it is not being explicitly popped. WARNING: applications which + included workarounds for the old buggy behaviour will need to be modified + or they could free up already freed BIOs. + [Steve Henson] + + *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni + renaming to all platforms (within the 0.9.8 branch, this was + done conditionally on Netware platforms to avoid a name clash). + [Guenter ] + + *) Add ECDHE and PSK support to DTLS. + [Michael Tuexen ] + + *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't + be used on C++. + [Steve Henson] + + *) Add "missing" function EVP_MD_flags() (without this the only way to + retrieve a digest flags is by accessing the structure directly. Update + EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest + or cipher is registered as in the "from" argument. Print out all + registered digests in the dgst usage message instead of manually + attempting to work them out. + [Steve Henson] + + *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello: + this allows the use of compression and extensions. Change default cipher + string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2 + by default unless an application cipher string requests it. + [Steve Henson] + + *) Alter match criteria in PKCS12_parse(). It used to try to use local + key ids to find matching certificates and keys but some PKCS#12 files + don't follow the (somewhat unwritten) rules and this strategy fails. + Now just gather all certificates together and the first private key + then look for the first certificate that matches the key. + [Steve Henson] + + *) Support use of registered digest and cipher names for dgst and cipher + commands instead of having to add each one as a special case. So now + you can do: + + openssl sha256 foo + + as well as: + + openssl dgst -sha256 foo + + and this works for ENGINE based algorithms too. + + [Steve Henson] + + *) Update Gost ENGINE to support parameter files. + [Victor B. Wagner ] + + *) Support GeneralizedTime in ca utility. + [Oliver Martin , Steve Henson] + + *) Enhance the hash format used for certificate directory links. The new + form uses the canonical encoding (meaning equivalent names will work + even if they aren't identical) and uses SHA1 instead of MD5. This form + is incompatible with the older format and as a result c_rehash should + be used to rebuild symbolic links. + [Steve Henson] + + *) Make PKCS#8 the default write format for private keys, replacing the + traditional format. This form is standardised, more secure and doesn't + include an implicit MD5 dependency. + [Steve Henson] + + *) Add a $gcc_devteam_warn option to Configure. The idea is that any code + committed to OpenSSL should pass this lot as a minimum. + [Steve Henson] + + *) Add session ticket override functionality for use by EAP-FAST. + [Jouni Malinen ] + + *) Modify HMAC functions to return a value. Since these can be implemented + in an ENGINE errors can occur. + [Steve Henson] + + *) Type-checked OBJ_bsearch_ex. + [Ben Laurie] + + *) Type-checked OBJ_bsearch. Also some constification necessitated + by type-checking. Still to come: TXT_DB, bsearch(?), + OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING, + CONF_VALUE. + [Ben Laurie] + + *) New function OPENSSL_gmtime_adj() to add a specific number of days and + seconds to a tm structure directly, instead of going through OS + specific date routines. This avoids any issues with OS routines such + as the year 2038 bug. New *_adj() functions for ASN1 time structures + and X509_time_adj_ex() to cover the extended range. The existing + X509_time_adj() is still usable and will no longer have any date issues. + [Steve Henson] + + *) Delta CRL support. New use deltas option which will attempt to locate + and search any appropriate delta CRLs available. + + This work was sponsored by Google. + [Steve Henson] + + *) Support for CRLs partitioned by reason code. Reorganise CRL processing + code and add additional score elements. Validate alternate CRL paths + as part of the CRL checking and indicate a new error "CRL path validation + error" in this case. Applications wanting additional details can use + the verify callback and check the new "parent" field. If this is not + NULL CRL path validation is taking place. Existing applications wont + see this because it requires extended CRL support which is off by + default. + + This work was sponsored by Google. + [Steve Henson] + + *) Support for freshest CRL extension. + + This work was sponsored by Google. + [Steve Henson] + + *) Initial indirect CRL support. Currently only supported in the CRLs + passed directly and not via lookup. Process certificate issuer + CRL entry extension and lookup CRL entries by bother issuer name + and serial number. Check and process CRL issuer entry in IDP extension. + + This work was sponsored by Google. + [Steve Henson] + + *) Add support for distinct certificate and CRL paths. The CRL issuer + certificate is validated separately in this case. Only enabled if + an extended CRL support flag is set: this flag will enable additional + CRL functionality in future. + + This work was sponsored by Google. + [Steve Henson] + + *) Add support for policy mappings extension. + + This work was sponsored by Google. + [Steve Henson] + + *) Fixes to pathlength constraint, self issued certificate handling, + policy processing to align with RFC3280 and PKITS tests. + + This work was sponsored by Google. + [Steve Henson] + + *) Support for name constraints certificate extension. DN, email, DNS + and URI types are currently supported. + + This work was sponsored by Google. + [Steve Henson] + + *) To cater for systems that provide a pointer-based thread ID rather + than numeric, deprecate the current numeric thread ID mechanism and + replace it with a structure and associated callback type. This + mechanism allows a numeric "hash" to be extracted from a thread ID in + either case, and on platforms where pointers are larger than 'long', + mixing is done to help ensure the numeric 'hash' is usable even if it + can't be guaranteed unique. The default mechanism is to use "&errno" + as a pointer-based thread ID to distinguish between threads. + + Applications that want to provide their own thread IDs should now use + CRYPTO_THREADID_set_callback() to register a callback that will call + either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer(). + + Note that ERR_remove_state() is now deprecated, because it is tied + to the assumption that thread IDs are numeric. ERR_remove_state(0) + to free the current thread's error state should be replaced by + ERR_remove_thread_state(NULL). + + (This new approach replaces the functions CRYPTO_set_idptr_callback(), + CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in + OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an + application was previously providing a numeric thread callback that + was inappropriate for distinguishing threads, then uniqueness might + have been obtained with &errno that happened immediately in the + intermediate development versions of OpenSSL; this is no longer the + case, the numeric thread callback will now override the automatic use + of &errno.) + [Geoff Thorpe, with help from Bodo Moeller] + + *) Initial support for different CRL issuing certificates. This covers a + simple case where the self issued certificates in the chain exist and + the real CRL issuer is higher in the existing chain. + + This work was sponsored by Google. + [Steve Henson] + + *) Removed effectively defunct crypto/store from the build. + [Ben Laurie] + + *) Revamp of STACK to provide stronger type-checking. Still to come: + TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE, + ASN1_STRING, CONF_VALUE. + [Ben Laurie] + + *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer + RAM on SSL connections. This option can save about 34k per idle SSL. + [Nick Mathewson] + + *) Revamp of LHASH to provide stronger type-checking. Still to come: + STACK, TXT_DB, bsearch, qsort. + [Ben Laurie] + + *) Initial support for Cryptographic Message Syntax (aka CMS) based + on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility, + support for data, signedData, compressedData, digestedData and + encryptedData, envelopedData types included. Scripts to check against + RFC4134 examples draft and interop and consistency checks of many + content types and variants. + [Steve Henson] + + *) Add options to enc utility to support use of zlib compression BIO. + [Steve Henson] + + *) Extend mk1mf to support importing of options and assembly language + files from Configure script, currently only included in VC-WIN32. + The assembly language rules can now optionally generate the source + files from the associated perl scripts. + [Steve Henson] + + *) Implement remaining functionality needed to support GOST ciphersuites. + Interop testing has been performed using CryptoPro implementations. + [Victor B. Wagner ] + + *) s390x assembler pack. + [Andy Polyakov] + + *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU + "family." + [Andy Polyakov] + + *) Implement Opaque PRF Input TLS extension as specified in + draft-rescorla-tls-opaque-prf-input-00.txt. Since this is not an + official specification yet and no extension type assignment by + IANA exists, this extension (for now) will have to be explicitly + enabled when building OpenSSL by providing the extension number + to use. For example, specify an option + + -DTLSEXT_TYPE_opaque_prf_input=0x9527 + + to the "config" or "Configure" script to enable the extension, + assuming extension number 0x9527 (which is a completely arbitrary + and unofficial assignment based on the MD5 hash of the Internet + Draft). Note that by doing so, you potentially lose + interoperability with other TLS implementations since these might + be using the same extension number for other purposes. + + SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the + opaque PRF input value to use in the handshake. This will create + an interal copy of the length-'len' string at 'src', and will + return non-zero for success. + + To get more control and flexibility, provide a callback function + by using + + SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) + + where + + int (*cb)(SSL *, void *peerinput, size_t len, void *arg); + void *arg; + + Callback function 'cb' will be called in handshakes, and is + expected to use SSL_set_tlsext_opaque_prf_input() as appropriate. + Argument 'arg' is for application purposes (the value as given to + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly + be provided to the callback function). The callback function + has to return non-zero to report success: usually 1 to use opaque + PRF input just if possible, or 2 to enforce use of the opaque PRF + input. In the latter case, the library will abort the handshake + if opaque PRF input is not successfully negotiated. + + Arguments 'peerinput' and 'len' given to the callback function + will always be NULL and 0 in the case of a client. A server will + see the client's opaque PRF input through these variables if + available (NULL and 0 otherwise). Note that if the server + provides an opaque PRF input, the length must be the same as the + length of the client's opaque PRF input. + + Note that the callback function will only be called when creating + a new session (session resumption can resume whatever was + previously negotiated), and will not be called in SSL 2.0 + handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or + SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended + for applications that need to enforce opaque PRF input. + + [Bodo Moeller] + + *) Update ssl code to support digests other than SHA1+MD5 for handshake + MAC. + + [Victor B. Wagner ] + + *) Add RFC4507 support to OpenSSL. This includes the corrections in + RFC4507bis. The encrypted ticket format is an encrypted encoded + SSL_SESSION structure, that way new session features are automatically + supported. + + If a client application caches session in an SSL_SESSION structure + support is transparent because tickets are now stored in the encoded + SSL_SESSION. + + The SSL_CTX structure automatically generates keys for ticket + protection in servers so again support should be possible + with no application modification. + + If a client or server wishes to disable RFC4507 support then the option + SSL_OP_NO_TICKET can be set. + + Add a TLS extension debugging callback to allow the contents of any client + or server extensions to be examined. + + This work was sponsored by Google. + [Steve Henson] + + *) Final changes to avoid use of pointer pointer casts in OpenSSL. + OpenSSL should now compile cleanly on gcc 4.2 + [Peter Hartley , Steve Henson] + + *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC + support including streaming MAC support: this is required for GOST + ciphersuite support. + [Victor B. Wagner , Steve Henson] + + *) Add option -stream to use PKCS#7 streaming in smime utility. New + function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream() + to output in BER and PEM format. + [Steve Henson] + + *) Experimental support for use of HMAC via EVP_PKEY interface. This + allows HMAC to be handled via the EVP_DigestSign*() interface. The + EVP_PKEY "key" in this case is the HMAC key, potentially allowing + ENGINE support for HMAC keys which are unextractable. New -mac and + -macopt options to dgst utility. + [Steve Henson] + + *) New option -sigopt to dgst utility. Update dgst to use + EVP_Digest{Sign,Verify}*. These two changes make it possible to use + alternative signing paramaters such as X9.31 or PSS in the dgst + utility. + [Steve Henson] + + *) Change ssl_cipher_apply_rule(), the internal function that does + the work each time a ciphersuite string requests enabling + ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or + removing ("!foo+bar") a class of ciphersuites: Now it maintains + the order of disabled ciphersuites such that those ciphersuites + that most recently went from enabled to disabled not only stay + in order with respect to each other, but also have higher priority + than other disabled ciphersuites the next time ciphersuites are + enabled again. + + This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable + the same ciphersuites as with "HIGH" alone, but in a specific + order where the PSK ciphersuites come first (since they are the + most recently disabled ciphersuites when "HIGH" is parsed). + + Also, change ssl_create_cipher_list() (using this new + funcionality) such that between otherwise identical + cihpersuites, ephemeral ECDH is preferred over ephemeral DH in + the default order. + [Bodo Moeller] + + *) Change ssl_create_cipher_list() so that it automatically + arranges the ciphersuites in reasonable order before starting + to process the rule string. Thus, the definition for "DEFAULT" + (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but + remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH". + This makes it much easier to arrive at a reasonable default order + in applications for which anonymous ciphers are OK (meaning + that you can't actually use DEFAULT). + [Bodo Moeller; suggested by Victor Duchovni] + + *) Split the SSL/TLS algorithm mask (as used for ciphersuite string + processing) into multiple integers instead of setting + "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK", + "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer. + (These masks as well as the individual bit definitions are hidden + away into the non-exported interface ssl/ssl_locl.h, so this + change to the definition of the SSL_CIPHER structure shouldn't + affect applications.) This give us more bits for each of these + categories, so there is no longer a need to coagulate AES128 and + AES256 into a single algorithm bit, and to coagulate Camellia128 + and Camellia256 into a single algorithm bit, which has led to all + kinds of kludges. + + Thus, among other things, the kludge introduced in 0.9.7m and + 0.9.8e for masking out AES256 independently of AES128 or masking + out Camellia256 independently of AES256 is not needed here in 0.9.9. + + With the change, we also introduce new ciphersuite aliases that + so far were missing: "AES128", "AES256", "CAMELLIA128", and + "CAMELLIA256". + [Bodo Moeller] + + *) Add support for dsa-with-SHA224 and dsa-with-SHA256. + Use the leftmost N bytes of the signature input if the input is + larger than the prime q (with N being the size in bytes of q). + [Nils Larsch] + + *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses + it yet and it is largely untested. + [Steve Henson] + + *) Add support for the ecdsa-with-SHA224/256/384/512 signature types. + [Nils Larsch] + + *) Initial incomplete changes to avoid need for function casts in OpenSSL + some compilers (gcc 4.2 and later) reject their use. Safestack is + reimplemented. Update ASN1 to avoid use of legacy functions. + [Steve Henson] + + *) Win32/64 targets are linked with Winsock2. + [Andy Polyakov] + + *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected + to external functions. This can be used to increase CRL handling + efficiency especially when CRLs are very large by (for example) storing + the CRL revoked certificates in a database. + [Steve Henson] + + *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so + new CRLs added to a directory can be used. New command line option + -verify_return_error to s_client and s_server. This causes real errors + to be returned by the verify callback instead of carrying on no matter + what. This reflects the way a "real world" verify callback would behave. + [Steve Henson] + + *) GOST engine, supporting several GOST algorithms and public key formats. + Kindly donated by Cryptocom. + [Cryptocom] + + *) Partial support for Issuing Distribution Point CRL extension. CRLs + partitioned by DP are handled but no indirect CRL or reason partitioning + (yet). Complete overhaul of CRL handling: now the most suitable CRL is + selected via a scoring technique which handles IDP and AKID in CRLs. + [Steve Henson] + + *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which + will ultimately be used for all verify operations: this will remove the + X509_STORE dependency on certificate verification and allow alternative + lookup methods. X509_STORE based implementations of these two callbacks. + [Steve Henson] + + *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names. + Modify get_crl() to find a valid (unexpired) CRL if possible. + [Steve Henson] + + *) New function X509_CRL_match() to check if two CRLs are identical. Normally + this would be called X509_CRL_cmp() but that name is already used by + a function that just compares CRL issuer names. Cache several CRL + extensions in X509_CRL structure and cache CRLDP in X509. + [Steve Henson] + + *) Store a "canonical" representation of X509_NAME structure (ASN1 Name) + this maps equivalent X509_NAME structures into a consistent structure. + Name comparison can then be performed rapidly using memcmp(). + [Steve Henson] + + *) Non-blocking OCSP request processing. Add -timeout option to ocsp + utility. + [Steve Henson] + + *) Allow digests to supply their own micalg string for S/MIME type using + the ctrl EVP_MD_CTRL_MICALG. + [Steve Henson] + + *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the + EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN + ctrl. It can then customise the structure before and/or after signing + if necessary. + [Steve Henson] + + *) New function OBJ_add_sigid() to allow application defined signature OIDs + to be added to OpenSSLs internal tables. New function OBJ_sigid_free() + to free up any added signature OIDs. + [Steve Henson] + + *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(), + EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal + digest and cipher tables. New options added to openssl utility: + list-message-digest-algorithms and list-cipher-algorithms. + [Steve Henson] + + *) Change the array representation of binary polynomials: the list + of degrees of non-zero coefficients is now terminated with -1. + Previously it was terminated with 0, which was also part of the + value; thus, the array representation was not applicable to + polynomials where t^0 has coefficient zero. This change makes + the array representation useful in a more general context. + [Douglas Stebila] + + *) Various modifications and fixes to SSL/TLS cipher string + handling. For ECC, the code now distinguishes between fixed ECDH + with RSA certificates on the one hand and with ECDSA certificates + on the other hand, since these are separate ciphersuites. The + unused code for Fortezza ciphersuites has been removed. + + For consistency with EDH, ephemeral ECDH is now called "EECDH" + (not "ECDHE"). For consistency with the code for DH + certificates, use of ECDH certificates is now considered ECDH + authentication, not RSA or ECDSA authentication (the latter is + merely the CA's signing algorithm and not actively used in the + protocol). + + The temporary ciphersuite alias "ECCdraft" is no longer + available, and ECC ciphersuites are no longer excluded from "ALL" + and "DEFAULT". The following aliases now exist for RFC 4492 + ciphersuites, most of these by analogy with the DH case: + + kECDHr - ECDH cert, signed with RSA + kECDHe - ECDH cert, signed with ECDSA + kECDH - ECDH cert (signed with either RSA or ECDSA) + kEECDH - ephemeral ECDH + ECDH - ECDH cert or ephemeral ECDH + + aECDH - ECDH cert + aECDSA - ECDSA cert + ECDSA - ECDSA cert + + AECDH - anonymous ECDH + EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH") + + [Bodo Moeller] + + *) Add additional S/MIME capabilities for AES and GOST ciphers if supported. + Use correct micalg parameters depending on digest(s) in signed message. + [Steve Henson] + + *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process + an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code. + [Steve Henson] + + *) Initial engine support for EVP_PKEY_METHOD. New functions to permit + an engine to register a method. Add ENGINE lookups for methods and + functional reference processing. + [Steve Henson] + + *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of + EVP_{Sign,Verify}* which allow an application to customise the signature + process. + [Steve Henson] + + *) New -resign option to smime utility. This adds one or more signers + to an existing PKCS#7 signedData structure. Also -md option to use an + alternative message digest algorithm for signing. + [Steve Henson] + + *) Tidy up PKCS#7 routines and add new functions to make it easier to + create PKCS7 structures containing multiple signers. Update smime + application to support multiple signers. + [Steve Henson] + + *) New -macalg option to pkcs12 utility to allow setting of an alternative + digest MAC. + [Steve Henson] + + *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC. + Reorganize PBE internals to lookup from a static table using NIDs, + add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl: + EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative + PRF which will be automatically used with PBES2. + [Steve Henson] + + *) Replace the algorithm specific calls to generate keys in "req" with the + new API. + [Steve Henson] + + *) Update PKCS#7 enveloped data routines to use new API. This is now + supported by any public key method supporting the encrypt operation. A + ctrl is added to allow the public key algorithm to examine or modify + the PKCS#7 RecipientInfo structure if it needs to: for RSA this is + a no op. + [Steve Henson] + + *) Add a ctrl to asn1 method to allow a public key algorithm to express + a default digest type to use. In most cases this will be SHA1 but some + algorithms (such as GOST) need to specify an alternative digest. The + return value indicates how strong the prefernce is 1 means optional and + 2 is mandatory (that is it is the only supported type). Modify + ASN1_item_sign() to accept a NULL digest argument to indicate it should + use the default md. Update openssl utilities to use the default digest + type for signing if it is not explicitly indicated. + [Steve Henson] + + *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New + EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant + signing method from the key type. This effectively removes the link + between digests and public key types. + [Steve Henson] + + *) Add an OID cross reference table and utility functions. Its purpose is to + translate between signature OIDs such as SHA1WithrsaEncryption and SHA1, + rsaEncryption. This will allow some of the algorithm specific hackery + needed to use the correct OID to be removed. + [Steve Henson] + + *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO + structures for PKCS7_sign(). They are now set up by the relevant public + key ASN1 method. + [Steve Henson] + + *) Add provisional EC pkey method with support for ECDSA and ECDH. + [Steve Henson] + + *) Add support for key derivation (agreement) in the API, DH method and + pkeyutl. + [Steve Henson] + + *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support + public and private key formats. As a side effect these add additional + command line functionality not previously available: DSA signatures can be + generated and verified using pkeyutl and DH key support and generation in + pkey, genpkey. + [Steve Henson] + + *) BeOS support. + [Oliver Tappe ] + + *) New make target "install_html_docs" installs HTML renditions of the + manual pages. + [Oliver Tappe ] + + *) New utility "genpkey" this is analagous to "genrsa" etc except it can + generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to + support key and parameter generation and add initial key generation + functionality for RSA. + [Steve Henson] + + *) Add functions for main EVP_PKEY_method operations. The undocumented + functions EVP_PKEY_{encrypt,decrypt} have been renamed to + EVP_PKEY_{encrypt,decrypt}_old. + [Steve Henson] + + *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public + key API, doesn't do much yet. + [Steve Henson] + + *) New function EVP_PKEY_asn1_get0_info() to retrieve information about + public key algorithms. New option to openssl utility: + "list-public-key-algorithms" to print out info. + [Steve Henson] + + *) Implement the Supported Elliptic Curves Extension for + ECC ciphersuites from draft-ietf-tls-ecc-12.txt. + [Douglas Stebila] + + *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or + EVP_CIPHER structures to avoid later problems in EVP_cleanup(). + [Steve Henson] + + *) New utilities pkey and pkeyparam. These are similar to algorithm specific + utilities such as rsa, dsa, dsaparam etc except they process any key + type. + [Steve Henson] + + *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New + functions EVP_PKEY_print_public(), EVP_PKEY_print_private(), + EVP_PKEY_print_param() to print public key data from an EVP_PKEY + structure. + [Steve Henson] + + *) Initial support for pluggable public key ASN1. + De-spaghettify the public key ASN1 handling. Move public and private + key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate + algorithm specific handling to a single module within the relevant + algorithm directory. Add functions to allow (near) opaque processing + of public and private key structures. + [Steve Henson] + + *) Implement the Supported Point Formats Extension for + ECC ciphersuites from draft-ietf-tls-ecc-12.txt. + [Douglas Stebila] + + *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members + for the psk identity [hint] and the psk callback functions to the + SSL_SESSION, SSL and SSL_CTX structure. + + New ciphersuites: + PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA, + PSK-AES256-CBC-SHA + + New functions: + SSL_CTX_use_psk_identity_hint + SSL_get_psk_identity_hint + SSL_get_psk_identity + SSL_use_psk_identity_hint + + [Mika Kousa and Pasi Eronen of Nokia Corporation] + + *) Add RFC 3161 compliant time stamp request creation, response generation + and response verification functionality. + [Zoltán Glózik , The OpenTSA Project] + + *) Add initial support for TLS extensions, specifically for the server_name + extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now + have new members for a host name. The SSL data structure has an + additional member SSL_CTX *initial_ctx so that new sessions can be + stored in that context to allow for session resumption, even after the + SSL has been switched to a new SSL_CTX in reaction to a client's + server_name extension. + + New functions (subject to change): + + SSL_get_servername() + SSL_get_servername_type() + SSL_set_SSL_CTX() + + New CTRL codes and macros (subject to change): + + SSL_CTRL_SET_TLSEXT_SERVERNAME_CB + - SSL_CTX_set_tlsext_servername_callback() + SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG + - SSL_CTX_set_tlsext_servername_arg() + SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name() + + openssl s_client has a new '-servername ...' option. + + openssl s_server has new options '-servername_host ...', '-cert2 ...', + '-key2 ...', '-servername_fatal' (subject to change). This allows + testing the HostName extension for a specific single host name ('-cert' + and '-key' remain fallbacks for handshakes without HostName + negotiation). If the unrecogninzed_name alert has to be sent, this by + default is a warning; it becomes fatal with the '-servername_fatal' + option. + + [Peter Sylvester, Remy Allais, Christophe Renou] + + *) Whirlpool hash implementation is added. + [Andy Polyakov] + + *) BIGNUM code on 64-bit SPARCv9 targets is switched from bn(64,64) to + bn(64,32). Because of instruction set limitations it doesn't have + any negative impact on performance. This was done mostly in order + to make it possible to share assembler modules, such as bn_mul_mont + implementations, between 32- and 64-bit builds without hassle. + [Andy Polyakov] + + *) Move code previously exiled into file crypto/ec/ec2_smpt.c + to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP + macro. + [Bodo Moeller] + + *) New candidate for BIGNUM assembler implementation, bn_mul_mont, + dedicated Montgomery multiplication procedure, is introduced. + BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher + "64-bit" performance on certain 32-bit targets. + [Andy Polyakov] + + *) New option SSL_OP_NO_COMP to disable use of compression selectively + in SSL structures. New SSL ctrl to set maximum send fragment size. + Save memory by seeting the I/O buffer sizes dynamically instead of + using the maximum available value. + [Steve Henson] + + *) New option -V for 'openssl ciphers'. This prints the ciphersuite code + in addition to the text details. + [Bodo Moeller] + + *) Very, very preliminary EXPERIMENTAL support for printing of general + ASN1 structures. This currently produces rather ugly output and doesn't + handle several customised structures at all. + [Steve Henson] + + *) Integrated support for PVK file format and some related formats such + as MS PUBLICKEYBLOB and PRIVATEKEYBLOB. Command line switches to support + these in the 'rsa' and 'dsa' utilities. + [Steve Henson] + + *) Support for PKCS#1 RSAPublicKey format on rsa utility command line. + [Steve Henson] + + *) Remove the ancient ASN1_METHOD code. This was only ever used in one + place for the (very old) "NETSCAPE" format certificates which are now + handled using new ASN1 code equivalents. + [Steve Henson] + + *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD + pointer and make the SSL_METHOD parameter in SSL_CTX_new, + SSL_CTX_set_ssl_version and SSL_set_ssl_method 'const'. + [Nils Larsch] + + *) Modify CRL distribution points extension code to print out previously + unsupported fields. Enhance extension setting code to allow setting of + all fields. + [Steve Henson] + + *) Add print and set support for Issuing Distribution Point CRL extension. + [Steve Henson] + + *) Change 'Configure' script to enable Camellia by default. + [NTT] + + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] + + *) When rejecting SSL/TLS records due to an incorrect version number, never + update s->server with a new major version number. As of + - OpenSSL 0.9.8m if 'short' is a 16-bit type, + - OpenSSL 0.9.8f if 'short' is longer than 16 bits, + the previous behavior could result in a read attempt at NULL when + receiving specific incorrect SSL/TLS records once record payload + protection is active. (CVE-2010-0740) + [Bodo Moeller, Adam Langley ] + + *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL + could be crashed if the relevant tables were not present (e.g. chrooted). + [Tomas Hoger ] + + Changes between 0.9.8l and 0.9.8m [25 Feb 2010] + + *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) + [Martin Olsson, Neel Mehta] + + *) Fix X509_STORE locking: Every 'objs' access requires a lock (to + accommodate for stack sorting, always a write lock!). + [Bodo Moeller] + + *) On some versions of WIN32 Heap32Next is very slow. This can cause + excessive delays in the RAND_poll(): over a minute. As a workaround + include a time check in the inner Heap32Next loop too. + [Steve Henson] + + *) The code that handled flushing of data in SSL/TLS originally used the + BIO_CTRL_INFO ctrl to see if any data was pending first. This caused + the problem outlined in PR#1949. The fix suggested there however can + trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions + of Apache). So instead simplify the code to flush unconditionally. + This should be fine since flushing with no data to flush is a no op. + [Steve Henson] + + *) Handle TLS versions 2.0 and later properly and correctly use the + highest version of TLS/SSL supported. Although TLS >= 2.0 is some way + off ancient servers have a habit of sticking around for a while... + [Steve Henson] + + *) Modify compression code so it frees up structures without using the + ex_data callbacks. This works around a problem where some applications + call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when + restarting) then use compression (e.g. SSL with compression) later. + This results in significant per-connection memory leaks and + has caused some security issues including CVE-2008-1678 and + CVE-2009-4355. + [Steve Henson] + + *) Constify crypto/cast (i.e., ): a CAST_KEY doesn't + change when encrypting or decrypting. + [Bodo Moeller] + + *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to + connect and renegotiate with servers which do not support RI. + Until RI is more widely deployed this option is enabled by default. + [Steve Henson] + + *) Add "missing" ssl ctrls to clear options and mode. + [Steve Henson] + + *) If client attempts to renegotiate and doesn't support RI respond with + a no_renegotiation alert as required by RFC5746. Some renegotiating + TLS clients will continue a connection gracefully when they receive + the alert. Unfortunately OpenSSL mishandled this alert and would hang + waiting for a server hello which it will never receive. Now we treat a + received no_renegotiation alert as a fatal error. This is because + applications requesting a renegotiation might well expect it to succeed + and would have no code in place to handle the server denying it so the + only safe thing to do is to terminate the connection. + [Steve Henson] + + *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if + peer supports secure renegotiation and 0 otherwise. Print out peer + renegotiation support in s_client/s_server. + [Steve Henson] + + *) Replace the highly broken and deprecated SPKAC certification method with + the updated NID creation version. This should correctly handle UTF8. + [Steve Henson] + + *) Implement RFC5746. Re-enable renegotiation but require the extension + as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + turns out to be a bad idea. It has been replaced by + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with + SSL_CTX_set_options(). This is really not recommended unless you + know what you are doing. + [Eric Rescorla , Ben Laurie, Steve Henson] + + *) Fixes to stateless session resumption handling. Use initial_ctx when + issuing and attempting to decrypt tickets in case it has changed during + servername handling. Use a non-zero length session ID when attempting + stateless session resumption: this makes it possible to determine if + a resumption has occurred immediately after receiving server hello + (several places in OpenSSL subtly assume this) instead of later in + the handshake. + [Steve Henson] + + *) The functions ENGINE_ctrl(), OPENSSL_isservice(), + CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error + fixes for a few places where the return code is not checked + correctly. + [Julia Lawall ] + + *) Add --strict-warnings option to Configure script to include devteam + warnings in other configurations. + [Steve Henson] + + *) Add support for --libdir option and LIBDIR variable in makefiles. This + makes it possible to install openssl libraries in locations which + have names other than "lib", for example "/usr/lib64" which some + systems need. + [Steve Henson, based on patch from Jeremy Utley] + + *) Don't allow the use of leading 0x80 in OIDs. This is a violation of + X690 8.9.12 and can produce some misleading textual output of OIDs. + [Steve Henson, reported by Dan Kaminsky] + + *) Delete MD2 from algorithm tables. This follows the recommendation in + several standards that it is not used in new applications due to + several cryptographic weaknesses. For binary compatibility reasons + the MD2 API is still compiled in by default. + [Steve Henson] + + *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved + and restored. + [Steve Henson] + + *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and + OPENSSL_asc2uni conditionally on Netware platforms to avoid a name + clash. + [Guenter ] + + *) Fix the server certificate chain building code to use X509_verify_cert(), + it used to have an ad-hoc builder which was unable to cope with anything + other than a simple chain. + [David Woodhouse , Steve Henson] + + *) Don't check self signed certificate signatures in X509_verify_cert() + by default (a flag can override this): it just wastes time without + adding any security. As a useful side effect self signed root CAs + with non-FIPS digests are now usable in FIPS mode. + [Steve Henson] + + *) In dtls1_process_out_of_seq_message() the check if the current message + is already buffered was missing. For every new message was memory + allocated, allowing an attacker to perform an denial of service attack + with sending out of seq handshake messages until there is no memory + left. Additionally every future messege was buffered, even if the + sequence number made no sense and would be part of another handshake. + So only messages with sequence numbers less than 10 in advance will be + buffered. (CVE-2009-1378) + [Robin Seggelmann, discovered by Daniel Mentz] + + *) Records are buffered if they arrive with a future epoch to be + processed after finishing the corresponding handshake. There is + currently no limitation to this buffer allowing an attacker to perform + a DOS attack with sending records with future epochs until there is no + memory left. This patch adds the pqueue_size() function to detemine + the size of a buffer and limits the record buffer to 100 entries. + (CVE-2009-1377) + [Robin Seggelmann, discovered by Daniel Mentz] + + *) Keep a copy of frag->msg_header.frag_len so it can be used after the + parent structure is freed. (CVE-2009-1379) + [Daniel Mentz] + + *) Handle non-blocking I/O properly in SSL_shutdown() call. + [Darryl Miles ] + + *) Add 2.5.4.* OIDs + [Ilya O. ] + + Changes between 0.9.8k and 0.9.8l [5 Nov 2009] + + *) Disable renegotiation completely - this fixes a severe security + problem (CVE-2009-3555) at the cost of breaking all + renegotiation. Renegotiation can be re-enabled by setting + SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at + run-time. This is really not recommended unless you know what + you're doing. + [Ben Laurie] + + Changes between 0.9.8j and 0.9.8k [25 Mar 2009] + + *) Don't set val to NULL when freeing up structures, it is freed up by + underlying code. If sizeof(void *) > sizeof(long) this can result in + zeroing past the valid field. (CVE-2009-0789) + [Paolo Ganci ] + + *) Fix bug where return value of CMS_SignerInfo_verify_content() was not + checked correctly. This would allow some invalid signed attributes to + appear to verify correctly. (CVE-2009-0591) + [Ivan Nestlerode ] + + *) Reject UniversalString and BMPString types with invalid lengths. This + prevents a crash in ASN1_STRING_print_ex() which assumes the strings have + a legal length. (CVE-2009-0590) + [Steve Henson] + + *) Set S/MIME signing as the default purpose rather than setting it + unconditionally. This allows applications to override it at the store + level. + [Steve Henson] + + *) Permit restricted recursion of ASN1 strings. This is needed in practice + to handle some structures. + [Steve Henson] + + *) Improve efficiency of mem_gets: don't search whole buffer each time + for a '\n' + [Jeremy Shapiro ] + + *) New -hex option for openssl rand. + [Matthieu Herrb] + + *) Print out UTF8String and NumericString when parsing ASN1. + [Steve Henson] + + *) Support NumericString type for name components. + [Steve Henson] + + *) Allow CC in the environment to override the automatically chosen + compiler. Note that nothing is done to ensure flags work with the + chosen compiler. + [Ben Laurie] + + Changes between 0.9.8i and 0.9.8j [07 Jan 2009] + + *) Properly check EVP_VerifyFinal() and similar return values + (CVE-2008-5077). + [Ben Laurie, Bodo Moeller, Google Security Team] + + *) Enable TLS extensions by default. + [Ben Laurie] + + *) Allow the CHIL engine to be loaded, whether the application is + multithreaded or not. (This does not release the developer from the + obligation to set up the dynamic locking callbacks.) + [Sander Temme ] + + *) Use correct exit code if there is an error in dgst command. + [Steve Henson; problem pointed out by Roland Dirlewanger] + + *) Tweak Configure so that you need to say "experimental-jpake" to enable + JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications. + [Bodo Moeller] + + *) Add experimental JPAKE support, including demo authentication in + s_client and s_server. + [Ben Laurie] + + *) Set the comparison function in v3_addr_canonize(). + [Rob Austein ] + + *) Add support for XMPP STARTTLS in s_client. + [Philip Paeps ] + + *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior + to ensure that even with this option, only ciphersuites in the + server's preference list will be accepted. (Note that the option + applies only when resuming a session, so the earlier behavior was + just about the algorithm choice for symmetric cryptography.) + [Bodo Moeller] + + Changes between 0.9.8h and 0.9.8i [15 Sep 2008] + + *) Fix NULL pointer dereference if a DTLS server received + ChangeCipherSpec as first record (CVE-2009-1386). + [PR #1679] + + *) Fix a state transitition in s3_srvr.c and d1_srvr.c + (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). + [Nagendra Modadugu] + + *) The fix in 0.9.8c that supposedly got rid of unsafe + double-checked locking was incomplete for RSA blinding, + addressing just one layer of what turns out to have been + doubly unsafe triple-checked locking. + + So now fix this for real by retiring the MONT_HELPER macro + in crypto/rsa/rsa_eay.c. + + [Bodo Moeller; problem pointed out by Marius Schilder] + + *) Various precautionary measures: + + - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h). + + - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c). + (NB: This would require knowledge of the secret session ticket key + to exploit, in which case you'd be SOL either way.) + + - Change bn_nist.c so that it will properly handle input BIGNUMs + outside the expected range. + + - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG + builds. + + [Neel Mehta, Bodo Moeller] + + *) Allow engines to be "soft loaded" - i.e. optionally don't die if + the load fails. Useful for distros. + [Ben Laurie and the FreeBSD team] + + *) Add support for Local Machine Keyset attribute in PKCS#12 files. + [Steve Henson] + + *) Fix BN_GF2m_mod_arr() top-bit cleanup code. + [Huang Ying] + + *) Expand ENGINE to support engine supplied SSL client certificate functions. + + This work was sponsored by Logica. + [Steve Henson] + + *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows + keystores. Support for SSL/TLS client authentication too. + Not compiled unless enable-capieng specified to Configure. + + This work was sponsored by Logica. + [Steve Henson] + + *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using + ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain + attribute creation routines such as certifcate requests and PKCS#12 + files. + [Steve Henson] + + Changes between 0.9.8g and 0.9.8h [28 May 2008] + + *) Fix flaw if 'Server Key exchange message' is omitted from a TLS + handshake which could lead to a cilent crash as found using the + Codenomicon TLS test suite (CVE-2008-1672) + [Steve Henson, Mark Cox] + + *) Fix double free in TLS server name extensions which could lead to + a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) + [Joe Orton] + + *) Clear error queue in SSL_CTX_use_certificate_chain_file() + + Clear the error queue to ensure that error entries left from + older function calls do not interfere with the correct operation. + [Lutz Jaenicke, Erik de Castro Lopo] + + *) Remove root CA certificates of commercial CAs: + + The OpenSSL project does not recommend any specific CA and does not + have any policy with respect to including or excluding any CA. + Therefore it does not make any sense to ship an arbitrary selection + of root CA certificates with the OpenSSL software. + [Lutz Jaenicke] + + *) RSA OAEP patches to fix two separate invalid memory reads. + The first one involves inputs when 'lzero' is greater than + 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes + before the beginning of from). The second one involves inputs where + the 'db' section contains nothing but zeroes (there is a one-byte + invalid read after the end of 'db'). + [Ivan Nestlerode ] + + *) Partial backport from 0.9.9-dev: + + Introduce bn_mul_mont (dedicated Montgomery multiplication + procedure) as a candidate for BIGNUM assembler implementation. + While 0.9.9-dev uses assembler for various architectures, only + x86_64 is available by default here in the 0.9.8 branch, and + 32-bit x86 is available through a compile-time setting. + + To try the 32-bit x86 assembler implementation, use Configure + option "enable-montasm" (which exists only for this backport). + + As "enable-montasm" for 32-bit x86 disclaims code stability + anyway, in this constellation we activate additional code + backported from 0.9.9-dev for further performance improvements, + namely BN_from_montgomery_word. (To enable this otherwise, + e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".) + + [Andy Polyakov (backport partially by Bodo Moeller)] + + *) Add TLS session ticket callback. This allows an application to set + TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed + values. This is useful for key rollover for example where several key + sets may exist with different names. + [Steve Henson] + + *) Reverse ENGINE-internal logic for caching default ENGINE handles. + This was broken until now in 0.9.8 releases, such that the only way + a registered ENGINE could be used (assuming it initialises + successfully on the host) was to explicitly set it as the default + for the relevant algorithms. This is in contradiction with 0.9.7 + behaviour and the documentation. With this fix, when an ENGINE is + registered into a given algorithm's table of implementations, the + 'uptodate' flag is reset so that auto-discovery will be used next + time a new context for that algorithm attempts to select an + implementation. + [Ian Lister (tweaked by Geoff Thorpe)] + + *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9 + implemention in the following ways: + + Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be + hard coded. + + Lack of BER streaming support means one pass streaming processing is + only supported if data is detached: setting the streaming flag is + ignored for embedded content. + + CMS support is disabled by default and must be explicitly enabled + with the enable-cms configuration option. + [Steve Henson] + + *) Update the GMP engine glue to do direct copies between BIGNUM and + mpz_t when openssl and GMP use the same limb size. Otherwise the + existing "conversion via a text string export" trick is still used. + [Paul Sheer ] + + *) Zlib compression BIO. This is a filter BIO which compressed and + uncompresses any data passed through it. + [Steve Henson] + + *) Add AES_wrap_key() and AES_unwrap_key() functions to implement + RFC3394 compatible AES key wrapping. + [Steve Henson] + + *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0(): + sets string data without copying. X509_ALGOR_set0() and + X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier) + data. Attribute function X509at_get0_data_by_OBJ(): retrieves data + from an X509_ATTRIBUTE structure optionally checking it occurs only + once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied + data. + [Steve Henson] + + *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() + to get the expected BN_FLG_CONSTTIME behavior. + [Bodo Moeller (Google)] + + *) Netware support: + + - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets + - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT) + - added some more tests to do_tests.pl + - fixed RunningProcess usage so that it works with newer LIBC NDKs too + - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency + - added new Configure targets netware-clib-bsdsock, netware-clib-gcc, + netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc + - various changes to netware.pl to enable gcc-cross builds on Win32 + platform + - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD) + - various changes to fix missing prototype warnings + - fixed x86nasm.pl to create correct asm files for NASM COFF output + - added AES, WHIRLPOOL and CPUID assembler code to build files + - added missing AES assembler make rules to mk1mf.pl + - fixed order of includes in apps/ocsp.c so that e_os.h settings apply + [Guenter Knauf ] + + *) Implement certificate status request TLS extension defined in RFC3546. + A client can set the appropriate parameters and receive the encoded + OCSP response via a callback. A server can query the supplied parameters + and set the encoded OCSP response in the callback. Add simplified examples + to s_client and s_server. + [Steve Henson] + + Changes between 0.9.8f and 0.9.8g [19 Oct 2007] + + *) Fix various bugs: + + Binary incompatibility of ssl_ctx_st structure + + DTLS interoperation with non-compliant servers + + Don't call get_session_cb() without proposed session + + Fix ia64 assembler code + [Andy Polyakov, Steve Henson] + + Changes between 0.9.8e and 0.9.8f [11 Oct 2007] + + *) DTLS Handshake overhaul. There were longstanding issues with + OpenSSL DTLS implementation, which were making it impossible for + RFC 4347 compliant client to communicate with OpenSSL server. + Unfortunately just fixing these incompatibilities would "cut off" + pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e + server keeps tolerating non RFC compliant syntax. The opposite is + not true, 0.9.8f client can not communicate with earlier server. + This update even addresses CVE-2007-4995. + [Andy Polyakov] + + *) Changes to avoid need for function casts in OpenSSL: some compilers + (gcc 4.2 and later) reject their use. + [Kurt Roeckx , Peter Hartley , + Steve Henson] + + *) Add RFC4507 support to OpenSSL. This includes the corrections in + RFC4507bis. The encrypted ticket format is an encrypted encoded + SSL_SESSION structure, that way new session features are automatically + supported. + + If a client application caches session in an SSL_SESSION structure + support is transparent because tickets are now stored in the encoded + SSL_SESSION. + + The SSL_CTX structure automatically generates keys for ticket + protection in servers so again support should be possible + with no application modification. + + If a client or server wishes to disable RFC4507 support then the option + SSL_OP_NO_TICKET can be set. + + Add a TLS extension debugging callback to allow the contents of any client + or server extensions to be examined. + + This work was sponsored by Google. + [Steve Henson] + + *) Add initial support for TLS extensions, specifically for the server_name + extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now + have new members for a host name. The SSL data structure has an + additional member SSL_CTX *initial_ctx so that new sessions can be + stored in that context to allow for session resumption, even after the + SSL has been switched to a new SSL_CTX in reaction to a client's + server_name extension. + + New functions (subject to change): + + SSL_get_servername() + SSL_get_servername_type() + SSL_set_SSL_CTX() + + New CTRL codes and macros (subject to change): + + SSL_CTRL_SET_TLSEXT_SERVERNAME_CB + - SSL_CTX_set_tlsext_servername_callback() + SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG + - SSL_CTX_set_tlsext_servername_arg() + SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name() + + openssl s_client has a new '-servername ...' option. + + openssl s_server has new options '-servername_host ...', '-cert2 ...', + '-key2 ...', '-servername_fatal' (subject to change). This allows + testing the HostName extension for a specific single host name ('-cert' + and '-key' remain fallbacks for handshakes without HostName + negotiation). If the unrecogninzed_name alert has to be sent, this by + default is a warning; it becomes fatal with the '-servername_fatal' + option. + + [Peter Sylvester, Remy Allais, Christophe Renou, Steve Henson] + + *) Add AES and SSE2 assembly language support to VC++ build. + [Steve Henson] + + *) Mitigate attack on final subtraction in Montgomery reduction. + [Andy Polyakov] + + *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 + (which previously caused an internal error). + [Bodo Moeller] + + *) Squeeze another 10% out of IGE mode when in != out. + [Ben Laurie] + + *) AES IGE mode speedup. + [Dean Gaudet (Google)] + + *) Add the Korean symmetric 128-bit cipher SEED (see + http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and + add SEED ciphersuites from RFC 4162: + + TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA" + TLS_DHE_DSS_WITH_SEED_CBC_SHA = "DHE-DSS-SEED-SHA" + TLS_DHE_RSA_WITH_SEED_CBC_SHA = "DHE-RSA-SEED-SHA" + TLS_DH_anon_WITH_SEED_CBC_SHA = "ADH-SEED-SHA" + + To minimize changes between patchlevels in the OpenSSL 0.9.8 + series, SEED remains excluded from compilation unless OpenSSL + is configured with 'enable-seed'. + [KISA, Bodo Moeller] + + *) Mitigate branch prediction attacks, which can be practical if a + single processor is shared, allowing a spy process to extract + information. For detailed background information, see + http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron, + J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL + and Necessary Software Countermeasures"). The core of the change + are new versions BN_div_no_branch() and + BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(), + respectively, which are slower, but avoid the security-relevant + conditional branches. These are automatically called by BN_div() + and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one + of the input BIGNUMs. Also, BN_is_bit_set() has been changed to + remove a conditional branch. + + BN_FLG_CONSTTIME is the new name for the previous + BN_FLG_EXP_CONSTTIME flag, since it now affects more than just + modular exponentiation. (Since OpenSSL 0.9.7h, setting this flag + in the exponent causes BN_mod_exp_mont() to use the alternative + implementation in BN_mod_exp_mont_consttime().) The old name + remains as a deprecated alias. + + Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general + RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses + constant-time implementations for more than just exponentiation. + Here too the old name is kept as a deprecated alias. + + BN_BLINDING_new() will now use BN_dup() for the modulus so that + the BN_BLINDING structure gets an independent copy of the + modulus. This means that the previous "BIGNUM *m" argument to + BN_BLINDING_new() and to BN_BLINDING_create_param() now + essentially becomes "const BIGNUM *m", although we can't actually + change this in the header file before 0.9.9. It allows + RSA_setup_blinding() to use BN_with_flags() on the modulus to + enable BN_FLG_CONSTTIME. + + [Matthew D Wood (Intel Corp)] + + *) In the SSL/TLS server implementation, be strict about session ID + context matching (which matters if an application uses a single + external cache for different purposes). Previously, + out-of-context reuse was forbidden only if SSL_VERIFY_PEER was + set. This did ensure strict client verification, but meant that, + with applications using a single external cache for quite + different requirements, clients could circumvent ciphersuite + restrictions for a given session ID context by starting a session + in a different context. + [Bodo Moeller] + + *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that + a ciphersuite string such as "DEFAULT:RSA" cannot enable + authentication-only ciphersuites. + [Bodo Moeller] + + *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was + not complete and could lead to a possible single byte overflow + (CVE-2007-5135) [Ben Laurie] + + Changes between 0.9.8d and 0.9.8e [23 Feb 2007] + + *) Since AES128 and AES256 (and similarly Camellia128 and + Camellia256) share a single mask bit in the logic of + ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a + kludge to work properly if AES128 is available and AES256 isn't + (or if Camellia128 is available and Camellia256 isn't). + [Victor Duchovni] + + *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c + (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters): + When a point or a seed is encoded in a BIT STRING, we need to + prevent the removal of trailing zero bits to get the proper DER + encoding. (By default, crypto/asn1/a_bitstr.c assumes the case + of a NamedBitList, for which trailing 0 bits need to be removed.) + [Bodo Moeller] + + *) Have SSL/TLS server implementation tolerate "mismatched" record + protocol version while receiving ClientHello even if the + ClientHello is fragmented. (The server can't insist on the + particular protocol version it has chosen before the ServerHello + message has informed the client about his choice.) + [Bodo Moeller] + + *) Add RFC 3779 support. + [Rob Austein for ARIN, Ben Laurie] + + *) Load error codes if they are not already present instead of using a + static variable. This allows them to be cleanly unloaded and reloaded. + Improve header file function name parsing. + [Steve Henson] + + *) extend SMTP and IMAP protocol emulation in s_client to use EHLO + or CAPABILITY handshake as required by RFCs. + [Goetz Babin-Ebell] + + Changes between 0.9.8c and 0.9.8d [28 Sep 2006] + + *) Introduce limits to prevent malicious keys being able to + cause a denial of service. (CVE-2006-2940) + [Steve Henson, Bodo Moeller] + + *) Fix ASN.1 parsing of certain invalid structures that can result + in a denial of service. (CVE-2006-2937) [Steve Henson] + + *) Fix buffer overflow in SSL_get_shared_ciphers() function. + (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Fix SSL client code which could crash if connecting to a + malicious SSLv2 server. (CVE-2006-4343) + [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites + match only those. Before that, "AES256-SHA" would be interpreted + as a pattern and match "AES128-SHA" too (since AES128-SHA got + the same strength classification in 0.9.7h) as we currently only + have a single AES bit in the ciphersuite description bitmap. + That change, however, also applied to ciphersuite strings such as + "RC4-MD5" that intentionally matched multiple ciphersuites -- + namely, SSL 2.0 ciphersuites in addition to the more common ones + from SSL 3.0/TLS 1.0. + + So we change the selection algorithm again: Naming an explicit + ciphersuite selects this one ciphersuite, and any other similar + ciphersuite (same bitmap) from *other* protocol versions. + Thus, "RC4-MD5" again will properly select both the SSL 2.0 + ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite. + + Since SSL 2.0 does not have any ciphersuites for which the + 128/256 bit distinction would be relevant, this works for now. + The proper fix will be to use different bits for AES128 and + AES256, which would have avoided the problems from the beginning; + however, bits are scarce, so we can only do this in a new release + (not just a patchlevel) when we can change the SSL_CIPHER + definition to split the single 'unsigned long mask' bitmap into + multiple values to extend the available space. + + [Bodo Moeller] + + Changes between 0.9.8b and 0.9.8c [05 Sep 2006] + + *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher + (CVE-2006-4339) [Ben Laurie and Google Security Team] + + *) Add AES IGE and biIGE modes. + [Ben Laurie] + + *) Change the Unix randomness entropy gathering to use poll() when + possible instead of select(), since the latter has some + undesirable limitations. + [Darryl Miles via Richard Levitte and Bodo Moeller] + + *) Disable "ECCdraft" ciphersuites more thoroughly. Now special + treatment in ssl/ssl_ciph.s makes sure that these ciphersuites + cannot be implicitly activated as part of, e.g., the "AES" alias. + However, please upgrade to OpenSSL 0.9.9[-dev] for + non-experimental use of the ECC ciphersuites to get TLS extension + support, which is required for curve and point format negotiation + to avoid potential handshake problems. + [Bodo Moeller] + + *) Disable rogue ciphersuites: + + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + + The latter two were purportedly from + draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really + appear there. + + Also deactivate the remaining ciphersuites from + draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as + unofficial, and the ID has long expired. + [Bodo Moeller] + + *) Fix RSA blinding Heisenbug (problems sometimes occured on + dual-core machines) and other potential thread-safety issues. + [Bodo Moeller] + + *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key + versions), which is now available for royalty-free use + (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). + Also, add Camellia TLS ciphersuites from RFC 4132. + + To minimize changes between patchlevels in the OpenSSL 0.9.8 + series, Camellia remains excluded from compilation unless OpenSSL + is configured with 'enable-camellia'. + [NTT] + + *) Disable the padding bug check when compression is in use. The padding + bug check assumes the first packet is of even length, this is not + necessarily true if compresssion is enabled and can result in false + positives causing handshake failure. The actual bug test is ancient + code so it is hoped that implementations will either have fixed it by + now or any which still have the bug do not support compression. + [Steve Henson] + + Changes between 0.9.8a and 0.9.8b [04 May 2006] + + *) When applying a cipher rule check to see if string match is an explicit + cipher suite and only match that one cipher suite if it is. + [Steve Henson] + + *) Link in manifests for VC++ if needed. + [Austin Ziegler ] + + *) Update support for ECC-based TLS ciphersuites according to + draft-ietf-tls-ecc-12.txt with proposed changes (but without + TLS extensions, which are supported starting with the 0.9.9 + branch, not in the OpenSSL 0.9.8 branch). + [Douglas Stebila] + + *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support + opaque EVP_CIPHER_CTX handling. + [Steve Henson] + + *) Fixes and enhancements to zlib compression code. We now only use + "zlib1.dll" and use the default __cdecl calling convention on Win32 + to conform with the standards mentioned here: + http://www.zlib.net/DLL_FAQ.txt + Static zlib linking now works on Windows and the new --with-zlib-include + --with-zlib-lib options to Configure can be used to supply the location + of the headers and library. Gracefully handle case where zlib library + can't be loaded. + [Steve Henson] + + *) Several fixes and enhancements to the OID generation code. The old code + sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't + handle numbers larger than ULONG_MAX, truncated printing and had a + non standard OBJ_obj2txt() behaviour. + [Steve Henson] + + *) Add support for building of engines under engine/ as shared libraries + under VC++ build system. + [Steve Henson] + + *) Corrected the numerous bugs in the Win32 path splitter in DSO. + Hopefully, we will not see any false combination of paths any more. + [Richard Levitte] + + Changes between 0.9.8 and 0.9.8a [11 Oct 2005] + + *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING + (part of SSL_OP_ALL). This option used to disable the + countermeasure against man-in-the-middle protocol-version + rollback in the SSL 2.0 server implementation, which is a bad + idea. (CVE-2005-2969) + + [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center + for Information Security, National Institute of Advanced Industrial + Science and Technology [AIST], Japan)] + + *) Add two function to clear and return the verify parameter flags. + [Steve Henson] + + *) Keep cipherlists sorted in the source instead of sorting them at + runtime, thus removing the need for a lock. + [Nils Larsch] + + *) Avoid some small subgroup attacks in Diffie-Hellman. + [Nick Mathewson and Ben Laurie] + + *) Add functions for well-known primes. + [Nick Mathewson] + + *) Extended Windows CE support. + [Satoshi Nakamura and Andy Polyakov] + + *) Initialize SSL_METHOD structures at compile time instead of during + runtime, thus removing the need for a lock. + [Steve Henson] + + *) Make PKCS7_decrypt() work even if no certificate is supplied by + attempting to decrypt each encrypted key in turn. Add support to + smime utility. + [Steve Henson] + + Changes between 0.9.7h and 0.9.8 [05 Jul 2005] + + [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after + OpenSSL 0.9.8.] + + *) Add libcrypto.pc and libssl.pc for those who feel they need them. + [Richard Levitte] + + *) Change CA.sh and CA.pl so they don't bundle the CSR and the private + key into the same file any more. + [Richard Levitte] + + *) Add initial support for Win64, both IA64 and AMD64/x64 flavors. + [Andy Polyakov] + + *) Add -utf8 command line and config file option to 'ca'. + [Stefan and Geoff Thorpe] + + *) Add attribute functions to EVP_PKEY structure. Modify + PKCS12_create() to recognize a CSP name attribute and + use it. Make -CSP option work again in pkcs12 utility. + [Steve Henson] + + *) Add new functionality to the bn blinding code: + - automatic re-creation of the BN_BLINDING parameters after + a fixed number of uses (currently 32) + - add new function for parameter creation + - introduce flags to control the update behaviour of the + BN_BLINDING parameters + - hide BN_BLINDING structure + Add a second BN_BLINDING slot to the RSA structure to improve + performance when a single RSA object is shared among several + threads. + [Nils Larsch] + + *) Add support for DTLS. + [Nagendra Modadugu and Ben Laurie] + + *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1) + to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() + [Walter Goulet] + + *) Remove buggy and incompletet DH cert support from + ssl/ssl_rsa.c and ssl/s3_both.c + [Nils Larsch] + + *) Use SHA-1 instead of MD5 as the default digest algorithm for + the apps/openssl applications. + [Nils Larsch] + + *) Compile clean with "-Wall -Wmissing-prototypes + -Wstrict-prototypes -Wmissing-declarations -Werror". Currently + DEBUG_SAFESTACK must also be set. + [Ben Laurie] + + *) Change ./Configure so that certain algorithms can be disabled by default. + The new counterpiece to "no-xxx" is "enable-xxx". + + The patented RC5 and MDC2 algorithms will now be disabled unless + "enable-rc5" and "enable-mdc2", respectively, are specified. + + (IDEA remains enabled despite being patented. This is because IDEA + is frequently required for interoperability, and there is no license + fee for non-commercial use. As before, "no-idea" can be used to + avoid this algorithm.) + + [Bodo Moeller] + + *) Add processing of proxy certificates (see RFC 3820). This work was + sponsored by KTH (The Royal Institute of Technology in Stockholm) and + EGEE (Enabling Grids for E-science in Europe). + [Richard Levitte] + + *) RC4 performance overhaul on modern architectures/implementations, such + as Intel P4, IA-64 and AMD64. + [Andy Polyakov] + + *) New utility extract-section.pl. This can be used specify an alternative + section number in a pod file instead of having to treat each file as + a separate case in Makefile. This can be done by adding two lines to the + pod file: + + =for comment openssl_section:XXX + + The blank line is mandatory. + + [Steve Henson] + + *) New arguments -certform, -keyform and -pass for s_client and s_server + to allow alternative format key and certificate files and passphrase + sources. + [Steve Henson] + + *) New structure X509_VERIFY_PARAM which combines current verify parameters, + update associated structures and add various utility functions. + + Add new policy related verify parameters, include policy checking in + standard verify code. Enhance 'smime' application with extra parameters + to support policy checking and print out. + [Steve Henson] + + *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3 + Nehemiah processors. These extensions support AES encryption in hardware + as well as RNG (though RNG support is currently disabled). + [Michal Ludvig , with help from Andy Polyakov] + + *) Deprecate BN_[get|set]_params() functions (they were ignored internally). + [Geoff Thorpe] + + *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented. + [Andy Polyakov and a number of other people] + + *) Improved PowerPC platform support. Most notably BIGNUM assembler + implementation contributed by IBM. + [Suresh Chari, Peter Waltenberg, Andy Polyakov] + + *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public + exponent rather than 'unsigned long'. There is a corresponding change to + the new 'rsa_keygen' element of the RSA_METHOD structure. + [Jelte Jansen, Geoff Thorpe] + + *) Functionality for creating the initial serial number file is now + moved from CA.pl to the 'ca' utility with a new option -create_serial. + + (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial + number file to 1, which is bound to cause problems. To avoid + the problems while respecting compatibility between different 0.9.7 + patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in + CA.pl for serial number initialization. With the new release 0.9.8, + we can fix the problem directly in the 'ca' utility.) + [Steve Henson] + + *) Reduced header interdepencies by declaring more opaque objects in + ossl_typ.h. As a consequence, including some headers (eg. engine.h) will + give fewer recursive includes, which could break lazy source code - so + this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always, + developers should define this symbol when building and using openssl to + ensure they track the recommended behaviour, interfaces, [etc], but + backwards-compatible behaviour prevails when this isn't defined. + [Geoff Thorpe] + + *) New function X509_POLICY_NODE_print() which prints out policy nodes. + [Steve Henson] + + *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality. + This will generate a random key of the appropriate length based on the + cipher context. The EVP_CIPHER can provide its own random key generation + routine to support keys of a specific form. This is used in the des and + 3des routines to generate a key of the correct parity. Update S/MIME + code to use new functions and hence generate correct parity DES keys. + Add EVP_CHECK_DES_KEY #define to return an error if the key is not + valid (weak or incorrect parity). + [Steve Henson] + + *) Add a local set of CRLs that can be used by X509_verify_cert() as well + as looking them up. This is useful when the verified structure may contain + CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs + present unless the new PKCS7_NO_CRL flag is asserted. + [Steve Henson] + + *) Extend ASN1 oid configuration module. It now additionally accepts the + syntax: + + shortName = some long name, 1.2.3.4 + [Steve Henson] + + *) Reimplemented the BN_CTX implementation. There is now no more static + limitation on the number of variables it can handle nor the depth of the + "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack + information can now expand as required, and rather than having a single + static array of bignums, BN_CTX now uses a linked-list of such arrays + allowing it to expand on demand whilst maintaining the usefulness of + BN_CTX's "bundling". + [Geoff Thorpe] + + *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD + to allow all RSA operations to function using a single BN_CTX. + [Geoff Thorpe] + + *) Preliminary support for certificate policy evaluation and checking. This + is initially intended to pass the tests outlined in "Conformance Testing + of Relying Party Client Certificate Path Processing Logic" v1.07. + [Steve Henson] + + *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and + remained unused and not that useful. A variety of other little bignum + tweaks and fixes have also been made continuing on from the audit (see + below). + [Geoff Thorpe] + + *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with + associated ASN1, EVP and SSL functions and old ASN1 macros. + [Richard Levitte] + + *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results, + and this should never fail. So the return value from the use of + BN_set_word() (which can fail due to needless expansion) is now deprecated; + if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro. + [Geoff Thorpe] + + *) BN_CTX_get() should return zero-valued bignums, providing the same + initialised value as BN_new(). + [Geoff Thorpe, suggested by Ulf Möller] + + *) Support for inhibitAnyPolicy certificate extension. + [Steve Henson] + + *) An audit of the BIGNUM code is underway, for which debugging code is + enabled when BN_DEBUG is defined. This makes stricter enforcements on what + is considered valid when processing BIGNUMs, and causes execution to + assert() when a problem is discovered. If BN_DEBUG_RAND is defined, + further steps are taken to deliberately pollute unused data in BIGNUM + structures to try and expose faulty code further on. For now, openssl will + (in its default mode of operation) continue to tolerate the inconsistent + forms that it has tolerated in the past, but authors and packagers should + consider trying openssl and their own applications when compiled with + these debugging symbols defined. It will help highlight potential bugs in + their own code, and will improve the test coverage for OpenSSL itself. At + some point, these tighter rules will become openssl's default to improve + maintainability, though the assert()s and other overheads will remain only + in debugging configurations. See bn.h for more details. + [Geoff Thorpe, Nils Larsch, Ulf Möller] + + *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure + that can only be obtained through BN_CTX_new() (which implicitly + initialises it). The presence of this function only made it possible + to overwrite an existing structure (and cause memory leaks). + [Geoff Thorpe] + + *) Because of the callback-based approach for implementing LHASH as a + template type, lh_insert() adds opaque objects to hash-tables and + lh_doall() or lh_doall_arg() are typically used with a destructor callback + to clean up those corresponding objects before destroying the hash table + (and losing the object pointers). So some over-zealous constifications in + LHASH have been relaxed so that lh_insert() does not take (nor store) the + objects as "const" and the lh_doall[_arg] callback wrappers are not + prototyped to have "const" restrictions on the object pointers they are + given (and so aren't required to cast them away any more). + [Geoff Thorpe] + + *) The tmdiff.h API was so ugly and minimal that our own timing utility + (speed) prefers to use its own implementation. The two implementations + haven't been consolidated as yet (volunteers?) but the tmdiff API has had + its object type properly exposed (MS_TM) instead of casting to/from "char + *". This may still change yet if someone realises MS_TM and "ms_time_***" + aren't necessarily the greatest nomenclatures - but this is what was used + internally to the implementation so I've used that for now. + [Geoff Thorpe] + + *) Ensure that deprecated functions do not get compiled when + OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of + the self-tests were still using deprecated key-generation functions so + these have been updated also. + [Geoff Thorpe] + + *) Reorganise PKCS#7 code to separate the digest location functionality + into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). + New function PKCS7_set_digest() to set the digest type for PKCS#7 + digestedData type. Add additional code to correctly generate the + digestedData type and add support for this type in PKCS7 initialization + functions. + [Steve Henson] + + *) New function PKCS7_set0_type_other() this initializes a PKCS7 + structure of type "other". + [Steve Henson] + + *) Fix prime generation loop in crypto/bn/bn_prime.pl by making + sure the loop does correctly stop and breaking ("division by zero") + modulus operations are not performed. The (pre-generated) prime + table crypto/bn/bn_prime.h was already correct, but it could not be + re-generated on some platforms because of the "division by zero" + situation in the script. + [Ralf S. Engelschall] + + *) Update support for ECC-based TLS ciphersuites according to + draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with + SHA-1 now is only used for "small" curves (where the + representation of a field element takes up to 24 bytes); for + larger curves, the field element resulting from ECDH is directly + used as premaster secret. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2 + curve secp160r1 to the tests. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add the possibility to load symbols globally with DSO. + [Götz Babin-Ebell via Richard Levitte] + + *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better + control of the error stack. + [Richard Levitte] + + *) Add support for STORE in ENGINE. + [Richard Levitte] + + *) Add the STORE type. The intention is to provide a common interface + to certificate and key stores, be they simple file-based stores, or + HSM-type store, or LDAP stores, or... + NOTE: The code is currently UNTESTED and isn't really used anywhere. + [Richard Levitte] + + *) Add a generic structure called OPENSSL_ITEM. This can be used to + pass a list of arguments to any function as well as provide a way + for a function to pass data back to the caller. + [Richard Levitte] + + *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup() + works like BUF_strdup() but can be used to duplicate a portion of + a string. The copy gets NUL-terminated. BUF_memdup() duplicates + a memory area. + [Richard Levitte] + + *) Add the function sk_find_ex() which works like sk_find(), but will + return an index to an element even if an exact match couldn't be + found. The index is guaranteed to point at the element where the + searched-for key would be inserted to preserve sorting order. + [Richard Levitte] + + *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but + takes an extra flags argument for optional functionality. Currently, + the following flags are defined: + + OBJ_BSEARCH_VALUE_ON_NOMATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns a negative or zero + number. + + OBJ_BSEARCH_FIRST_VALUE_ON_MATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns zero. This is useful + if there are more than one element where the comparing function + returns zero. + [Richard Levitte] + + *) Make it possible to create self-signed certificates with 'openssl ca' + in such a way that the self-signed certificate becomes part of the + CA database and uses the same mechanisms for serial number generation + as all other certificate signing. The new flag '-selfsign' enables + this functionality. Adapt CA.sh and CA.pl.in. + [Richard Levitte] + + *) Add functionality to check the public key of a certificate request + against a given private. This is useful to check that a certificate + request can be signed by that key (self-signing). + [Richard Levitte] + + *) Make it possible to have multiple active certificates with the same + subject in the CA index file. This is done only if the keyword + 'unique_subject' is set to 'no' in the main CA section (default + if 'CA_default') of the configuration file. The value is saved + with the database itself in a separate index attribute file, + named like the index file with '.attr' appended to the name. + [Richard Levitte] + + *) Generate muti valued AVAs using '+' notation in config files for + req and dirName. + [Steve Henson] + + *) Support for nameConstraints certificate extension. + [Steve Henson] + + *) Support for policyConstraints certificate extension. + [Steve Henson] + + *) Support for policyMappings certificate extension. + [Steve Henson] + + *) Make sure the default DSA_METHOD implementation only uses its + dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL, + and change its own handlers to be NULL so as to remove unnecessary + indirection. This lets alternative implementations fallback to the + default implementation more easily. + [Geoff Thorpe] + + *) Support for directoryName in GeneralName related extensions + in config files. + [Steve Henson] + + *) Make it possible to link applications using Makefile.shared. + Make that possible even when linking against static libraries! + [Richard Levitte] + + *) Support for single pass processing for S/MIME signing. This now + means that S/MIME signing can be done from a pipe, in addition + cleartext signing (multipart/signed type) is effectively streaming + and the signed data does not need to be all held in memory. + + This is done with a new flag PKCS7_STREAM. When this flag is set + PKCS7_sign() only initializes the PKCS7 structure and the actual signing + is done after the data is output (and digests calculated) in + SMIME_write_PKCS7(). + [Steve Henson] + + *) Add full support for -rpath/-R, both in shared libraries and + applications, at least on the platforms where it's known how + to do it. + [Richard Levitte] + + *) In crypto/ec/ec_mult.c, implement fast point multiplication with + precomputation, based on wNAF splitting: EC_GROUP_precompute_mult() + will now compute a table of multiples of the generator that + makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul() + faster (notably in the case of a single point multiplication, + scalar * generator). + [Nils Larsch, Bodo Moeller] + + *) IPv6 support for certificate extensions. The various extensions + which use the IP:a.b.c.d can now take IPv6 addresses using the + formats of RFC1884 2.2 . IPv6 addresses are now also displayed + correctly. + [Steve Henson] + + *) Added an ENGINE that implements RSA by performing private key + exponentiations with the GMP library. The conversions to and from + GMP's mpz_t format aren't optimised nor are any montgomery forms + cached, and on x86 it appears OpenSSL's own performance has caught up. + However there are likely to be other architectures where GMP could + provide a boost. This ENGINE is not built in by default, but it can be + specified at Configure time and should be accompanied by the necessary + linker additions, eg; + ./config -DOPENSSL_USE_GMP -lgmp + [Geoff Thorpe] + + *) "openssl engine" will not display ENGINE/DSO load failure errors when + testing availability of engines with "-t" - the old behaviour is + produced by increasing the feature's verbosity with "-tt". + [Geoff Thorpe] + + *) ECDSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Nils Larsch + via PR#459) + [Lutz Jaenicke] + + *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD + and DH_METHOD (eg. by ENGINE implementations) to override the normal + software implementations. For DSA and DH, parameter generation can + also be overriden by providing the appropriate method callbacks. + [Geoff Thorpe] + + *) Change the "progress" mechanism used in key-generation and + primality testing to functions that take a new BN_GENCB pointer in + place of callback/argument pairs. The new API functions have "_ex" + postfixes and the older functions are reimplemented as wrappers for + the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide + declarations of the old functions to help (graceful) attempts to + migrate to the new functions. Also, the new key-generation API + functions operate on a caller-supplied key-structure and return + success/failure rather than returning a key or NULL - this is to + help make "keygen" another member function of RSA_METHOD etc. + + Example for using the new callback interface: + + int (*my_callback)(int a, int b, BN_GENCB *cb) = ...; + void *my_arg = ...; + BN_GENCB my_cb; + + BN_GENCB_set(&my_cb, my_callback, my_arg); + + return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb); + /* For the meaning of a, b in calls to my_callback(), see the + * documentation of the function that calls the callback. + * cb will point to my_cb; my_arg can be retrieved as cb->arg. + * my_callback should return 1 if it wants BN_is_prime_ex() + * to continue, or 0 to stop. + */ + + [Geoff Thorpe] + + *) Change the ZLIB compression method to be stateful, and make it + available to TLS with the number defined in + draft-ietf-tls-compression-04.txt. + [Richard Levitte] + + *) Add the ASN.1 structures and functions for CertificatePair, which + is defined as follows (according to X.509_4thEditionDraftV6.pdf): + + CertificatePair ::= SEQUENCE { + forward [0] Certificate OPTIONAL, + reverse [1] Certificate OPTIONAL, + -- at least one of the pair shall be present -- } + + Also implement the PEM functions to read and write certificate + pairs, and defined the PEM tag as "CERTIFICATE PAIR". + + This needed to be defined, mostly for the sake of the LDAP + attribute crossCertificatePair, but may prove useful elsewhere as + well. + [Richard Levitte] + + *) Make it possible to inhibit symlinking of shared libraries in + Makefile.shared, for Cygwin's sake. + [Richard Levitte] + + *) Extend the BIGNUM API by creating a function + void BN_set_negative(BIGNUM *a, int neg); + and a macro that behave like + int BN_is_negative(const BIGNUM *a); + + to avoid the need to access 'a->neg' directly in applications. + [Nils Larsch] + + *) Implement fast modular reduction for pseudo-Mersenne primes + used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c). + EC_GROUP_new_curve_GFp() will now automatically use this + if applicable. + [Nils Larsch ] + + *) Add new lock type (CRYPTO_LOCK_BN). + [Bodo Moeller] + + *) Change the ENGINE framework to automatically load engines + dynamically from specific directories unless they could be + found to already be built in or loaded. Move all the + current engines except for the cryptodev one to a new + directory engines/. + The engines in engines/ are built as shared libraries if + the "shared" options was given to ./Configure or ./config. + Otherwise, they are inserted in libcrypto.a. + /usr/local/ssl/engines is the default directory for dynamic + engines, but that can be overriden at configure time through + the usual use of --prefix and/or --openssldir, and at run + time with the environment variable OPENSSL_ENGINES. + [Geoff Thorpe and Richard Levitte] + + *) Add Makefile.shared, a helper makefile to build shared + libraries. Addapt Makefile.org. + [Richard Levitte] + + *) Add version info to Win32 DLLs. + [Peter 'Luna' Runestig" ] + + *) Add new 'medium level' PKCS#12 API. Certificates and keys + can be added using this API to created arbitrary PKCS#12 + files while avoiding the low level API. + + New options to PKCS12_create(), key or cert can be NULL and + will then be omitted from the output file. The encryption + algorithm NIDs can be set to -1 for no encryption, the mac + iteration count can be set to 0 to omit the mac. + + Enhance pkcs12 utility by making the -nokeys and -nocerts + options work when creating a PKCS#12 file. New option -nomac + to omit the mac, NONE can be set for an encryption algorithm. + New code is modified to use the enhanced PKCS12_create() + instead of the low level API. + [Steve Henson] + + *) Extend ASN1 encoder to support indefinite length constructed + encoding. This can output sequences tags and octet strings in + this form. Modify pk7_asn1.c to support indefinite length + encoding. This is experimental and needs additional code to + be useful, such as an ASN1 bio and some enhanced streaming + PKCS#7 code. + + Extend template encode functionality so that tagging is passed + down to the template encoder. + [Steve Henson] + + *) Let 'openssl req' fail if an argument to '-newkey' is not + recognized instead of using RSA as a default. + [Bodo Moeller] + + *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt. + As these are not official, they are not included in "ALL"; + the "ECCdraft" ciphersuite group alias can be used to select them. + [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)] + + *) Add ECDH engine support. + [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add ECDH in new directory crypto/ecdh/. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Let BN_rand_range() abort with an error after 100 iterations + without success (which indicates a broken PRNG). + [Bodo Moeller] + + *) Change BN_mod_sqrt() so that it verifies that the input value + is really the square of the return value. (Previously, + BN_mod_sqrt would show GIGO behaviour.) + [Bodo Moeller] + + *) Add named elliptic curves over binary fields from X9.62, SECG, + and WAP/WTLS; add OIDs that were still missing. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Extend the EC library for elliptic curves over binary fields + (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/). + New EC_METHOD: + + EC_GF2m_simple_method + + New API functions: + + EC_GROUP_new_curve_GF2m + EC_GROUP_set_curve_GF2m + EC_GROUP_get_curve_GF2m + EC_POINT_set_affine_coordinates_GF2m + EC_POINT_get_affine_coordinates_GF2m + EC_POINT_set_compressed_coordinates_GF2m + + Point compression for binary fields is disabled by default for + patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to + enable it). + + As binary polynomials are represented as BIGNUMs, various members + of the EC_GROUP and EC_POINT data structures can be shared + between the implementations for prime fields and binary fields; + the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m) + are essentially identical to their ..._GFp counterparts. + (For simplicity, the '..._GFp' prefix has been dropped from + various internal method names.) + + An internal 'field_div' method (similar to 'field_mul' and + 'field_sqr') has been added; this is used only for binary fields. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult() + through methods ('mul', 'precompute_mult'). + + The generic implementations (now internally called 'ec_wNAF_mul' + and 'ec_wNAF_precomputed_mult') remain the default if these + methods are undefined. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) New function EC_GROUP_get_degree, which is defined through + EC_METHOD. For curves over prime fields, this returns the bit + length of the modulus. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) New functions EC_GROUP_dup, EC_POINT_dup. + (These simply call ..._new and ..._copy). + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c. + Polynomials are represented as BIGNUMs (where the sign bit is not + used) in the following functions [macros]: + + BN_GF2m_add + BN_GF2m_sub [= BN_GF2m_add] + BN_GF2m_mod [wrapper for BN_GF2m_mod_arr] + BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr] + BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr] + BN_GF2m_mod_inv + BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr] + BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr] + BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr] + BN_GF2m_cmp [= BN_ucmp] + + (Note that only the 'mod' functions are actually for fields GF(2^m). + BN_GF2m_add() is misnomer, but this is for the sake of consistency.) + + For some functions, an the irreducible polynomial defining a + field can be given as an 'unsigned int[]' with strictly + decreasing elements giving the indices of those bits that are set; + i.e., p[] represents the polynomial + f(t) = t^p[0] + t^p[1] + ... + t^p[k] + where + p[0] > p[1] > ... > p[k] = 0. + This applies to the following functions: + + BN_GF2m_mod_arr + BN_GF2m_mod_mul_arr + BN_GF2m_mod_sqr_arr + BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv] + BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div] + BN_GF2m_mod_exp_arr + BN_GF2m_mod_sqrt_arr + BN_GF2m_mod_solve_quad_arr + BN_GF2m_poly2arr + BN_GF2m_arr2poly + + Conversion can be performed by the following functions: + + BN_GF2m_poly2arr + BN_GF2m_arr2poly + + bntest.c has additional tests for binary polynomial arithmetic. + + Two implementations for BN_GF2m_mod_div() are available. + The default algorithm simply uses BN_GF2m_mod_inv() and + BN_GF2m_mod_mul(). The alternative algorithm is compiled in only + if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the + copyright notice in crypto/bn/bn_gf2m.c before enabling it). + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Add new error code 'ERR_R_DISABLED' that can be used when some + functionality is disabled at compile-time. + [Douglas Stebila ] + + *) Change default behaviour of 'openssl asn1parse' so that more + information is visible when viewing, e.g., a certificate: + + Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump' + mode the content of non-printable OCTET STRINGs is output in a + style similar to INTEGERs, but with '[HEX DUMP]' prepended to + avoid the appearance of a printable string. + [Nils Larsch ] + + *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access + functions + EC_GROUP_set_asn1_flag() + EC_GROUP_get_asn1_flag() + EC_GROUP_set_point_conversion_form() + EC_GROUP_get_point_conversion_form() + These control ASN1 encoding details: + - Curves (i.e., groups) are encoded explicitly unless asn1_flag + has been set to OPENSSL_EC_NAMED_CURVE. + - Points are encoded in uncompressed form by default; options for + asn1_for are as for point2oct, namely + POINT_CONVERSION_COMPRESSED + POINT_CONVERSION_UNCOMPRESSED + POINT_CONVERSION_HYBRID + + Also add 'seed' and 'seed_len' members to EC_GROUP with access + functions + EC_GROUP_set_seed() + EC_GROUP_get0_seed() + EC_GROUP_get_seed_len() + This is used only for ASN1 purposes (so far). + [Nils Larsch ] + + *) Add 'field_type' member to EC_METHOD, which holds the NID + of the appropriate field type OID. The new function + EC_METHOD_get_field_type() returns this value. + [Nils Larsch ] + + *) Add functions + EC_POINT_point2bn() + EC_POINT_bn2point() + EC_POINT_point2hex() + EC_POINT_hex2point() + providing useful interfaces to EC_POINT_point2oct() and + EC_POINT_oct2point(). + [Nils Larsch ] + + *) Change internals of the EC library so that the functions + EC_GROUP_set_generator() + EC_GROUP_get_generator() + EC_GROUP_get_order() + EC_GROUP_get_cofactor() + are implemented directly in crypto/ec/ec_lib.c and not dispatched + to methods, which would lead to unnecessary code duplication when + adding different types of curves. + [Nils Larsch with input by Bodo Moeller] + + *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM + arithmetic, and such that modified wNAFs are generated + (which avoid length expansion in many cases). + [Bodo Moeller] + + *) Add a function EC_GROUP_check_discriminant() (defined via + EC_METHOD) that verifies that the curve discriminant is non-zero. + + Add a function EC_GROUP_check() that makes some sanity tests + on a EC_GROUP, its generator and order. This includes + EC_GROUP_check_discriminant(). + [Nils Larsch ] + + *) Add ECDSA in new directory crypto/ecdsa/. + + Add applications 'openssl ecparam' and 'openssl ecdsa' + (these are based on 'openssl dsaparam' and 'openssl dsa'). + + ECDSA support is also included in various other files across the + library. Most notably, + - 'openssl req' now has a '-newkey ecdsa:file' option; + - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; + - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and + d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make + them suitable for ECDSA where domain parameters must be + extracted before the specific public key; + - ECDSA engine support has been added. + [Nils Larsch ] + + *) Include some named elliptic curves, and add OIDs from X9.62, + SECG, and WAP/WTLS. Each curve can be obtained from the new + function + EC_GROUP_new_by_curve_name(), + and the list of available named curves can be obtained with + EC_get_builtin_curves(). + Also add a 'curve_name' member to EC_GROUP objects, which can be + accessed via + EC_GROUP_set_curve_name() + EC_GROUP_get_curve_name() + [Nils Larsch ] + + *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that + a ciphersuite string such as "DEFAULT:RSA" cannot enable + authentication-only ciphersuites. + [Bodo Moeller] + + *) Since AES128 and AES256 share a single mask bit in the logic of + ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a + kludge to work properly if AES128 is available and AES256 isn't. + [Victor Duchovni] + + *) Expand security boundary to match 1.1.1 module. + [Steve Henson] + + *) Remove redundant features: hash file source, editing of test vectors + modify fipsld to use external fips_premain.c signature. + [Steve Henson] + + *) New perl script mkfipsscr.pl to create shell scripts or batch files to + run algorithm test programs. + [Steve Henson] + + *) Make algorithm test programs more tolerant of whitespace. + [Steve Henson] + + *) Have SSL/TLS server implementation tolerate "mismatched" record + protocol version while receiving ClientHello even if the + ClientHello is fragmented. (The server can't insist on the + particular protocol version it has chosen before the ServerHello + message has informed the client about his choice.) + [Bodo Moeller] + + *) Load error codes if they are not already present instead of using a + static variable. This allows them to be cleanly unloaded and reloaded. + [Steve Henson] + + Changes between 0.9.7k and 0.9.7l [28 Sep 2006] + + *) Introduce limits to prevent malicious keys being able to + cause a denial of service. (CVE-2006-2940) + [Steve Henson, Bodo Moeller] + + *) Fix ASN.1 parsing of certain invalid structures that can result + in a denial of service. (CVE-2006-2937) [Steve Henson] + + *) Fix buffer overflow in SSL_get_shared_ciphers() function. + (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Fix SSL client code which could crash if connecting to a + malicious SSLv2 server. (CVE-2006-4343) + [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Change ciphersuite string processing so that an explicit + ciphersuite selects this one ciphersuite (so that "AES256-SHA" + will no longer include "AES128-SHA"), and any other similar + ciphersuite (same bitmap) from *other* protocol versions (so that + "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the + SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining + changes from 0.9.8b and 0.9.8d. + [Bodo Moeller] + + Changes between 0.9.7j and 0.9.7k [05 Sep 2006] + + *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher + (CVE-2006-4339) [Ben Laurie and Google Security Team] + + *) Change the Unix randomness entropy gathering to use poll() when + possible instead of select(), since the latter has some + undesirable limitations. + [Darryl Miles via Richard Levitte and Bodo Moeller] + + *) Disable rogue ciphersuites: + + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + + The latter two were purportedly from + draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really + appear there. + + Also deactive the remaining ciphersuites from + draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as + unofficial, and the ID has long expired. + [Bodo Moeller] + + *) Fix RSA blinding Heisenbug (problems sometimes occured on + dual-core machines) and other potential thread-safety issues. + [Bodo Moeller] + + Changes between 0.9.7i and 0.9.7j [04 May 2006] + + *) Adapt fipsld and the build system to link against the validated FIPS + module in FIPS mode. + [Steve Henson] + + *) Fixes for VC++ 2005 build under Windows. + [Steve Henson] + + *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make + from a Windows bash shell such as MSYS. It is autodetected from the + "config" script when run from a VC++ environment. Modify standard VC++ + build to use fipscanister.o from the GNU make build. + [Steve Henson] + + Changes between 0.9.7h and 0.9.7i [14 Oct 2005] + + *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS. + The value now differs depending on if you build for FIPS or not. + BEWARE! A program linked with a shared FIPSed libcrypto can't be + safely run with a non-FIPSed libcrypto, as it may crash because of + the difference induced by this change. + [Andy Polyakov] + + Changes between 0.9.7g and 0.9.7h [11 Oct 2005] + + *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING + (part of SSL_OP_ALL). This option used to disable the + countermeasure against man-in-the-middle protocol-version + rollback in the SSL 2.0 server implementation, which is a bad + idea. (CVE-2005-2969) + + [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center + for Information Security, National Institute of Advanced Industrial + Science and Technology [AIST], Japan)] + + *) Minimal support for X9.31 signatures and PSS padding modes. This is + mainly for FIPS compliance and not fully integrated at this stage. + [Steve Henson] + + *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform + the exponentiation using a fixed-length exponent. (Otherwise, + the information leaked through timing could expose the secret key + after many signatures; cf. Bleichenbacher's attack on DSA with + biased k.) + [Bodo Moeller] + + *) Make a new fixed-window mod_exp implementation the default for + RSA, DSA, and DH private-key operations so that the sequence of + squares and multiplies and the memory access pattern are + independent of the particular secret key. This will mitigate + cache-timing and potential related attacks. + + BN_mod_exp_mont_consttime() is the new exponentiation implementation, + and this is automatically used by BN_mod_exp_mont() if the new flag + BN_FLG_EXP_CONSTTIME is set for the exponent. RSA, DSA, and DH + will use this BN flag for private exponents unless the flag + RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or + DH_FLAG_NO_EXP_CONSTTIME, respectively, is set. + + [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller] + + *) Change the client implementation for SSLv23_method() and + SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0 + Client Hello message format if the SSL_OP_NO_SSLv2 option is set. + (Previously, the SSL 2.0 backwards compatible Client Hello + message format would be used even with SSL_OP_NO_SSLv2.) + [Bodo Moeller] + + *) Add support for smime-type MIME parameter in S/MIME messages which some + clients need. + [Steve Henson] + + *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in + a threadsafe manner. Modify rsa code to use new function and add calls + to dsa and dh code (which had race conditions before). + [Steve Henson] + + *) Include the fixed error library code in the C error file definitions + instead of fixing them up at runtime. This keeps the error code + structures constant. + [Steve Henson] + + Changes between 0.9.7f and 0.9.7g [11 Apr 2005] + + [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after + OpenSSL 0.9.8.] + + *) Fixes for newer kerberos headers. NB: the casts are needed because + the 'length' field is signed on one version and unsigned on another + with no (?) obvious way to tell the difference, without these VC++ + complains. Also the "definition" of FAR (blank) is no longer included + nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up + some needed definitions. + [Steve Henson] + + *) Undo Cygwin change. + [Ulf Möller] + + *) Added support for proxy certificates according to RFC 3820. + Because they may be a security thread to unaware applications, + they must be explicitely allowed in run-time. See + docs/HOWTO/proxy_certificates.txt for further information. + [Richard Levitte] + + Changes between 0.9.7e and 0.9.7f [22 Mar 2005] + + *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating + server and client random values. Previously + (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in + less random data when sizeof(time_t) > 4 (some 64 bit platforms). + + This change has negligible security impact because: + + 1. Server and client random values still have 24 bytes of pseudo random + data. + + 2. Server and client random values are sent in the clear in the initial + handshake. + + 3. The master secret is derived using the premaster secret (48 bytes in + size for static RSA ciphersuites) as well as client server and random + values. + + The OpenSSL team would like to thank the UK NISCC for bringing this issue + to our attention. + + [Stephen Henson, reported by UK NISCC] + + *) Use Windows randomness collection on Cygwin. + [Ulf Möller] + + *) Fix hang in EGD/PRNGD query when communication socket is closed + prematurely by EGD/PRNGD. + [Darren Tucker via Lutz Jänicke, resolves #1014] + + *) Prompt for pass phrases when appropriate for PKCS12 input format. + [Steve Henson] + + *) Back-port of selected performance improvements from development + branch, as well as improved support for PowerPC platforms. + [Andy Polyakov] + + *) Add lots of checks for memory allocation failure, error codes to indicate + failure and freeing up memory if a failure occurs. + [Nauticus Networks SSL Team , Steve Henson] + + *) Add new -passin argument to dgst. + [Steve Henson] + + *) Perform some character comparisons of different types in X509_NAME_cmp: + this is needed for some certificates that reencode DNs into UTF8Strings + (in violation of RFC3280) and can't or wont issue name rollover + certificates. + [Steve Henson] + + *) Make an explicit check during certificate validation to see that + the CA setting in each certificate on the chain is correct. As a + side effect always do the following basic checks on extensions, + not just when there's an associated purpose to the check: + + - if there is an unhandled critical extension (unless the user + has chosen to ignore this fault) + - if the path length has been exceeded (if one is set at all) + - that certain extensions fit the associated purpose (if one has + been given) + [Richard Levitte] + + Changes between 0.9.7d and 0.9.7e [25 Oct 2004] + + *) Avoid a race condition when CRLs are checked in a multi threaded + environment. This would happen due to the reordering of the revoked + entries during signature checking and serial number lookup. Now the + encoding is cached and the serial number sort performed under a lock. + Add new STACK function sk_is_sorted(). + [Steve Henson] + + *) Add Delta CRL to the extension code. + [Steve Henson] + + *) Various fixes to s3_pkt.c so alerts are sent properly. + [David Holmes ] + + *) Reduce the chances of duplicate issuer name and serial numbers (in + violation of RFC3280) using the OpenSSL certificate creation utilities. + This is done by creating a random 64 bit value for the initial serial + number when a serial number file is created or when a self signed + certificate is created using 'openssl req -x509'. The initial serial + number file is created using 'openssl x509 -next_serial' in CA.pl + rather than being initialized to 1. + [Steve Henson] + + Changes between 0.9.7c and 0.9.7d [17 Mar 2004] + + *) Fix null-pointer assignment in do_change_cipher_spec() revealed + by using the Codenomicon TLS Test Tool (CVE-2004-0079) + [Joe Orton, Steve Henson] + + *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites + (CVE-2004-0112) + [Joe Orton, Steve Henson] + + *) Make it possible to have multiple active certificates with the same + subject in the CA index file. This is done only if the keyword + 'unique_subject' is set to 'no' in the main CA section (default + if 'CA_default') of the configuration file. The value is saved + with the database itself in a separate index attribute file, + named like the index file with '.attr' appended to the name. + [Richard Levitte] + + *) X509 verify fixes. Disable broken certificate workarounds when + X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if + keyUsage extension present. Don't accept CRLs with unhandled critical + extensions: since verify currently doesn't process CRL extensions this + rejects a CRL with *any* critical extensions. Add new verify error codes + for these cases. + [Steve Henson] + + *) When creating an OCSP nonce use an OCTET STRING inside the extnValue. + A clarification of RFC2560 will require the use of OCTET STRINGs and + some implementations cannot handle the current raw format. Since OpenSSL + copies and compares OCSP nonces as opaque blobs without any attempt at + parsing them this should not create any compatibility issues. + [Steve Henson] + + *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when + calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without + this HMAC (and other) operations are several times slower than OpenSSL + < 0.9.7. + [Steve Henson] + + *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). + [Peter Sylvester ] + + *) Use the correct content when signing type "other". + [Steve Henson] + + Changes between 0.9.7b and 0.9.7c [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CVE-2003-0543 and CVE-2003-0544). + + Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + + *) New -ignore_err option in ocsp application to stop the server + exiting on the first error in a request. + [Steve Henson] + + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + + *) Change X509_certificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] + + *) Change AES_cbc_encrypt() so it outputs exact multiple of + blocks during encryption. + [Richard Levitte] + + *) Various fixes to base64 BIO and non blocking I/O. On write + flushes were not handled properly if the BIO retried. On read + data was not being buffered properly and had various logic bugs. + This also affects blocking I/O when the data being decoded is a + certain size. + [Steve Henson] + + *) Various S/MIME bugfixes and compatibility changes: + output correct application/pkcs7 MIME type if + PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures. + Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening + of files as .eml work). Correctly handle very long lines in MIME + parser. + [Steve Henson] + + Changes between 0.9.7a and 0.9.7b [10 Apr 2003] + + *) Countermeasure against the Klima-Pokorny-Rosa extension of + Bleichbacher's attack on PKCS #1 v1.5 padding: treat + a protocol version number mismatch like a decryption error + in ssl3_get_client_key_exchange (ssl/s3_srvr.c). + [Bodo Moeller] + + *) Turn on RSA blinding by default in the default implementation + to avoid a timing attack. Applications that don't want it can call + RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. + They would be ill-advised to do so in most cases. + [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller] + + *) Change RSA blinding code so that it works when the PRNG is not + seeded (in this case, the secret RSA exponent is abused as + an unpredictable seed -- if it is not unpredictable, there + is no point in blinding anyway). Make RSA blinding thread-safe + by remembering the creator's thread ID in rsa->blinding and + having all other threads use local one-time blinding factors + (this requires more computation than sharing rsa->blinding, but + avoids excessive locking; and if an RSA object is not shared + between threads, blinding will still be very fast). + [Bodo Moeller] + + *) Fixed a typo bug that would cause ENGINE_set_default() to set an + ENGINE as defaults for all supported algorithms irrespective of + the 'flags' parameter. 'flags' is now honoured, so applications + should make sure they are passing it correctly. + [Geoff Thorpe] + + *) Target "mingw" now allows native Windows code to be generated in + the Cygwin environment as well as with the MinGW compiler. + [Ulf Moeller] + + Changes between 0.9.7 and 0.9.7a [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CVE-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] + + *) Make the no-err option work as intended. The intention with no-err + is not to have the whole error stack handling routines removed from + libcrypto, it's only intended to remove all the function name and + reason texts, thereby removing some of the footprint that may not + be interesting if those errors aren't displayed anyway. + + NOTE: it's still possible for any application or module to have it's + own set of error texts inserted. The routines are there, just not + used by default when no-err is given. + [Richard Levitte] + + *) Add support for FreeBSD on IA64. + [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454] + + *) Adjust DES_cbc_cksum() so it returns the same value as the MIT + Kerberos function mit_des_cbc_cksum(). Before this change, + the value returned by DES_cbc_cksum() was like the one from + mit_des_cbc_cksum(), except the bytes were swapped. + [Kevin Greaney and Richard Levitte] + + *) Allow an application to disable the automatic SSL chain building. + Before this a rather primitive chain build was always performed in + ssl3_output_cert_chain(): an application had no way to send the + correct chain if the automatic operation produced an incorrect result. + + Now the chain builder is disabled if either: + + 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert(). + + 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set. + + The reasoning behind this is that an application would not want the + auto chain building to take place if extra chain certificates are + present and it might also want a means of sending no additional + certificates (for example the chain has two certificates and the + root is omitted). + [Steve Henson] + + *) Add the possibility to build without the ENGINE framework. + [Steven Reddie via Richard Levitte] + + *) Under Win32 gmtime() can return NULL: check return value in + OPENSSL_gmtime(). Add error code for case where gmtime() fails. + [Steve Henson] + + *) DSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Ivan D Nestlerode , + Nils Larsch via PR#459) + [Lutz Jaenicke] + + *) Another fix for SSLv2 session ID handling: the session ID was incorrectly + checked on reconnect on the client side, therefore session resumption + could still fail with a "ssl session id is different" error. This + behaviour is masked when SSL_OP_ALL is used due to + SSL_OP_MICROSOFT_SESS_ID_BUG being set. + Behaviour observed by Crispin Flowerday as + followup to PR #377. + [Lutz Jaenicke] + + *) IA-32 assembler support enhancements: unified ELF targets, support + for SCO/Caldera platforms, fix for Cygwin shared build. + [Andy Polyakov] + + *) Add support for FreeBSD on sparc64. As a consequence, support for + FreeBSD on non-x86 processors is separate from x86 processors on + the config script, much like the NetBSD support. + [Richard Levitte & Kris Kennaway ] + + Changes between 0.9.6h and 0.9.7 [31 Dec 2002] + + [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after + OpenSSL 0.9.7.] + + *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED + code (06) was taken as the first octet of the session ID and the last + octet was ignored consequently. As a result SSLv2 client side session + caching could not have worked due to the session ID mismatch between + client and server. + Behaviour observed by Crispin Flowerday as + PR #377. + [Lutz Jaenicke] + + *) Change the declaration of needed Kerberos libraries to use EX_LIBS + instead of the special (and badly supported) LIBKRB5. LIBKRB5 is + removed entirely. + [Richard Levitte] + + *) The hw_ncipher.c engine requires dynamic locks. Unfortunately, it + seems that in spite of existing for more than a year, many application + author have done nothing to provide the necessary callbacks, which + means that this particular engine will not work properly anywhere. + This is a very unfortunate situation which forces us, in the name + of usability, to give the hw_ncipher.c a static lock, which is part + of libcrypto. + NOTE: This is for the 0.9.7 series ONLY. This hack will never + appear in 0.9.8 or later. We EXPECT application authors to have + dealt properly with this when 0.9.8 is released (unless we actually + make such changes in the libcrypto locking code that changes will + have to be made anyway). + [Richard Levitte] + + *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content + octets have been read, EOF or an error occurs. Without this change + some truncated ASN1 structures will not produce an error. + [Steve Henson] + + *) Disable Heimdal support, since it hasn't been fully implemented. + Still give the possibility to force the use of Heimdal, but with + warnings and a request that patches get sent to openssl-dev. + [Richard Levitte] + + *) Add the VC-CE target, introduce the WINCE sysname, and add + INSTALL.WCE and appropriate conditionals to make it build. + [Steven Reddie via Richard Levitte] + + *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and + cygssl-x.y.z.dll, where x, y and z are the major, minor and + edit numbers of the version. + [Corinna Vinschen and Richard Levitte] + + *) Introduce safe string copy and catenation functions + (BUF_strlcpy() and BUF_strlcat()). + [Ben Laurie (CHATS) and Richard Levitte] + + *) Avoid using fixed-size buffers for one-line DNs. + [Ben Laurie (CHATS)] + + *) Add BUF_MEM_grow_clean() to avoid information leakage when + resizing buffers containing secrets, and use where appropriate. + [Ben Laurie (CHATS)] + + *) Avoid using fixed size buffers for configuration file location. + [Ben Laurie (CHATS)] + + *) Avoid filename truncation for various CA files. + [Ben Laurie (CHATS)] + + *) Use sizeof in preference to magic numbers. + [Ben Laurie (CHATS)] + + *) Avoid filename truncation in cert requests. + [Ben Laurie (CHATS)] + + *) Add assertions to check for (supposedly impossible) buffer + overflows. + [Ben Laurie (CHATS)] + + *) Don't cache truncated DNS entries in the local cache (this could + potentially lead to a spoofing attack). + [Ben Laurie (CHATS)] + + *) Fix various buffers to be large enough for hex/decimal + representations in a platform independent manner. + [Ben Laurie (CHATS)] + + *) Add CRYPTO_realloc_clean() to avoid information leakage when + resizing buffers containing secrets, and use where appropriate. + [Ben Laurie (CHATS)] + + *) Add BIO_indent() to avoid much slightly worrying code to do + indents. + [Ben Laurie (CHATS)] + + *) Convert sprintf()/BIO_puts() to BIO_printf(). + [Ben Laurie (CHATS)] + + *) buffer_gets() could terminate with the buffer only half + full. Fixed. + [Ben Laurie (CHATS)] + + *) Add assertions to prevent user-supplied crypto functions from + overflowing internal buffers by having large block sizes, etc. + [Ben Laurie (CHATS)] + + *) New OPENSSL_assert() macro (similar to assert(), but enabled + unconditionally). + [Ben Laurie (CHATS)] + + *) Eliminate unused copy of key in RC4. + [Ben Laurie (CHATS)] + + *) Eliminate unused and incorrectly sized buffers for IV in pem.h. + [Ben Laurie (CHATS)] + + *) Fix off-by-one error in EGD path. + [Ben Laurie (CHATS)] + + *) If RANDFILE path is too long, ignore instead of truncating. + [Ben Laurie (CHATS)] + + *) Eliminate unused and incorrectly sized X.509 structure + CBCParameter. + [Ben Laurie (CHATS)] + + *) Eliminate unused and dangerous function knumber(). + [Ben Laurie (CHATS)] + + *) Eliminate unused and dangerous structure, KSSL_ERR. + [Ben Laurie (CHATS)] + + *) Protect against overlong session ID context length in an encoded + session object. Since these are local, this does not appear to be + exploitable. + [Ben Laurie (CHATS)] + + *) Change from security patch (see 0.9.6e below) that did not affect + the 0.9.6 release series: + + Remote buffer overflow in SSL3 protocol - an attacker could + supply an oversized master key in Kerberos-enabled versions. + (CVE-2002-0657) + [Ben Laurie (CHATS)] + + *) Change the SSL kerb5 codes to match RFC 2712. + [Richard Levitte] + + *) Make -nameopt work fully for req and add -reqopt switch. + [Michael Bell , Steve Henson] + + *) The "block size" for block ciphers in CFB and OFB mode should be 1. + [Steve Henson, reported by Yngve Nysaeter Pettersen ] + + *) Make sure tests can be performed even if the corresponding algorithms + have been removed entirely. This was also the last step to make + OpenSSL compilable with DJGPP under all reasonable conditions. + [Richard Levitte, Doug Kaufman ] + + *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT + to allow version independent disabling of normally unselected ciphers, + which may be activated as a side-effect of selecting a single cipher. + + (E.g., cipher list string "RSA" enables ciphersuites that are left + out of "ALL" because they do not provide symmetric encryption. + "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.) + [Lutz Jaenicke, Bodo Moeller] + + *) Add appropriate support for separate platform-dependent build + directories. The recommended way to make a platform-dependent + build directory is the following (tested on Linux), maybe with + some local tweaks: + + # Place yourself outside of the OpenSSL source tree. In + # this example, the environment variable OPENSSL_SOURCE + # is assumed to contain the absolute OpenSSL source directory. + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do + mkdir -p `dirname $F` + ln -s $OPENSSL_SOURCE/$F $F + done + + To be absolutely sure not to disturb the source tree, a "make clean" + is a good thing. If it isn't successfull, don't worry about it, + it probably means the source directory is very clean. + [Richard Levitte] + + *) Make sure any ENGINE control commands make local copies of string + pointers passed to them whenever necessary. Otherwise it is possible + the caller may have overwritten (or deallocated) the original string + data when a later ENGINE operation tries to use the stored values. + [Götz Babin-Ebell ] + + *) Improve diagnostics in file reading and command-line digests. + [Ben Laurie aided and abetted by Solar Designer ] + + *) Add AES modes CFB and OFB to the object database. Correct an + error in AES-CFB decryption. + [Richard Levitte] + + *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this + allows existing EVP_CIPHER_CTX structures to be reused after + calling EVP_*Final(). This behaviour is used by encryption + BIOs and some applications. This has the side effect that + applications must explicitly clean up cipher contexts with + EVP_CIPHER_CTX_cleanup() or they will leak memory. + [Steve Henson] + + *) Check the values of dna and dnb in bn_mul_recursive before calling + bn_mul_comba (a non zero value means the a or b arrays do not contain + n2 elements) and fallback to bn_mul_normal if either is not zero. + [Steve Henson] + + *) Fix escaping of non-ASCII characters when using the -subj option + of the "openssl req" command line tool. (Robert Joop ) + [Lutz Jaenicke] + + *) Make object definitions compliant to LDAP (RFC2256): SN is the short + form for "surname", serialNumber has no short form. + Use "mail" as the short name for "rfc822Mailbox" according to RFC2798; + therefore remove "mail" short name for "internet 7". + The OID for unique identifiers in X509 certificates is + x500UniqueIdentifier, not uniqueIdentifier. + Some more OID additions. (Michael Bell ) + [Lutz Jaenicke] + + *) Add an "init" command to the ENGINE config module and auto initialize + ENGINEs. Without any "init" command the ENGINE will be initialized + after all ctrl commands have been executed on it. If init=1 the + ENGINE is initailized at that point (ctrls before that point are run + on the uninitialized ENGINE and after on the initialized one). If + init=0 then the ENGINE will not be iniatialized at all. + [Steve Henson] + + *) Fix the 'app_verify_callback' interface so that the user-defined + argument is actually passed to the callback: In the + SSL_CTX_set_cert_verify_callback() prototype, the callback + declaration has been changed from + int (*cb)() + into + int (*cb)(X509_STORE_CTX *,void *); + in ssl_verify_cert_chain (ssl/ssl_cert.c), the call + i=s->ctx->app_verify_callback(&ctx) + has been changed into + i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg). + + To update applications using SSL_CTX_set_cert_verify_callback(), + a dummy argument can be added to their callback functions. + [D. K. Smetters ] + + *) Added the '4758cca' ENGINE to support IBM 4758 cards. + [Maurice Gittens , touchups by Geoff Thorpe] + + *) Add and OPENSSL_LOAD_CONF define which will cause + OpenSSL_add_all_algorithms() to load the openssl.cnf config file. + This allows older applications to transparently support certain + OpenSSL features: such as crypto acceleration and dynamic ENGINE loading. + Two new functions OPENSSL_add_all_algorithms_noconf() which will never + load the config file and OPENSSL_add_all_algorithms_conf() which will + always load it have also been added. + [Steve Henson] + + *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES. + Adjust NIDs and EVP layer. + [Stephen Sprunk and Richard Levitte] + + *) Config modules support in openssl utility. + + Most commands now load modules from the config file, + though in a few (such as version) this isn't done + because it couldn't be used for anything. + + In the case of ca and req the config file used is + the same as the utility itself: that is the -config + command line option can be used to specify an + alternative file. + [Steve Henson] + + *) Move default behaviour from OPENSSL_config(). If appname is NULL + use "openssl_conf" if filename is NULL use default openssl config file. + [Steve Henson] + + *) Add an argument to OPENSSL_config() to allow the use of an alternative + config section name. Add a new flag to tolerate a missing config file + and move code to CONF_modules_load_file(). + [Steve Henson] + + *) Support for crypto accelerator cards from Accelerated Encryption + Processing, www.aep.ie. (Use engine 'aep') + The support was copied from 0.9.6c [engine] and adapted/corrected + to work with the new engine framework. + [AEP Inc. and Richard Levitte] + + *) Support for SureWare crypto accelerator cards from Baltimore + Technologies. (Use engine 'sureware') + The support was copied from 0.9.6c [engine] and adapted + to work with the new engine framework. + [Richard Levitte] + + *) Have the CHIL engine fork-safe (as defined by nCipher) and actually + make the newer ENGINE framework commands for the CHIL engine work. + [Toomas Kiisk and Richard Levitte] + + *) Make it possible to produce shared libraries on ReliantUNIX. + [Robert Dahlem via Richard Levitte] + + *) Add the configuration target debug-linux-ppro. + Make 'openssl rsa' use the general key loading routines + implemented in apps.c, and make those routines able to + handle the key format FORMAT_NETSCAPE and the variant + FORMAT_IISSGC. + [Toomas Kiisk via Richard Levitte] + + *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). + [Toomas Kiisk via Richard Levitte] + + *) Add -keyform to rsautl, and document -engine. + [Richard Levitte, inspired by Toomas Kiisk ] + + *) Change BIO_new_file (crypto/bio/bss_file.c) to use new + BIO_R_NO_SUCH_FILE error code rather than the generic + ERR_R_SYS_LIB error code if fopen() fails with ENOENT. + [Ben Laurie] + + *) Add new functions + ERR_peek_last_error + ERR_peek_last_error_line + ERR_peek_last_error_line_data. + These are similar to + ERR_peek_error + ERR_peek_error_line + ERR_peek_error_line_data, + but report on the latest error recorded rather than the first one + still in the error queue. + [Ben Laurie, Bodo Moeller] + + *) default_algorithms option in ENGINE config module. This allows things + like: + default_algorithms = ALL + default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS + [Steve Henson] + + *) Prelminary ENGINE config module. + [Steve Henson] + + *) New experimental application configuration code. + [Steve Henson] + + *) Change the AES code to follow the same name structure as all other + symmetric ciphers, and behave the same way. Move everything to + the directory crypto/aes, thereby obsoleting crypto/rijndael. + [Stephen Sprunk and Richard Levitte] + + *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. + [Ben Laurie and Theo de Raadt] + + *) Add option to output public keys in req command. + [Massimiliano Pala madwolf@openca.org] + + *) Use wNAFs in EC_POINTs_mul() for improved efficiency + (up to about 10% better than before for P-192 and P-224). + [Bodo Moeller] + + *) New functions/macros + + SSL_CTX_set_msg_callback(ctx, cb) + SSL_CTX_set_msg_callback_arg(ctx, arg) + SSL_set_msg_callback(ssl, cb) + SSL_set_msg_callback_arg(ssl, arg) + + to request calling a callback function + + void cb(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg) + + whenever a protocol message has been completely received + (write_p == 0) or sent (write_p == 1). Here 'version' is the + protocol version according to which the SSL library interprets + the current protocol message (SSL2_VERSION, SSL3_VERSION, or + TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or + the content type as defined in the SSL 3.0/TLS 1.0 protocol + specification (change_cipher_spec(20), alert(21), handshake(22)). + 'buf' and 'len' point to the actual message, 'ssl' to the + SSL object, and 'arg' is the application-defined value set by + SSL[_CTX]_set_msg_callback_arg(). + + 'openssl s_client' and 'openssl s_server' have new '-msg' options + to enable a callback that displays all protocol messages. + [Bodo Moeller] + + *) Change the shared library support so shared libraries are built as + soon as the corresponding static library is finished, and thereby get + openssl and the test programs linked against the shared library. + This still only happens when the keyword "shard" has been given to + the configuration scripts. + + NOTE: shared library support is still an experimental thing, and + backward binary compatibility is still not guaranteed. + ["Maciej W. Rozycki" and Richard Levitte] + + *) Add support for Subject Information Access extension. + [Peter Sylvester ] + + *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero + additional bytes when new memory had to be allocated, not just + when reusing an existing buffer. + [Bodo Moeller] + + *) New command line and configuration option 'utf8' for the req command. + This allows field values to be specified as UTF8 strings. + [Steve Henson] + + *) Add -multi and -mr options to "openssl speed" - giving multiple parallel + runs for the former and machine-readable output for the latter. + [Ben Laurie] + + *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion + of the e-mail address in the DN (i.e., it will go into a certificate + extension only). The new configuration file option 'email_in_dn = no' + has the same effect. + [Massimiliano Pala madwolf@openca.org] + + *) Change all functions with names starting with des_ to be starting + with DES_ instead. Add wrappers that are compatible with libdes, + but are named _ossl_old_des_*. Finally, add macros that map the + des_* symbols to the corresponding _ossl_old_des_* if libdes + compatibility is desired. If OpenSSL 0.9.6c compatibility is + desired, the des_* symbols will be mapped to DES_*, with one + exception. + + Since we provide two compatibility mappings, the user needs to + define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes + compatibility is desired. The default (i.e., when that macro + isn't defined) is OpenSSL 0.9.6c compatibility. + + There are also macros that enable and disable the support of old + des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT + and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those + are defined, the default will apply: to support the old des routines. + + In either case, one must include openssl/des.h to get the correct + definitions. Do not try to just include openssl/des_old.h, that + won't work. + + NOTE: This is a major break of an old API into a new one. Software + authors are encouraged to switch to the DES_ style functions. Some + time in the future, des_old.h and the libdes compatibility functions + will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the + default), and then completely removed. + [Richard Levitte] + + *) Test for certificates which contain unsupported critical extensions. + If such a certificate is found during a verify operation it is + rejected by default: this behaviour can be overridden by either + handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or + by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function + X509_supported_extension() has also been added which returns 1 if a + particular extension is supported. + [Steve Henson] + + *) Modify the behaviour of EVP cipher functions in similar way to digests + to retain compatibility with existing code. + [Steve Henson] + + *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain + compatibility with existing code. In particular the 'ctx' parameter does + not have to be to be initialized before the call to EVP_DigestInit() and + it is tidied up after a call to EVP_DigestFinal(). New function + EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function + EVP_MD_CTX_copy() changed to not require the destination to be + initialized valid and new function EVP_MD_CTX_copy_ex() added which + requires the destination to be valid. + + Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(), + EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex(). + [Steve Henson] + + *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it + so that complete 'Handshake' protocol structures are kept in memory + instead of overwriting 'msg_type' and 'length' with 'body' data. + [Bodo Moeller] + + *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. + [Massimo Santin via Richard Levitte] + + *) Major restructuring to the underlying ENGINE code. This includes + reduction of linker bloat, separation of pure "ENGINE" manipulation + (initialisation, etc) from functionality dealing with implementations + of specific crypto iterfaces. This change also introduces integrated + support for symmetric ciphers and digest implementations - so ENGINEs + can now accelerate these by providing EVP_CIPHER and EVP_MD + implementations of their own. This is detailed in crypto/engine/README + as it couldn't be adequately described here. However, there are a few + API changes worth noting - some RSA, DSA, DH, and RAND functions that + were changed in the original introduction of ENGINE code have now + reverted back - the hooking from this code to ENGINE is now a good + deal more passive and at run-time, operations deal directly with + RSA_METHODs, DSA_METHODs (etc) as they did before, rather than + dereferencing through an ENGINE pointer any more. Also, the ENGINE + functions dealing with BN_MOD_EXP[_CRT] handlers have been removed - + they were not being used by the framework as there is no concept of a + BIGNUM_METHOD and they could not be generalised to the new + 'ENGINE_TABLE' mechanism that underlies the new code. Similarly, + ENGINE_cpy() has been removed as it cannot be consistently defined in + the new code. + [Geoff Thorpe] + + *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds. + [Steve Henson] + + *) Change mkdef.pl to sort symbols that get the same entry number, + and make sure the automatically generated functions ERR_load_* + become part of libeay.num as well. + [Richard Levitte] + + *) New function SSL_renegotiate_pending(). This returns true once + renegotiation has been requested (either SSL_renegotiate() call + or HelloRequest/ClientHello receveived from the peer) and becomes + false once a handshake has been completed. + (For servers, SSL_renegotiate() followed by SSL_do_handshake() + sends a HelloRequest, but does not ensure that a handshake takes + place. SSL_renegotiate_pending() is useful for checking if the + client has followed the request.) + [Bodo Moeller] + + *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. + By default, clients may request session resumption even during + renegotiation (if session ID contexts permit); with this option, + session resumption is possible only in the first handshake. + + SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes + more bits available for options that should not be part of + SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION). + [Bodo Moeller] + + *) Add some demos for certificate and certificate request creation. + [Steve Henson] + + *) Make maximum certificate chain size accepted from the peer application + settable (SSL*_get/set_max_cert_list()), as proposed by + "Douglas E. Engert" . + [Lutz Jaenicke] + + *) Add support for shared libraries for Unixware-7 + (Boyd Lynn Gerber ). + [Lutz Jaenicke] + + *) Add a "destroy" handler to ENGINEs that allows structural cleanup to + be done prior to destruction. Use this to unload error strings from + ENGINEs that load their own error strings. NB: This adds two new API + functions to "get" and "set" this destroy handler in an ENGINE. + [Geoff Thorpe] + + *) Alter all existing ENGINE implementations (except "openssl" and + "openbsd") to dynamically instantiate their own error strings. This + makes them more flexible to be built both as statically-linked ENGINEs + and self-contained shared-libraries loadable via the "dynamic" ENGINE. + Also, add stub code to each that makes building them as self-contained + shared-libraries easier (see README.ENGINE). + [Geoff Thorpe] + + *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE + implementations into applications that are completely implemented in + self-contained shared-libraries. The "dynamic" ENGINE exposes control + commands that can be used to configure what shared-library to load and + to control aspects of the way it is handled. Also, made an update to + the README.ENGINE file that brings its information up-to-date and + provides some information and instructions on the "dynamic" ENGINE + (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). + [Geoff Thorpe] + + *) Make it possible to unload ranges of ERR strings with a new + "ERR_unload_strings" function. + [Geoff Thorpe] + + *) Add a copy() function to EVP_MD. + [Ben Laurie] + + *) Make EVP_MD routines take a context pointer instead of just the + md_data void pointer. + [Ben Laurie] + + *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates + that the digest can only process a single chunk of data + (typically because it is provided by a piece of + hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application + is only going to provide a single chunk of data, and hence the + framework needn't accumulate the data for oneshot drivers. + [Ben Laurie] + + *) As with "ERR", make it possible to replace the underlying "ex_data" + functions. This change also alters the storage and management of global + ex_data state - it's now all inside ex_data.c and all "class" code (eg. + RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class + index counters. The API functions that use this state have been changed + to take a "class_index" rather than pointers to the class's local STACK + and counter, and there is now an API function to dynamically create new + classes. This centralisation allows us to (a) plug a lot of the + thread-safety problems that existed, and (b) makes it possible to clean + up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b) + such data would previously have always leaked in application code and + workarounds were in place to make the memory debugging turn a blind eye + to it. Application code that doesn't use this new function will still + leak as before, but their memory debugging output will announce it now + rather than letting it slide. + + Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change + induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now + has a return value to indicate success or failure. + [Geoff Thorpe] + + *) Make it possible to replace the underlying "ERR" functions such that the + global state (2 LHASH tables and 2 locks) is only used by the "default" + implementation. This change also adds two functions to "get" and "set" + the implementation prior to it being automatically set the first time + any other ERR function takes place. Ie. an application can call "get", + pass the return value to a module it has just loaded, and that module + can call its own "set" function using that value. This means the + module's "ERR" operations will use (and modify) the error state in the + application and not in its own statically linked copy of OpenSSL code. + [Geoff Thorpe] + + *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment + reference counts. This performs normal REF_PRINT/REF_CHECK macros on + the operation, and provides a more encapsulated way for external code + (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code + to use these functions rather than manually incrementing the counts. + + Also rename "DSO_up()" function to more descriptive "DSO_up_ref()". + [Geoff Thorpe] + + *) Add EVP test program. + [Ben Laurie] + + *) Add symmetric cipher support to ENGINE. Expect the API to change! + [Ben Laurie] + + *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name() + X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(), + X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate(). + These allow a CRL to be built without having to access X509_CRL fields + directly. Modify 'ca' application to use new functions. + [Steve Henson] + + *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended + bug workarounds. Rollback attack detection is a security feature. + The problem will only arise on OpenSSL servers when TLSv1 is not + available (sslv3_server_method() or SSL_OP_NO_TLSv1). + Software authors not wanting to support TLSv1 will have special reasons + for their choice and can explicitly enable this option. + [Bodo Moeller, Lutz Jaenicke] + + *) Rationalise EVP so it can be extended: don't include a union of + cipher/digest structures, add init/cleanup functions for EVP_MD_CTX + (similar to those existing for EVP_CIPHER_CTX). + Usage example: + + EVP_MD_CTX md; + + EVP_MD_CTX_init(&md); /* new function call */ + EVP_DigestInit(&md, EVP_sha1()); + EVP_DigestUpdate(&md, in, len); + EVP_DigestFinal(&md, out, NULL); + EVP_MD_CTX_cleanup(&md); /* new function call */ + + [Ben Laurie] + + *) Make DES key schedule conform to the usual scheme, as well as + correcting its structure. This means that calls to DES functions + now have to pass a pointer to a des_key_schedule instead of a + plain des_key_schedule (which was actually always a pointer + anyway): E.g., + + des_key_schedule ks; + + des_set_key_checked(..., &ks); + des_ncbc_encrypt(..., &ks, ...); + + (Note that a later change renames 'des_...' into 'DES_...'.) + [Ben Laurie] + + *) Initial reduction of linker bloat: the use of some functions, such as + PEM causes large amounts of unused functions to be linked in due to + poor organisation. For example pem_all.c contains every PEM function + which has a knock on effect of linking in large amounts of (unused) + ASN1 code. Grouping together similar functions and splitting unrelated + functions prevents this. + [Steve Henson] + + *) Cleanup of EVP macros. + [Ben Laurie] + + *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the + correct _ecb suffix. + [Ben Laurie] + + *) Add initial OCSP responder support to ocsp application. The + revocation information is handled using the text based index + use by the ca application. The responder can either handle + requests generated internally, supplied in files (for example + via a CGI script) or using an internal minimal server. + [Steve Henson] + + *) Add configuration choices to get zlib compression for TLS. + [Richard Levitte] + + *) Changes to Kerberos SSL for RFC 2712 compliance: + 1. Implemented real KerberosWrapper, instead of just using + KRB5 AP_REQ message. [Thanks to Simon Wilkinson ] + 2. Implemented optional authenticator field of KerberosWrapper. + + Added openssl-style ASN.1 macros for Kerberos ticket, ap_req, + and authenticator structs; see crypto/krb5/. + + Generalized Kerberos calls to support multiple Kerberos libraries. + [Vern Staats , + Jeffrey Altman + via Richard Levitte] + + *) Cause 'openssl speed' to use fully hard-coded DSA keys as it + already does with RSA. testdsa.h now has 'priv_key/pub_key' + values for each of the key sizes rather than having just + parameters (and 'speed' generating keys each time). + [Geoff Thorpe] + + *) Speed up EVP routines. + Before: +encrypt +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k +des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k +des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k +decrypt +des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k +des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k +des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k + After: +encrypt +des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k +decrypt +des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k + [Ben Laurie] + + *) Added the OS2-EMX target. + ["Brian Havard" and Richard Levitte] + + *) Rewrite apps to use NCONF routines instead of the old CONF. New functions + to support NCONF routines in extension code. New function CONF_set_nconf() + to allow functions which take an NCONF to also handle the old LHASH + structure: this means that the old CONF compatible routines can be + retained (in particular wrt extensions) without having to duplicate the + code. New function X509V3_add_ext_nconf_sk to add extensions to a stack. + [Steve Henson] + + *) Enhance the general user interface with mechanisms for inner control + and with possibilities to have yes/no kind of prompts. + [Richard Levitte] + + *) Change all calls to low level digest routines in the library and + applications to use EVP. Add missing calls to HMAC_cleanup() and + don't assume HMAC_CTX can be copied using memcpy(). + [Verdon Walker , Steve Henson] + + *) Add the possibility to control engines through control names but with + arbitrary arguments instead of just a string. + Change the key loaders to take a UI_METHOD instead of a callback + function pointer. NOTE: this breaks binary compatibility with earlier + versions of OpenSSL [engine]. + Adapt the nCipher code for these new conditions and add a card insertion + callback. + [Richard Levitte] + + *) Enhance the general user interface with mechanisms to better support + dialog box interfaces, application-defined prompts, the possibility + to use defaults (for example default passwords from somewhere else) + and interrupts/cancellations. + [Richard Levitte] + + *) Tidy up PKCS#12 attribute handling. Add support for the CSP name + attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. + [Steve Henson] + + *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also + tidy up some unnecessarily weird code in 'sk_new()'). + [Geoff, reported by Diego Tartara ] + + *) Change the key loading routines for ENGINEs to use the same kind + callback (pem_password_cb) as all other routines that need this + kind of callback. + [Richard Levitte] + + *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with + 256 bit (=32 byte) keys. Of course seeding with more entropy bytes + than this minimum value is recommended. + [Lutz Jaenicke] + + *) New random seeder for OpenVMS, using the system process statistics + that are easily reachable. + [Richard Levitte] + + *) Windows apparently can't transparently handle global + variables defined in DLLs. Initialisations such as: + + const ASN1_ITEM *it = &ASN1_INTEGER_it; + + wont compile. This is used by the any applications that need to + declare their own ASN1 modules. This was fixed by adding the option + EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly + needed for static libraries under Win32. + [Steve Henson] + + *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle + setting of purpose and trust fields. New X509_STORE trust and + purpose functions and tidy up setting in other SSL functions. + [Steve Henson] + + *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE + structure. These are inherited by X509_STORE_CTX when it is + initialised. This allows various defaults to be set in the + X509_STORE structure (such as flags for CRL checking and custom + purpose or trust settings) for functions which only use X509_STORE_CTX + internally such as S/MIME. + + Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and + trust settings if they are not set in X509_STORE. This allows X509_STORE + purposes and trust (in S/MIME for example) to override any set by default. + + Add command line options for CRL checking to smime, s_client and s_server + applications. + [Steve Henson] + + *) Initial CRL based revocation checking. If the CRL checking flag(s) + are set then the CRL is looked up in the X509_STORE structure and + its validity and signature checked, then if the certificate is found + in the CRL the verify fails with a revoked error. + + Various new CRL related callbacks added to X509_STORE_CTX structure. + + Command line options added to 'verify' application to support this. + + This needs some additional work, such as being able to handle multiple + CRLs with different times, extension based lookup (rather than just + by subject name) and ultimately more complete V2 CRL extension + handling. + [Steve Henson] + + *) Add a general user interface API (crypto/ui/). This is designed + to replace things like des_read_password and friends (backward + compatibility functions using this new API are provided). + The purpose is to remove prompting functions from the DES code + section as well as provide for prompting through dialog boxes in + a window system and the like. + [Richard Levitte] + + *) Add "ex_data" support to ENGINE so implementations can add state at a + per-structure level rather than having to store it globally. + [Geoff] + + *) Make it possible for ENGINE structures to be copied when retrieved by + ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY. + This causes the "original" ENGINE structure to act like a template, + analogous to the RSA vs. RSA_METHOD type of separation. Because of this + operational state can be localised to each ENGINE structure, despite the + fact they all share the same "methods". New ENGINE structures returned in + this case have no functional references and the return value is the single + structural reference. This matches the single structural reference returned + by ENGINE_by_id() normally, when it is incremented on the pre-existing + ENGINE structure. + [Geoff] + + *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this + needs to match any other type at all we need to manually clear the + tag cache. + [Steve Henson] + + *) Changes to the "openssl engine" utility to include; + - verbosity levels ('-v', '-vv', and '-vvv') that provide information + about an ENGINE's available control commands. + - executing control commands from command line arguments using the + '-pre' and '-post' switches. '-post' is only used if '-t' is + specified and the ENGINE is successfully initialised. The syntax for + the individual commands are colon-separated, for example; + openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so + [Geoff] + + *) New dynamic control command support for ENGINEs. ENGINEs can now + declare their own commands (numbers), names (strings), descriptions, + and input types for run-time discovery by calling applications. A + subset of these commands are implicitly classed as "executable" + depending on their input type, and only these can be invoked through + the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this + can be based on user input, config files, etc). The distinction is + that "executable" commands cannot return anything other than a boolean + result and can only support numeric or string input, whereas some + discoverable commands may only be for direct use through + ENGINE_ctrl(), eg. supporting the exchange of binary data, function + pointers, or other custom uses. The "executable" commands are to + support parameterisations of ENGINE behaviour that can be + unambiguously defined by ENGINEs and used consistently across any + OpenSSL-based application. Commands have been added to all the + existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow + control over shared-library paths without source code alterations. + [Geoff] + + *) Changed all ENGINE implementations to dynamically allocate their + ENGINEs rather than declaring them statically. Apart from this being + necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction, + this also allows the implementations to compile without using the + internal engine_int.h header. + [Geoff] + + *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a + 'const' value. Any code that should be able to modify a RAND_METHOD + should already have non-const pointers to it (ie. they should only + modify their own ones). + [Geoff] + + *) Made a variety of little tweaks to the ENGINE code. + - "atalla" and "ubsec" string definitions were moved from header files + to C code. "nuron" string definitions were placed in variables + rather than hard-coded - allowing parameterisation of these values + later on via ctrl() commands. + - Removed unused "#if 0"'d code. + - Fixed engine list iteration code so it uses ENGINE_free() to release + structural references. + - Constified the RAND_METHOD element of ENGINE structures. + - Constified various get/set functions as appropriate and added + missing functions (including a catch-all ENGINE_cpy that duplicates + all ENGINE values onto a new ENGINE except reference counts/state). + - Removed NULL parameter checks in get/set functions. Setting a method + or function to NULL is a way of cancelling out a previously set + value. Passing a NULL ENGINE parameter is just plain stupid anyway + and doesn't justify the extra error symbols and code. + - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for + flags from engine_int.h to engine.h. + - Changed prototypes for ENGINE handler functions (init(), finish(), + ctrl(), key-load functions, etc) to take an (ENGINE*) parameter. + [Geoff] + + *) Implement binary inversion algorithm for BN_mod_inverse in addition + to the algorithm using long division. The binary algorithm can be + used only if the modulus is odd. On 32-bit systems, it is faster + only for relatively small moduli (roughly 20-30% for 128-bit moduli, + roughly 5-15% for 256-bit moduli), so we use it only for moduli + up to 450 bits. In 64-bit environments, the binary algorithm + appears to be advantageous for much longer moduli; here we use it + for moduli up to 2048 bits. + [Bodo Moeller] + + *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code + could not support the combine flag in choice fields. + [Steve Henson] + + *) Add a 'copy_extensions' option to the 'ca' utility. This copies + extensions from a certificate request to the certificate. + [Steve Henson] + + *) Allow multiple 'certopt' and 'nameopt' options to be separated + by commas. Add 'namopt' and 'certopt' options to the 'ca' config + file: this allows the display of the certificate about to be + signed to be customised, to allow certain fields to be included + or excluded and extension details. The old system didn't display + multicharacter strings properly, omitted fields not in the policy + and couldn't display additional details such as extensions. + [Steve Henson] + + *) Function EC_POINTs_mul for multiple scalar multiplication + of an arbitrary number of elliptic curve points + \sum scalars[i]*points[i], + optionally including the generator defined for the EC_GROUP: + scalar*generator + \sum scalars[i]*points[i]. + + EC_POINT_mul is a simple wrapper function for the typical case + that the point list has just one item (besides the optional + generator). + [Bodo Moeller] + + *) First EC_METHODs for curves over GF(p): + + EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr + operations and provides various method functions that can also + operate with faster implementations of modular arithmetic. + + EC_GFp_mont_method() reuses most functions that are part of + EC_GFp_simple_method, but uses Montgomery arithmetic. + + [Bodo Moeller; point addition and point doubling + implementation directly derived from source code provided by + Lenka Fibikova ] + + *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h, + crypto/ec/ec_lib.c): + + Curves are EC_GROUP objects (with an optional group generator) + based on EC_METHODs that are built into the library. + + Points are EC_POINT objects based on EC_GROUP objects. + + Most of the framework would be able to handle curves over arbitrary + finite fields, but as there are no obvious types for fields other + than GF(p), some functions are limited to that for now. + [Bodo Moeller] + + *) Add the -HTTP option to s_server. It is similar to -WWW, but requires + that the file contains a complete HTTP response. + [Richard Levitte] + + *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl + change the def and num file printf format specifier from "%-40sXXX" + to "%-39s XXX". The latter will always guarantee a space after the + field while the former will cause them to run together if the field + is 40 of more characters long. + [Steve Henson] + + *) Constify the cipher and digest 'method' functions and structures + and modify related functions to take constant EVP_MD and EVP_CIPHER + pointers. + [Steve Henson] + + *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them + in . Also further increase BN_CTX_NUM to 32. + [Bodo Moeller] + + *) Modify EVP_Digest*() routines so they now return values. Although the + internal software routines can never fail additional hardware versions + might. + [Steve Henson] + + *) Clean up crypto/err/err.h and change some error codes to avoid conflicts: + + Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7 + (= ERR_R_PKCS7_LIB); it is now 64 instead of 32. + + ASN1 error codes + ERR_R_NESTED_ASN1_ERROR + ... + ERR_R_MISSING_ASN1_EOS + were 4 .. 9, conflicting with + ERR_LIB_RSA (= ERR_R_RSA_LIB) + ... + ERR_LIB_PEM (= ERR_R_PEM_LIB). + They are now 58 .. 63 (i.e., just below ERR_R_FATAL). + + Add new error code 'ERR_R_INTERNAL_ERROR'. + [Bodo Moeller] + + *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock + suffices. + [Bodo Moeller] + + *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This + sets the subject name for a new request or supersedes the + subject name in a given request. Formats that can be parsed are + 'CN=Some Name, OU=myOU, C=IT' + and + 'CN=Some Name/OU=myOU/C=IT'. + + Add options '-batch' and '-verbose' to 'openssl req'. + [Massimiliano Pala ] + + *) Introduce the possibility to access global variables through + functions on platform were that's the best way to handle exporting + global variables in shared libraries. To enable this functionality, + one must configure with "EXPORT_VAR_AS_FN" or defined the C macro + "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter + is normally done by Configure or something similar). + + To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL + in the source file (foo.c) like this: + + OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1; + OPENSSL_IMPLEMENT_GLOBAL(double,bar); + + To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL + and OPENSSL_GLOBAL_REF in the header file (foo.h) like this: + + OPENSSL_DECLARE_GLOBAL(int,foo); + #define foo OPENSSL_GLOBAL_REF(foo) + OPENSSL_DECLARE_GLOBAL(double,bar); + #define bar OPENSSL_GLOBAL_REF(bar) + + The #defines are very important, and therefore so is including the + header file everywhere where the defined globals are used. + + The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition + of ASN.1 items, but that structure is a bit different. + + The largest change is in util/mkdef.pl which has been enhanced with + better and easier to understand logic to choose which symbols should + go into the Windows .def files as well as a number of fixes and code + cleanup (among others, algorithm keywords are now sorted + lexicographically to avoid constant rewrites). + [Richard Levitte] + + *) In BN_div() keep a copy of the sign of 'num' before writing the + result to 'rm' because if rm==num the value will be overwritten + and produce the wrong result if 'num' is negative: this caused + problems with BN_mod() and BN_nnmod(). + [Steve Henson] + + *) Function OCSP_request_verify(). This checks the signature on an + OCSP request and verifies the signer certificate. The signer + certificate is just checked for a generic purpose and OCSP request + trust settings. + [Steve Henson] + + *) Add OCSP_check_validity() function to check the validity of OCSP + responses. OCSP responses are prepared in real time and may only + be a few seconds old. Simply checking that the current time lies + between thisUpdate and nextUpdate max reject otherwise valid responses + caused by either OCSP responder or client clock inaccuracy. Instead + we allow thisUpdate and nextUpdate to fall within a certain period of + the current time. The age of the response can also optionally be + checked. Two new options -validity_period and -status_age added to + ocsp utility. + [Steve Henson] + + *) If signature or public key algorithm is unrecognized print out its + OID rather that just UNKNOWN. + [Steve Henson] + + *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and + OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate + ID to be generated from the issuer certificate alone which can then be + passed to OCSP_id_issuer_cmp(). + [Steve Henson] + + *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new + ASN1 modules to export functions returning ASN1_ITEM pointers + instead of the ASN1_ITEM structures themselves. This adds several + new macros which allow the underlying ASN1 function/structure to + be accessed transparently. As a result code should not use ASN1_ITEM + references directly (such as &X509_it) but instead use the relevant + macros (such as ASN1_ITEM_rptr(X509)). This option is to allow + use of the new ASN1 code on platforms where exporting structures + is problematical (for example in shared libraries) but exporting + functions returning pointers to structures is not. + [Steve Henson] + + *) Add support for overriding the generation of SSL/TLS session IDs. + These callbacks can be registered either in an SSL_CTX or per SSL. + The purpose of this is to allow applications to control, if they wish, + the arbitrary values chosen for use as session IDs, particularly as it + can be useful for session caching in multiple-server environments. A + command-line switch for testing this (and any client code that wishes + to use such a feature) has been added to "s_server". + [Geoff Thorpe, Lutz Jaenicke] + + *) Modify mkdef.pl to recognise and parse preprocessor conditionals + of the form '#if defined(...) || defined(...) || ...' and + '#if !defined(...) && !defined(...) && ...'. This also avoids + the growing number of special cases it was previously handling. + [Richard Levitte] + + *) Make all configuration macros available for application by making + sure they are available in opensslconf.h, by giving them names starting + with "OPENSSL_" to avoid conflicts with other packages and by making + sure e_os2.h will cover all platform-specific cases together with + opensslconf.h. + Additionally, it is now possible to define configuration/platform- + specific names (called "system identities"). In the C code, these + are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another + macro with the name beginning with "OPENSSL_SYS_", which is determined + from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on + what is available. + [Richard Levitte] + + *) New option -set_serial to 'req' and 'x509' this allows the serial + number to use to be specified on the command line. Previously self + signed certificates were hard coded with serial number 0 and the + CA options of 'x509' had to use a serial number in a file which was + auto incremented. + [Steve Henson] + + *) New options to 'ca' utility to support V2 CRL entry extensions. + Currently CRL reason, invalidity date and hold instruction are + supported. Add new CRL extensions to V3 code and some new objects. + [Steve Henson] + + *) New function EVP_CIPHER_CTX_set_padding() this is used to + disable standard block padding (aka PKCS#5 padding) in the EVP + API, which was previously mandatory. This means that the data is + not padded in any way and so the total length much be a multiple + of the block size, otherwise an error occurs. + [Steve Henson] + + *) Initial (incomplete) OCSP SSL support. + [Steve Henson] + + *) New function OCSP_parse_url(). This splits up a URL into its host, + port and path components: primarily to parse OCSP URLs. New -url + option to ocsp utility. + [Steve Henson] + + *) New nonce behavior. The return value of OCSP_check_nonce() now + reflects the various checks performed. Applications can decide + whether to tolerate certain situations such as an absent nonce + in a response when one was present in a request: the ocsp application + just prints out a warning. New function OCSP_add1_basic_nonce() + this is to allow responders to include a nonce in a response even if + the request is nonce-less. + [Steve Henson] + + *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are + skipped when using openssl x509 multiple times on a single input file, + e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) ] + + *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates + passed by the function are trusted implicitly. If any of them signed the + response then it is assumed to be valid and is not verified. + [Steve Henson] + + *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT + to data. This was previously part of the PKCS7 ASN1 code. This + was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. + [Steve Henson, reported by Kenneth R. Robinette + ] + + *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 + routines: without these tracing memory leaks is very painful. + Fix leaks in PKCS12 and PKCS7 routines. + [Steve Henson] + + *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). + Previously it initialised the 'type' argument to V_ASN1_UTCTIME which + effectively meant GeneralizedTime would never be used. Now it + is initialised to -1 but X509_time_adj() now has to check the value + and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or + V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. + [Steve Henson, reported by Kenneth R. Robinette + ] + + *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously + result in a zero length in the ASN1_INTEGER structure which was + not consistent with the structure when d2i_ASN1_INTEGER() was used + and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER() + to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER() + where it did not print out a minus for negative ASN1_INTEGER. + [Steve Henson] + + *) Add summary printout to ocsp utility. The various functions which + convert status values to strings have been renamed to: + OCSP_response_status_str(), OCSP_cert_status_str() and + OCSP_crl_reason_str() and are no longer static. New options + to verify nonce values and to disable verification. OCSP response + printout format cleaned up. + [Steve Henson] + + *) Add additional OCSP certificate checks. These are those specified + in RFC2560. This consists of two separate checks: the CA of the + certificate being checked must either be the OCSP signer certificate + or the issuer of the OCSP signer certificate. In the latter case the + OCSP signer certificate must contain the OCSP signing extended key + usage. This check is performed by attempting to match the OCSP + signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash + in the OCSP_CERTID structures of the response. + [Steve Henson] + + *) Initial OCSP certificate verification added to OCSP_basic_verify() + and related routines. This uses the standard OpenSSL certificate + verify routines to perform initial checks (just CA validity) and + to obtain the certificate chain. Then additional checks will be + performed on the chain. Currently the root CA is checked to see + if it is explicitly trusted for OCSP signing. This is used to set + a root CA as a global signing root: that is any certificate that + chains to that CA is an acceptable OCSP signing certificate. + [Steve Henson] + + *) New '-extfile ...' option to 'openssl ca' for reading X.509v3 + extensions from a separate configuration file. + As when reading extensions from the main configuration file, + the '-extensions ...' option may be used for specifying the + section to use. + [Massimiliano Pala ] + + *) New OCSP utility. Allows OCSP requests to be generated or + read. The request can be sent to a responder and the output + parsed, outputed or printed in text form. Not complete yet: + still needs to check the OCSP response validity. + [Steve Henson] + + *) New subcommands for 'openssl ca': + 'openssl ca -status ' prints the status of the cert with + the given serial number (according to the index file). + 'openssl ca -updatedb' updates the expiry status of certificates + in the index file. + [Massimiliano Pala ] + + *) New '-newreq-nodes' command option to CA.pl. This is like + '-newreq', but calls 'openssl req' with the '-nodes' option + so that the resulting key is not encrypted. + [Damien Miller ] + + *) New configuration for the GNU Hurd. + [Jonathan Bartlett via Richard Levitte] + + *) Initial code to implement OCSP basic response verify. This + is currently incomplete. Currently just finds the signer's + certificate and verifies the signature on the response. + [Steve Henson] + + *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in + value of OPENSSLDIR. This is available via the new '-d' option + to 'openssl version', and is also included in 'openssl version -a'. + [Bodo Moeller] + + *) Allowing defining memory allocation callbacks that will be given + file name and line number information in additional arguments + (a const char* and an int). The basic functionality remains, as + well as the original possibility to just replace malloc(), + realloc() and free() by functions that do not know about these + additional arguments. To register and find out the current + settings for extended allocation functions, the following + functions are provided: + + CRYPTO_set_mem_ex_functions + CRYPTO_set_locked_mem_ex_functions + CRYPTO_get_mem_ex_functions + CRYPTO_get_locked_mem_ex_functions + + These work the same way as CRYPTO_set_mem_functions and friends. + CRYPTO_get_[locked_]mem_functions now writes 0 where such an + extended allocation function is enabled. + Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where + a conventional allocation function is enabled. + [Richard Levitte, Bodo Moeller] + + *) Finish off removing the remaining LHASH function pointer casts. + There should no longer be any prototype-casting required when using + the LHASH abstraction, and any casts that remain are "bugs". See + the callback types and macros at the head of lhash.h for details + (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example). + [Geoff Thorpe] + + *) Add automatic query of EGD sockets in RAND_poll() for the unix variant. + If /dev/[u]random devices are not available or do not return enough + entropy, EGD style sockets (served by EGD or PRNGD) will automatically + be queried. + The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and + /etc/entropy will be queried once each in this sequence, quering stops + when enough entropy was collected without querying more sockets. + [Lutz Jaenicke] + + *) Change the Unix RAND_poll() variant to be able to poll several + random devices, as specified by DEVRANDOM, until a sufficient amount + of data has been collected. We spend at most 10 ms on each file + (select timeout) and read in non-blocking mode. DEVRANDOM now + defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom" + (previously it was just the string "/dev/urandom"), so on typical + platforms the 10 ms delay will never occur. + Also separate out the Unix variant to its own file, rand_unix.c. + For VMS, there's a currently-empty rand_vms.c. + [Richard Levitte] + + *) Move OCSP client related routines to ocsp_cl.c. These + provide utility functions which an application needing + to issue a request to an OCSP responder and analyse the + response will typically need: as opposed to those which an + OCSP responder itself would need which will be added later. + + OCSP_request_sign() signs an OCSP request with an API similar + to PKCS7_sign(). OCSP_response_status() returns status of OCSP + response. OCSP_response_get1_basic() extracts basic response + from response. OCSP_resp_find_status(): finds and extracts status + information from an OCSP_CERTID structure (which will be created + when the request structure is built). These are built from lower + level functions which work on OCSP_SINGLERESP structures but + wont normally be used unless the application wishes to examine + extensions in the OCSP response for example. + + Replace nonce routines with a pair of functions. + OCSP_request_add1_nonce() adds a nonce value and optionally + generates a random value. OCSP_check_nonce() checks the + validity of the nonce in an OCSP response. + [Steve Henson] + + *) Change function OCSP_request_add() to OCSP_request_add0_id(). + This doesn't copy the supplied OCSP_CERTID and avoids the + need to free up the newly created id. Change return type + to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure. + This can then be used to add extensions to the request. + Deleted OCSP_request_new(), since most of its functionality + is now in OCSP_REQUEST_new() (and the case insensitive name + clash) apart from the ability to set the request name which + will be added elsewhere. + [Steve Henson] + + *) Update OCSP API. Remove obsolete extensions argument from + various functions. Extensions are now handled using the new + OCSP extension code. New simple OCSP HTTP function which + can be used to send requests and parse the response. + [Steve Henson] + + *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new + ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN + uses the special reorder version of SET OF to sort the attributes + and reorder them to match the encoded order. This resolves a long + standing problem: a verify on a PKCS7 structure just after signing + it used to fail because the attribute order did not match the + encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes: + it uses the received order. This is necessary to tolerate some broken + software that does not order SET OF. This is handled by encoding + as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class) + to produce the required SET OF. + [Steve Henson] + + *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and + OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header + files to get correct declarations of the ASN.1 item variables. + [Richard Levitte] + + *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many + PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs: + asn1_check_tlen() would sometimes attempt to use 'ctx' when it was + NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i(). + New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant + ASN1_ITEM and no wrapper functions. + [Steve Henson] + + *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These + replace the old function pointer based I/O routines. Change most of + the *_d2i_bio() and *_d2i_fp() functions to use these. + [Steve Henson] + + *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor + lines, recognice more "algorithms" that can be deselected, and make + it complain about algorithm deselection that isn't recognised. + [Richard Levitte] + + *) New ASN1 functions to handle dup, sign, verify, digest, pack and + unpack operations in terms of ASN1_ITEM. Modify existing wrappers + to use new functions. Add NO_ASN1_OLD which can be set to remove + some old style ASN1 functions: this can be used to determine if old + code will still work when these eventually go away. + [Steve Henson] + + *) New extension functions for OCSP structures, these follow the + same conventions as certificates and CRLs. + [Steve Henson] + + *) New function X509V3_add1_i2d(). This automatically encodes and + adds an extension. Its behaviour can be customised with various + flags to append, replace or delete. Various wrappers added for + certifcates and CRLs. + [Steve Henson] + + *) Fix to avoid calling the underlying ASN1 print routine when + an extension cannot be parsed. Correct a typo in the + OCSP_SERVICELOC extension. Tidy up print OCSP format. + [Steve Henson] + + *) Make mkdef.pl parse some of the ASN1 macros and add apropriate + entries for variables. + [Steve Henson] + + *) Add functionality to apps/openssl.c for detecting locking + problems: As the program is single-threaded, all we have + to do is register a locking callback using an array for + storing which locks are currently held by the program. + [Bodo Moeller] + + *) Use a lock around the call to CRYPTO_get_ex_new_index() in + SSL_get_ex_data_X509_STORE_idx(), which is used in + ssl_verify_cert_chain() and thus can be called at any time + during TLS/SSL handshakes so that thread-safety is essential. + Unfortunately, the ex_data design is not at all suited + for multi-threaded use, so it probably should be abolished. + [Bodo Moeller] + + *) Added Broadcom "ubsec" ENGINE to OpenSSL. + [Broadcom, tweaked and integrated by Geoff Thorpe] + + *) Move common extension printing code to new function + X509V3_print_extensions(). Reorganise OCSP print routines and + implement some needed OCSP ASN1 functions. Add OCSP extensions. + [Steve Henson] + + *) New function X509_signature_print() to remove duplication in some + print routines. + [Steve Henson] + + *) Add a special meaning when SET OF and SEQUENCE OF flags are both + set (this was treated exactly the same as SET OF previously). This + is used to reorder the STACK representing the structure to match the + encoding. This will be used to get round a problem where a PKCS7 + structure which was signed could not be verified because the STACK + order did not reflect the encoded order. + [Steve Henson] + + *) Reimplement the OCSP ASN1 module using the new code. + [Steve Henson] + + *) Update the X509V3 code to permit the use of an ASN1_ITEM structure + for its ASN1 operations. The old style function pointers still exist + for now but they will eventually go away. + [Steve Henson] + + *) Merge in replacement ASN1 code from the ASN1 branch. This almost + completely replaces the old ASN1 functionality with a table driven + encoder and decoder which interprets an ASN1_ITEM structure describing + the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is + largely maintained. Almost all of the old asn1_mac.h macro based ASN1 + has also been converted to the new form. + [Steve Henson] + + *) Change BN_mod_exp_recp so that negative moduli are tolerated + (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set + so that BN_mod_exp_mont and BN_mod_exp_mont_word work + for negative moduli. + [Bodo Moeller] + + *) Fix BN_uadd and BN_usub: Always return non-negative results instead + of not touching the result's sign bit. + [Bodo Moeller] + + *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be + set. + [Bodo Moeller] + + *) Changed the LHASH code to use prototypes for callbacks, and created + macros to declare and implement thin (optionally static) functions + that provide type-safety and avoid function pointer casting for the + type-specific callbacks. + [Geoff Thorpe] + + *) Added Kerberos Cipher Suites to be used with TLS, as written in + RFC 2712. + [Veers Staats , + Jeffrey Altman , via Richard Levitte] + + *) Reformat the FAQ so the different questions and answers can be divided + in sections depending on the subject. + [Richard Levitte] + + *) Have the zlib compression code load ZLIB.DLL dynamically under + Windows. + [Richard Levitte] + + *) New function BN_mod_sqrt for computing square roots modulo a prime + (using the probabilistic Tonelli-Shanks algorithm unless + p == 3 (mod 4) or p == 5 (mod 8), which are cases that can + be handled deterministically). + [Lenka Fibikova , Bodo Moeller] + + *) Make BN_mod_inverse faster by explicitly handling small quotients + in the Euclid loop. (Speed gain about 20% for small moduli [256 or + 512 bits], about 30% for larger ones [1024 or 2048 bits].) + [Bodo Moeller] + + *) New function BN_kronecker. + [Bodo Moeller] + + *) Fix BN_gcd so that it works on negative inputs; the result is + positive unless both parameters are zero. + Previously something reasonably close to an infinite loop was + possible because numbers could be growing instead of shrinking + in the implementation of Euclid's algorithm. + [Bodo Moeller] + + *) Fix BN_is_word() and BN_is_one() macros to take into account the + sign of the number in question. + + Fix BN_is_word(a,w) to work correctly for w == 0. + + The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w) + because its test if the absolute value of 'a' equals 'w'. + Note that BN_abs_is_word does *not* handle w == 0 reliably; + it exists mostly for use in the implementations of BN_is_zero(), + BN_is_one(), and BN_is_word(). + [Bodo Moeller] + + *) New function BN_swap. + [Bodo Moeller] + + *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that + the exponentiation functions are more likely to produce reasonable + results on negative inputs. + [Bodo Moeller] + + *) Change BN_mod_mul so that the result is always non-negative. + Previously, it could be negative if one of the factors was negative; + I don't think anyone really wanted that behaviour. + [Bodo Moeller] + + *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c + (except for exponentiation, which stays in crypto/bn/bn_exp.c, + and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) + and add new functions: + + BN_nnmod + BN_mod_sqr + BN_mod_add + BN_mod_add_quick + BN_mod_sub + BN_mod_sub_quick + BN_mod_lshift1 + BN_mod_lshift1_quick + BN_mod_lshift + BN_mod_lshift_quick + + These functions always generate non-negative results. + + BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r + such that |m| < r < 0, BN_nnmod will output rem + |m| instead). + + BN_mod_XXX_quick(r, a, [b,] m) generates the same result as + BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b] + be reduced modulo m. + [Lenka Fibikova , Bodo Moeller] + +#if 0 + The following entry accidentily appeared in the CHANGES file + distributed with OpenSSL 0.9.7. The modifications described in + it do *not* apply to OpenSSL 0.9.7. + + *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there + was actually never needed) and in BN_mul(). The removal in BN_mul() + required a small change in bn_mul_part_recursive() and the addition + of the functions bn_cmp_part_words(), bn_sub_part_words() and + bn_add_part_words(), which do the same thing as bn_cmp_words(), + bn_sub_words() and bn_add_words() except they take arrays with + differing sizes. + [Richard Levitte] +#endif + + *) In 'openssl passwd', verify passwords read from the terminal + unless the '-salt' option is used (which usually means that + verification would just waste user's time since the resulting + hash is going to be compared with some given password hash) + or the new '-noverify' option is used. + + This is an incompatible change, but it does not affect + non-interactive use of 'openssl passwd' (passwords on the command + line, '-stdin' option, '-in ...' option) and thus should not + cause any problems. + [Bodo Moeller] + + *) Remove all references to RSAref, since there's no more need for it. + [Richard Levitte] + + *) Make DSO load along a path given through an environment variable + (SHLIB_PATH) with shl_load(). + [Richard Levitte] + + *) Constify the ENGINE code as a result of BIGNUM constification. + Also constify the RSA code and most things related to it. In a + few places, most notable in the depth of the ASN.1 code, ugly + casts back to non-const were required (to be solved at a later + time) + [Richard Levitte] + + *) Make it so the openssl application has all engines loaded by default. + [Richard Levitte] + + *) Constify the BIGNUM routines a little more. + [Richard Levitte] + + *) Add the following functions: + + ENGINE_load_cswift() + ENGINE_load_chil() + ENGINE_load_atalla() + ENGINE_load_nuron() + ENGINE_load_builtin_engines() + + That way, an application can itself choose if external engines that + are built-in in OpenSSL shall ever be used or not. The benefit is + that applications won't have to be linked with libdl or other dso + libraries unless it's really needed. + + Changed 'openssl engine' to load all engines on demand. + Changed the engine header files to avoid the duplication of some + declarations (they differed!). + [Richard Levitte] + + *) 'openssl engine' can now list capabilities. + [Richard Levitte] + + *) Better error reporting in 'openssl engine'. + [Richard Levitte] + + *) Never call load_dh_param(NULL) in s_server. + [Bodo Moeller] + + *) Add engine application. It can currently list engines by name and + identity, and test if they are actually available. + [Richard Levitte] + + *) Improve RPM specification file by forcing symbolic linking and making + sure the installed documentation is also owned by root.root. + [Damien Miller ] + + *) Give the OpenSSL applications more possibilities to make use of + keys (public as well as private) handled by engines. + [Richard Levitte] + + *) Add OCSP code that comes from CertCo. + [Richard Levitte] + + *) Add VMS support for the Rijndael code. + [Richard Levitte] + + *) Added untested support for Nuron crypto accelerator. + [Ben Laurie] + + *) Add support for external cryptographic devices. This code was + previously distributed separately as the "engine" branch. + [Geoff Thorpe, Richard Levitte] + + *) Rework the filename-translation in the DSO code. It is now possible to + have far greater control over how a "name" is turned into a filename + depending on the operating environment and any oddities about the + different shared library filenames on each system. + [Geoff Thorpe] + + *) Support threads on FreeBSD-elf in Configure. + [Richard Levitte] + + *) Fix for SHA1 assembly problem with MASM: it produces + warnings about corrupt line number information when assembling + with debugging information. This is caused by the overlapping + of two sections. + [Bernd Matthes , Steve Henson] + + *) NCONF changes. + NCONF_get_number() has no error checking at all. As a replacement, + NCONF_get_number_e() is defined (_e for "error checking") and is + promoted strongly. The old NCONF_get_number is kept around for + binary backward compatibility. + Make it possible for methods to load from something other than a BIO, + by providing a function pointer that is given a name instead of a BIO. + For example, this could be used to load configuration data from an + LDAP server. + [Richard Levitte] + + *) Fix for non blocking accept BIOs. Added new I/O special reason + BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs + with non blocking I/O was not possible because no retry code was + implemented. Also added new SSL code SSL_WANT_ACCEPT to cover + this case. + [Steve Henson] + + *) Added the beginnings of Rijndael support. + [Ben Laurie] + + *) Fix for bug in DirectoryString mask setting. Add support for + X509_NAME_print_ex() in 'req' and X509_print_ex() function + to allow certificate printing to more controllable, additional + 'certopt' option to 'x509' to allow new printing options to be + set. + [Steve Henson] + + *) Clean old EAY MD5 hack from e_os.h. + [Richard Levitte] + + Changes between 0.9.6l and 0.9.6m [17 Mar 2004] + + *) Fix null-pointer assignment in do_change_cipher_spec() revealed + by using the Codenomicon TLS Test Tool (CVE-2004-0079) + [Joe Orton, Steve Henson] + + Changes between 0.9.6k and 0.9.6l [04 Nov 2003] + + *) Fix additional bug revealed by the NISCC test suite: + + Stop bug triggering large recursion when presented with + certain ASN.1 tags (CVE-2003-0851) + [Steve Henson] + + Changes between 0.9.6j and 0.9.6k [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CVE-2003-0543 and CVE-2003-0544). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + + *) Change X509_certificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] + + Changes between 0.9.6i and 0.9.6j [10 Apr 2003] + + *) Countermeasure against the Klima-Pokorny-Rosa extension of + Bleichbacher's attack on PKCS #1 v1.5 padding: treat + a protocol version number mismatch like a decryption error + in ssl3_get_client_key_exchange (ssl/s3_srvr.c). + [Bodo Moeller] + + *) Turn on RSA blinding by default in the default implementation + to avoid a timing attack. Applications that don't want it can call + RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. + They would be ill-advised to do so in most cases. + [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller] + + *) Change RSA blinding code so that it works when the PRNG is not + seeded (in this case, the secret RSA exponent is abused as + an unpredictable seed -- if it is not unpredictable, there + is no point in blinding anyway). Make RSA blinding thread-safe + by remembering the creator's thread ID in rsa->blinding and + having all other threads use local one-time blinding factors + (this requires more computation than sharing rsa->blinding, but + avoids excessive locking; and if an RSA object is not shared + between threads, blinding will still be very fast). + [Bodo Moeller] + + Changes between 0.9.6h and 0.9.6i [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CVE-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] + + Changes between 0.9.6g and 0.9.6h [5 Dec 2002] + + *) New function OPENSSL_cleanse(), which is used to cleanse a section of + memory from it's contents. This is done with a counter that will + place alternating values in each byte. This can be used to solve + two issues: 1) the removal of calls to memset() by highly optimizing + compilers, and 2) cleansing with other values than 0, since those can + be read through on certain media, for example a swap space on disk. + [Geoff Thorpe] + + *) Bugfix: client side session caching did not work with external caching, + because the session->cipher setting was not restored when reloading + from the external cache. This problem was masked, when + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set. + (Found by Steve Haslam .) + [Lutz Jaenicke] + + *) Fix client_certificate (ssl/s2_clnt.c): The permissible total + length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33. + [Zeev Lieber ] + + *) Undo an undocumented change introduced in 0.9.6e which caused + repeated calls to OpenSSL_add_all_ciphers() and + OpenSSL_add_all_digests() to be ignored, even after calling + EVP_cleanup(). + [Richard Levitte] + + *) Change the default configuration reader to deal with last line not + being properly terminated. + [Richard Levitte] + + *) Change X509_NAME_cmp() so it applies the special rules on handling + DN values that are of type PrintableString, as well as RDNs of type + emailAddress where the value has the type ia5String. + [stefank@valicert.com via Richard Levitte] + + *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half + the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently + doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be + the bitwise-OR of the two for use by the majority of applications + wanting this behaviour, and update the docs. The documented + behaviour and actual behaviour were inconsistent and had been + changing anyway, so this is more a bug-fix than a behavioural + change. + [Geoff Thorpe, diagnosed by Nadav Har'El] + + *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c + (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). + [Bodo Moeller] + + *) Fix initialization code race conditions in + SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(), + SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(), + SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(), + TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(), + ssl2_get_cipher_by_char(), + ssl3_get_cipher_by_char(). + [Patrick McCormick , Bodo Moeller] + + *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after + the cached sessions are flushed, as the remove_cb() might use ex_data + contents. Bug found by Sam Varshavchik + (see [openssl.org #212]). + [Geoff Thorpe, Lutz Jaenicke] + + *) Fix typo in OBJ_txt2obj which incorrectly passed the content + length, instead of the encoding length to d2i_ASN1_OBJECT. + [Steve Henson] + + Changes between 0.9.6f and 0.9.6g [9 Aug 2002] + + *) [In 0.9.6g-engine release:] + Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall'). + [Lynn Gazis ] + + Changes between 0.9.6e and 0.9.6f [8 Aug 2002] + + *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX + and get fix the header length calculation. + [Florian Weimer , + Alon Kantor (and others), + Steve Henson] + + *) Use proper error handling instead of 'assertions' in buffer + overflow checks added in 0.9.6e. This prevents DoS (the + assertions could call abort()). + [Arne Ansper , Bodo Moeller] + + Changes between 0.9.6d and 0.9.6e [30 Jul 2002] + + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. + [Steve Henson, Adi Stav , James Yonan ] + + *) Fix cipher selection routines: ciphers without encryption had no flags + for the cipher strength set and where therefore not handled correctly + by the selection routines (PR #130). + [Lutz Jaenicke] + + *) Fix EVP_dsa_sha macro. + [Nils Larsch] + + *) New option + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure + that was added in OpenSSL 0.9.6d. + + As the countermeasure turned out to be incompatible with some + broken SSL implementations, the new option is part of SSL_OP_ALL. + SSL_OP_ALL is usually employed when compatibility with weird SSL + implementations is desired (e.g. '-bugs' option to 's_client' and + 's_server'), so the new option is automatically set in many + applications. + [Bodo Moeller] + + *) Changes in security patch: + + Changes marked "(CHATS)" were sponsored by the Defense Advanced + Research Projects Agency (DARPA) and Air Force Research Laboratory, + Air Force Materiel Command, USAF, under agreement number + F30602-01-2-0537. + + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. (CVE-2002-0659) + [Steve Henson, Adi Stav , James Yonan ] + + *) Assertions for various potential buffer overflows, not known to + happen in practice. + [Ben Laurie (CHATS)] + + *) Various temporary buffers to hold ASCII versions of integers were + too small for 64 bit platforms. (CVE-2002-0655) + [Matthew Byng-Maddick and Ben Laurie (CHATS)> + + *) Remote buffer overflow in SSL3 protocol - an attacker could + supply an oversized session ID to a client. (CVE-2002-0656) + [Ben Laurie (CHATS)] + + *) Remote buffer overflow in SSL2 protocol - an attacker could + supply an oversized client master key. (CVE-2002-0656) + [Ben Laurie (CHATS)] + + Changes between 0.9.6c and 0.9.6d [9 May 2002] + + *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not + encoded as NULL) with id-dsa-with-sha1. + [Nils Larsch ; problem pointed out by Bodo Moeller] + + *) Check various X509_...() return values in apps/req.c. + [Nils Larsch ] + + *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: + an end-of-file condition would erronously be flagged, when the CRLF + was just at the end of a processed block. The bug was discovered when + processing data through a buffering memory BIO handing the data to a + BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov + and Nedelcho Stanev. + [Lutz Jaenicke] + + *) Implement a countermeasure against a vulnerability recently found + in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment + before application data chunks to avoid the use of known IVs + with data potentially chosen by the attacker. + [Bodo Moeller] + + *) Fix length checks in ssl3_get_client_hello(). + [Bodo Moeller] + + *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently + to prevent ssl3_read_internal() from incorrectly assuming that + ssl3_read_bytes() found application data while handshake + processing was enabled when in fact s->s3->in_read_app_data was + merely automatically cleared during the initial handshake. + [Bodo Moeller; problem pointed out by Arne Ansper ] + + *) Fix object definitions for Private and Enterprise: they were not + recognized in their shortname (=lowercase) representation. Extend + obj_dat.pl to issue an error when using undefined keywords instead + of silently ignoring the problem (Svenning Sorensen + ). + [Lutz Jaenicke] + + *) Fix DH_generate_parameters() so that it works for 'non-standard' + generators, i.e. generators other than 2 and 5. (Previously, the + code did not properly initialise the 'add' and 'rem' values to + BN_generate_prime().) + + In the new general case, we do not insist that 'generator' is + actually a primitive root: This requirement is rather pointless; + a generator of the order-q subgroup is just as good, if not + better. + [Bodo Moeller] + + *) Map new X509 verification errors to alerts. Discovered and submitted by + Tom Wu . + [Lutz Jaenicke] + + *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from + returning non-zero before the data has been completely received + when using non-blocking I/O. + [Bodo Moeller; problem pointed out by John Hughes] + + *) Some of the ciphers missed the strength entry (SSL_LOW etc). + [Ben Laurie, Lutz Jaenicke] + + *) Fix bug in SSL_clear(): bad sessions were not removed (found by + Yoram Zahavi ). + [Lutz Jaenicke] + + *) Add information about CygWin 1.3 and on, and preserve proper + configuration for the versions before that. + [Corinna Vinschen and Richard Levitte] + + *) Make removal from session cache (SSL_CTX_remove_session()) more robust: + check whether we deal with a copy of a session and do not delete from + the cache in this case. Problem reported by "Izhar Shoshani Levi" + . + [Lutz Jaenicke] + + *) Do not store session data into the internal session cache, if it + is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP + flag is set). Proposed by Aslam . + [Lutz Jaenicke] + + *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested + value is 0. + [Richard Levitte] + + *) [In 0.9.6d-engine release:] + Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). + [Toomas Kiisk via Richard Levitte] + + *) Add the configuration target linux-s390x. + [Neale Ferguson via Richard Levitte] + + *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of + ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag + variable as an indication that a ClientHello message has been + received. As the flag value will be lost between multiple + invocations of ssl3_accept when using non-blocking I/O, the + function may not be aware that a handshake has actually taken + place, thus preventing a new session from being added to the + session cache. + + To avoid this problem, we now set s->new_session to 2 instead of + using a local variable. + [Lutz Jaenicke, Bodo Moeller] + + *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) + if the SSL_R_LENGTH_MISMATCH error is detected. + [Geoff Thorpe, Bodo Moeller] + + *) New 'shared_ldflag' column in Configure platform table. + [Richard Levitte] + + *) Fix EVP_CIPHER_mode macro. + ["Dan S. Camper" ] + + *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown + type, we must throw them away by setting rr->length to 0. + [D P Chang ] + + Changes between 0.9.6b and 0.9.6c [21 dec 2001] + + *) Fix BN_rand_range bug pointed out by Dominikus Scherkl + . (The previous implementation + worked incorrectly for those cases where range = 10..._2 and + 3*range is two bits longer than range.) + [Bodo Moeller] + + *) Only add signing time to PKCS7 structures if it is not already + present. + [Steve Henson] + + *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", + OBJ_ld_ce should be OBJ_id_ce. + Also some ip-pda OIDs in crypto/objects/objects.txt were + incorrect (cf. RFC 3039). + [Matt Cooper, Frederic Giudicelli, Bodo Moeller] + + *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() + returns early because it has nothing to do. + [Andy Schneider ] + + *) [In 0.9.6c-engine release:] + Fix mutex callback return values in crypto/engine/hw_ncipher.c. + [Andy Schneider ] + + *) [In 0.9.6c-engine release:] + Add support for Cryptographic Appliance's keyserver technology. + (Use engine 'keyclient') + [Cryptographic Appliances and Geoff Thorpe] + + *) Add a configuration entry for OS/390 Unix. The C compiler 'c89' + is called via tools/c89.sh because arguments have to be + rearranged (all '-L' options must appear before the first object + modules). + [Richard Shapiro ] + + *) [In 0.9.6c-engine release:] + Add support for Broadcom crypto accelerator cards, backported + from 0.9.7. + [Broadcom, Nalin Dahyabhai , Mark Cox] + + *) [In 0.9.6c-engine release:] + Add support for SureWare crypto accelerator cards from + Baltimore Technologies. (Use engine 'sureware') + [Baltimore Technologies and Mark Cox] + + *) [In 0.9.6c-engine release:] + Add support for crypto accelerator cards from Accelerated + Encryption Processing, www.aep.ie. (Use engine 'aep') + [AEP Inc. and Mark Cox] + + *) Add a configuration entry for gcc on UnixWare. + [Gary Benson ] + + *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake + messages are stored in a single piece (fixed-length part and + variable-length part combined) and fix various bugs found on the way. + [Bodo Moeller] + + *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() + instead. BIO_gethostbyname() does not know what timeouts are + appropriate, so entries would stay in cache even when they have + become invalid. + [Bodo Moeller; problem pointed out by Rich Salz + + *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when + faced with a pathologically small ClientHello fragment that does + not contain client_version: Instead of aborting with an error, + simply choose the highest available protocol version (i.e., + TLS 1.0 unless it is disabled). In practice, ClientHello + messages are never sent like this, but this change gives us + strictly correct behaviour at least for TLS. + [Bodo Moeller] + + *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() + never resets s->method to s->ctx->method when called from within + one of the SSL handshake functions. + [Bodo Moeller; problem pointed out by Niko Baric] + + *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert + (sent using the client's version number) if client_version is + smaller than the protocol version in use. Also change + ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if + the client demanded SSL 3.0 but only TLS 1.0 is enabled; then + the client will at least see that alert. + [Bodo Moeller] + + *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation + correctly. + [Bodo Moeller] + + *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a + client receives HelloRequest while in a handshake. + [Bodo Moeller; bug noticed by Andy Schneider ] + + *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C + should end in 'break', not 'goto end' which circuments various + cleanups done in state SSL_ST_OK. But session related stuff + must be disabled for SSL_ST_OK in the case that we just sent a + HelloRequest. + + Also avoid some overhead by not calling ssl_init_wbio_buffer() + before just sending a HelloRequest. + [Bodo Moeller, Eric Rescorla ] + + *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't + reveal whether illegal block cipher padding was found or a MAC + verification error occured. (Neither SSLerr() codes nor alerts + are directly visible to potential attackers, but the information + may leak via logfiles.) + + Similar changes are not required for the SSL 2.0 implementation + because the number of padding bytes is sent in clear for SSL 2.0, + and the extra bytes are just ignored. However ssl/s2_pkt.c + failed to verify that the purported number of padding bytes is in + the legal range. + [Bodo Moeller] + + *) Add OpenUNIX-8 support including shared libraries + (Boyd Lynn Gerber ). + [Lutz Jaenicke] + + *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid + 'wristwatch attack' using huge encoding parameters (cf. + James H. Manger's CRYPTO 2001 paper). Note that the + RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use + encoding parameters and hence was not vulnerable. + [Bodo Moeller] + + *) BN_sqr() bug fix. + [Ulf Möller, reported by Jim Ellis ] + + *) Rabin-Miller test analyses assume uniformly distributed witnesses, + so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() + followed by modular reduction. + [Bodo Moeller; pointed out by Adam Young ] + + *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() + equivalent based on BN_pseudo_rand() instead of BN_rand(). + [Bodo Moeller] + + *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). + This function was broken, as the check for a new client hello message + to handle SGC did not allow these large messages. + (Tracked down by "Douglas E. Engert" .) + [Lutz Jaenicke] + + *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). + [Lutz Jaenicke] + + *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() + for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" ). + [Lutz Jaenicke] + + *) Rework the configuration and shared library support for Tru64 Unix. + The configuration part makes use of modern compiler features and + still retains old compiler behavior for those that run older versions + of the OS. The shared library support part includes a variant that + uses the RPATH feature, and is available through the special + configuration target "alpha-cc-rpath", which will never be selected + automatically. + [Tim Mooney via Richard Levitte] + + *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() + with the same message size as in ssl3_get_certificate_request(). + Otherwise, if no ServerKeyExchange message occurs, CertificateRequest + messages might inadvertently be reject as too long. + [Petr Lampa ] + + *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX). + [Andy Polyakov] + + *) Modified SSL library such that the verify_callback that has been set + specificly for an SSL object with SSL_set_verify() is actually being + used. Before the change, a verify_callback set with this function was + ignored and the verify_callback() set in the SSL_CTX at the time of + the call was used. New function X509_STORE_CTX_set_verify_cb() introduced + to allow the necessary settings. + [Lutz Jaenicke] + + *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c + explicitly to NULL, as at least on Solaris 8 this seems not always to be + done automatically (in contradiction to the requirements of the C + standard). This made problems when used from OpenSSH. + [Lutz Jaenicke] + + *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored + dh->length and always used + + BN_rand_range(priv_key, dh->p). + + BN_rand_range() is not necessary for Diffie-Hellman, and this + specific range makes Diffie-Hellman unnecessarily inefficient if + dh->length (recommended exponent length) is much smaller than the + length of dh->p. We could use BN_rand_range() if the order of + the subgroup was stored in the DH structure, but we only have + dh->length. + + So switch back to + + BN_rand(priv_key, l, ...) + + where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 + otherwise. + [Bodo Moeller] + + *) In + + RSA_eay_public_encrypt + RSA_eay_private_decrypt + RSA_eay_private_encrypt (signing) + RSA_eay_public_decrypt (signature verification) + + (default implementations for RSA_public_encrypt, + RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt), + always reject numbers >= n. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 + to synchronize access to 'locking_thread'. This is necessary on + systems where access to 'locking_thread' (an 'unsigned long' + variable) is not atomic. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID + *before* setting the 'crypto_lock_rand' flag. The previous code had + a race condition if 0 is a valid thread ID. + [Travis Vitek ] + + *) Add support for shared libraries under Irix. + [Albert Chin-A-Young ] + + *) Add configuration option to build on Linux on both big-endian and + little-endian MIPS. + [Ralf Baechle ] + + *) Add the possibility to create shared libraries on HP-UX. + [Richard Levitte] + + Changes between 0.9.6a and 0.9.6b [9 Jul 2001] + + *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) + to avoid a SSLeay/OpenSSL PRNG weakness pointed out by + Markku-Juhani O. Saarinen : + PRNG state recovery was possible based on the output of + one PRNG request appropriately sized to gain knowledge on + 'md' followed by enough consecutive 1-byte PRNG requests + to traverse all of 'state'. + + 1. When updating 'md_local' (the current thread's copy of 'md') + during PRNG output generation, hash all of the previous + 'md_local' value, not just the half used for PRNG output. + + 2. Make the number of bytes from 'state' included into the hash + independent from the number of PRNG bytes requested. + + The first measure alone would be sufficient to avoid + Markku-Juhani's attack. (Actually it had never occurred + to me that the half of 'md_local' used for chaining was the + half from which PRNG output bytes were taken -- I had always + assumed that the secret half would be used.) The second + measure makes sure that additional data from 'state' is never + mixed into 'md_local' in small portions; this heuristically + further strengthens the PRNG. + [Bodo Moeller] + + *) Fix crypto/bn/asm/mips3.s. + [Andy Polyakov] + + *) When only the key is given to "enc", the IV is undefined. Print out + an error message in this case. + [Lutz Jaenicke] + + *) Handle special case when X509_NAME is empty in X509 printing routines. + [Steve Henson] + + *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are + positive and less than q. + [Bodo Moeller] + + *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is + used: it isn't thread safe and the add_lock_callback should handle + that itself. + [Paul Rose ] + + *) Verify that incoming data obeys the block size in + ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c). + [Bodo Moeller] + + *) Fix OAEP check. + [Ulf Möller, Bodo Möller] + + *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 + RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 + when fixing the server behaviour for backwards-compatible 'client + hello' messages. (Note that the attack is impractical against + SSL 3.0 and TLS 1.0 anyway because length and version checking + means that the probability of guessing a valid ciphertext is + around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98 + paper.) + + Before 0.9.5, the countermeasure (hide the error by generating a + random 'decryption result') did not work properly because + ERR_clear_error() was missing, meaning that SSL_get_error() would + detect the supposedly ignored error. + + Both problems are now fixed. + [Bodo Moeller] + + *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096 + (previously it was 1024). + [Bodo Moeller] + + *) Fix for compatibility mode trust settings: ignore trust settings + unless some valid trust or reject settings are present. + [Steve Henson] + + *) Fix for blowfish EVP: its a variable length cipher. + [Steve Henson] + + *) Fix various bugs related to DSA S/MIME verification. Handle missing + parameters in DSA public key structures and return an error in the + DSA routines if parameters are absent. + [Steve Henson] + + *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" + in the current directory if neither $RANDFILE nor $HOME was set. + RAND_file_name() in 0.9.6a returned NULL in this case. This has + caused some confusion to Windows users who haven't defined $HOME. + Thus RAND_file_name() is changed again: e_os.h can define a + DEFAULT_HOME, which will be used if $HOME is not set. + For Windows, we use "C:"; on other platforms, we still require + environment variables. + + *) Move 'if (!initialized) RAND_poll()' into regions protected by + CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids + having multiple threads call RAND_poll() concurrently. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a + combination of a flag and a thread ID variable. + Otherwise while one thread is in ssleay_rand_bytes (which sets the + flag), *other* threads can enter ssleay_add_bytes without obeying + the CRYPTO_LOCK_RAND lock (and may even illegally release the lock + that they do not hold after the first thread unsets add_do_not_lock). + [Bodo Moeller] + + *) Change bctest again: '-x' expressions are not available in all + versions of 'test'. + [Bodo Moeller] + + Changes between 0.9.6 and 0.9.6a [5 Apr 2001] + + *) Fix a couple of memory leaks in PKCS7_dataDecode() + [Steve Henson, reported by Heyun Zheng ] + + *) Change Configure and Makefiles to provide EXE_EXT, which will contain + the default extension for executables, if any. Also, make the perl + scripts that use symlink() to test if it really exists and use "cp" + if it doesn't. All this made OpenSSL compilable and installable in + CygWin. + [Richard Levitte] + + *) Fix for asn1_GetSequence() for indefinite length constructed data. + If SEQUENCE is length is indefinite just set c->slen to the total + amount of data available. + [Steve Henson, reported by shige@FreeBSD.org] + [This change does not apply to 0.9.7.] + + *) Change bctest to avoid here-documents inside command substitution + (workaround for FreeBSD /bin/sh bug). + For compatibility with Ultrix, avoid shell functions (introduced + in the bctest version that searches along $PATH). + [Bodo Moeller] + + *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes + with des_encrypt() defined on some operating systems, like Solaris + and UnixWare. + [Richard Levitte] + + *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton: + On the Importance of Eliminating Errors in Cryptographic + Computations, J. Cryptology 14 (2001) 2, 101-119, + http://theory.stanford.edu/~dabo/papers/faults.ps.gz). + [Ulf Moeller] + + *) MIPS assembler BIGNUM division bug fix. + [Andy Polyakov] + + *) Disabled incorrect Alpha assembler code. + [Richard Levitte] + + *) Fix PKCS#7 decode routines so they correctly update the length + after reading an EOC for the EXPLICIT tag. + [Steve Henson] + [This change does not apply to 0.9.7.] + + *) Fix bug in PKCS#12 key generation routines. This was triggered + if a 3DES key was generated with a 0 initial byte. Include + PKCS12_BROKEN_KEYGEN compilation option to retain the old + (but broken) behaviour. + [Steve Henson] + + *) Enhance bctest to search for a working bc along $PATH and print + it when found. + [Tim Rice via Richard Levitte] + + *) Fix memory leaks in err.c: free err_data string if necessary; + don't write to the wrong index in ERR_set_error_data. + [Bodo Moeller] + + *) Implement ssl23_peek (analogous to ssl23_read), which previously + did not exist. + [Bodo Moeller] + + *) Replace rdtsc with _emit statements for VC++ version 5. + [Jeremy Cooper ] + + *) Make it possible to reuse SSLv2 sessions. + [Richard Levitte] + + *) In copy_email() check for >= 0 as a return value for + X509_NAME_get_index_by_NID() since 0 is a valid index. + [Steve Henson reported by Massimiliano Pala ] + + *) Avoid coredump with unsupported or invalid public keys by checking if + X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when + PKCS7_verify() fails with non detached data. + [Steve Henson] + + *) Don't use getenv in library functions when run as setuid/setgid. + New function OPENSSL_issetugid(). + [Ulf Moeller] + + *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c) + due to incorrect handling of multi-threading: + + 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl(). + + 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on(). + + 3. Count how many times MemCheck_off() has been called so that + nested use can be treated correctly. This also avoids + inband-signalling in the previous code (which relied on the + assumption that thread ID 0 is impossible). + [Bodo Moeller] + + *) Add "-rand" option also to s_client and s_server. + [Lutz Jaenicke] + + *) Fix CPU detection on Irix 6.x. + [Kurt Hockenbury and + "Bruce W. Forsberg" ] + + *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME + was empty. + [Steve Henson] + [This change does not apply to 0.9.7.] + + *) Use the cached encoding of an X509_NAME structure rather than + copying it. This is apparently the reason for the libsafe "errors" + but the code is actually correct. + [Steve Henson] + + *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent + Bleichenbacher's DSA attack. + Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits + to be set and top=0 forces the highest bit to be set; top=-1 is new + and leaves the highest bit random. + [Ulf Moeller, Bodo Moeller] + + *) In the NCONF_...-based implementations for CONF_... queries + (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using + a temporary CONF structure with the data component set to NULL + (which gives segmentation faults in lh_retrieve). + Instead, use NULL for the CONF pointer in CONF_get_string and + CONF_get_number (which may use environment variables) and directly + return NULL from CONF_get_section. + [Bodo Moeller] + + *) Fix potential buffer overrun for EBCDIC. + [Ulf Moeller] + + *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign + keyUsage if basicConstraints absent for a CA. + [Steve Henson] + + *) Make SMIME_write_PKCS7() write mail header values with a format that + is more generally accepted (no spaces before the semicolon), since + some programs can't parse those values properly otherwise. Also make + sure BIO's that break lines after each write do not create invalid + headers. + [Richard Levitte] + + *) Make the CRL encoding routines work with empty SEQUENCE OF. The + macros previously used would not encode an empty SEQUENCE OF + and break the signature. + [Steve Henson] + [This change does not apply to 0.9.7.] + + *) Zero the premaster secret after deriving the master secret in + DH ciphersuites. + [Steve Henson] + + *) Add some EVP_add_digest_alias registrations (as found in + OpenSSL_add_all_digests()) to SSL_library_init() + aka OpenSSL_add_ssl_algorithms(). This provides improved + compatibility with peers using X.509 certificates + with unconventional AlgorithmIdentifier OIDs. + [Bodo Moeller] + + *) Fix for Irix with NO_ASM. + ["Bruce W. Forsberg" ] + + *) ./config script fixes. + [Ulf Moeller, Richard Levitte] + + *) Fix 'openssl passwd -1'. + [Bodo Moeller] + + *) Change PKCS12_key_gen_asc() so it can cope with non null + terminated strings whose length is passed in the passlen + parameter, for example from PEM callbacks. This was done + by adding an extra length parameter to asc2uni(). + [Steve Henson, reported by ] + + *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn + call failed, free the DSA structure. + [Bodo Moeller] + + *) Fix to uni2asc() to cope with zero length Unicode strings. + These are present in some PKCS#12 files. + [Steve Henson] + + *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c). + Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits + when writing a 32767 byte record. + [Bodo Moeller; problem reported by Eric Day ] + + *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), + obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. + + (RSA objects have a reference count access to which is protected + by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], + so they are meant to be shared between threads.) + [Bodo Moeller, Geoff Thorpe; original patch submitted by + "Reddie, Steven" ] + + *) Fix a deadlock in CRYPTO_mem_leaks(). + [Bodo Moeller] + + *) Use better test patterns in bntest. + [Ulf Möller] + + *) rand_win.c fix for Borland C. + [Ulf Möller] + + *) BN_rshift bugfix for n == 0. + [Bodo Moeller] + + *) Add a 'bctest' script that checks for some known 'bc' bugs + so that 'make test' does not abort just because 'bc' is broken. + [Bodo Moeller] + + *) Store verify_result within SSL_SESSION also for client side to + avoid potential security hole. (Re-used sessions on the client side + always resulted in verify_result==X509_V_OK, not using the original + result of the server certificate verification.) + [Lutz Jaenicke] + + *) Fix ssl3_pending: If the record in s->s3->rrec is not of type + SSL3_RT_APPLICATION_DATA, return 0. + Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true. + [Bodo Moeller] + + *) Fix SSL_peek: + Both ssl2_peek and ssl3_peek, which were totally broken in earlier + releases, have been re-implemented by renaming the previous + implementations of ssl2_read and ssl3_read to ssl2_read_internal + and ssl3_read_internal, respectively, and adding 'peek' parameters + to them. The new ssl[23]_{read,peek} functions are calls to + ssl[23]_read_internal with the 'peek' flag set appropriately. + A 'peek' parameter has also been added to ssl3_read_bytes, which + does the actual work for ssl3_read_internal. + [Bodo Moeller] + + *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling + the method-specific "init()" handler. Also clean up ex_data after + calling the method-specific "finish()" handler. Previously, this was + happening the other way round. + [Geoff Thorpe] + + *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. + The previous value, 12, was not always sufficient for BN_mod_exp(). + [Bodo Moeller] + + *) Make sure that shared libraries get the internal name engine with + the full version number and not just 0. This should mark the + shared libraries as not backward compatible. Of course, this should + be changed again when we can guarantee backward binary compatibility. + [Richard Levitte] + + *) Fix typo in get_cert_by_subject() in by_dir.c + [Jean-Marc Desperrier ] + + *) Rework the system to generate shared libraries: + + - Make note of the expected extension for the shared libraries and + if there is a need for symbolic links from for example libcrypto.so.0 + to libcrypto.so.0.9.7. There is extended info in Configure for + that. + + - Make as few rebuilds of the shared libraries as possible. + + - Still avoid linking the OpenSSL programs with the shared libraries. + + - When installing, install the shared libraries separately from the + static ones. + [Richard Levitte] + + *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. + + Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new + and not in SSL_clear because the latter is also used by the + accept/connect functions; previously, the settings made by + SSL_set_read_ahead would be lost during the handshake. + [Bodo Moeller; problems reported by Anders Gertz ] + + *) Correct util/mkdef.pl to be selective about disabled algorithms. + Previously, it would create entries for disableed algorithms no + matter what. + [Richard Levitte] + + *) Added several new manual pages for SSL_* function. + [Lutz Jaenicke] + + Changes between 0.9.5a and 0.9.6 [24 Sep 2000] + + *) In ssl23_get_client_hello, generate an error message when faced + with an initial SSL 3.0/TLS record that is too small to contain the + first two bytes of the ClientHello message, i.e. client_version. + (Note that this is a pathologic case that probably has never happened + in real life.) The previous approach was to use the version number + from the record header as a substitute; but our protocol choice + should not depend on that one because it is not authenticated + by the Finished messages. + [Bodo Moeller] + + *) More robust randomness gathering functions for Windows. + [Jeffrey Altman ] + + *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is + not set then we don't setup the error code for issuer check errors + to avoid possibly overwriting other errors which the callback does + handle. If an application does set the flag then we assume it knows + what it is doing and can handle the new informational codes + appropriately. + [Steve Henson] + + *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for + a general "ANY" type, as such it should be able to decode anything + including tagged types. However it didn't check the class so it would + wrongly interpret tagged types in the same way as their universal + counterpart and unknown types were just rejected. Changed so that the + tagged and unknown types are handled in the same way as a SEQUENCE: + that is the encoding is stored intact. There is also a new type + "V_ASN1_OTHER" which is used when the class is not universal, in this + case we have no idea what the actual type is so we just lump them all + together. + [Steve Henson] + + *) On VMS, stdout may very well lead to a file that is written to + in a record-oriented fashion. That means that every write() will + write a separate record, which will be read separately by the + programs trying to read from it. This can be very confusing. + + The solution is to put a BIO filter in the way that will buffer + text until a linefeed is reached, and then write everything a + line at a time, so every record written will be an actual line, + not chunks of lines and not (usually doesn't happen, but I've + seen it once) several lines in one record. BIO_f_linebuffer() is + the answer. + + Currently, it's a VMS-only method, because that's where it has + been tested well enough. + [Richard Levitte] + + *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery, + it can return incorrect results. + (Note: The buggy variant was not enabled in OpenSSL 0.9.5a, + but it was in 0.9.6-beta[12].) + [Bodo Moeller] + + *) Disable the check for content being present when verifying detached + signatures in pk7_smime.c. Some versions of Netscape (wrongly) + include zero length content when signing messages. + [Steve Henson] + + *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR + BIO_ctrl (for BIO pairs). + [Bodo Möller] + + *) Add DSO method for VMS. + [Richard Levitte] + + *) Bug fix: Montgomery multiplication could produce results with the + wrong sign. + [Ulf Möller] + + *) Add RPM specification openssl.spec and modify it to build three + packages. The default package contains applications, application + documentation and run-time libraries. The devel package contains + include files, static libraries and function documentation. The + doc package contains the contents of the doc directory. The original + openssl.spec was provided by Damien Miller . + [Richard Levitte] + + *) Add a large number of documentation files for many SSL routines. + [Lutz Jaenicke ] + + *) Add a configuration entry for Sony News 4. + [NAKAJI Hiroyuki ] + + *) Don't set the two most significant bits to one when generating a + random number < q in the DSA library. + [Ulf Möller] + + *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default + behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if + the underlying transport is blocking) if a handshake took place. + (The default behaviour is needed by applications such as s_client + and s_server that use select() to determine when to use SSL_read; + but for applications that know in advance when to expect data, it + just makes things more complicated.) + [Bodo Moeller] + + *) Add RAND_egd_bytes(), which gives control over the number of bytes read + from EGD. + [Ben Laurie] + + *) Add a few more EBCDIC conditionals that make `req' and `x509' + work better on such systems. + [Martin Kraemer ] + + *) Add two demo programs for PKCS12_parse() and PKCS12_create(). + Update PKCS12_parse() so it copies the friendlyName and the + keyid to the certificates aux info. + [Steve Henson] + + *) Fix bug in PKCS7_verify() which caused an infinite loop + if there was more than one signature. + [Sven Uszpelkat ] + + *) Major change in util/mkdef.pl to include extra information + about each symbol, as well as presentig variables as well + as functions. This change means that there's n more need + to rebuild the .num files when some algorithms are excluded. + [Richard Levitte] + + *) Allow the verify time to be set by an application, + rather than always using the current time. + [Steve Henson] + + *) Phase 2 verify code reorganisation. The certificate + verify code now looks up an issuer certificate by a + number of criteria: subject name, authority key id + and key usage. It also verifies self signed certificates + by the same criteria. The main comparison function is + X509_check_issued() which performs these checks. + + Lot of changes were necessary in order to support this + without completely rewriting the lookup code. + + Authority and subject key identifier are now cached. + + The LHASH 'certs' is X509_STORE has now been replaced + by a STACK_OF(X509_OBJECT). This is mainly because an + LHASH can't store or retrieve multiple objects with + the same hash value. + + As a result various functions (which were all internal + use only) have changed to handle the new X509_STORE + structure. This will break anything that messed round + with X509_STORE internally. + + The functions X509_STORE_add_cert() now checks for an + exact match, rather than just subject name. + + The X509_STORE API doesn't directly support the retrieval + of multiple certificates matching a given criteria, however + this can be worked round by performing a lookup first + (which will fill the cache with candidate certificates) + and then examining the cache for matches. This is probably + the best we can do without throwing out X509_LOOKUP + entirely (maybe later...). + + The X509_VERIFY_CTX structure has been enhanced considerably. + + All certificate lookup operations now go via a get_issuer() + callback. Although this currently uses an X509_STORE it + can be replaced by custom lookups. This is a simple way + to bypass the X509_STORE hackery necessary to make this + work and makes it possible to use more efficient techniques + in future. A very simple version which uses a simple + STACK for its trusted certificate store is also provided + using X509_STORE_CTX_trusted_stack(). + + The verify_cb() and verify() callbacks now have equivalents + in the X509_STORE_CTX structure. + + X509_STORE_CTX also has a 'flags' field which can be used + to customise the verify behaviour. + [Steve Henson] + + *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which + excludes S/MIME capabilities. + [Steve Henson] + + *) When a certificate request is read in keep a copy of the + original encoding of the signed data and use it when outputing + again. Signatures then use the original encoding rather than + a decoded, encoded version which may cause problems if the + request is improperly encoded. + [Steve Henson] + + *) For consistency with other BIO_puts implementations, call + buffer_write(b, ...) directly in buffer_puts instead of calling + BIO_write(b, ...). + + In BIO_puts, increment b->num_write as in BIO_write. + [Peter.Sylvester@EdelWeb.fr] + + *) Fix BN_mul_word for the case where the word is 0. (We have to use + BN_zero, we may not return a BIGNUM with an array consisting of + words set to zero.) + [Bodo Moeller] + + *) Avoid calling abort() from within the library when problems are + detected, except if preprocessor symbols have been defined + (such as REF_CHECK, BN_DEBUG etc.). + [Bodo Moeller] + + *) New openssl application 'rsautl'. This utility can be + used for low level RSA operations. DER public key + BIO/fp routines also added. + [Steve Henson] + + *) New Configure entry and patches for compiling on QNX 4. + [Andreas Schneider ] + + *) A demo state-machine implementation was sponsored by + Nuron (http://www.nuron.com/) and is now available in + demos/state_machine. + [Ben Laurie] + + *) New options added to the 'dgst' utility for signature + generation and verification. + [Steve Henson] + + *) Unrecognized PKCS#7 content types are now handled via a + catch all ASN1_TYPE structure. This allows unsupported + types to be stored as a "blob" and an application can + encode and decode it manually. + [Steve Henson] + + *) Fix various signed/unsigned issues to make a_strex.c + compile under VC++. + [Oscar Jacobsson ] + + *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct + length if passed a buffer. ASN1_INTEGER_to_BN failed + if passed a NULL BN and its argument was negative. + [Steve Henson, pointed out by Sven Heiberg ] + + *) Modification to PKCS#7 encoding routines to output definite + length encoding. Since currently the whole structures are in + memory there's not real point in using indefinite length + constructed encoding. However if OpenSSL is compiled with + the flag PKCS7_INDEFINITE_ENCODING the old form is used. + [Steve Henson] + + *) Added BIO_vprintf() and BIO_vsnprintf(). + [Richard Levitte] + + *) Added more prefixes to parse for in the the strings written + through a logging bio, to cover all the levels that are available + through syslog. The prefixes are now: + + PANIC, EMERG, EMR => LOG_EMERG + ALERT, ALR => LOG_ALERT + CRIT, CRI => LOG_CRIT + ERROR, ERR => LOG_ERR + WARNING, WARN, WAR => LOG_WARNING + NOTICE, NOTE, NOT => LOG_NOTICE + INFO, INF => LOG_INFO + DEBUG, DBG => LOG_DEBUG + + and as before, if none of those prefixes are present at the + beginning of the string, LOG_ERR is chosen. + + On Win32, the LOG_* levels are mapped according to this: + + LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE + LOG_WARNING => EVENTLOG_WARNING_TYPE + LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE + + [Richard Levitte] + + *) Made it possible to reconfigure with just the configuration + argument "reconf" or "reconfigure". The command line arguments + are stored in Makefile.ssl in the variable CONFIGURE_ARGS, + and are retrieved from there when reconfiguring. + [Richard Levitte] + + *) MD4 implemented. + [Assar Westerlund , Richard Levitte] + + *) Add the arguments -CAfile and -CApath to the pkcs12 utility. + [Richard Levitte] + + *) The obj_dat.pl script was messing up the sorting of object + names. The reason was that it compared the quoted version + of strings as a result "OCSP" > "OCSP Signing" because + " > SPACE. Changed script to store unquoted versions of + names and add quotes on output. It was also omitting some + names from the lookup table if they were given a default + value (that is if SN is missing it is given the same + value as LN and vice versa), these are now added on the + grounds that if an object has a name we should be able to + look it up. Finally added warning output when duplicate + short or long names are found. + [Steve Henson] + + *) Changes needed for Tandem NSK. + [Scott Uroff ] + + *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in + RSA_padding_check_SSLv23(), special padding was never detected + and thus the SSL 3.0/TLS 1.0 countermeasure against protocol + version rollback attacks was not effective. + + In s23_clnt.c, don't use special rollback-attack detection padding + (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the + client; similarly, in s23_srvr.c, don't do the rollback check if + SSL 2.0 is the only protocol enabled in the server. + [Bodo Moeller] + + *) Make it possible to get hexdumps of unprintable data with 'openssl + asn1parse'. By implication, the functions ASN1_parse_dump() and + BIO_dump_indent() are added. + [Richard Levitte] + + *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex() + these print out strings and name structures based on various + flags including RFC2253 support and proper handling of + multibyte characters. Added options to the 'x509' utility + to allow the various flags to be set. + [Steve Henson] + + *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME. + Also change the functions X509_cmp_current_time() and + X509_gmtime_adj() work with an ASN1_TIME structure, + this will enable certificates using GeneralizedTime in validity + dates to be checked. + [Steve Henson] + + *) Make the NEG_PUBKEY_BUG code (which tolerates invalid + negative public key encodings) on by default, + NO_NEG_PUBKEY_BUG can be set to disable it. + [Steve Henson] + + *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT + content octets. An i2c_ASN1_OBJECT is unnecessary because + the encoding can be trivially obtained from the structure. + [Steve Henson] + + *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock), + not read locks (CRYPTO_r_[un]lock). + [Bodo Moeller] + + *) A first attempt at creating official support for shared + libraries through configuration. I've kept it so the + default is static libraries only, and the OpenSSL programs + are always statically linked for now, but there are + preparations for dynamic linking in place. + This has been tested on Linux and Tru64. + [Richard Levitte] + + *) Randomness polling function for Win9x, as described in: + Peter Gutmann, Software Generation of Practically Strong + Random Numbers. + [Ulf Möller] + + *) Fix so PRNG is seeded in req if using an already existing + DSA key. + [Steve Henson] + + *) New options to smime application. -inform and -outform + allow alternative formats for the S/MIME message including + PEM and DER. The -content option allows the content to be + specified separately. This should allow things like Netscape + form signing output easier to verify. + [Steve Henson] + + *) Fix the ASN1 encoding of tags using the 'long form'. + [Steve Henson] + + *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT + STRING types. These convert content octets to and from the + underlying type. The actual tag and length octets are + already assumed to have been read in and checked. These + are needed because all other string types have virtually + identical handling apart from the tag. By having versions + of the ASN1 functions that just operate on content octets + IMPLICIT tagging can be handled properly. It also allows + the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED + and ASN1_INTEGER are identical apart from the tag. + [Steve Henson] + + *) Change the handling of OID objects as follows: + + - New object identifiers are inserted in objects.txt, following + the syntax given in objects.README. + - objects.pl is used to process obj_mac.num and create a new + obj_mac.h. + - obj_dat.pl is used to create a new obj_dat.h, using the data in + obj_mac.h. + + This is currently kind of a hack, and the perl code in objects.pl + isn't very elegant, but it works as I intended. The simplest way + to check that it worked correctly is to look in obj_dat.h and + check the array nid_objs and make sure the objects haven't moved + around (this is important!). Additions are OK, as well as + consistent name changes. + [Richard Levitte] + + *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1'). + [Bodo Moeller] + + *) Addition of the command line parameter '-rand file' to 'openssl req'. + The given file adds to whatever has already been seeded into the + random pool through the RANDFILE configuration file option or + environment variable, or the default random state file. + [Richard Levitte] + + *) mkstack.pl now sorts each macro group into lexical order. + Previously the output order depended on the order the files + appeared in the directory, resulting in needless rewriting + of safestack.h . + [Steve Henson] + + *) Patches to make OpenSSL compile under Win32 again. Mostly + work arounds for the VC++ problem that it treats func() as + func(void). Also stripped out the parts of mkdef.pl that + added extra typesafe functions: these no longer exist. + [Steve Henson] + + *) Reorganisation of the stack code. The macros are now all + collected in safestack.h . Each macro is defined in terms of + a "stack macro" of the form SKM_(type, a, b). The + DEBUG_SAFESTACK is now handled in terms of function casts, + this has the advantage of retaining type safety without the + use of additional functions. If DEBUG_SAFESTACK is not defined + then the non typesafe macros are used instead. Also modified the + mkstack.pl script to handle the new form. Needs testing to see + if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK + the default if no major problems. Similar behaviour for ASN1_SET_OF + and PKCS12_STACK_OF. + [Steve Henson] + + *) When some versions of IIS use the 'NET' form of private key the + key derivation algorithm is different. Normally MD5(password) is + used as a 128 bit RC4 key. In the modified case + MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some + new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same + as the old Netscape_RSA functions except they have an additional + 'sgckey' parameter which uses the modified algorithm. Also added + an -sgckey command line option to the rsa utility. Thanks to + Adrian Peck for posting details of the modified + algorithm to openssl-dev. + [Steve Henson] + + *) The evp_local.h macros were using 'c.##kname' which resulted in + invalid expansion on some systems (SCO 5.0.5 for example). + Corrected to 'c.kname'. + [Phillip Porch ] + + *) New X509_get1_email() and X509_REQ_get1_email() functions that return + a STACK of email addresses from a certificate or request, these look + in the subject name and the subject alternative name extensions and + omit any duplicate addresses. + [Steve Henson] + + *) Re-implement BN_mod_exp2_mont using independent (and larger) windows. + This makes DSA verification about 2 % faster. + [Bodo Moeller] + + *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5 + (meaning that now 2^5 values will be precomputed, which is only 4 KB + plus overhead for 1024 bit moduli). + This makes exponentiations about 0.5 % faster for 1024 bit + exponents (as measured by "openssl speed rsa2048"). + [Bodo Moeller] + + *) Rename memory handling macros to avoid conflicts with other + software: + Malloc => OPENSSL_malloc + Malloc_locked => OPENSSL_malloc_locked + Realloc => OPENSSL_realloc + Free => OPENSSL_free + [Richard Levitte] + + *) New function BN_mod_exp_mont_word for small bases (roughly 15% + faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange). + [Bodo Moeller] + + *) CygWin32 support. + [John Jarvie ] + + *) The type-safe stack code has been rejigged. It is now only compiled + in when OpenSSL is configured with the DEBUG_SAFESTACK option and + by default all type-specific stack functions are "#define"d back to + standard stack functions. This results in more streamlined output + but retains the type-safety checking possibilities of the original + approach. + [Geoff Thorpe] + + *) The STACK code has been cleaned up, and certain type declarations + that didn't make a lot of sense have been brought in line. This has + also involved a cleanup of sorts in safestack.h to more correctly + map type-safe stack functions onto their plain stack counterparts. + This work has also resulted in a variety of "const"ifications of + lots of the code, especially "_cmp" operations which should normally + be prototyped with "const" parameters anyway. + [Geoff Thorpe] + + *) When generating bytes for the first time in md_rand.c, 'stir the pool' + by seeding with STATE_SIZE dummy bytes (with zero entropy count). + (The PRNG state consists of two parts, the large pool 'state' and 'md', + where all of 'md' is used each time the PRNG is used, but 'state' + is used only indexed by a cyclic counter. As entropy may not be + well distributed from the beginning, 'md' is important as a + chaining variable. However, the output function chains only half + of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains + all of 'md', and seeding with STATE_SIZE dummy bytes will result + in all of 'state' being rewritten, with the new values depending + on virtually all of 'md'. This overcomes the 80 bit limitation.) + [Bodo Moeller] + + *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when + the handshake is continued after ssl_verify_cert_chain(); + otherwise, if SSL_VERIFY_NONE is set, remaining error codes + can lead to 'unexplainable' connection aborts later. + [Bodo Moeller; problem tracked down by Lutz Jaenicke] + + *) Major EVP API cipher revision. + Add hooks for extra EVP features. This allows various cipher + parameters to be set in the EVP interface. Support added for variable + key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and + setting of RC2 and RC5 parameters. + + Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length + ciphers. + + Remove lots of duplicated code from the EVP library. For example *every* + cipher init() function handles the 'iv' in the same way according to the + cipher mode. They also all do nothing if the 'key' parameter is NULL and + for CFB and OFB modes they zero ctx->num. + + New functionality allows removal of S/MIME code RC2 hack. + + Most of the routines have the same form and so can be declared in terms + of macros. + + By shifting this to the top level EVP_CipherInit() it can be removed from + all individual ciphers. If the cipher wants to handle IVs or keys + differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT + flags. + + Change lots of functions like EVP_EncryptUpdate() to now return a + value: although software versions of the algorithms cannot fail + any installed hardware versions can. + [Steve Henson] + + *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if + this option is set, tolerate broken clients that send the negotiated + protocol version number instead of the requested protocol version + number. + [Bodo Moeller] + + *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; + i.e. non-zero for export ciphersuites, zero otherwise. + Previous versions had this flag inverted, inconsistent with + rsa_tmp_cb (..._TMP_RSA_CB). + [Bodo Moeller; problem reported by Amit Chopra] + + *) Add missing DSA library text string. Work around for some IIS + key files with invalid SEQUENCE encoding. + [Steve Henson] + + *) Add a document (doc/standards.txt) that list all kinds of standards + and so on that are implemented in OpenSSL. + [Richard Levitte] + + *) Enhance c_rehash script. Old version would mishandle certificates + with the same subject name hash and wouldn't handle CRLs at all. + Added -fingerprint option to crl utility, to support new c_rehash + features. + [Steve Henson] + + *) Eliminate non-ANSI declarations in crypto.h and stack.h. + [Ulf Möller] + + *) Fix for SSL server purpose checking. Server checking was + rejecting certificates which had extended key usage present + but no ssl client purpose. + [Steve Henson, reported by Rene Grosser ] + + *) Make PKCS#12 code work with no password. The PKCS#12 spec + is a little unclear about how a blank password is handled. + Since the password in encoded as a BMPString with terminating + double NULL a zero length password would end up as just the + double NULL. However no password at all is different and is + handled differently in the PKCS#12 key generation code. NS + treats a blank password as zero length. MSIE treats it as no + password on export: but it will try both on import. We now do + the same: PKCS12_parse() tries zero length and no password if + the password is set to "" or NULL (NULL is now a valid password: + it wasn't before) as does the pkcs12 application. + [Steve Henson] + + *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use + perror when PEM_read_bio_X509_REQ fails, the error message must + be obtained from the error queue. + [Bodo Moeller] + + *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing + it in ERR_remove_state if appropriate, and change ERR_get_state + accordingly to avoid race conditions (this is necessary because + thread_hash is no longer constant once set). + [Bodo Moeller] + + *) Bugfix for linux-elf makefile.one. + [Ulf Möller] + + *) RSA_get_default_method() will now cause a default + RSA_METHOD to be chosen if one doesn't exist already. + Previously this was only set during a call to RSA_new() + or RSA_new_method(NULL) meaning it was possible for + RSA_get_default_method() to return NULL. + [Geoff Thorpe] + + *) Added native name translation to the existing DSO code + that will convert (if the flag to do so is set) filenames + that are sufficiently small and have no path information + into a canonical native form. Eg. "blah" converted to + "libblah.so" or "blah.dll" etc. + [Geoff Thorpe] + + *) New function ERR_error_string_n(e, buf, len) which is like + ERR_error_string(e, buf), but writes at most 'len' bytes + including the 0 terminator. For ERR_error_string_n, 'buf' + may not be NULL. + [Damien Miller , Bodo Moeller] + + *) CONF library reworked to become more general. A new CONF + configuration file reader "class" is implemented as well as a + new functions (NCONF_*, for "New CONF") to handle it. The now + old CONF_* functions are still there, but are reimplemented to + work in terms of the new functions. Also, a set of functions + to handle the internal storage of the configuration data is + provided to make it easier to write new configuration file + reader "classes" (I can definitely see something reading a + configuration file in XML format, for example), called _CONF_*, + or "the configuration storage API"... + + The new configuration file reading functions are: + + NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio, + NCONF_get_section, NCONF_get_string, NCONF_get_numbre + + NCONF_default, NCONF_WIN32 + + NCONF_dump_fp, NCONF_dump_bio + + NCONF_default and NCONF_WIN32 are method (or "class") choosers, + NCONF_new creates a new CONF object. This works in the same way + as other interfaces in OpenSSL, like the BIO interface. + NCONF_dump_* dump the internal storage of the configuration file, + which is useful for debugging. All other functions take the same + arguments as the old CONF_* functions wth the exception of the + first that must be a `CONF *' instead of a `LHASH *'. + + To make it easer to use the new classes with the old CONF_* functions, + the function CONF_set_default_method is provided. + [Richard Levitte] + + *) Add '-tls1' option to 'openssl ciphers', which was already + mentioned in the documentation but had not been implemented. + (This option is not yet really useful because even the additional + experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.) + [Bodo Moeller] + + *) Initial DSO code added into libcrypto for letting OpenSSL (and + OpenSSL-based applications) load shared libraries and bind to + them in a portable way. + [Geoff Thorpe, with contributions from Richard Levitte] + + Changes between 0.9.5 and 0.9.5a [1 Apr 2000] + + *) Make sure _lrotl and _lrotr are only used with MSVC. + + *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status + (the default implementation of RAND_status). + + *) Rename openssl x509 option '-crlext', which was added in 0.9.5, + to '-clrext' (= clear extensions), as intended and documented. + [Bodo Moeller; inconsistency pointed out by Michael Attili + ] + + *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length + was larger than the MD block size. + [Steve Henson, pointed out by Yost William ] + + *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument + fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set() + using the passed key: if the passed key was a private key the result + of X509_print(), for example, would be to print out all the private key + components. + [Steve Henson] + + *) des_quad_cksum() byte order bug fix. + [Ulf Möller, using the problem description in krb4-0.9.7, where + the solution is attributed to Derrick J Brashear ] + + *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly + discouraged. + [Steve Henson, pointed out by Brian Korver ] + + *) For easily testing in shell scripts whether some command + 'openssl XXX' exists, the new pseudo-command 'openssl no-XXX' + returns with exit code 0 iff no command of the given name is available. + 'no-XXX' is printed in this case, 'XXX' otherwise. In both cases, + the output goes to stdout and nothing is printed to stderr. + Additional arguments are always ignored. + + Since for each cipher there is a command of the same name, + the 'no-cipher' compilation switches can be tested this way. + + ('openssl no-XXX' is not able to detect pseudo-commands such + as 'quit', 'list-XXX-commands', or 'no-XXX' itself.) + [Bodo Moeller] + + *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration. + [Bodo Moeller] + + *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE + is set; it will be thrown away anyway because each handshake creates + its own key. + ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition + to parameters -- in previous versions (since OpenSSL 0.9.3) the + 'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining + you effectivly got SSL_OP_SINGLE_DH_USE when using this macro. + [Bodo Moeller] + + *) New s_client option -ign_eof: EOF at stdin is ignored, and + 'Q' and 'R' lose their special meanings (quit/renegotiate). + This is part of what -quiet does; unlike -quiet, -ign_eof + does not suppress any output. + [Richard Levitte] + + *) Add compatibility options to the purpose and trust code. The + purpose X509_PURPOSE_ANY is "any purpose" which automatically + accepts a certificate or CA, this was the previous behaviour, + with all the associated security issues. + + X509_TRUST_COMPAT is the old trust behaviour: only and + automatically trust self signed roots in certificate store. A + new trust setting X509_TRUST_DEFAULT is used to specify that + a purpose has no associated trust setting and it should instead + use the value in the default purpose. + [Steve Henson] + + *) Fix the PKCS#8 DSA private key code so it decodes keys again + and fix a memory leak. + [Steve Henson] + + *) In util/mkerr.pl (which implements 'make errors'), preserve + reason strings from the previous version of the .c file, as + the default to have only downcase letters (and digits) in + automatically generated reasons codes is not always appropriate. + [Bodo Moeller] + + *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table + using strerror. Previously, ERR_reason_error_string() returned + library names as reason strings for SYSerr; but SYSerr is a special + case where small numbers are errno values, not library numbers. + [Bodo Moeller] + + *) Add '-dsaparam' option to 'openssl dhparam' application. This + converts DSA parameters into DH parameters. (When creating parameters, + DSA_generate_parameters is used.) + [Bodo Moeller] + + *) Include 'length' (recommended exponent length) in C code generated + by 'openssl dhparam -C'. + [Bodo Moeller] + + *) The second argument to set_label in perlasm was already being used + so couldn't be used as a "file scope" flag. Moved to third argument + which was free. + [Steve Henson] + + *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes + instead of RAND_bytes for encryption IVs and salts. + [Bodo Moeller] + + *) Include RAND_status() into RAND_METHOD instead of implementing + it only for md_rand.c Otherwise replacing the PRNG by calling + RAND_set_rand_method would be impossible. + [Bodo Moeller] + + *) Don't let DSA_generate_key() enter an infinite loop if the random + number generation fails. + [Bodo Moeller] + + *) New 'rand' application for creating pseudo-random output. + [Bodo Moeller] + + *) Added configuration support for Linux/IA64 + [Rolf Haberrecker ] + + *) Assembler module support for Mingw32. + [Ulf Möller] + + *) Shared library support for HPUX (in shlib/). + [Lutz Jaenicke and Anonymous] + + *) Shared library support for Solaris gcc. + [Lutz Behnke ] + + Changes between 0.9.4 and 0.9.5 [28 Feb 2000] + + *) PKCS7_encrypt() was adding text MIME headers twice because they + were added manually and by SMIME_crlf_copy(). + [Steve Henson] + + *) In bntest.c don't call BN_rand with zero bits argument. + [Steve Henson, pointed out by Andrew W. Gray ] + + *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] + case was implemented. This caused BN_div_recp() to fail occasionally. + [Ulf Möller] + + *) Add an optional second argument to the set_label() in the perl + assembly language builder. If this argument exists and is set + to 1 it signals that the assembler should use a symbol whose + scope is the entire file, not just the current function. This + is needed with MASM which uses the format label:: for this scope. + [Steve Henson, pointed out by Peter Runestig ] + + *) Change the ASN1 types so they are typedefs by default. Before + almost all types were #define'd to ASN1_STRING which was causing + STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING) + for example. + [Steve Henson] + + *) Change names of new functions to the new get1/get0 naming + convention: After 'get1', the caller owns a reference count + and has to call ..._free; 'get0' returns a pointer to some + data structure without incrementing reference counters. + (Some of the existing 'get' functions increment a reference + counter, some don't.) + Similarly, 'set1' and 'add1' functions increase reference + counters or duplicate objects. + [Steve Henson] + + *) Allow for the possibility of temp RSA key generation failure: + the code used to assume it always worked and crashed on failure. + [Steve Henson] + + *) Fix potential buffer overrun problem in BIO_printf(). + [Ulf Möller, using public domain code by Patrick Powell; problem + pointed out by David Sacerdote ] + + *) Support EGD . New functions + RAND_egd() and RAND_status(). In the command line application, + the EGD socket can be specified like a seed file using RANDFILE + or -rand. + [Ulf Möller] + + *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. + Some CAs (e.g. Verisign) distribute certificates in this form. + [Steve Henson] + + *) Remove the SSL_ALLOW_ADH compile option and set the default cipher + list to exclude them. This means that no special compilation option + is needed to use anonymous DH: it just needs to be included in the + cipher list. + [Steve Henson] + + *) Change the EVP_MD_CTX_type macro so its meaning consistent with + EVP_MD_type. The old functionality is available in a new macro called + EVP_MD_md(). Change code that uses it and update docs. + [Steve Henson] + + *) ..._ctrl functions now have corresponding ..._callback_ctrl functions + where the 'void *' argument is replaced by a function pointer argument. + Previously 'void *' was abused to point to functions, which works on + many platforms, but is not correct. As these functions are usually + called by macros defined in OpenSSL header files, most source code + should work without changes. + [Richard Levitte] + + *) (which is created by Configure) now contains + sections with information on -D... compiler switches used for + compiling the library so that applications can see them. To enable + one of these sections, a pre-processor symbol OPENSSL_..._DEFINES + must be defined. E.g., + #define OPENSSL_ALGORITHM_DEFINES + #include + defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. + [Richard Levitte, Ulf and Bodo Möller] + + *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS + record layer. + [Bodo Moeller] + + *) Change the 'other' type in certificate aux info to a STACK_OF + X509_ALGOR. Although not an AlgorithmIdentifier as such it has + the required ASN1 format: arbitrary types determined by an OID. + [Steve Henson] + + *) Add some PEM_write_X509_REQ_NEW() functions and a command line + argument to 'req'. This is not because the function is newer or + better than others it just uses the work 'NEW' in the certificate + request header lines. Some software needs this. + [Steve Henson] + + *) Reorganise password command line arguments: now passwords can be + obtained from various sources. Delete the PEM_cb function and make + it the default behaviour: i.e. if the callback is NULL and the + usrdata argument is not NULL interpret it as a null terminated pass + phrase. If usrdata and the callback are NULL then the pass phrase + is prompted for as usual. + [Steve Henson] + + *) Add support for the Compaq Atalla crypto accelerator. If it is installed, + the support is automatically enabled. The resulting binaries will + autodetect the card and use it if present. + [Ben Laurie and Compaq Inc.] + + *) Work around for Netscape hang bug. This sends certificate request + and server done in one record. Since this is perfectly legal in the + SSL/TLS protocol it isn't a "bug" option and is on by default. See + the bugs/SSLv3 entry for more info. + [Steve Henson] + + *) HP-UX tune-up: new unified configs, HP C compiler bug workaround. + [Andy Polyakov] + + *) Add -rand argument to smime and pkcs12 applications and read/write + of seed file. + [Steve Henson] + + *) New 'passwd' tool for crypt(3) and apr1 password hashes. + [Bodo Moeller] + + *) Add command line password options to the remaining applications. + [Steve Henson] + + *) Bug fix for BN_div_recp() for numerators with an even number of + bits. + [Ulf Möller] + + *) More tests in bntest.c, and changed test_bn output. + [Ulf Möller] + + *) ./config recognizes MacOS X now. + [Andy Polyakov] + + *) Bug fix for BN_div() when the first words of num and divsor are + equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). + [Ulf Möller] + + *) Add support for various broken PKCS#8 formats, and command line + options to produce them. + [Steve Henson] + + *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to + get temporary BIGNUMs from a BN_CTX. + [Ulf Möller] + + *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() + for p == 0. + [Ulf Möller] + + *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and + include a #define from the old name to the new. The original intent + was that statically linked binaries could for example just call + SSLeay_add_all_ciphers() to just add ciphers to the table and not + link with digests. This never worked becayse SSLeay_add_all_digests() + and SSLeay_add_all_ciphers() were in the same source file so calling + one would link with the other. They are now in separate source files. + [Steve Henson] + + *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'. + [Steve Henson] + + *) Use a less unusual form of the Miller-Rabin primality test (it used + a binary algorithm for exponentiation integrated into the Miller-Rabin + loop, our standard modexp algorithms are faster). + [Bodo Moeller] + + *) Support for the EBCDIC character set completed. + [Martin Kraemer ] + + *) Source code cleanups: use const where appropriate, eliminate casts, + use void * instead of char * in lhash. + [Ulf Möller] + + *) Bugfix: ssl3_send_server_key_exchange was not restartable + (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of + this the server could overwrite ephemeral keys that the client + has already seen). + [Bodo Moeller] + + *) Turn DSA_is_prime into a macro that calls BN_is_prime, + using 50 iterations of the Rabin-Miller test. + + DSA_generate_parameters now uses BN_is_prime_fasttest (with 50 + iterations of the Rabin-Miller test as required by the appendix + to FIPS PUB 186[-1]) instead of DSA_is_prime. + As BN_is_prime_fasttest includes trial division, DSA parameter + generation becomes much faster. + + This implies a change for the callback functions in DSA_is_prime + and DSA_generate_parameters: The callback function is called once + for each positive witness in the Rabin-Miller test, not just + occasionally in the inner loop; and the parameters to the + callback function now provide an iteration count for the outer + loop rather than for the current invocation of the inner loop. + DSA_generate_parameters additionally can call the callback + function with an 'iteration count' of -1, meaning that a + candidate has passed the trial division test (when q is generated + from an application-provided seed, trial division is skipped). + [Bodo Moeller] + + *) New function BN_is_prime_fasttest that optionally does trial + division before starting the Rabin-Miller test and has + an additional BN_CTX * argument (whereas BN_is_prime always + has to allocate at least one BN_CTX). + 'callback(1, -1, cb_arg)' is called when a number has passed the + trial division stage. + [Bodo Moeller] + + *) Fix for bug in CRL encoding. The validity dates weren't being handled + as ASN1_TIME. + [Steve Henson] + + *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file. + [Steve Henson] + + *) New function BN_pseudo_rand(). + [Ulf Möller] + + *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) + bignum version of BN_from_montgomery() with the working code from + SSLeay 0.9.0 (the word based version is faster anyway), and clean up + the comments. + [Ulf Möller] + + *) Avoid a race condition in s2_clnt.c (function get_server_hello) that + made it impossible to use the same SSL_SESSION data structure in + SSL2 clients in multiple threads. + [Bodo Moeller] + + *) The return value of RAND_load_file() no longer counts bytes obtained + by stat(). RAND_load_file(..., -1) is new and uses the complete file + to seed the PRNG (previously an explicit byte count was required). + [Ulf Möller, Bodo Möller] + + *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes + used (char *) instead of (void *) and had casts all over the place. + [Steve Henson] + + *) Make BN_generate_prime() return NULL on error if ret!=NULL. + [Ulf Möller] + + *) Retain source code compatibility for BN_prime_checks macro: + BN_is_prime(..., BN_prime_checks, ...) now uses + BN_prime_checks_for_size to determine the appropriate number of + Rabin-Miller iterations. + [Ulf Möller] + + *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to + DH_CHECK_P_NOT_SAFE_PRIME. + (Check if this is true? OpenPGP calls them "strong".) + [Ulf Möller] + + *) Merge the functionality of "dh" and "gendh" programs into a new program + "dhparam". The old programs are retained for now but will handle DH keys + (instead of parameters) in future. + [Steve Henson] + + *) Make the ciphers, s_server and s_client programs check the return values + when a new cipher list is set. + [Steve Henson] + + *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit + ciphers. Before when the 56bit ciphers were enabled the sorting was + wrong. + + The syntax for the cipher sorting has been extended to support sorting by + cipher-strength (using the strength_bits hard coded in the tables). + The new command is "@STRENGTH" (see also doc/apps/ciphers.pod). + + Fix a bug in the cipher-command parser: when supplying a cipher command + string with an "undefined" symbol (neither command nor alphanumeric + [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now + an error is flagged. + + Due to the strength-sorting extension, the code of the + ssl_create_cipher_list() function was completely rearranged. I hope that + the readability was also increased :-) + [Lutz Jaenicke ] + + *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1 + for the first serial number and places 2 in the serial number file. This + avoids problems when the root CA is created with serial number zero and + the first user certificate has the same issuer name and serial number + as the root CA. + [Steve Henson] + + *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses + the new code. Add documentation for this stuff. + [Steve Henson] + + *) Changes to X509_ATTRIBUTE utilities. These have been renamed from + X509_*() to X509at_*() on the grounds that they don't handle X509 + structures and behave in an analagous way to the X509v3 functions: + they shouldn't be called directly but wrapper functions should be used + instead. + + So we also now have some wrapper functions that call the X509at functions + when passed certificate requests. (TO DO: similar things can be done with + PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other + things. Some of these need some d2i or i2d and print functionality + because they handle more complex structures.) + [Steve Henson] + + *) Add missing #ifndefs that caused missing symbols when building libssl + as a shared library without RSA. Use #ifndef NO_SSL2 instead of + NO_RSA in ssl/s2*.c. + [Kris Kennaway , modified by Ulf Möller] + + *) Precautions against using the PRNG uninitialized: RAND_bytes() now + has a return value which indicates the quality of the random data + (1 = ok, 0 = not seeded). Also an error is recorded on the thread's + error queue. New function RAND_pseudo_bytes() generates output that is + guaranteed to be unique but not unpredictable. RAND_add is like + RAND_seed, but takes an extra argument for an entropy estimate + (RAND_seed always assumes full entropy). + [Ulf Möller] + + *) Do more iterations of Rabin-Miller probable prime test (specifically, + 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes + instead of only 2 for all lengths; see BN_prime_checks_for_size definition + in crypto/bn/bn_prime.c for the complete table). This guarantees a + false-positive rate of at most 2^-80 for random input. + [Bodo Moeller] + + *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs. + [Bodo Moeller] + + *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain + in the 0.9.5 release), this returns the chain + from an X509_CTX structure with a dup of the stack and all + the X509 reference counts upped: so the stack will exist + after X509_CTX_cleanup() has been called. Modify pkcs12.c + to use this. + + Also make SSL_SESSION_print() print out the verify return + code. + [Steve Henson] + + *) Add manpage for the pkcs12 command. Also change the default + behaviour so MAC iteration counts are used unless the new + -nomaciter option is used. This improves file security and + only older versions of MSIE (4.0 for example) need it. + [Steve Henson] + + *) Honor the no-xxx Configure options when creating .DEF files. + [Ulf Möller] + + *) Add PKCS#10 attributes to field table: challengePassword, + unstructuredName and unstructuredAddress. These are taken from + draft PKCS#9 v2.0 but are compatible with v1.2 provided no + international characters are used. + + More changes to X509_ATTRIBUTE code: allow the setting of types + based on strings. Remove the 'loc' parameter when adding + attributes because these will be a SET OF encoding which is sorted + in ASN1 order. + [Steve Henson] + + *) Initial changes to the 'req' utility to allow request generation + automation. This will allow an application to just generate a template + file containing all the field values and have req construct the + request. + + Initial support for X509_ATTRIBUTE handling. Stacks of these are + used all over the place including certificate requests and PKCS#7 + structures. They are currently handled manually where necessary with + some primitive wrappers for PKCS#7. The new functions behave in a + manner analogous to the X509 extension functions: they allow + attributes to be looked up by NID and added. + + Later something similar to the X509V3 code would be desirable to + automatically handle the encoding, decoding and printing of the + more complex types. The string types like challengePassword can + be handled by the string table functions. + + Also modified the multi byte string table handling. Now there is + a 'global mask' which masks out certain types. The table itself + can use the flag STABLE_NO_MASK to ignore the mask setting: this + is useful when for example there is only one permissible type + (as in countryName) and using the mask might result in no valid + types at all. + [Steve Henson] + + *) Clean up 'Finished' handling, and add functions SSL_get_finished and + SSL_get_peer_finished to allow applications to obtain the latest + Finished messages sent to the peer or expected from the peer, + respectively. (SSL_get_peer_finished is usually the Finished message + actually received from the peer, otherwise the protocol will be aborted.) + + As the Finished message are message digests of the complete handshake + (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can + be used for external authentication procedures when the authentication + provided by SSL/TLS is not desired or is not enough. + [Bodo Moeller] + + *) Enhanced support for Alpha Linux is added. Now ./config checks if + the host supports BWX extension and if Compaq C is present on the + $PATH. Just exploiting of the BWX extension results in 20-30% + performance kick for some algorithms, e.g. DES and RC4 to mention + a couple. Compaq C in turn generates ~20% faster code for MD5 and + SHA1. + [Andy Polyakov] + + *) Add support for MS "fast SGC". This is arguably a violation of the + SSL3/TLS protocol. Netscape SGC does two handshakes: the first with + weak crypto and after checking the certificate is SGC a second one + with strong crypto. MS SGC stops the first handshake after receiving + the server certificate message and sends a second client hello. Since + a server will typically do all the time consuming operations before + expecting any further messages from the client (server key exchange + is the most expensive) there is little difference between the two. + + To get OpenSSL to support MS SGC we have to permit a second client + hello message after we have sent server done. In addition we have to + reset the MAC if we do get this second client hello. + [Steve Henson] + + *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide + if a DER encoded private key is RSA or DSA traditional format. Changed + d2i_PrivateKey_bio() to use it. This is only needed for the "traditional" + format DER encoded private key. Newer code should use PKCS#8 format which + has the key type encoded in the ASN1 structure. Added DER private key + support to pkcs8 application. + [Steve Henson] + + *) SSL 3/TLS 1 servers now don't request certificates when an anonymous + ciphersuites has been selected (as required by the SSL 3/TLS 1 + specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT + is set, we interpret this as a request to violate the specification + (the worst that can happen is a handshake failure, and 'correct' + behaviour would result in a handshake failure anyway). + [Bodo Moeller] + + *) In SSL_CTX_add_session, take into account that there might be multiple + SSL_SESSION structures with the same session ID (e.g. when two threads + concurrently obtain them from an external cache). + The internal cache can handle only one SSL_SESSION with a given ID, + so if there's a conflict, we now throw out the old one to achieve + consistency. + [Bodo Moeller] + + *) Add OIDs for idea and blowfish in CBC mode. This will allow both + to be used in PKCS#5 v2.0 and S/MIME. Also add checking to + some routines that use cipher OIDs: some ciphers do not have OIDs + defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for + example. + [Steve Henson] + + *) Simplify the trust setting structure and code. Now we just have + two sequences of OIDs for trusted and rejected settings. These will + typically have values the same as the extended key usage extension + and any application specific purposes. + + The trust checking code now has a default behaviour: it will just + check for an object with the same NID as the passed id. Functions can + be provided to override either the default behaviour or the behaviour + for a given id. SSL client, server and email already have functions + in place for compatibility: they check the NID and also return "trusted" + if the certificate is self signed. + [Steve Henson] + + *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the + traditional format into an EVP_PKEY structure. + [Steve Henson] + + *) Add a password callback function PEM_cb() which either prompts for + a password if usr_data is NULL or otherwise assumes it is a null + terminated password. Allow passwords to be passed on command line + environment or config files in a few more utilities. + [Steve Henson] + + *) Add a bunch of DER and PEM functions to handle PKCS#8 format private + keys. Add some short names for PKCS#8 PBE algorithms and allow them + to be specified on the command line for the pkcs8 and pkcs12 utilities. + Update documentation. + [Steve Henson] + + *) Support for ASN1 "NULL" type. This could be handled before by using + ASN1_TYPE but there wasn't any function that would try to read a NULL + and produce an error if it couldn't. For compatibility we also have + ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and + don't allocate anything because they don't need to. + [Steve Henson] + + *) Initial support for MacOS is now provided. Examine INSTALL.MacOS + for details. + [Andy Polyakov, Roy Woods ] + + *) Rebuild of the memory allocation routines used by OpenSSL code and + possibly others as well. The purpose is to make an interface that + provide hooks so anyone can build a separate set of allocation and + deallocation routines to be used by OpenSSL, for example memory + pool implementations, or something else, which was previously hard + since Malloc(), Realloc() and Free() were defined as macros having + the values malloc, realloc and free, respectively (except for Win32 + compilations). The same is provided for memory debugging code. + OpenSSL already comes with functionality to find memory leaks, but + this gives people a chance to debug other memory problems. + + With these changes, a new set of functions and macros have appeared: + + CRYPTO_set_mem_debug_functions() [F] + CRYPTO_get_mem_debug_functions() [F] + CRYPTO_dbg_set_options() [F] + CRYPTO_dbg_get_options() [F] + CRYPTO_malloc_debug_init() [M] + + The memory debug functions are NULL by default, unless the library + is compiled with CRYPTO_MDEBUG or friends is defined. If someone + wants to debug memory anyway, CRYPTO_malloc_debug_init() (which + gives the standard debugging functions that come with OpenSSL) or + CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions + provided by the library user) must be used. When the standard + debugging functions are used, CRYPTO_dbg_set_options can be used to + request additional information: + CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting + the CRYPTO_MDEBUG_xxx macro when compiling the library. + + Also, things like CRYPTO_set_mem_functions will always give the + expected result (the new set of functions is used for allocation + and deallocation) at all times, regardless of platform and compiler + options. + + To finish it up, some functions that were never use in any other + way than through macros have a new API and new semantic: + + CRYPTO_dbg_malloc() + CRYPTO_dbg_realloc() + CRYPTO_dbg_free() + + All macros of value have retained their old syntax. + [Richard Levitte and Bodo Moeller] + + *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the + ordering of SMIMECapabilities wasn't in "strength order" and there + was a missing NULL in the AlgorithmIdentifier for the SHA1 signature + algorithm. + [Steve Henson] + + *) Some ASN1 types with illegal zero length encoding (INTEGER, + ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines. + [Frans Heymans , modified by Steve Henson] + + *) Merge in my S/MIME library for OpenSSL. This provides a simple + S/MIME API on top of the PKCS#7 code, a MIME parser (with enough + functionality to handle multipart/signed properly) and a utility + called 'smime' to call all this stuff. This is based on code I + originally wrote for Celo who have kindly allowed it to be + included in OpenSSL. + [Steve Henson] + + *) Add variants des_set_key_checked and des_set_key_unchecked of + des_set_key (aka des_key_sched). Global variable des_check_key + decides which of these is called by des_set_key; this way + des_check_key behaves as it always did, but applications and + the library itself, which was buggy for des_check_key == 1, + have a cleaner way to pick the version they need. + [Bodo Moeller] + + *) New function PKCS12_newpass() which changes the password of a + PKCS12 structure. + [Steve Henson] + + *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and + dynamic mix. In both cases the ids can be used as an index into the + table. Also modified the X509_TRUST_add() and X509_PURPOSE_add() + functions so they accept a list of the field values and the + application doesn't need to directly manipulate the X509_TRUST + structure. + [Steve Henson] + + *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't + need initialising. + [Steve Henson] + + *) Modify the way the V3 extension code looks up extensions. This now + works in a similar way to the object code: we have some "standard" + extensions in a static table which is searched with OBJ_bsearch() + and the application can add dynamic ones if needed. The file + crypto/x509v3/ext_dat.h now has the info: this file needs to be + updated whenever a new extension is added to the core code and kept + in ext_nid order. There is a simple program 'tabtest.c' which checks + this. New extensions are not added too often so this file can readily + be maintained manually. + + There are two big advantages in doing things this way. The extensions + can be looked up immediately and no longer need to be "added" using + X509V3_add_standard_extensions(): this function now does nothing. + [Side note: I get *lots* of email saying the extension code doesn't + work because people forget to call this function] + Also no dynamic allocation is done unless new extensions are added: + so if we don't add custom extensions there is no need to call + X509V3_EXT_cleanup(). + [Steve Henson] + + *) Modify enc utility's salting as follows: make salting the default. Add a + magic header, so unsalted files fail gracefully instead of just decrypting + to garbage. This is because not salting is a big security hole, so people + should be discouraged from doing it. + [Ben Laurie] + + *) Fixes and enhancements to the 'x509' utility. It allowed a message + digest to be passed on the command line but it only used this + parameter when signing a certificate. Modified so all relevant + operations are affected by the digest parameter including the + -fingerprint and -x509toreq options. Also -x509toreq choked if a + DSA key was used because it didn't fix the digest. + [Steve Henson] + + *) Initial certificate chain verify code. Currently tests the untrusted + certificates for consistency with the verify purpose (which is set + when the X509_STORE_CTX structure is set up) and checks the pathlength. + + There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour: + this is because it will reject chains with invalid extensions whereas + every previous version of OpenSSL and SSLeay made no checks at all. + + Trust code: checks the root CA for the relevant trust settings. Trust + settings have an initial value consistent with the verify purpose: e.g. + if the verify purpose is for SSL client use it expects the CA to be + trusted for SSL client use. However the default value can be changed to + permit custom trust settings: one example of this would be to only trust + certificates from a specific "secure" set of CAs. + + Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions + which should be used for version portability: especially since the + verify structure is likely to change more often now. + + SSL integration. Add purpose and trust to SSL_CTX and SSL and functions + to set them. If not set then assume SSL clients will verify SSL servers + and vice versa. + + Two new options to the verify program: -untrusted allows a set of + untrusted certificates to be passed in and -purpose which sets the + intended purpose of the certificate. If a purpose is set then the + new chain verify code is used to check extension consistency. + [Steve Henson] + + *) Support for the authority information access extension. + [Steve Henson] + + *) Modify RSA and DSA PEM read routines to transparently handle + PKCS#8 format private keys. New *_PUBKEY_* functions that handle + public keys in a format compatible with certificate + SubjectPublicKeyInfo structures. Unfortunately there were already + functions called *_PublicKey_* which used various odd formats so + these are retained for compatibility: however the DSA variants were + never in a public release so they have been deleted. Changed dsa/rsa + utilities to handle the new format: note no releases ever handled public + keys so we should be OK. + + The primary motivation for this change is to avoid the same fiasco + that dogs private keys: there are several incompatible private key + formats some of which are standard and some OpenSSL specific and + require various evil hacks to allow partial transparent handling and + even then it doesn't work with DER formats. Given the option anything + other than PKCS#8 should be dumped: but the other formats have to + stay in the name of compatibility. + + With public keys and the benefit of hindsight one standard format + is used which works with EVP_PKEY, RSA or DSA structures: though + it clearly returns an error if you try to read the wrong kind of key. + + Added a -pubkey option to the 'x509' utility to output the public key. + Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*() + (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add + EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*()) + that do the same as the EVP_PKEY_assign_*() except they up the + reference count of the added key (they don't "swallow" the + supplied key). + [Steve Henson] + + *) Fixes to crypto/x509/by_file.c the code to read in certificates and + CRLs would fail if the file contained no certificates or no CRLs: + added a new function to read in both types and return the number + read: this means that if none are read it will be an error. The + DER versions of the certificate and CRL reader would always fail + because it isn't possible to mix certificates and CRLs in DER format + without choking one or the other routine. Changed this to just read + a certificate: this is the best we can do. Also modified the code + in apps/verify.c to take notice of return codes: it was previously + attempting to read in certificates from NULL pointers and ignoring + any errors: this is one reason why the cert and CRL reader seemed + to work. It doesn't check return codes from the default certificate + routines: these may well fail if the certificates aren't installed. + [Steve Henson] + + *) Code to support otherName option in GeneralName. + [Steve Henson] + + *) First update to verify code. Change the verify utility + so it warns if it is passed a self signed certificate: + for consistency with the normal behaviour. X509_verify + has been modified to it will now verify a self signed + certificate if *exactly* the same certificate appears + in the store: it was previously impossible to trust a + single self signed certificate. This means that: + openssl verify ss.pem + now gives a warning about a self signed certificate but + openssl verify -CAfile ss.pem ss.pem + is OK. + [Steve Henson] + + *) For servers, store verify_result in SSL_SESSION data structure + (and add it to external session representation). + This is needed when client certificate verifications fails, + but an application-provided verification callback (set by + SSL_CTX_set_cert_verify_callback) allows accepting the session + anyway (i.e. leaves x509_store_ctx->error != X509_V_OK + but returns 1): When the session is reused, we have to set + ssl->verify_result to the appropriate error code to avoid + security holes. + [Bodo Moeller, problem pointed out by Lutz Jaenicke] + + *) Fix a bug in the new PKCS#7 code: it didn't consider the + case in PKCS7_dataInit() where the signed PKCS7 structure + didn't contain any existing data because it was being created. + [Po-Cheng Chen , slightly modified by Steve Henson] + + *) Add a salt to the key derivation routines in enc.c. This + forms the first 8 bytes of the encrypted file. Also add a + -S option to allow a salt to be input on the command line. + [Steve Henson] + + *) New function X509_cmp(). Oddly enough there wasn't a function + to compare two certificates. We do this by working out the SHA1 + hash and comparing that. X509_cmp() will be needed by the trust + code. + [Steve Henson] + + *) SSL_get1_session() is like SSL_get_session(), but increments + the reference count in the SSL_SESSION returned. + [Geoff Thorpe ] + + *) Fix for 'req': it was adding a null to request attributes. + Also change the X509_LOOKUP and X509_INFO code to handle + certificate auxiliary information. + [Steve Henson] + + *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document + the 'enc' command. + [Steve Henson] + + *) Add the possibility to add extra information to the memory leak + detecting output, to form tracebacks, showing from where each + allocation was originated: CRYPTO_push_info("constant string") adds + the string plus current file name and line number to a per-thread + stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info() + is like calling CYRPTO_pop_info() until the stack is empty. + Also updated memory leak detection code to be multi-thread-safe. + [Richard Levitte] + + *) Add options -text and -noout to pkcs7 utility and delete the + encryption options which never did anything. Update docs. + [Steve Henson] + + *) Add options to some of the utilities to allow the pass phrase + to be included on either the command line (not recommended on + OSes like Unix) or read from the environment. Update the + manpages and fix a few bugs. + [Steve Henson] + + *) Add a few manpages for some of the openssl commands. + [Steve Henson] + + *) Fix the -revoke option in ca. It was freeing up memory twice, + leaking and not finding already revoked certificates. + [Steve Henson] + + *) Extensive changes to support certificate auxiliary information. + This involves the use of X509_CERT_AUX structure and X509_AUX + functions. An X509_AUX function such as PEM_read_X509_AUX() + can still read in a certificate file in the usual way but it + will also read in any additional "auxiliary information". By + doing things this way a fair degree of compatibility can be + retained: existing certificates can have this information added + using the new 'x509' options. + + Current auxiliary information includes an "alias" and some trust + settings. The trust settings will ultimately be used in enhanced + certificate chain verification routines: currently a certificate + can only be trusted if it is self signed and then it is trusted + for all purposes. + [Steve Henson] + + *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). + The problem was that one of the replacement routines had not been working + since SSLeay releases. For now the offending routine has been replaced + with non-optimised assembler. Even so, this now gives around 95% + performance improvement for 1024 bit RSA signs. + [Mark Cox] + + *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2 + handling. Most clients have the effective key size in bits equal to + the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key. + A few however don't do this and instead use the size of the decrypted key + to determine the RC2 key length and the AlgorithmIdentifier to determine + the effective key length. In this case the effective key length can still + be 40 bits but the key length can be 168 bits for example. This is fixed + by manually forcing an RC2 key into the EVP_PKEY structure because the + EVP code can't currently handle unusual RC2 key sizes: it always assumes + the key length and effective key length are equal. + [Steve Henson] + + *) Add a bunch of functions that should simplify the creation of + X509_NAME structures. Now you should be able to do: + X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0); + and have it automatically work out the correct field type and fill in + the structures. The more adventurous can try: + X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0); + and it will (hopefully) work out the correct multibyte encoding. + [Steve Henson] + + *) Change the 'req' utility to use the new field handling and multibyte + copy routines. Before the DN field creation was handled in an ad hoc + way in req, ca, and x509 which was rather broken and didn't support + BMPStrings or UTF8Strings. Since some software doesn't implement + BMPStrings or UTF8Strings yet, they can be enabled using the config file + using the dirstring_type option. See the new comment in the default + openssl.cnf for more info. + [Steve Henson] + + *) Make crypto/rand/md_rand.c more robust: + - Assure unique random numbers after fork(). + - Make sure that concurrent threads access the global counter and + md serializably so that we never lose entropy in them + or use exactly the same state in multiple threads. + Access to the large state is not always serializable because + the additional locking could be a performance killer, and + md should be large enough anyway. + [Bodo Moeller] + + *) New file apps/app_rand.c with commonly needed functionality + for handling the random seed file. + + Use the random seed file in some applications that previously did not: + ca, + dsaparam -genkey (which also ignored its '-rand' option), + s_client, + s_server, + x509 (when signing). + Except on systems with /dev/urandom, it is crucial to have a random + seed file at least for key creation, DSA signing, and for DH exchanges; + for RSA signatures we could do without one. + + gendh and gendsa (unlike genrsa) used to read only the first byte + of each file listed in the '-rand' option. The function as previously + found in genrsa is now in app_rand.c and is used by all programs + that support '-rand'. + [Bodo Moeller] + + *) In RAND_write_file, use mode 0600 for creating files; + don't just chmod when it may be too late. + [Bodo Moeller] + + *) Report an error from X509_STORE_load_locations + when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed. + [Bill Perry] + + *) New function ASN1_mbstring_copy() this copies a string in either + ASCII, Unicode, Universal (4 bytes per character) or UTF8 format + into an ASN1_STRING type. A mask of permissible types is passed + and it chooses the "minimal" type to use or an error if not type + is suitable. + [Steve Henson] + + *) Add function equivalents to the various macros in asn1.h. The old + macros are retained with an M_ prefix. Code inside the library can + use the M_ macros. External code (including the openssl utility) + should *NOT* in order to be "shared library friendly". + [Steve Henson] + + *) Add various functions that can check a certificate's extensions + to see if it usable for various purposes such as SSL client, + server or S/MIME and CAs of these types. This is currently + VERY EXPERIMENTAL but will ultimately be used for certificate chain + verification. Also added a -purpose flag to x509 utility to + print out all the purposes. + [Steve Henson] + + *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated + functions. + [Steve Henson] + + *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search + for, obtain and decode and extension and obtain its critical flag. + This allows all the necessary extension code to be handled in a + single function call. + [Steve Henson] + + *) RC4 tune-up featuring 30-40% performance improvement on most RISC + platforms. See crypto/rc4/rc4_enc.c for further details. + [Andy Polyakov] + + *) New -noout option to asn1parse. This causes no output to be produced + its main use is when combined with -strparse and -out to extract data + from a file (which may not be in ASN.1 format). + [Steve Henson] + + *) Fix for pkcs12 program. It was hashing an invalid certificate pointer + when producing the local key id. + [Richard Levitte ] + + *) New option -dhparam in s_server. This allows a DH parameter file to be + stated explicitly. If it is not stated then it tries the first server + certificate file. The previous behaviour hard coded the filename + "server.pem". + [Steve Henson] + + *) Add -pubin and -pubout options to the rsa and dsa commands. These allow + a public key to be input or output. For example: + openssl rsa -in key.pem -pubout -out pubkey.pem + Also added necessary DSA public key functions to handle this. + [Steve Henson] + + *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained + in the message. This was handled by allowing + X509_find_by_issuer_and_serial() to tolerate a NULL passed to it. + [Steve Henson, reported by Sampo Kellomaki ] + + *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null + to the end of the strings whereas this didn't. This would cause problems + if strings read with d2i_ASN1_bytes() were later modified. + [Steve Henson, reported by Arne Ansper ] + + *) Fix for base64 decode bug. When a base64 bio reads only one line of + data and it contains EOF it will end up returning an error. This is + caused by input 46 bytes long. The cause is due to the way base64 + BIOs find the start of base64 encoded data. They do this by trying a + trial decode on each line until they find one that works. When they + do a flag is set and it starts again knowing it can pass all the + data directly through the decoder. Unfortunately it doesn't reset + the context it uses. This means that if EOF is reached an attempt + is made to pass two EOFs through the context and this causes the + resulting error. This can also cause other problems as well. As is + usual with these problems it takes *ages* to find and the fix is + trivial: move one line. + [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ] + + *) Ugly workaround to get s_client and s_server working under Windows. The + old code wouldn't work because it needed to select() on sockets and the + tty (for keypresses and to see if data could be written). Win32 only + supports select() on sockets so we select() with a 1s timeout on the + sockets and then see if any characters are waiting to be read, if none + are present then we retry, we also assume we can always write data to + the tty. This isn't nice because the code then blocks until we've + received a complete line of data and it is effectively polling the + keyboard at 1s intervals: however it's quite a bit better than not + working at all :-) A dedicated Windows application might handle this + with an event loop for example. + [Steve Henson] + + *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign + and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions + will be called when RSA_sign() and RSA_verify() are used. This is useful + if rsa_pub_dec() and rsa_priv_enc() equivalents are not available. + For this to work properly RSA_public_decrypt() and RSA_private_encrypt() + should *not* be used: RSA_sign() and RSA_verify() must be used instead. + This necessitated the support of an extra signature type NID_md5_sha1 + for SSL signatures and modifications to the SSL library to use it instead + of calling RSA_public_decrypt() and RSA_private_encrypt(). + [Steve Henson] + + *) Add new -verify -CAfile and -CApath options to the crl program, these + will lookup a CRL issuers certificate and verify the signature in a + similar way to the verify program. Tidy up the crl program so it + no longer accesses structures directly. Make the ASN1 CRL parsing a bit + less strict. It will now permit CRL extensions even if it is not + a V2 CRL: this will allow it to tolerate some broken CRLs. + [Steve Henson] + + *) Initialize all non-automatic variables each time one of the openssl + sub-programs is started (this is necessary as they may be started + multiple times from the "OpenSSL>" prompt). + [Lennart Bang, Bodo Moeller] + + *) Preliminary compilation option RSA_NULL which disables RSA crypto without + removing all other RSA functionality (this is what NO_RSA does). This + is so (for example) those in the US can disable those operations covered + by the RSA patent while allowing storage and parsing of RSA keys and RSA + key generation. + [Steve Henson] + + *) Non-copying interface to BIO pairs. + (still largely untested) + [Bodo Moeller] + + *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive + ASCII string. This was handled independently in various places before. + [Steve Henson] + + *) New functions UTF8_getc() and UTF8_putc() that parse and generate + UTF8 strings a character at a time. + [Steve Henson] + + *) Use client_version from client hello to select the protocol + (s23_srvr.c) and for RSA client key exchange verification + (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications. + [Bodo Moeller] + + *) Add various utility functions to handle SPKACs, these were previously + handled by poking round in the structure internals. Added new function + NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to + print, verify and generate SPKACs. Based on an original idea from + Massimiliano Pala but extensively modified. + [Steve Henson] + + *) RIPEMD160 is operational on all platforms and is back in 'make test'. + [Andy Polyakov] + + *) Allow the config file extension section to be overwritten on the + command line. Based on an original idea from Massimiliano Pala + . The new option is called -extensions + and can be applied to ca, req and x509. Also -reqexts to override + the request extensions in req and -crlexts to override the crl extensions + in ca. + [Steve Henson] + + *) Add new feature to the SPKAC handling in ca. Now you can include + the same field multiple times by preceding it by "XXXX." for example: + 1.OU="Unit name 1" + 2.OU="Unit name 2" + this is the same syntax as used in the req config file. + [Steve Henson] + + *) Allow certificate extensions to be added to certificate requests. These + are specified in a 'req_extensions' option of the req section of the + config file. They can be printed out with the -text option to req but + are otherwise ignored at present. + [Steve Henson] + + *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first + data read consists of only the final block it would not decrypted because + EVP_CipherUpdate() would correctly report zero bytes had been decrypted. + A misplaced 'break' also meant the decrypted final block might not be + copied until the next read. + [Steve Henson] + + *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added + a few extra parameters to the DH structure: these will be useful if + for example we want the value of 'q' or implement X9.42 DH. + [Steve Henson] + + *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and + provides hooks that allow the default DSA functions or functions on a + "per key" basis to be replaced. This allows hardware acceleration and + hardware key storage to be handled without major modification to the + library. Also added low level modexp hooks and CRYPTO_EX structure and + associated functions. + [Steve Henson] + + *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO + as "read only": it can't be written to and the buffer it points to will + not be freed. Reading from a read only BIO is much more efficient than + a normal memory BIO. This was added because there are several times when + an area of memory needs to be read from a BIO. The previous method was + to create a memory BIO and write the data to it, this results in two + copies of the data and an O(n^2) reading algorithm. There is a new + function BIO_new_mem_buf() which creates a read only memory BIO from + an area of memory. Also modified the PKCS#7 routines to use read only + memory BIOs. + [Steve Henson] + + *) Bugfix: ssl23_get_client_hello did not work properly when called in + state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of + a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read, + but a retry condition occured while trying to read the rest. + [Bodo Moeller] + + *) The PKCS7_ENC_CONTENT_new() function was setting the content type as + NID_pkcs7_encrypted by default: this was wrong since this should almost + always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle + the encrypted data type: this is a more sensible place to put it and it + allows the PKCS#12 code to be tidied up that duplicated this + functionality. + [Steve Henson] + + *) Changed obj_dat.pl script so it takes its input and output files on + the command line. This should avoid shell escape redirection problems + under Win32. + [Steve Henson] + + *) Initial support for certificate extension requests, these are included + in things like Xenroll certificate requests. Included functions to allow + extensions to be obtained and added. + [Steve Henson] + + *) -crlf option to s_client and s_server for sending newlines as + CRLF (as required by many protocols). + [Bodo Moeller] + + Changes between 0.9.3a and 0.9.4 [09 Aug 1999] + + *) Install libRSAglue.a when OpenSSL is built with RSAref. + [Ralf S. Engelschall] + + *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. + [Andrija Antonijevic ] + + *) Fix -startdate and -enddate (which was missing) arguments to 'ca' + program. + [Steve Henson] + + *) New function DSA_dup_DH, which duplicates DSA parameters/keys as + DH parameters/keys (q is lost during that conversion, but the resulting + DH parameters contain its length). + + For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is + much faster than DH_generate_parameters (which creates parameters + where p = 2*q + 1), and also the smaller q makes DH computations + much more efficient (160-bit exponentiation instead of 1024-bit + exponentiation); so this provides a convenient way to support DHE + ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of + utter importance to use + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + or + SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + when such DH parameters are used, because otherwise small subgroup + attacks may become possible! + [Bodo Moeller] + + *) Avoid memory leak in i2d_DHparams. + [Bodo Moeller] + + *) Allow the -k option to be used more than once in the enc program: + this allows the same encrypted message to be read by multiple recipients. + [Steve Henson] + + *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts + an ASN1_OBJECT to a text string. If the "no_name" parameter is set then + it will always use the numerical form of the OID, even if it has a short + or long name. + [Steve Henson] + + *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp + method only got called if p,q,dmp1,dmq1,iqmp components were present, + otherwise bn_mod_exp was called. In the case of hardware keys for example + no private key components need be present and it might store extra data + in the RSA structure, which cannot be accessed from bn_mod_exp. + By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for + private key operations. + [Steve Henson] + + *) Added support for SPARC Linux. + [Andy Polyakov] + + *) pem_password_cb function type incompatibly changed from + typedef int pem_password_cb(char *buf, int size, int rwflag); + to + ....(char *buf, int size, int rwflag, void *userdata); + so that applications can pass data to their callbacks: + The PEM[_ASN1]_{read,write}... functions and macros now take an + additional void * argument, which is just handed through whenever + the password callback is called. + [Damien Miller ; tiny changes by Bodo Moeller] + + New function SSL_CTX_set_default_passwd_cb_userdata. + + Compatibility note: As many C implementations push function arguments + onto the stack in reverse order, the new library version is likely to + interoperate with programs that have been compiled with the old + pem_password_cb definition (PEM_whatever takes some data that + happens to be on the stack as its last argument, and the callback + just ignores this garbage); but there is no guarantee whatsoever that + this will work. + + *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=... + (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused + problems not only on Windows, but also on some Unix platforms. + To avoid problematic command lines, these definitions are now in an + auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl + for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds). + [Bodo Moeller] + + *) MIPS III/IV assembler module is reimplemented. + [Andy Polyakov] + + *) More DES library cleanups: remove references to srand/rand and + delete an unused file. + [Ulf Möller] + + *) Add support for the the free Netwide assembler (NASM) under Win32, + since not many people have MASM (ml) and it can be hard to obtain. + This is currently experimental but it seems to work OK and pass all + the tests. Check out INSTALL.W32 for info. + [Steve Henson] + + *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections + without temporary keys kept an extra copy of the server key, + and connections with temporary keys did not free everything in case + of an error. + [Bodo Moeller] + + *) New function RSA_check_key and new openssl rsa option -check + for verifying the consistency of RSA keys. + [Ulf Moeller, Bodo Moeller] + + *) Various changes to make Win32 compile work: + 1. Casts to avoid "loss of data" warnings in p5_crpt2.c + 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned + comparison" warnings. + 3. Add sk__sort to DEF file generator and do make update. + [Steve Henson] + + *) Add a debugging option to PKCS#5 v2 key generation function: when + you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and + derived keys are printed to stderr. + [Steve Henson] + + *) Copy the flags in ASN1_STRING_dup(). + [Roman E. Pavlov ] + + *) The x509 application mishandled signing requests containing DSA + keys when the signing key was also DSA and the parameters didn't match. + + It was supposed to omit the parameters when they matched the signing key: + the verifying software was then supposed to automatically use the CA's + parameters if they were absent from the end user certificate. + + Omitting parameters is no longer recommended. The test was also + the wrong way round! This was probably due to unusual behaviour in + EVP_cmp_parameters() which returns 1 if the parameters match. + This meant that parameters were omitted when they *didn't* match and + the certificate was useless. Certificates signed with 'ca' didn't have + this bug. + [Steve Henson, reported by Doug Erickson ] + + *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems. + The interface is as follows: + Applications can use + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(), + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop(); + "off" is now the default. + The library internally uses + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(), + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on() + to disable memory-checking temporarily. + + Some inconsistent states that previously were possible (and were + even the default) are now avoided. + + -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time + with each memory chunk allocated; this is occasionally more helpful + than just having a counter. + + -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID. + + -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future + extensions. + [Bodo Moeller] + + *) Introduce "mode" for SSL structures (with defaults in SSL_CTX), + which largely parallels "options", but is for changing API behaviour, + whereas "options" are about protocol behaviour. + Initial "mode" flags are: + + SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when + a single record has been written. + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write + retries use the same buffer location. + (But all of the contents must be + copied!) + [Bodo Moeller] + + *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options + worked. + + *) Fix problems with no-hmac etc. + [Ulf Möller, pointed out by Brian Wellington ] + + *) New functions RSA_get_default_method(), RSA_set_method() and + RSA_get_method(). These allows replacement of RSA_METHODs without having + to mess around with the internals of an RSA structure. + [Steve Henson] + + *) Fix memory leaks in DSA_do_sign and DSA_is_prime. + Also really enable memory leak checks in openssl.c and in some + test programs. + [Chad C. Mulligan, Bodo Moeller] + + *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess + up the length of negative integers. This has now been simplified to just + store the length when it is first determined and use it later, rather + than trying to keep track of where data is copied and updating it to + point to the end. + [Steve Henson, reported by Brien Wheeler + ] + + *) Add a new function PKCS7_signatureVerify. This allows the verification + of a PKCS#7 signature but with the signing certificate passed to the + function itself. This contrasts with PKCS7_dataVerify which assumes the + certificate is present in the PKCS#7 structure. This isn't always the + case: certificates can be omitted from a PKCS#7 structure and be + distributed by "out of band" means (such as a certificate database). + [Steve Henson] + + *) Complete the PEM_* macros with DECLARE_PEM versions to replace the + function prototypes in pem.h, also change util/mkdef.pl to add the + necessary function names. + [Steve Henson] + + *) mk1mf.pl (used by Windows builds) did not properly read the + options set by Configure in the top level Makefile, and Configure + was not even able to write more than one option correctly. + Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended. + [Bodo Moeller] + + *) New functions CONF_load_bio() and CONF_load_fp() to allow a config + file to be loaded from a BIO or FILE pointer. The BIO version will + for example allow memory BIOs to contain config info. + [Steve Henson] + + *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS. + Whoever hopes to achieve shared-library compatibility across versions + must use this, not the compile-time macro. + (Exercise 0.9.4: Which is the minimum library version required by + such programs?) + Note: All this applies only to multi-threaded programs, others don't + need locks. + [Bodo Moeller] + + *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests + through a BIO pair triggered the default case, i.e. + SSLerr(...,SSL_R_UNKNOWN_STATE). + [Bodo Moeller] + + *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications + can use the SSL library even if none of the specific BIOs is + appropriate. + [Bodo Moeller] + + *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value + for the encoded length. + [Jeon KyoungHo ] + + *) Add initial documentation of the X509V3 functions. + [Steve Henson] + + *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and + PEM_write_bio_PKCS8PrivateKey() that are equivalent to + PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more + secure PKCS#8 private key format with a high iteration count. + [Steve Henson] + + *) Fix determination of Perl interpreter: A perl or perl5 + _directory_ in $PATH was also accepted as the interpreter. + [Ralf S. Engelschall] + + *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking + wrong with it but it was very old and did things like calling + PEM_ASN1_read() directly and used MD5 for the hash not to mention some + unusual formatting. + [Steve Henson] + + *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed + to use the new extension code. + [Steve Henson] + + *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c + with macros. This should make it easier to change their form, add extra + arguments etc. Fix a few PEM prototypes which didn't have cipher as a + constant. + [Steve Henson] + + *) Add to configuration table a new entry that can specify an alternative + name for unistd.h (for pre-POSIX systems); we need this for NeXTstep, + according to Mark Crispin . + [Bodo Moeller] + +#if 0 + *) DES CBC did not update the IV. Weird. + [Ben Laurie] +#else + des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does. + Changing the behaviour of the former might break existing programs -- + where IV updating is needed, des_ncbc_encrypt can be used. +#endif + + *) When bntest is run from "make test" it drives bc to check its + calculations, as well as internally checking them. If an internal check + fails, it needs to cause bc to give a non-zero result or make test carries + on without noticing the failure. Fixed. + [Ben Laurie] + + *) DES library cleanups. + [Ulf Möller] + + *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be + used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit + ciphers. NOTE: although the key derivation function has been verified + against some published test vectors it has not been extensively tested + yet. Added a -v2 "cipher" option to pkcs8 application to allow the use + of v2.0. + [Steve Henson] + + *) Instead of "mkdir -p", which is not fully portable, use new + Perl script "util/mkdir-p.pl". + [Bodo Moeller] + + *) Rewrite the way password based encryption (PBE) is handled. It used to + assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter + structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms + but doesn't apply to PKCS#5 v2.0 where it can be something else. Now + the 'parameter' field of the AlgorithmIdentifier is passed to the + underlying key generation function so it must do its own ASN1 parsing. + This has also changed the EVP_PBE_CipherInit() function which now has a + 'parameter' argument instead of literal salt and iteration count values + and the function EVP_PBE_ALGOR_CipherInit() has been deleted. + [Steve Henson] + + *) Support for PKCS#5 v1.5 compatible password based encryption algorithms + and PKCS#8 functionality. New 'pkcs8' application linked to openssl. + Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE + KEY" because this clashed with PKCS#8 unencrypted string. Since this + value was just used as a "magic string" and not used directly its + value doesn't matter. + [Steve Henson] + + *) Introduce some semblance of const correctness to BN. Shame C doesn't + support mutable. + [Ben Laurie] + + *) "linux-sparc64" configuration (ultrapenguin). + [Ray Miller ] + "linux-sparc" configuration. + [Christian Forster ] + + *) config now generates no-xxx options for missing ciphers. + [Ulf Möller] + + *) Support the EBCDIC character set (work in progress). + File ebcdic.c not yet included because it has a different license. + [Martin Kraemer ] + + *) Support BS2000/OSD-POSIX. + [Martin Kraemer ] + + *) Make callbacks for key generation use void * instead of char *. + [Ben Laurie] + + *) Make S/MIME samples compile (not yet tested). + [Ben Laurie] + + *) Additional typesafe stacks. + [Ben Laurie] + + *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x). + [Bodo Moeller] + + + Changes between 0.9.3 and 0.9.3a [29 May 1999] + + *) New configuration variant "sco5-gcc". + + *) Updated some demos. + [Sean O Riordain, Wade Scholine] + + *) Add missing BIO_free at exit of pkcs12 application. + [Wu Zhigang] + + *) Fix memory leak in conf.c. + [Steve Henson] + + *) Updates for Win32 to assembler version of MD5. + [Steve Henson] + + *) Set #! path to perl in apps/der_chop to where we found it + instead of using a fixed path. + [Bodo Moeller] + + *) SHA library changes for irix64-mips4-cc. + [Andy Polyakov] + + *) Improvements for VMS support. + [Richard Levitte] + + + Changes between 0.9.2b and 0.9.3 [24 May 1999] + + *) Bignum library bug fix. IRIX 6 passes "make test" now! + This also avoids the problems with SC4.2 and unpatched SC5. + [Andy Polyakov ] + + *) New functions sk_num, sk_value and sk_set to replace the previous macros. + These are required because of the typesafe stack would otherwise break + existing code. If old code used a structure member which used to be STACK + and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with + sk_num or sk_value it would produce an error because the num, data members + are not present in STACK_OF. Now it just produces a warning. sk_set + replaces the old method of assigning a value to sk_value + (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code + that does this will no longer work (and should use sk_set instead) but + this could be regarded as a "questionable" behaviour anyway. + [Steve Henson] + + *) Fix most of the other PKCS#7 bugs. The "experimental" code can now + correctly handle encrypted S/MIME data. + [Steve Henson] + + *) Change type of various DES function arguments from des_cblock + (which means, in function argument declarations, pointer to char) + to des_cblock * (meaning pointer to array with 8 char elements), + which allows the compiler to do more typechecking; it was like + that back in SSLeay, but with lots of ugly casts. + + Introduce new type const_des_cblock. + [Bodo Moeller] + + *) Reorganise the PKCS#7 library and get rid of some of the more obvious + problems: find RecipientInfo structure that matches recipient certificate + and initialise the ASN1 structures properly based on passed cipher. + [Steve Henson] + + *) Belatedly make the BN tests actually check the results. + [Ben Laurie] + + *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion + to and from BNs: it was completely broken. New compilation option + NEG_PUBKEY_BUG to allow for some broken certificates that encode public + key elements as negative integers. + [Steve Henson] + + *) Reorganize and speed up MD5. + [Andy Polyakov ] + + *) VMS support. + [Richard Levitte ] + + *) New option -out to asn1parse to allow the parsed structure to be + output to a file. This is most useful when combined with the -strparse + option to examine the output of things like OCTET STRINGS. + [Steve Henson] + + *) Make SSL library a little more fool-proof by not requiring any longer + that SSL_set_{accept,connect}_state be called before + SSL_{accept,connect} may be used (SSL_set_..._state is omitted + in many applications because usually everything *appeared* to work as + intended anyway -- now it really works as intended). + [Bodo Moeller] + + *) Move openssl.cnf out of lib/. + [Ulf Möller] + + *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall + -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes + -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ + [Ralf S. Engelschall] + + *) Various fixes to the EVP and PKCS#7 code. It may now be able to + handle PKCS#7 enveloped data properly. + [Sebastian Akerman , modified by Steve] + + *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of + copying pointers. The cert_st handling is changed by this in + various ways (and thus what used to be known as ctx->default_cert + is now called ctx->cert, since we don't resort to s->ctx->[default_]cert + any longer when s->cert does not give us what we need). + ssl_cert_instantiate becomes obsolete by this change. + As soon as we've got the new code right (possibly it already is?), + we have solved a couple of bugs of the earlier code where s->cert + was used as if it could not have been shared with other SSL structures. + + Note that using the SSL API in certain dirty ways now will result + in different behaviour than observed with earlier library versions: + Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx) + does not influence s as it used to. + + In order to clean up things more thoroughly, inside SSL_SESSION + we don't use CERT any longer, but a new structure SESS_CERT + that holds per-session data (if available); currently, this is + the peer's certificate chain and, for clients, the server's certificate + and temporary key. CERT holds only those values that can have + meaningful defaults in an SSL_CTX. + [Bodo Moeller] + + *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure + from the internal representation. Various PKCS#7 fixes: remove some + evil casts and set the enc_dig_alg field properly based on the signing + key type. + [Steve Henson] + + *) Allow PKCS#12 password to be set from the command line or the + environment. Let 'ca' get its config file name from the environment + variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req' + and 'x509'). + [Steve Henson] + + *) Allow certificate policies extension to use an IA5STRING for the + organization field. This is contrary to the PKIX definition but + VeriSign uses it and IE5 only recognises this form. Document 'x509' + extension option. + [Steve Henson] + + *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic, + without disallowing inline assembler and the like for non-pedantic builds. + [Ben Laurie] + + *) Support Borland C++ builder. + [Janez Jere , modified by Ulf Möller] + + *) Support Mingw32. + [Ulf Möller] + + *) SHA-1 cleanups and performance enhancements. + [Andy Polyakov ] + + *) Sparc v8plus assembler for the bignum library. + [Andy Polyakov ] + + *) Accept any -xxx and +xxx compiler options in Configure. + [Ulf Möller] + + *) Update HPUX configuration. + [Anonymous] + + *) Add missing sk__unshift() function to safestack.h + [Ralf S. Engelschall] + + *) New function SSL_CTX_use_certificate_chain_file that sets the + "extra_cert"s in addition to the certificate. (This makes sense + only for "PEM" format files, as chains as a whole are not + DER-encoded.) + [Bodo Moeller] + + *) Support verify_depth from the SSL API. + x509_vfy.c had what can be considered an off-by-one-error: + Its depth (which was not part of the external interface) + was actually counting the number of certificates in a chain; + now it really counts the depth. + [Bodo Moeller] + + *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used + instead of X509err, which often resulted in confusing error + messages since the error codes are not globally unique + (e.g. an alleged error in ssl3_accept when a certificate + didn't match the private key). + + *) New function SSL_CTX_set_session_id_context that allows to set a default + value (so that you don't need SSL_set_session_id_context for each + connection using the SSL_CTX). + [Bodo Moeller] + + *) OAEP decoding bug fix. + [Ulf Möller] + + *) Support INSTALL_PREFIX for package builders, as proposed by + David Harris. + [Bodo Moeller] + + *) New Configure options "threads" and "no-threads". For systems + where the proper compiler options are known (currently Solaris + and Linux), "threads" is the default. + [Bodo Moeller] + + *) New script util/mklink.pl as a faster substitute for util/mklink.sh. + [Bodo Moeller] + + *) Install various scripts to $(OPENSSLDIR)/misc, not to + $(INSTALLTOP)/bin -- they shouldn't clutter directories + such as /usr/local/bin. + [Bodo Moeller] + + *) "make linux-shared" to build shared libraries. + [Niels Poppe ] + + *) New Configure option no- (rsa, idea, rc5, ...). + [Ulf Möller] + + *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for + extension adding in x509 utility. + [Steve Henson] + + *) Remove NOPROTO sections and error code comments. + [Ulf Möller] + + *) Partial rewrite of the DEF file generator to now parse the ANSI + prototypes. + [Steve Henson] + + *) New Configure options --prefix=DIR and --openssldir=DIR. + [Ulf Möller] + + *) Complete rewrite of the error code script(s). It is all now handled + by one script at the top level which handles error code gathering, + header rewriting and C source file generation. It should be much better + than the old method: it now uses a modified version of Ulf's parser to + read the ANSI prototypes in all header files (thus the old K&R definitions + aren't needed for error creation any more) and do a better job of + translating function codes into names. The old 'ASN1 error code imbedded + in a comment' is no longer necessary and it doesn't use .err files which + have now been deleted. Also the error code call doesn't have to appear all + on one line (which resulted in some large lines...). + [Steve Henson] + + *) Change #include filenames from to . + [Bodo Moeller] + + *) Change behaviour of ssl2_read when facing length-0 packets: Don't return + 0 (which usually indicates a closed connection), but continue reading. + [Bodo Moeller] + + *) Fix some race conditions. + [Bodo Moeller] + + *) Add support for CRL distribution points extension. Add Certificate + Policies and CRL distribution points documentation. + [Steve Henson] + + *) Move the autogenerated header file parts to crypto/opensslconf.h. + [Ulf Möller] + + *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of + 8 of keying material. Merlin has also confirmed interop with this fix + between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0. + [Merlin Hughes ] + + *) Fix lots of warnings. + [Richard Levitte ] + + *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if + the directory spec didn't end with a LIST_SEPARATOR_CHAR. + [Richard Levitte ] + + *) Fix problems with sizeof(long) == 8. + [Andy Polyakov ] + + *) Change functions to ANSI C. + [Ulf Möller] + + *) Fix typos in error codes. + [Martin Kraemer , Ulf Möller] + + *) Remove defunct assembler files from Configure. + [Ulf Möller] + + *) SPARC v8 assembler BIGNUM implementation. + [Andy Polyakov ] + + *) Support for Certificate Policies extension: both print and set. + Various additions to support the r2i method this uses. + [Steve Henson] + + *) A lot of constification, and fix a bug in X509_NAME_oneline() that could + return a const string when you are expecting an allocated buffer. + [Ben Laurie] + + *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE + types DirectoryString and DisplayText. + [Steve Henson] + + *) Add code to allow r2i extensions to access the configuration database, + add an LHASH database driver and add several ctx helper functions. + [Steve Henson] + + *) Fix an evil bug in bn_expand2() which caused various BN functions to + fail when they extended the size of a BIGNUM. + [Steve Henson] + + *) Various utility functions to handle SXNet extension. Modify mkdef.pl to + support typesafe stack. + [Steve Henson] + + *) Fix typo in SSL_[gs]et_options(). + [Nils Frostberg ] + + *) Delete various functions and files that belonged to the (now obsolete) + old X509V3 handling code. + [Steve Henson] + + *) New Configure option "rsaref". + [Ulf Möller] + + *) Don't auto-generate pem.h. + [Bodo Moeller] + + *) Introduce type-safe ASN.1 SETs. + [Ben Laurie] + + *) Convert various additional casted stacks to type-safe STACK_OF() variants. + [Ben Laurie, Ralf S. Engelschall, Steve Henson] + + *) Introduce type-safe STACKs. This will almost certainly break lots of code + that links with OpenSSL (well at least cause lots of warnings), but fear + not: the conversion is trivial, and it eliminates loads of evil casts. A + few STACKed things have been converted already. Feel free to convert more. + In the fullness of time, I'll do away with the STACK type altogether. + [Ben Laurie] + + *) Add `openssl ca -revoke ' facility which revokes a certificate + specified in by updating the entry in the index.txt file. + This way one no longer has to edit the index.txt file manually for + revoking a certificate. The -revoke option does the gory details now. + [Massimiliano Pala , Ralf S. Engelschall] + + *) Fix `openssl crl -noout -text' combination where `-noout' killed the + `-text' option at all and this way the `-noout -text' combination was + inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'. + [Ralf S. Engelschall] + + *) Make sure a corresponding plain text error message exists for the + X509_V_ERR_CERT_REVOKED/23 error number which can occur when a + verify callback function determined that a certificate was revoked. + [Ralf S. Engelschall] + + *) Bugfix: In test/testenc, don't test "openssl " for + ciphers that were excluded, e.g. by -DNO_IDEA. Also, test + all available cipers including rc5, which was forgotten until now. + In order to let the testing shell script know which algorithms + are available, a new (up to now undocumented) command + "openssl list-cipher-commands" is used. + [Bodo Moeller] + + *) Bugfix: s_client occasionally would sleep in select() when + it should have checked SSL_pending() first. + [Bodo Moeller] + + *) New functions DSA_do_sign and DSA_do_verify to provide access to + the raw DSA values prior to ASN.1 encoding. + [Ulf Möller] + + *) Tweaks to Configure + [Niels Poppe ] + + *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support, + yet... + [Steve Henson] + + *) New variables $(RANLIB) and $(PERL) in the Makefiles. + [Ulf Möller] + + *) New config option to avoid instructions that are illegal on the 80386. + The default code is faster, but requires at least a 486. + [Ulf Möller] + + *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and + SSL2_SERVER_VERSION (not used at all) macros, which are now the + same as SSL2_VERSION anyway. + [Bodo Moeller] + + *) New "-showcerts" option for s_client. + [Bodo Moeller] + + *) Still more PKCS#12 integration. Add pkcs12 application to openssl + application. Various cleanups and fixes. + [Steve Henson] + + *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and + modify error routines to work internally. Add error codes and PBE init + to library startup routines. + [Steve Henson] + + *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and + packing functions to asn1 and evp. Changed function names and error + codes along the way. + [Steve Henson] + + *) PKCS12 integration: and so it begins... First of several patches to + slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12 + objects to objects.h + [Steve Henson] + + *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1 + and display support for Thawte strong extranet extension. + [Steve Henson] + + *) Add LinuxPPC support. + [Jeff Dubrule ] + + *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to + bn_div_words in alpha.s. + [Hannes Reinecke and Ben Laurie] + + *) Make sure the RSA OAEP test is skipped under -DRSAref because + OAEP isn't supported when OpenSSL is built with RSAref. + [Ulf Moeller ] + + *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h + so they no longer are missing under -DNOPROTO. + [Soren S. Jorvang ] + + + Changes between 0.9.1c and 0.9.2b [22 Mar 1999] + + *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still + doesn't work when the session is reused. Coming soon! + [Ben Laurie] + + *) Fix a security hole, that allows sessions to be reused in the wrong + context thus bypassing client cert protection! All software that uses + client certs and session caches in multiple contexts NEEDS PATCHING to + allow session reuse! A fuller solution is in the works. + [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)] + + *) Some more source tree cleanups (removed obsolete files + crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed + permission on "config" script to be executable) and a fix for the INSTALL + document. + [Ulf Moeller ] + + *) Remove some legacy and erroneous uses of malloc, free instead of + Malloc, Free. + [Lennart Bang , with minor changes by Steve] + + *) Make rsa_oaep_test return non-zero on error. + [Ulf Moeller ] + + *) Add support for native Solaris shared libraries. Configure + solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice + if someone would make that last step automatic. + [Matthias Loepfe ] + + *) ctx_size was not built with the right compiler during "make links". Fixed. + [Ben Laurie] + + *) Change the meaning of 'ALL' in the cipher list. It now means "everything + except NULL ciphers". This means the default cipher list will no longer + enable NULL ciphers. They need to be specifically enabled e.g. with + the string "DEFAULT:eNULL". + [Steve Henson] + + *) Fix to RSA private encryption routines: if p < q then it would + occasionally produce an invalid result. This will only happen with + externally generated keys because OpenSSL (and SSLeay) ensure p > q. + [Steve Henson] + + *) Be less restrictive and allow also `perl util/perlpath.pl + /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', + because this way one can also use an interpreter named `perl5' (which is + usually the name of Perl 5.xxx on platforms where an Perl 4.x is still + installed as `perl'). + [Matthias Loepfe ] + + *) Let util/clean-depend.pl work also with older Perl 5.00x versions. + [Matthias Loepfe ] + + *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add + advapi32.lib to Win32 build and change the pem test comparision + to fc.exe (thanks to Ulrich Kroener for the + suggestion). Fix misplaced ASNI prototypes and declarations in evp.h + and crypto/des/ede_cbcm_enc.c. + [Steve Henson] + + *) DES quad checksum was broken on big-endian architectures. Fixed. + [Ben Laurie] + + *) Comment out two functions in bio.h that aren't implemented. Fix up the + Win32 test batch file so it (might) work again. The Win32 test batch file + is horrible: I feel ill.... + [Steve Henson] + + *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected + in e_os.h. Audit of header files to check ANSI and non ANSI + sections: 10 functions were absent from non ANSI section and not exported + from Windows DLLs. Fixed up libeay.num for new functions. + [Steve Henson] + + *) Make `openssl version' output lines consistent. + [Ralf S. Engelschall] + + *) Fix Win32 symbol export lists for BIO functions: Added + BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data + to ms/libeay{16,32}.def. + [Ralf S. Engelschall] + + *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled + fine under Unix and passes some trivial tests I've now added. But the + whole stuff is horribly incomplete, so a README.1ST with a disclaimer was + added to make sure no one expects that this stuff really works in the + OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources + up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and + openssl_bio.xs. + [Ralf S. Engelschall] + + *) Fix the generation of two part addresses in perl. + [Kenji Miyake , integrated by Ben Laurie] + + *) Add config entry for Linux on MIPS. + [John Tobey ] + + *) Make links whenever Configure is run, unless we are on Windoze. + [Ben Laurie] + + *) Permit extensions to be added to CRLs using crl_section in openssl.cnf. + Currently only issuerAltName and AuthorityKeyIdentifier make any sense + in CRLs. + [Steve Henson] + + *) Add a useful kludge to allow package maintainers to specify compiler and + other platforms details on the command line without having to patch the + Configure script everytime: One now can use ``perl Configure + :
'', i.e. platform ids are allowed to have details appended + to them (seperated by colons). This is treated as there would be a static + pre-configured entry in Configure's %table under key with value +
and ``perl Configure '' is called. So, when you want to + perform a quick test-compile under FreeBSD 3.1 with pgcc and without + assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' + now, which overrides the FreeBSD-elf entry on-the-fly. + [Ralf S. Engelschall] + + *) Disable new TLS1 ciphersuites by default: they aren't official yet. + [Ben Laurie] + + *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified + on the `perl Configure ...' command line. This way one can compile + OpenSSL libraries with Position Independent Code (PIC) which is needed + for linking it into DSOs. + [Ralf S. Engelschall] + + *) Remarkably, export ciphers were totally broken and no-one had noticed! + Fixed. + [Ben Laurie] + + *) Cleaned up the LICENSE document: The official contact for any license + questions now is the OpenSSL core team under openssl-core@openssl.org. + And add a paragraph about the dual-license situation to make sure people + recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply + to the OpenSSL toolkit. + [Ralf S. Engelschall] + + *) General source tree makefile cleanups: Made `making xxx in yyy...' + display consistent in the source tree and replaced `/bin/rm' by `rm'. + Additonally cleaned up the `make links' target: Remove unnecessary + semicolons, subsequent redundant removes, inline point.sh into mklink.sh + to speed processing and no longer clutter the display with confusing + stuff. Instead only the actually done links are displayed. + [Ralf S. Engelschall] + + *) Permit null encryption ciphersuites, used for authentication only. It used + to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this. + It is now necessary to set SSL_FORBID_ENULL to prevent the use of null + encryption. + [Ben Laurie] + + *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder + signed attributes when verifying signatures (this would break them), + the detached data encoding was wrong and public keys obtained using + X509_get_pubkey() weren't freed. + [Steve Henson] + + *) Add text documentation for the BUFFER functions. Also added a work around + to a Win95 console bug. This was triggered by the password read stuff: the + last character typed gets carried over to the next fread(). If you were + generating a new cert request using 'req' for example then the last + character of the passphrase would be CR which would then enter the first + field as blank. + [Steve Henson] + + *) Added the new `Includes OpenSSL Cryptography Software' button as + doc/openssl_button.{gif,html} which is similar in style to the old SSLeay + button and can be used by applications based on OpenSSL to show the + relationship to the OpenSSL project. + [Ralf S. Engelschall] + + *) Remove confusing variables in function signatures in files + ssl/ssl_lib.c and ssl/ssl.h. + [Lennart Bong ] + + *) Don't install bss_file.c under PREFIX/include/ + [Lennart Bong ] + + *) Get the Win32 compile working again. Modify mkdef.pl so it can handle + functions that return function pointers and has support for NT specific + stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various + #ifdef WIN32 and WINNTs sprinkled about the place and some changes from + unsigned to signed types: this was killing the Win32 compile. + [Steve Henson] + + *) Add new certificate file to stack functions, + SSL_add_dir_cert_subjects_to_stack() and + SSL_add_file_cert_subjects_to_stack(). These largely supplant + SSL_load_client_CA_file(), and can be used to add multiple certs easily + to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()). + This means that Apache-SSL and similar packages don't have to mess around + to add as many CAs as they want to the preferred list. + [Ben Laurie] + + *) Experiment with doxygen documentation. Currently only partially applied to + ssl/ssl_lib.c. + See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with + openssl.doxy as the configuration file. + [Ben Laurie] + + *) Get rid of remaining C++-style comments which strict C compilers hate. + [Ralf S. Engelschall, pointed out by Carlos Amengual] + + *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not + compiled in by default: it has problems with large keys. + [Steve Henson] + + *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and + DH private keys and/or callback functions which directly correspond to + their SSL_CTX_xxx() counterparts but work on a per-connection basis. This + is needed for applications which have to configure certificates on a + per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis + (e.g. s_server). + For the RSA certificate situation is makes no difference, but + for the DSA certificate situation this fixes the "no shared cipher" + problem where the OpenSSL cipher selection procedure failed because the + temporary keys were not overtaken from the context and the API provided + no way to reconfigure them. + The new functions now let applications reconfigure the stuff and they + are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, + SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new + non-public-API function ssl_cert_instantiate() is used as a helper + function and also to reduce code redundancy inside ssl_rsa.c. + [Ralf S. Engelschall] + + *) Move s_server -dcert and -dkey options out of the undocumented feature + area because they are useful for the DSA situation and should be + recognized by the users. + [Ralf S. Engelschall] + + *) Fix the cipher decision scheme for export ciphers: the export bits are + *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within + SSL_EXP_MASK. So, the original variable has to be used instead of the + already masked variable. + [Richard Levitte ] + + *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c + [Richard Levitte ] + + *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() + from `int' to `unsigned int' because it's a length and initialized by + EVP_DigestFinal() which expects an `unsigned int *'. + [Richard Levitte ] + + *) Don't hard-code path to Perl interpreter on shebang line of Configure + script. Instead use the usual Shell->Perl transition trick. + [Ralf S. Engelschall] + + *) Make `openssl x509 -noout -modulus' functional also for DSA certificates + (in addition to RSA certificates) to match the behaviour of `openssl dsa + -noout -modulus' as it's already the case for `openssl rsa -noout + -modulus'. For RSA the -modulus is the real "modulus" while for DSA + currently the public key is printed (a decision which was already done by + `openssl dsa -modulus' in the past) which serves a similar purpose. + Additionally the NO_RSA no longer completely removes the whole -modulus + option; it now only avoids using the RSA stuff. Same applies to NO_DSA + now, too. + [Ralf S. Engelschall] + + *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested + BIO. See the source (crypto/evp/bio_ok.c) for more info. + [Arne Ansper ] + + *) Dump the old yucky req code that tried (and failed) to allow raw OIDs + to be added. Now both 'req' and 'ca' can use new objects defined in the + config file. + [Steve Henson] + + *) Add cool BIO that does syslog (or event log on NT). + [Arne Ansper , integrated by Ben Laurie] + + *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5, + TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and + TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher + Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt. + [Ben Laurie] + + *) Add preliminary config info for new extension code. + [Steve Henson] + + *) Make RSA_NO_PADDING really use no padding. + [Ulf Moeller ] + + *) Generate errors when private/public key check is done. + [Ben Laurie] + + *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support + for some CRL extensions and new objects added. + [Steve Henson] + + *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private + key usage extension and fuller support for authority key id. + [Steve Henson] + + *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved + padding method for RSA, which is recommended for new applications in PKCS + #1 v2.0 (RFC 2437, October 1998). + OAEP (Optimal Asymmetric Encryption Padding) has better theoretical + foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure + against Bleichbacher's attack on RSA. + [Ulf Moeller , reformatted, corrected and integrated by + Ben Laurie] + + *) Updates to the new SSL compression code + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Fix so that the version number in the master secret, when passed + via RSA, checks that if TLS was proposed, but we roll back to SSLv3 + (because the server will not accept higher), that the version number + is 0x03,0x01, not 0x03,0x00 + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory + leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes + in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c + [Steve Henson] + + *) Support for RAW extensions where an arbitrary extension can be + created by including its DER encoding. See apps/openssl.cnf for + an example. + [Steve Henson] + + *) Make sure latest Perl versions don't interpret some generated C array + code as Perl array code in the crypto/err/err_genc.pl script. + [Lars Weber <3weber@informatik.uni-hamburg.de>] + + *) Modify ms/do_ms.bat to not generate assembly language makefiles since + not many people have the assembler. Various Win32 compilation fixes and + update to the INSTALL.W32 file with (hopefully) more accurate Win32 + build instructions. + [Steve Henson] + + *) Modify configure script 'Configure' to automatically create crypto/date.h + file under Win32 and also build pem.h from pem.org. New script + util/mkfiles.pl to create the MINFO file on environments that can't do a + 'make files': perl util/mkfiles.pl >MINFO should work. + [Steve Henson] + + *) Major rework of DES function declarations, in the pursuit of correctness + and purity. As a result, many evil casts evaporated, and some weirdness, + too. You may find this causes warnings in your code. Zapping your evil + casts will probably fix them. Mostly. + [Ben Laurie] + + *) Fix for a typo in asn1.h. Bug fix to object creation script + obj_dat.pl. It considered a zero in an object definition to mean + "end of object": none of the objects in objects.h have any zeros + so it wasn't spotted. + [Steve Henson, reported by Erwann ABALEA ] + + *) Add support for Triple DES Cipher Block Chaining with Output Feedback + Masking (CBCM). In the absence of test vectors, the best I have been able + to do is check that the decrypt undoes the encrypt, so far. Send me test + vectors if you have them. + [Ben Laurie] + + *) Correct calculation of key length for export ciphers (too much space was + allocated for null ciphers). This has not been tested! + [Ben Laurie] + + *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage + message is now correct (it understands "crypto" and "ssl" on its + command line). There is also now an "update" option. This will update + the util/ssleay.num and util/libeay.num files with any new functions. + If you do a: + perl util/mkdef.pl crypto ssl update + it will update them. + [Steve Henson] + + *) Overhauled the Perl interface (perl/*): + - ported BN stuff to OpenSSL's different BN library + - made the perl/ source tree CVS-aware + - renamed the package from SSLeay to OpenSSL (the files still contain + their history because I've copied them in the repository) + - removed obsolete files (the test scripts will be replaced + by better Test::Harness variants in the future) + [Ralf S. Engelschall] + + *) First cut for a very conservative source tree cleanup: + 1. merge various obsolete readme texts into doc/ssleay.txt + where we collect the old documents and readme texts. + 2. remove the first part of files where I'm already sure that we no + longer need them because of three reasons: either they are just temporary + files which were left by Eric or they are preserved original files where + I've verified that the diff is also available in the CVS via "cvs diff + -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for + the crypto/md/ stuff). + [Ralf S. Engelschall] + + *) More extension code. Incomplete support for subject and issuer alt + name, issuer and authority key id. Change the i2v function parameters + and add an extra 'crl' parameter in the X509V3_CTX structure: guess + what that's for :-) Fix to ASN1 macro which messed up + IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED. + [Steve Henson] + + *) Preliminary support for ENUMERATED type. This is largely copied from the + INTEGER code. + [Steve Henson] + + *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy. + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Make sure `make rehash' target really finds the `openssl' program. + [Ralf S. Engelschall, Matthias Loepfe ] + + *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd + like to hear about it if this slows down other processors. + [Ben Laurie] + + *) Add CygWin32 platform information to Configure script. + [Alan Batie ] + + *) Fixed ms/32all.bat script: `no_asm' -> `no-asm' + [Rainer W. Gerling ] + + *) New program nseq to manipulate netscape certificate sequences + [Steve Henson] + + *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a + few typos. + [Steve Henson] + + *) Fixes to BN code. Previously the default was to define BN_RECURSION + but the BN code had some problems that would cause failures when + doing certificate verification and some other functions. + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + + *) Add several PKIX and private extended key usage OIDs. + [Steve Henson] + + *) Modify the 'ca' program to handle the new extension code. Modify + openssl.cnf for new extension format, add comments. + [Steve Henson] + + *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req' + and add a sample to openssl.cnf so req -x509 now adds appropriate + CA extensions. + [Steve Henson] + + *) Continued X509 V3 changes. Add to other makefiles, integrate with the + error code, add initial support to X509_print() and x509 application. + [Steve Henson] + + *) Takes a deep breath and start addding X509 V3 extension support code. Add + files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this + stuff is currently isolated and isn't even compiled yet. + [Steve Henson] + + *) Continuing patches for GeneralizedTime. Fix up certificate and CRL + ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. + Removed the versions check from X509 routines when loading extensions: + this allows certain broken certificates that don't set the version + properly to be processed. + [Steve Henson] + + *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another + Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which + can still be regenerated with "make depend". + [Ben Laurie] + + *) Spelling mistake in C version of CAST-128. + [Ben Laurie, reported by Jeremy Hylton ] + + *) Changes to the error generation code. The perl script err-code.pl + now reads in the old error codes and retains the old numbers, only + adding new ones if necessary. It also only changes the .err files if new + codes are added. The makefiles have been modified to only insert errors + when needed (to avoid needlessly modifying header files). This is done + by only inserting errors if the .err file is newer than the auto generated + C file. To rebuild all the error codes from scratch (the old behaviour) + either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl + or delete all the .err files. + [Steve Henson] + + *) CAST-128 was incorrectly implemented for short keys. The C version has + been fixed, but is untested. The assembler versions are also fixed, but + new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing + to regenerate it if needed. + [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun + Hagino ] + + *) File was opened incorrectly in randfile.c. + [Ulf Möller ] + + *) Beginning of support for GeneralizedTime. d2i, i2d, check and print + functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or + GeneralizedTime. ASN1_TIME is the proper type used in certificates et + al: it's just almost always a UTCTime. Note this patch adds new error + codes so do a "make errors" if there are problems. + [Steve Henson] + + *) Correct Linux 1 recognition in config. + [Ulf Möller ] + + *) Remove pointless MD5 hash when using DSA keys in ca. + [Anonymous ] + + *) Generate an error if given an empty string as a cert directory. Also + generate an error if handed NULL (previously returned 0 to indicate an + error, but didn't set one). + [Ben Laurie, reported by Anonymous ] + + *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last. + [Ben Laurie] + + *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct + parameters. This was causing a warning which killed off the Win32 compile. + [Steve Henson] + + *) Remove C++ style comments from crypto/bn/bn_local.h. + [Neil Costigan ] + + *) The function OBJ_txt2nid was broken. It was supposed to return a nid + based on a text string, looking up short and long names and finally + "dot" format. The "dot" format stuff didn't work. Added new function + OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote + OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the + OID is not part of the table. + [Steve Henson] + + *) Add prototypes to X509 lookup/verify methods, fixing a bug in + X509_LOOKUP_by_alias(). + [Ben Laurie] + + *) Sort openssl functions by name. + [Ben Laurie] + + *) Get the gendsa program working (hopefully) and add it to app list. Remove + encryption from sample DSA keys (in case anyone is interested the password + was "1234"). + [Steve Henson] + + *) Make _all_ *_free functions accept a NULL pointer. + [Frans Heymans ] + + *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use + NULL pointers. + [Anonymous ] + + *) s_server should send the CAfile as acceptable CAs, not its own cert. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Don't blow it for numeric -newkey arguments to apps/req. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Temp key "for export" tests were wrong in s3_srvr.c. + [Anonymous ] + + *) Add prototype for temp key callback functions + SSL_CTX_set_tmp_{rsa,dh}_callback(). + [Ben Laurie] + + *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and + DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey(). + [Steve Henson] + + *) X509_name_add_entry() freed the wrong thing after an error. + [Arne Ansper ] + + *) rsa_eay.c would attempt to free a NULL context. + [Arne Ansper ] + + *) BIO_s_socket() had a broken should_retry() on Windoze. + [Arne Ansper ] + + *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH. + [Arne Ansper ] + + *) Make sure the already existing X509_STORE->depth variable is initialized + in X509_STORE_new(), but document the fact that this variable is still + unused in the certificate verification process. + [Ralf S. Engelschall] + + *) Fix the various library and apps files to free up pkeys obtained from + X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions. + [Steve Henson] + + *) Fix reference counting in X509_PUBKEY_get(). This makes + demos/maurice/example2.c work, amongst others, probably. + [Steve Henson and Ben Laurie] + + *) First cut of a cleanup for apps/. First the `ssleay' program is now named + `openssl' and second, the shortcut symlinks for the `openssl ' + are no longer created. This way we have a single and consistent command + line interface `openssl ', similar to `cvs '. + [Ralf S. Engelschall, Paul Sutton and Ben Laurie] + + *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey + BIT STRING wrapper always have zero unused bits. + [Steve Henson] + + *) Add CA.pl, perl version of CA.sh, add extended key usage OID. + [Steve Henson] + + *) Make the top-level INSTALL documentation easier to understand. + [Paul Sutton] + + *) Makefiles updated to exit if an error occurs in a sub-directory + make (including if user presses ^C) [Paul Sutton] + + *) Make Montgomery context stuff explicit in RSA data structure. + [Ben Laurie] + + *) Fix build order of pem and err to allow for generated pem.h. + [Ben Laurie] + + *) Fix renumbering bug in X509_NAME_delete_entry(). + [Ben Laurie] + + *) Enhanced the err-ins.pl script so it makes the error library number + global and can add a library name. This is needed for external ASN1 and + other error libraries. + [Steve Henson] + + *) Fixed sk_insert which never worked properly. + [Steve Henson] + + *) Fix ASN1 macros so they can handle indefinite length construted + EXPLICIT tags. Some non standard certificates use these: they can now + be read in. + [Steve Henson] + + *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc) + into a single doc/ssleay.txt bundle. This way the information is still + preserved but no longer messes up this directory. Now it's new room for + the new set of documenation files. + [Ralf S. Engelschall] + + *) SETs were incorrectly DER encoded. This was a major pain, because they + shared code with SEQUENCEs, which aren't coded the same. This means that + almost everything to do with SETs or SEQUENCEs has either changed name or + number of arguments. + [Ben Laurie, based on a partial fix by GP Jayan ] + + *) Fix test data to work with the above. + [Ben Laurie] + + *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but + was already fixed by Eric for 0.9.1 it seems. + [Ben Laurie - pointed out by Ulf Möller ] + + *) Autodetect FreeBSD3. + [Ben Laurie] + + *) Fix various bugs in Configure. This affects the following platforms: + nextstep + ncr-scde + unixware-2.0 + unixware-2.0-pentium + sco5-cc. + [Ben Laurie] + + *) Eliminate generated files from CVS. Reorder tests to regenerate files + before they are needed. + [Ben Laurie] + + *) Generate Makefile.ssl from Makefile.org (to keep CVS happy). + [Ben Laurie] + + + Changes between 0.9.1b and 0.9.1c [23-Dec-1998] + + *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and + changed SSLeay to OpenSSL in version strings. + [Ralf S. Engelschall] + + *) Some fixups to the top-level documents. + [Paul Sutton] + + *) Fixed the nasty bug where rsaref.h was not found under compile-time + because the symlink to include/ was missing. + [Ralf S. Engelschall] + + *) Incorporated the popular no-RSA/DSA-only patches + which allow to compile a RSA-free SSLeay. + [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall] + + *) Fixed nasty rehash problem under `make -f Makefile.ssl links' + when "ssleay" is still not found. + [Ralf S. Engelschall] + + *) Added more platforms to Configure: Cray T3E, HPUX 11, + [Ralf S. Engelschall, Beckmann ] + + *) Updated the README file. + [Ralf S. Engelschall] + + *) Added various .cvsignore files in the CVS repository subdirs + to make a "cvs update" really silent. + [Ralf S. Engelschall] + + *) Recompiled the error-definition header files and added + missing symbols to the Win32 linker tables. + [Ralf S. Engelschall] + + *) Cleaned up the top-level documents; + o new files: CHANGES and LICENSE + o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay + o merged COPYRIGHT into LICENSE + o removed obsolete TODO file + o renamed MICROSOFT to INSTALL.W32 + [Ralf S. Engelschall] + + *) Removed dummy files from the 0.9.1b source tree: + crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi + crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f + crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f + crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f + util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f + [Ralf S. Engelschall] + + *) Added various platform portability fixes. + [Mark J. Cox] + + *) The Genesis of the OpenSSL rpject: + We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A. + Young and Tim J. Hudson created while they were working for C2Net until + summer 1998. + [The OpenSSL Project] + + + Changes between 0.9.0b and 0.9.1b [not released] + + *) Updated a few CA certificates under certs/ + [Eric A. Young] + + *) Changed some BIGNUM api stuff. + [Eric A. Young] + + *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, + DGUX x86, Linux Alpha, etc. + [Eric A. Young] + + *) New COMP library [crypto/comp/] for SSL Record Layer Compression: + RLE (dummy implemented) and ZLIB (really implemented when ZLIB is + available). + [Eric A. Young] + + *) Add -strparse option to asn1pars program which parses nested + binary structures + [Dr Stephen Henson ] + + *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs. + [Eric A. Young] + + *) DSA fix for "ca" program. + [Eric A. Young] + + *) Added "-genkey" option to "dsaparam" program. + [Eric A. Young] + + *) Added RIPE MD160 (rmd160) message digest. + [Eric A. Young] + + *) Added -a (all) option to "ssleay version" command. + [Eric A. Young] + + *) Added PLATFORM define which is the id given to Configure. + [Eric A. Young] + + *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking. + [Eric A. Young] + + *) Extended the ASN.1 parser routines. + [Eric A. Young] + + *) Extended BIO routines to support REUSEADDR, seek, tell, etc. + [Eric A. Young] + + *) Added a BN_CTX to the BN library. + [Eric A. Young] + + *) Fixed the weak key values in DES library + [Eric A. Young] + + *) Changed API in EVP library for cipher aliases. + [Eric A. Young] + + *) Added support for RC2/64bit cipher. + [Eric A. Young] + + *) Converted the lhash library to the crypto/mem.c functions. + [Eric A. Young] + + *) Added more recognized ASN.1 object ids. + [Eric A. Young] + + *) Added more RSA padding checks for SSL/TLS. + [Eric A. Young] + + *) Added BIO proxy/filter functionality. + [Eric A. Young] + + *) Added extra_certs to SSL_CTX which can be used + send extra CA certificates to the client in the CA cert chain sending + process. It can be configured with SSL_CTX_add_extra_chain_cert(). + [Eric A. Young] + + *) Now Fortezza is denied in the authentication phase because + this is key exchange mechanism is not supported by SSLeay at all. + [Eric A. Young] + + *) Additional PKCS1 checks. + [Eric A. Young] + + *) Support the string "TLSv1" for all TLS v1 ciphers. + [Eric A. Young] + + *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the + ex_data index of the SSL context in the X509_STORE_CTX ex_data. + [Eric A. Young] + + *) Fixed a few memory leaks. + [Eric A. Young] + + *) Fixed various code and comment typos. + [Eric A. Young] + + *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 + bytes sent in the client random. + [Edward Bishop ] + diff --git a/openssl/CHANGES.SSLeay b/openssl/CHANGES.SSLeay new file mode 100644 index 0000000..ca5cd72 --- /dev/null +++ b/openssl/CHANGES.SSLeay @@ -0,0 +1,968 @@ +This file contains the changes for the SSLeay library up to version +0.9.0b. For later changes, see the file "CHANGES". + + SSLeay CHANGES + ______________ + +Changes between 0.8.x and 0.9.0b + +10-Apr-1998 + +I said the next version would go out at easter, and so it shall. +I expect a 0.9.1 will follow with portability fixes in the next few weeks. + +This is a quick, meet the deadline. Look to ssl-users for comments on what +is new etc. + +eric (about to go bushwalking for the 4 day easter break :-) + +16-Mar-98 + - Patch for Cray T90 from Wayne Schroeder + - Lots and lots of changes + +29-Jan-98 + - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from + Goetz Babin-Ebell . + - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or + TLS1_VERSION. + +7-Jan-98 + - Finally reworked the cipher string to ciphers again, so it + works correctly + - All the app_data stuff is now ex_data with funcion calls to access. + The index is supplied by a function and 'methods' can be setup + for the types that are called on XXX_new/XXX_free. This lets + applications get notified on creation and destruction. Some of + the RSA methods could be implemented this way and I may do so. + - Oh yes, SSL under perl5 is working at the basic level. + +15-Dec-97 + - Warning - the gethostbyname cache is not fully thread safe, + but it should work well enough. + - Major internal reworking of the app_data stuff. More functions + but if you were accessing ->app_data directly, things will + stop working. + - The perlv5 stuff is working. Currently on message digests, + ciphers and the bignum library. + +9-Dec-97 + - Modified re-negotiation so that server initated re-neg + will cause a SSL_read() to return -1 should retry. + The danger otherwise was that the server and the + client could end up both trying to read when using non-blocking + sockets. + +4-Dec-97 + - Lots of small changes + - Fix for binaray mode in Windows for the FILE BIO, thanks to + Bob Denny + +17-Nov-97 + - Quite a few internal cleanups, (removal of errno, and using macros + defined in e_os.h). + - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where + the automactic naming out output files was being stuffed up. + +29-Oct-97 + - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember + for x86. + +21-Oct-97 + - Fixed a bug in the BIO_gethostbyname() cache. + +15-Oct-97 + - cbc mode for blowfish/des/3des is now in assember. Blowfish asm + has also been improved. At this point in time, on the pentium, + md5 is %80 faster, the unoptimesed sha-1 is %79 faster, + des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc + is %62 faster. + +12-Oct-97 + - MEM_BUF_grow() has been fixed so that it always sets the buf->length + to the value we are 'growing' to. Think of MEM_BUF_grow() as the + way to set the length value correctly. + +10-Oct-97 + - I now hash for certificate lookup on the raw DER encoded RDN (md5). + This breaks things again :-(. This is efficent since I cache + the DER encoding of the RDN. + - The text DN now puts in the numeric OID instead of UNKNOWN. + - req can now process arbitary OIDs in the config file. + - I've been implementing md5 in x86 asm, much faster :-). + - Started sha1 in x86 asm, needs more work. + - Quite a few speedups in the BN stuff. RSA public operation + has been made faster by caching the BN_MONT_CTX structure. + The calulating of the Ai where A*Ai === 1 mod m was rather + expensive. Basically a 40-50% speedup on public operations. + The RSA speedup is now 15% on pentiums and %20 on pentium + pro. + +30-Sep-97 + - After doing some profiling, I added x86 adm for bn_add_words(), + which just adds 2 arrays of longs together. A %10 speedup + for 512 and 1024 bit RSA on the pentium pro. + +29-Sep-97 + - Converted the x86 bignum assembler to us the perl scripts + for generation. + +23-Sep-97 + - If SSL_set_session() is passed a NULL session, it now clears the + current session-id. + +22-Sep-97 + - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned + certificates. + - Bug in crypto/evp/encode.c where by decoding of 65 base64 + encoded lines, one line at a time (via a memory BIO) would report + EOF after the first line was decoded. + - Fix in X509_find_by_issuer_and_serial() from + Dr Stephen Henson + +19-Sep-97 + - NO_FP_API and NO_STDIO added. + - Put in sh config command. It auto runs Configure with the correct + parameters. + +18-Sep-97 + - Fix x509.c so if a DSA cert has different parameters to its parent, + they are left in place. Not tested yet. + +16-Sep-97 + - ssl_create_cipher_list() had some bugs, fixes from + Patrick Eisenacher + - Fixed a bug in the Base64 BIO, where it would return 1 instead + of -1 when end of input was encountered but should retry. + Basically a Base64/Memory BIO interaction problem. + - Added a HMAC set of functions in preporarion for TLS work. + +15-Sep-97 + - Top level makefile tweak - Cameron Simpson + - Prime generation spead up %25 (512 bit prime, pentium pro linux) + by using montgomery multiplication in the prime number test. + +11-Sep-97 + - Ugly bug in ssl3_write_bytes(). Basically if application land + does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code + did not check the size and tried to copy the entire buffer. + This would tend to cause memory overwrites since SSLv3 has + a maximum packet size of 16k. If your program uses + buffers <= 16k, you would probably never see this problem. + - Fixed a few errors that were cause by malloc() not returning + 0 initialised memory.. + - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using + SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing + since this flags stops SSLeay being able to handle client + cert requests correctly. + +08-Sep-97 + - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched + on, the SSL server routines will not use a SSL_SESSION that is + held in it's cache. This in intended to be used with the session-id + callbacks so that while the session-ids are still stored in the + cache, the decision to use them and how to look them up can be + done by the callbacks. The are the 'new', 'get' and 'remove' + callbacks. This can be used to determine the session-id + to use depending on information like which port/host the connection + is coming from. Since the are also SSL_SESSION_set_app_data() and + SSL_SESSION_get_app_data() functions, the application can hold + information against the session-id as well. + +03-Sep-97 + - Added lookup of CRLs to the by_dir method, + X509_load_crl_file() also added. Basically it means you can + lookup CRLs via the same system used to lookup certificates. + - Changed things so that the X509_NAME structure can contain + ASN.1 BIT_STRINGS which is required for the unique + identifier OID. + - Fixed some problems with the auto flushing of the session-id + cache. It was not occuring on the server side. + +02-Sep-97 + - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) + which is the maximum number of entries allowed in the + session-id cache. This is enforced with a simple FIFO list. + The default size is 20*1024 entries which is rather large :-). + The Timeout code is still always operating. + +01-Sep-97 + - Added an argument to all the 'generate private key/prime` + callbacks. It is the last parameter so this should not + break existing code but it is needed for C++. + - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() + BIO. This lets the BIO read and write base64 encoded data + without inserting or looking for '\n' characters. The '-A' + flag turns this on when using apps/enc.c. + - RSA_NO_PADDING added to help BSAFE functionality. This is a + very dangerous thing to use, since RSA private key + operations without random padding bytes (as PKCS#1 adds) can + be attacked such that the private key can be revealed. + - ASN.1 bug and rc2-40-cbc and rc4-40 added by + Dr Stephen Henson + +31-Aug-97 (stuff added while I was away) + - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). + - RSA_flags() added allowing bypass of pub/priv match check + in ssl/ssl_rsa.c - Tim Hudson. + - A few minor bugs. + +SSLeay 0.8.1 released. + +19-Jul-97 + - Server side initated dynamic renegotiation is broken. I will fix + it when I get back from holidays. + +15-Jul-97 + - Quite a few small changes. + - INVALID_SOCKET usage cleanups from Alex Kiernan + +09-Jul-97 + - Added 2 new values to the SSL info callback. + SSL_CB_START which is passed when the SSL protocol is started + and SSL_CB_DONE when it has finished sucsessfully. + +08-Jul-97 + - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c + that related to DSA public/private keys. + - Added all the relevent PEM and normal IO functions to support + reading and writing RSAPublic keys. + - Changed makefiles to use ${AR} instead of 'ar r' + +07-Jul-97 + - Error in ERR_remove_state() that would leave a dangling reference + to a free()ed location - thanks to Alex Kiernan + - s_client now prints the X509_NAMEs passed from the server + when requesting a client cert. + - Added a ssl->type, which is one of SSL_ST_CONNECT or + SSL_ST_ACCEPT. I had to add it so I could tell if I was + a connect or an accept after the handshake had finished. + - SSL_get_client_CA_list(SSL *s) now returns the CA names + passed by the server if called by a client side SSL. + +05-Jul-97 + - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index + 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). + +04-Jul-97 + - Fixed some things in X509_NAME_add_entry(), thanks to + Matthew Donald . + - I had a look at the cipher section and though that it was a + bit confused, so I've changed it. + - I was not setting up the RC4-64-MD5 cipher correctly. It is + a MS special that appears in exported MS Money. + - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 + spec. I was missing the two byte length header for the + ClientDiffieHellmanPublic value. This is a packet sent from + the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG + option will enable SSLeay server side SSLv3 accept either + the correct or my 080 packet format. + - Fixed a few typos in crypto/pem.org. + +02-Jul-97 + - Alias mapping for EVP_get_(digest|cipher)byname is now + performed before a lookup for actual cipher. This means + that an alias can be used to 're-direct' a cipher or a + digest. + - ASN1_read_bio() had a bug that only showed up when using a + memory BIO. When EOF is reached in the memory BIO, it is + reported as a -1 with BIO_should_retry() set to true. + +01-Jul-97 + - Fixed an error in X509_verify_cert() caused by my + miss-understanding how 'do { contine } while(0);' works. + Thanks to Emil Sit for educating me :-) + +30-Jun-97 + - Base64 decoding error. If the last data line did not end with + a '=', sometimes extra data would be returned. + - Another 'cut and paste' bug in x509.c related to setting up the + STDout BIO. + +27-Jun-97 + - apps/ciphers.c was not printing due to an editing error. + - Alex Kiernan send in a nice fix for + a library build error in util/mk1mf.pl + +26-Jun-97 + - Still did not have the auto 'experimental' code removal + script correct. + - A few header tweaks for Watcom 11.0 under Win32 from + Rolf Lindemann + - 0 length OCTET_STRING bug in asn1_parse + - A minor fix with an non-existent function in the MS .def files. + - A few changes to the PKCS7 stuff. + +25-Jun-97 + SSLeay 0.8.0 finally it gets released. + +24-Jun-97 + Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to + use a temporary RSA key. This is experimental and needs some more work. + Fixed a few Win16 build problems. + +23-Jun-97 + SSLv3 bug. I was not doing the 'lookup' of the CERT structure + correctly. I was taking the SSL->ctx->default_cert when I should + have been using SSL->cert. The bug was in ssl/s3_srvr.c + +20-Jun-97 + X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the + rest of the library. Even though I had the code required to do + it correctly, apps/req.c was doing the wrong thing. I have fixed + and tested everything. + + Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. + +19-Jun-97 + Fixed a bug in the SSLv2 server side first packet handling. When + using the non-blocking test BIO, the ssl->s2->first_packet flag + was being reset when a would-block failure occurred when reading + the first 5 bytes of the first packet. This caused the checking + logic to run at the wrong time and cause an error. + + Fixed a problem with specifying cipher. If RC4-MD5 were used, + only the SSLv3 version would be picked up. Now this will pick + up both SSLv2 and SSLv3 versions. This required changing the + SSL_CIPHER->mask values so that they only mask the ciphers, + digests, authentication, export type and key-exchange algorithms. + + I found that when a SSLv23 session is established, a reused + session, of type SSLv3 was attempting to write the SSLv2 + ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char + method has been modified so it will only write out cipher which + that method knows about. + + + Changes between 0.8.0 and 0.8.1 + + *) Mostly bug fixes. + There is an Ephemeral DH cipher problem which is fixed. + + SSLeay 0.8.0 + +This version of SSLeay has quite a lot of things different from the +previous version. + +Basically check all callback parameters, I will be producing documentation +about how to use things in th future. Currently I'm just getting 080 out +the door. Please not that there are several ways to do everything, and +most of the applications in the apps directory are hybrids, some using old +methods and some using new methods. + +Have a look in demos/bio for some very simple programs and +apps/s_client.c and apps/s_server.c for some more advanced versions. +Notes are definitly needed but they are a week or so away. + +Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) +--- +Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to +get those people that want to move to using the new code base off to +a quick start. + +Note that Eric has tidied up a lot of the areas of the API that were +less than desirable and renamed quite a few things (as he had to break +the API in lots of places anyrate). There are a whole pile of additional +functions for making dealing with (and creating) certificates a lot +cleaner. + +01-Jul-97 +Tim Hudson +tjh@cryptsoft.com + +---8<--- + +To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could +use something like the following (assuming you #include "crypto.h" which +is something that you really should be doing). + +#if SSLEAY_VERSION_NUMBER >= 0x0800 +#define SSLEAY8 +#endif + +buffer.h -> splits into buffer.h and bio.h so you need to include bio.h + too if you are working with BIO internal stuff (as distinct + from simply using the interface in an opaque manner) + +#include "bio.h" - required along with "buffer.h" if you write + your own BIO routines as the buffer and bio + stuff that was intermixed has been separated + out + +envelope.h -> evp.h (which should have been done ages ago) + +Initialisation ... don't forget these or you end up with code that +is missing the bits required to do useful things (like ciphers): + +SSLeay_add_ssl_algorithms() +(probably also want SSL_load_error_strings() too but you should have + already had that call in place) + +SSL_CTX_new() - requires an extra method parameter + SSL_CTX_new(SSLv23_method()) + SSL_CTX_new(SSLv2_method()) + SSL_CTX_new(SSLv3_method()) + + OR to only have the server or the client code + SSL_CTX_new(SSLv23_server_method()) + SSL_CTX_new(SSLv2_server_method()) + SSL_CTX_new(SSLv3_server_method()) + or + SSL_CTX_new(SSLv23_client_method()) + SSL_CTX_new(SSLv2_client_method()) + SSL_CTX_new(SSLv3_client_method()) + +SSL_set_default_verify_paths() ... renamed to the more appropriate +SSL_CTX_set_default_verify_paths() + +If you want to use client certificates then you have to add in a bit +of extra stuff in that a SSLv3 server sends a list of those CAs that +it will accept certificates from ... so you have to provide a list to +SSLeay otherwise certain browsers will not send client certs. + +SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + + +X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) + or provide a buffer and size to copy the + result into + +X509_add_cert -> X509_STORE_add_cert (and you might want to read the + notes on X509_NAME structure changes too) + + +VERIFICATION CODE +================= + +The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to +more accurately reflect things. + +The verification callback args are now packaged differently so that +extra fields for verification can be added easily in future without +having to break things by adding extra parameters each release :-) + +X509_cert_verify_error_string -> X509_verify_cert_error_string + + +BIO INTERNALS +============= + +Eric has fixed things so that extra flags can be introduced in +the BIO layer in future without having to play with all the BIO +modules by adding in some macros. + +The ugly stuff using + b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_clear_retry_flags(b) + + b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_set_retry_read(b) + +Also ... BIO_get_retry_flags(b), BIO_set_flags(b) + + + +OTHER THINGS +============ + +X509_NAME has been altered so that it isn't just a STACK ... the STACK +is now in the "entries" field ... and there are a pile of nice functions +for getting at the details in a much cleaner manner. + +SSL_CTX has been altered ... "cert" is no longer a direct member of this +structure ... things are now down under "cert_store" (see x509_vfy.h) and +things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. +If your code "knows" about this level of detail then it will need some +surgery. + +If you depending on the incorrect spelling of a number of the error codes +then you will have to change your code as these have been fixed. + +ENV_CIPHER "type" got renamed to "nid" and as that is what it actually +has been all along so this makes things clearer. +ify_cert_error_string(ctx->error)); + +SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST + and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO + + + + Changes between 0.7.x and 0.8.0 + + *) There have been lots of changes, mostly the addition of SSLv3. + There have been many additions from people and amongst + others, C2Net has assisted greatly. + + Changes between 0.7.x and 0.7.x + + *) Internal development version only + +SSLeay 0.6.6 13-Jan-1997 + +The main additions are + +- assember for x86 DES improvments. + From 191,000 per second on a pentium 100, I now get 281,000. The inner + loop and the IP/FP modifications are from + Svend Olaf Mikkelsen . Many thanks for his + contribution. +- The 'DES macros' introduced in 0.6.5 now have 3 types. + DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which + is best and there is a summery of mine in crypto/des/options.txt +- A few bug fixes. +- Added blowfish. It is not used by SSL but all the other stuff that + deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. + There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. + BF_PTR2 is pentium/x86 specific. The correct option is setup in + the 'Configure' script. +- There is now a 'get client certificate' callback which can be + 'non-blocking'. If more details are required, let me know. It will + documented more in SSLv3 when I finish it. +- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' + now tests the ca program. +- Lots of little things modified and tweaked. + + SSLeay 0.6.5 + +After quite some time (3 months), the new release. I have been very busy +for the last few months and so this is mostly bug fixes and improvments. + +The main additions are + +- assember for x86 DES. For all those gcc based systems, this is a big + improvement. From 117,000 DES operation a second on a pentium 100, + I now get 191,000. I have also reworked the C version so it + now gives 148,000 DESs per second. +- As mentioned above, the inner DES macros now have some more variant that + sometimes help, sometimes hinder performance. There are now 3 options + DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) + and DES_RISC (a more register intensive version of the inner macro). + The crypto/des/des_opts.c program, when compiled and run, will give + an indication of the correct options to use. +- The BIO stuff has been improved. Read doc/bio.doc. There are now + modules for encryption and base64 encoding and a BIO_printf() function. +- The CA program will accept simple one line X509v3 extensions in the + ssleay.cnf file. Have a look at the example. Currently this just + puts the text into the certificate as an OCTET_STRING so currently + the more advanced X509v3 data types are not handled but this is enough + for the netscape extensions. +- There is the start of a nicer higher level interface to the X509 + strucutre. +- Quite a lot of bug fixes. +- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used + to define the malloc(), free() and realloc() routines to use + (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when + using DLLs and mixing CRT libraries. + +In general, read the 'VERSION' file for changes and be aware that some of +the new stuff may not have been tested quite enough yet, so don't just plonk +in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. + +SSLeay 0.6.4 30/08/96 eay + +I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, +Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). + +The main changes in this release + +- Thread safe. have a read of doc/threads.doc and play in the mt directory. + For anyone using 0.6.3 with threads, I found 2 major errors so consider + moving to 0.6.4. I have a test program that builds under NT and + solaris. +- The get session-id callback has changed. Have a read of doc/callback.doc. +- The X509_cert_verify callback (the SSL_verify callback) now + has another argument. Have a read of doc/callback.doc +- 'ca -preserve', sign without re-ordering the DN. Not tested much. +- VMS support. +- Compile time memory leak detection can now be built into SSLeay. + Read doc/memory.doc +- CONF routines now understand '\', '\n', '\r' etc. What this means is that + the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. +- 'ssleay ciphers' added, lists the default cipher list for SSLeay. +- RC2 key setup is now compatable with Netscape. +- Modifed server side of SSL implementation, big performance difference when + using session-id reuse. + +0.6.3 + +Bug fixes and the addition of some nice stuff to the 'ca' program. +Have a read of doc/ns-ca.doc for how hit has been modified so +it can be driven from a CGI script. The CGI script is not provided, +but that is just being left as an excersize for the reader :-). + +0.6.2 + +This is most bug fixes and functionality improvements. + +Additions are +- More thread debugging patches, the thread stuff is still being + tested, but for those keep to play with stuff, have a look in + crypto/cryptlib.c. The application needs to define 1 (or optionaly + a second) callback that is used to implement locking. Compiling + with LOCK_DEBUG spits out lots of locking crud :-). + This is what I'm currently working on. +- SSL_CTX_set_default_passwd_cb() can be used to define the callback + function used in the SSL*_file() functions used to load keys. I was + always of the opinion that people should call + PEM_read_RSAPrivateKey() and pass the callback they want to use, but + it appears they just want to use the SSL_*_file() function() :-(. +- 'enc' now has a -kfile so a key can be read from a file. This is + mostly used so that the passwd does not appear when using 'ps', + which appears imposible to stop under solaris. +- X509v3 certificates now work correctly. I even have more examples + in my tests :-). There is now a X509_EXTENSION type that is used in + X509v3 certificates and CRLv2. +- Fixed that signature type error :-( +- Fixed quite a few potential memory leaks and problems when reusing + X509, CRL and REQ structures. +- EVP_set_pw_prompt() now sets the library wide default password + prompt. +- The 'pkcs7' command will now, given the -print_certs flag, output in + pem format, all certificates and CRL contained within. This is more + of a pre-emtive thing for the new verisign distribution method. I + should also note, that this also gives and example in code, of how + to do this :-), or for that matter, what is involved in going the + other way (list of certs and crl -> pkcs7). +- Added RSA's DESX to the DES library. It is also available via the + EVP_desx_cbc() method and via 'enc desx'. + +SSLeay 0.6.1 + +The main functional changes since 0.6.0 are as follows +- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is + that from now on, I'll keep the .def numbers the same so they will be. +- RSA private key operations are about 2 times faster that 0.6.0 +- The SSL_CTX now has more fields so default values can be put against + it. When an SSL structure is created, these default values are used + but can be overwritten. There are defaults for cipher, certificate, + private key, verify mode and callback. This means SSL session + creation can now be + ssl=SSL_new() + SSL_set_fd(ssl,sock); + SSL_accept(ssl) + .... + All the other uglyness with having to keep a global copy of the + private key and certificate/verify mode in the server is now gone. +- ssl/ssltest.c - one process talking SSL to its self for testing. +- Storage of Session-id's can be controled via a session_cache_mode + flag. There is also now an automatic default flushing of + old session-id's. +- The X509_cert_verify() function now has another parameter, this + should not effect most people but it now means that the reason for + the failure to verify is now available via SSL_get_verify_result(ssl). + You don't have to use a global variable. +- SSL_get_app_data() and SSL_set_app_data() can be used to keep some + application data against the SSL structure. It is upto the application + to free the data. I don't use it, but it is available. +- SSL_CTX_set_cert_verify_callback() can be used to specify a + verify callback function that completly replaces my certificate + verification code. Xcert should be able to use this :-). + The callback is of the form int app_verify_callback(arg,ssl,cert). + This needs to be documented more. +- I have started playing with shared library builds, have a look in + the shlib directory. It is very simple. If you need a numbered + list of functions, have a look at misc/crypto.num and misc/ssl.num. +- There is some stuff to do locking to make the library thread safe. + I have only started this stuff and have not finished. If anyone is + keen to do so, please send me the patches when finished. + +So I have finally made most of the additions to the SSL interface that +I thought were needed. + +There will probably be a pause before I make any non-bug/documentation +related changes to SSLeay since I'm feeling like a bit of a break. + +eric - 12 Jul 1996 +I saw recently a comment by some-one that we now seem to be entering +the age of perpetual Beta software. +Pioneered by packages like linux but refined to an art form by +netscape. + +I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). + +There are quite a large number of sections that are 'works in +progress' in this package. I will also list the major changes and +what files you should read. + +BIO - this is the new IO structure being used everywhere in SSLeay. I +started out developing this because of microsoft, I wanted a mechanism +to callback to the application for all IO, so Windows 3.1 DLL +perversion could be hidden from me and the 15 different ways to write +to a file under NT would also not be dictated by me at library build +time. What the 'package' is is an API for a data structure containing +functions. IO interfaces can be written to conform to the +specification. This in not intended to hide the underlying data type +from the application, but to hide it from SSLeay :-). +I have only really finished testing the FILE * and socket/fd modules. +There are also 'filter' BIO's. Currently I have only implemented +message digests, and it is in use in the dgst application. This +functionality will allow base64/encrypto/buffering modules to be +'push' into a BIO without it affecting the semantics. I'm also +working on an SSL BIO which will hide the SSL_accept()/SLL_connet() +from an event loop which uses the interface. +It is also possible to 'attach' callbacks to a BIO so they get called +before and after each operation, alowing extensive debug output +to be generated (try running dgst with -d). + +Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few +functions that used to take FILE *, now take BIO *. +The wrappers are easy to write + +function_fp(fp,x) +FILE *fp; + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) error..... + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=function_bio(b,x); + BIO_free(b); + return(ret); + } +Remember, there are no functions that take FILE * in SSLeay when +compiled for Windows 3.1 DLL's. + +-- +I have added a general EVP_PKEY type that can hold a public/private +key. This is now what is used by the EVP_ functions and is passed +around internally. I still have not done the PKCS#8 stuff, but +X509_PKEY is defined and waiting :-) + +-- +For a full function name listings, have a look at ms/crypt32.def and +ms/ssl32.def. These are auto-generated but are complete. +Things like ASN1_INTEGER_get() have been added and are in here if you +look. I have renamed a few things, again, have a look through the +function list and you will probably find what you are after. I intend +to at least put a one line descrition for each one..... + +-- +Microsoft - thats what this release is about, read the MICROSOFT file. + +-- +Multi-threading support. I have started hunting through the code and +flaging where things need to be done. In a state of work but high on +the list. + +-- +For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) +be be you random data device, otherwise 'RFILE' in e_os.h +will be used, in your home directory. It will be updated +periodically. The environment variable RANDFILE will override this +choice and read/write to that file instead. DEVRANDOM is used in +conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random +number generator, pick on one of these files. + +-- + +The list of things to read and do + +dgst -d +s_client -state (this uses a callback placed in the SSL state loop and + will be used else-where to help debug/monitor what + is happening.) + +doc/why.doc +doc/bio.doc <- hmmm, needs lots of work. +doc/bss_file.doc <- one that is working :-) +doc/session.doc <- it has changed +doc/speed.doc + also play with ssleay version -a. I have now added a SSLeay() + function that returns a version number, eg 0600 for this release + which is primarily to be used to check DLL version against the + application. +util/* Quite a few will not interest people, but some may, like + mk1mf.pl, mkdef.pl, +util/do_ms.sh + +try +cc -Iinclude -Icrypto -c crypto/crypto.c +cc -Iinclude -Issl -c ssl/ssl.c +You have just built the SSLeay libraries as 2 object files :-) + +Have a general rummage around in the bin stall directory and look at +what is in there, like CA.sh and c_rehash + +There are lots more things but it is 12:30am on a Friday night and I'm +heading home :-). + +eric 22-Jun-1996 +This version has quite a few major bug fixes and improvements. It DOES NOT +do SSLv3 yet. + +The main things changed +- A Few days ago I added the s_mult application to ssleay which is + a demo of an SSL server running in an event loop type thing. + It supports non-blocking IO, I have finally gotten it right, SSL_accept() + can operate in non-blocking IO mode, look at the code to see how :-). + Have a read of doc/s_mult as well. This program leaks memory and + file descriptors everywhere but I have not cleaned it up yet. + This is a demo of how to do non-blocking IO. +- The SSL session management has been 'worked over' and there is now + quite an expansive set of functions to manipulate them. Have a read of + doc/session.doc for some-things I quickly whipped up about how it now works. + This assume you know the SSLv2 protocol :-) +- I can now read/write the netscape certificate format, use the + -inform/-outform 'net' options to the x509 command. I have not put support + for this type in the other demo programs, but it would be easy to add. +- asn1parse and 'enc' have been modified so that when reading base64 + encoded files (pem format), they do not require '-----BEGIN' header lines. + The 'enc' program had a buffering bug fixed, it can be used as a general + base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' + respecivly. Leaving out the '-a' flag in this case makes the 'enc' command + into a form of 'cat'. +- The 'x509' and 'req' programs have been fixed and modified a little so + that they generate self-signed certificates correctly. The test + script actually generates a 'CA' certificate and then 'signs' a + 'user' certificate. Have a look at this shell script (test/sstest) + to see how things work, it tests most possible combinations of what can + be done. +- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name + of SSL_set_cipher_list() is now the correct API (stops confusion :-). + If this function is used in the client, only the specified ciphers can + be used, with preference given to the order the ciphers were listed. + For the server, if this is used, only the specified ciphers will be used + to accept connections. If this 'option' is not used, a default set of + ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this + list for all ciphers started against the SSL_CTX. So the order is + SSL cipher_list, if not present, SSL_CTX cipher list, if not + present, then the library default. + What this means is that normally ciphers like + NULL-MD5 will never be used. The only way this cipher can be used + for both ends to specify to use it. + To enable or disable ciphers in the library at build time, modify the + first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. + This file also contains the 'pref_cipher' list which is the default + cipher preference order. +- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' + options work. They should, and they enable loading and writing the + netscape rsa private key format. I will be re-working this section of + SSLeay for the next version. What is currently in place is a quick and + dirty hack. +- I've re-written parts of the bignum library. This gives speedups + for all platforms. I now provide assembler for use under Windows NT. + I have not tested the Windows 3.1 assembler but it is quite simple code. + This gives RSAprivate_key operation encryption times of 0.047s (512bit key) + and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. + Basically the times available under linux/solaris x86 can be achieve under + Windows NT. I still don't know how these times compare to RSA's BSAFE + library but I have been emailing with people and with their help, I should + be able to get my library's quite a bit faster still (more algorithm changes). + The object file crypto/bn/asm/x86-32.obj should be used when linking + under NT. +- 'make makefile.one' in the top directory will generate a single makefile + called 'makefile.one' This makefile contains no perl references and + will build the SSLeay library into the 'tmp' and 'out' directories. + util/mk1mf.pl >makefile.one is how this makefile is + generated. The mk1mf.pl command take several option to generate the + makefile for use with cc, gcc, Visual C++ and Borland C++. This is + still under development. I have only build .lib's for NT and MSDOS + I will be working on this more. I still need to play with the + correct compiler setups for these compilers and add some more stuff but + basically if you just want to compile the library + on a 'non-unix' platform, this is a very very good file to start with :-). + Have a look in the 'microsoft' directory for my current makefiles. + I have not yet modified things to link with sockets under Windows NT. + You guys should be able to do this since this is actually outside of the + SSLeay scope :-). I will be doing it for myself soon. + util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock + to build without RC2/RC4, to require RSAref for linking, and to + build with no socket code. + +- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher + that was posted to sci.crypt has been added to the library and SSL. + I take the view that if RC2 is going to be included in a standard, + I'll include the cipher to make my package complete. + There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers + at compile time. I have not tested this recently but it should all work + and if you are in the USA and don't want RSA threatening to sue you, + you could probably remove the RC4/RC2 code inside these sections. + I may in the future include a perl script that does this code + removal automatically for those in the USA :-). +- I have removed all references to sed in the makefiles. So basically, + the development environment requires perl and sh. The build environment + does not (use the makefile.one makefile). + The Configure script still requires perl, this will probably stay that way + since I have perl for Windows NT :-). + +eric (03-May-1996) + +PS Have a look in the VERSION file for more details on the changes and + bug fixes. +I have fixed a few bugs, added alpha and x86 assembler and generally cleaned +things up. This version will be quite stable, mostly because I'm on +holidays until 10-March-1996. For any problems in the interum, send email +to Tim Hudson . + +SSLeay 0.5.0 + +12-12-95 +This is going out before it should really be released. + +I leave for 11 weeks holidays on the 22-12-95 and so I either sit on +this for 11 weeks or get things out. It is still going to change a +lot in the next week so if you do grab this version, please test and +give me feed back ASAP, inculuding questions on how to do things with +the library. This will prompt me to write documentation so I don't +have to answer the same question again :-). + +This 'pre' release version is for people who are interested in the +library. The applications will have to be changed to use +the new version of the SSL interface. I intend to finish more +documentation before I leave but until then, look at the programs in +the apps directory. As far as code goes, it is much much nicer than +the old version. + +The current library works, has no memory leaks (as far as I can tell) +and is far more bug free that 0.4.5d. There are no global variable of +consequence (I believe) and I will produce some documentation that +tell where to look for those people that do want to do multi-threaded +stuff. + +There should be more documentation. Have a look in the +doc directory. I'll be adding more before I leave, it is a start +by mostly documents the crypto library. Tim Hudson will update +the web page ASAP. The spelling and grammar are crap but +it is better than nothing :-) + +Reasons to start playing with version 0.5.0 +- All the programs in the apps directory build into one ssleay binary. +- There is a new version of the 'req' program that generates certificate + requests, there is even documentation for this one :-) +- There is a demo certification authorithy program. Currently it will + look at the simple database and update it. It will generate CRL from + the data base. You need to edit the database by hand to revoke a + certificate, it is my aim to use perl5/Tk but I don't have time to do + this right now. It will generate the certificates but the management + scripts still need to be written. This is not a hard task. +- Things have been cleaned up alot. +- Have a look at the enc and dgst programs in the apps directory. +- It supports v3 of x509 certiticates. + + +Major things missing. +- I have been working on (and thinging about) the distributed x509 + hierachy problem. I have not had time to put my solution in place. + It will have to wait until I come back. +- I have not put in CRL checking in the certificate verification but + it would not be hard to do. I was waiting until I could generate my + own CRL (which has only been in the last week) and I don't have time + to put it in correctly. +- Montgomery multiplication need to be implemented. I know the + algorithm, just ran out of time. +- PKCS#7. I can load and write the DER version. I need to re-work + things to support BER (if that means nothing, read the ASN1 spec :-). +- Testing of the higher level digital envelope routines. I have not + played with the *_seal() and *_open() type functions. They are + written but need testing. The *_sign() and *_verify() functions are + rock solid. +- PEM. Doing this and PKCS#7 have been dependant on the distributed + x509 heirachy problem. I started implementing my ideas, got + distracted writing a CA program and then ran out of time. I provide + the functionality of RSAref at least. +- Re work the asm. code for the x86. I've changed by low level bignum + interface again, so I really need to tweak the x86 stuff. gcc is + good enough for the other boxes. + diff --git a/openssl/CONTRIBUTING b/openssl/CONTRIBUTING new file mode 100644 index 0000000..f734d77 --- /dev/null +++ b/openssl/CONTRIBUTING @@ -0,0 +1,54 @@ +HOW TO CONTRIBUTE PATCHES TO OpenSSL +------------------------------------ + +(Please visit https://www.openssl.org/community/getting-started.html for +other ideas about how to contribute.) + +Development is coordinated on the openssl-dev mailing list (see the +above link or https://mta.openssl.org for information on subscribing). +If you are unsure as to whether a feature will be useful for the general +OpenSSL community you might want to discuss it on the openssl-dev mailing +list first. Someone may be already working on the same thing or there +may be a good reason as to why that feature isn't implemented. + +To submit a patch, make a pull request on GitHub. If you think the patch +could use feedback from the community, please start a thread on openssl-dev +to discuss it. + +Having addressed the following items before the PR will help make the +acceptance and review process faster: + + 1. Anything other than trivial contributions will require a contributor + licensing agreement, giving us permission to use your code. See + https://www.openssl.org/policies/cla.html for details. + + 2. All source files should start with the following text (with + appropriate comment characters at the start of each line and the + year(s) updated): + + Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved. + + Licensed under the OpenSSL license (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy + in the file LICENSE in the source distribution or at + https://www.openssl.org/source/license.html + + 3. Patches should be as current as possible; expect to have to rebase + often. We do not accept merge commits; You will be asked to remove + them before a patch is considered acceptable. + + 4. Patches should follow our coding style (see + https://www.openssl.org/policies/codingstyle.html) and compile without + warnings. Where gcc or clang is availble you should use the + --strict-warnings Configure option. OpenSSL compiles on many varied + platforms: try to ensure you only use portable features. + Clean builds via Travis and AppVeyor are expected, and done whenever + a PR is created or updated. + + 5. When at all possible, patches should include tests. These can + either be added to an existing test, or completely new. Please see + test/README for information on the test framework. + + 6. New features or changed functionality must include + documentation. Please look at the "pod" files in doc/apps, doc/crypto + and doc/ssl for examples of our style. diff --git a/openssl/Configure b/openssl/Configure new file mode 100755 index 0000000..5da7cad --- /dev/null +++ b/openssl/Configure @@ -0,0 +1,2311 @@ +: +eval 'exec perl -S $0 ${1+"$@"}' + if $running_under_some_shell; +## +## Configure -- OpenSSL source tree configuration script +## + +require 5.000; +use strict; +use File::Compare; + +# see INSTALL for instructions. + +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; + +# Options: +# +# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the +# --prefix option is given; /usr/local/ssl otherwise) +# --prefix prefix for the OpenSSL include, lib and bin directories +# (Default: the OPENSSLDIR directory) +# +# --install_prefix Additional prefix for package builders (empty by +# default). This needn't be set in advance, you can +# just as well use "make INSTALL_PREFIX=/whatever install". +# +# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected +# to live in the subdirectory lib/ and the header files in +# include/. A value is required. +# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is +# required. +# (Default: KRB5_DIR/lib) +# --with-krb5-include Declare where the Kerberos 5 header files live. A +# value is required. +# (Default: KRB5_DIR/include) +# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently +# supported values are "MIT" and "Heimdal". A value is required. +# +# --test-sanity Make a number of sanity checks on the data in this file. +# This is a debugging tool for OpenSSL developers. +# +# --cross-compile-prefix Add specified prefix to binutils components. +# +# no-hw-xxx do not compile support for specific crypto hardware. +# Generic OpenSSL-style methods relating to this support +# are always compiled but return NULL if the hardware +# support isn't compiled. +# no-hw do not compile support for any crypto hardware. +# [no-]threads [don't] try to create a library that is suitable for +# multithreaded applications (default is "threads" if we +# know how to do it) +# [no-]shared [don't] try to create shared libraries when supported. +# no-asm do not use assembler +# no-dso do not compile in any native shared-library methods. This +# will ensure that all methods just return NULL. +# no-krb5 do not compile in any KRB5 library or code. +# [no-]zlib [don't] compile support for zlib compression. +# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared +# library and will be loaded in run-time by the OpenSSL library. +# sctp include SCTP support +# enable-weak-ssl-ciphers +# Enable EXPORT and LOW SSLv3 ciphers that are disabled by +# default. Note, weak SSLv2 ciphers are unconditionally +# disabled. +# 386 generate 80386 code in assembly modules +# no-sse2 disables IA-32 SSE2 code in assembly modules, the above +# mentioned '386' option implies this one +# no- build without specified algorithm (rsa, idea, rc5, ...) +# - + compiler options are passed through +# +# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items +# provided to stack calls. Generates unique stack functions for +# each possible stack type. +# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h +# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register +# dependancies but needs to more registers, good for RISC CPU's +# DES_RISC2 A different RISC variant. +# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders. +# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h +# This is used on the DEC Alpha where long is 8 bytes +# and int is 4 +# BN_LLONG use the type 'long long' in crypto/bn/bn.h +# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h +# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h +# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h +# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h +# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h +# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h +# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h +# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h +# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on +# array lookups instead of pointer use. +# RC4_CHUNK enables code that handles data aligned at long (natural CPU +# word) boundary. +# RC4_CHUNK_LL enables code that handles data aligned at long long boundary +# (intended for 64-bit CPUs running 32-bit OS). +# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha). +# BF_PTR2 intel specific version (generic version is more efficient). +# +# Following are set automatically by this script +# +# MD5_ASM use some extra md5 assember, +# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86 +# RMD160_ASM use some extra ripemd160 assember, +# SHA256_ASM sha256_block is implemented in assembler +# SHA512_ASM sha512_block is implemented in assembler +# AES_ASM ASE_[en|de]crypt is implemented in assembler + +# Minimum warning options... any contributions to OpenSSL should at least get +# past these. + +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; + +# TODO(openssl-team): fix problems and investigate if (at least) the following +# warnings can also be enabled: +# -Wconditional-uninitialized, -Wswitch-enum, -Wunused-macros, +# -Wmissing-field-initializers, -Wmissing-variable-declarations, +# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, +# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token +# -Wextended-offsetof +my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof"; + +# These are used in addition to $gcc_devteam_warn when the compiler is clang. +# TODO(openssl-team): fix problems and investigate if (at least) the +# following warnings can also be enabled: -Wconditional-uninitialized, +# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, +# -Wmissing-variable-declarations, +# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, +# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token +# -Wextended-offsetof +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; + +# Warn that "make depend" should be run? +my $warn_make_depend = 0; + +my $strict_warnings = 0; + +my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; + +# MD2_CHAR slags pentium pros +my $x86_gcc_opts="RC4_INDEX MD2_INT"; + +# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT +# Don't worry about these normally + +my $tcc="cc"; +my $tflags="-fast -Xa"; +my $tbn_mul=""; +my $tlib="-lnsl -lsocket"; +#$bits1="SIXTEEN_BIT "; +#$bits2="THIRTY_TWO_BIT "; +my $bits1="THIRTY_TWO_BIT "; +my $bits2="SIXTY_FOUR_BIT "; + +my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:"; + +my $x86_elf_asm="$x86_asm:elf"; + +my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:"; +my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; +my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void"; +my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void"; +my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void"; +my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; +my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//; +my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; +my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; +my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; +my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; +my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; +my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; +my $ppc32_asm=$ppc64_asm; +my $no_asm="::::::::::::::::void"; + +# As for $BSDthreads. Idea is to maintain "collective" set of flags, +# which would cover all BSD flavors. -pthread applies to them all, +# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD +# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r, +# which has to be accompanied by explicit -D_THREAD_SAFE and +# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which +# seems to be sufficient? +my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; + +#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib + +my %table=( +# File 'TABLE' (created by 'make TABLE') contains the data from this list, +# formatted for better readability. + + +#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::", +#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::", +#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::", +#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::", + +# Our development configs +"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", +"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", +"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", +"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +"debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::", +"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::", +"debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", +"debug-ben-darwin64","cc:$gcc_devteam_warn -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", +"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", +"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"dist", "cc:-O::(unknown)::::::", + +# Basic configs that should work on any (32 and less bit) box +"gcc", "gcc:-O3::(unknown):::BN_LLONG:::", +"cc", "cc:-O::(unknown)::::::", + +####VOS Configurations +"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", +"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", + +#### Solaris x86 with GNU C setups +# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it +# here because whenever GNU C instantiates an assembler template it +# surrounds it with #APP #NO_APP comment pair which (at least Solaris +# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" +# error message. +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -shared -static-libgcc might appear controversial, but modules taken +# from static libgcc do not have relocations and linking them into our +# shared objects doesn't have any negative side-effects. On the contrary, +# doing so makes it possible to use gcc shared build with Sun C. Given +# that gcc generates faster code [thanks to inline assembler], I would +# actually recommend to consider using gcc shared build even with vendor +# compiler:-) +# +"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + +#### Solaris x86 with Sun C setups +"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + +#### SPARC Solaris with GNU C setups +"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc +"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", +#### +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### SPARC Solaris with Sun C setups +# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. +# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 +# SC5.0 note: Compiler common patch 107357-01 or later is required! +"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", +#### +"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### SunOS configs, assuming sparc for the gcc one. +#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", +"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", + +#### IRIX 5.x configs +# -mips2 flag is added by ./config when appropriate. +"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### IRIX 6.x configs +# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke +# './Configure irix-cc -o32' manually. +"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +# N64 ABI builds. +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + +#### Unified HP-UX ANSI C configs. +# Special notes: +# - Originally we were optimizing at +O4 level. It should be noted +# that the only difference between +O3 and +O4 is global inter- +# procedural analysis. As it has to be performed during the link +# stage the compiler leaves behind certain pseudo-code in lib*.a +# which might be release or even patch level specific. Generating +# the machine code for and analyzing the *whole* program appears +# to be *extremely* memory demanding while the performance gain is +# actually questionable. The situation is intensified by the default +# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB +# which is way too low for +O4. In other words, doesn't +O3 make +# more sense? +# - Keep in mind that the HP compiler by default generates code +# suitable for execution on the host you're currently compiling at. +# If the toolkit is ment to be used on various PA-RISC processors +# consider './config +DAportable'. +# - +DD64 is chosen in favour of +DA2.0W because it's meant to be +# compatible with *future* releases. +# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to +# pass -D_REENTRANT on HP-UX 10 and later. +# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in +# 32-bit message digests. (For the moment of this writing) HP C +# doesn't seem to "digest" too many local variables (they make "him" +# chew forever:-). For more details look-up MD32_XARRAY comment in +# crypto/sha/sha_lcl.h. +# +# +# Since there is mention of this in shlib/hpux10-cc.sh +"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", +"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", +"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", + +# More attempts at unified 10.X and 11.X targets for HP C compiler. +# +# Chris Ruemmler +# Kevin Steves +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", + +# HP/UX IA-64 targets +"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", +# Frank Geurts has patiently assisted with +# with debugging of the following config. +"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", +# GCC builds... +"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", +"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", + +# Legacy HPUX 9.X configs... +"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ +"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", + +# DEC Alpha OSF/1/Tru64 targets. +# +# "What's in a name? That which we call a rose +# By any other word would smell as sweet." +# +# - William Shakespeare, "Romeo & Juliet", Act II, scene II. +# +# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version +# +"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", +"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", +"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + +#### +#### Variety of LINUX:-) +#### +# *-generic* is endian-neutral target, but ./config is free to +# throw in -D[BL]_ENDIAN, whichever appropriate... +"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +####################################################################### +# Note that -march is not among compiler options in below linux-armv4 +# target line. Not specifying one is intentional to give you choice to: +# +# a) rely on your compiler default by not specifying one; +# b) specify your target platform explicitly for optimal performance, +# e.g. -march=armv6 or -march=armv7-a; +# c) build "universal" binary that targets *range* of platforms by +# specifying minimum and maximum supported architecture; +# +# As for c) option. It actually makes no sense to specify maximum to be +# less than ARMv7, because it's the least requirement for run-time +# switch between platform-specific code paths. And without run-time +# switch performance would be equivalent to one for minimum. Secondly, +# there are some natural limitations that you'd have to accept and +# respect. Most notably you can *not* build "universal" binary for +# big-endian platform. This is because ARMv7 processor always picks +# instructions in little-endian order. Another similar limitation is +# that -mthumb can't "cross" -march=armv6t2 boundary, because that's +# where it became Thumb-2. Well, this limitation is a bit artificial, +# because it's not really impossible, but it's deemed too tricky to +# support. And of course you have to be sure that your binutils are +# actually up to the task of handling maximum target platform. With all +# this in mind here is an example of how to configure "universal" build: +# +# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 +# +"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# Configure script adds minimally required -march for assembly support, +# if no -march was specified at command line. mips32 and mips64 below +# refer to contemporary MIPS Architecture specifications, MIPS32 and +# MIPS64, rather than to kernel bitness. +"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +#### IA-32 targets... +"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", +#### +"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", +"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", +"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +#### So called "highgprs" target for z/Architecture CPUs +# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see +# /proc/cpuinfo. The idea is to preserve most significant bits of +# general purpose registers not only upon 32-bit process context +# switch, but even on asynchronous signal delivery to such process. +# This makes it possible to deploy 64-bit instructions even in legacy +# application context and achieve better [or should we say adequate] +# performance. The build is binary compatible with linux-generic32, +# and the idea is to be able to install the resulting libcrypto.so +# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for +# ldconfig and run-time linker to autodiscover. Unfortunately it +# doesn't work just yet, because of couple of bugs in glibc +# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... +"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", +#### SPARC Linux setups +# Ray Miller has patiently +# assisted with debugging of following two configs. +"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# it's a real mess with -mcpu=ultrasparc option under Linux, but +# -Wa,-Av8plus should do the trick no matter what. +"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# GCC 3.1 is a requirement +"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +#### Alpha Linux with GNU C and Compaq C setups +# Special notes: +# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you +# ought to run './Configure linux-alpha+bwx-gcc' manually, do +# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever +# which is appropriate. +# - If you use ccc keep in mind that -fast implies -arch host and the +# compiler is free to issue instructions which gonna make elder CPU +# choke. If you wish to build "blended" toolkit, add -arch generic +# *after* -fast and invoke './Configure linux-alpha-ccc' manually. +# +# +# +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + +# Android: linux-* but without pointers to headers and libs. +"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### *BSD [do see comment about ${BSDthreads} above!] +"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it +# simply *happens* to work around a compiler bug in gcc 3.3.3, +# triggered by RIPEMD160 code. +"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", +"nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", + +# NCR MP-RAS UNIX ver 02.03.01 +"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::", + +# QNX +"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", +"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +# BeOS +"beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so", +"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so", + +#### SCO/Caldera targets. +# +# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. +# Now we only have blended unixware-* as it's the only one used by ./config. +# If you want to optimize for particular microarchitecture, bypass ./config +# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. +# Note that not all targets include assembler support. Mostly because of +# lack of motivation to support out-of-date platforms with out-of-date +# compiler drivers and assemblers. Tim Rice has +# patiently assisted to debug most of it. +# +# UnixWare 2.0x fails destest with -O. +"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", +"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", +"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# SCO 5 - Ben Laurie says the -O breaks the SCO cc. +"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### IBM's AIX. +"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", +"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", +"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", +# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE +# at build time. $OBJECT_MODE is respected at ./config stage! +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", + +# +# Cray T90 and similar (SDSC) +# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT +# defined. The T90 ints and longs are 8 bytes long, and apparently the +# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and +# non L_ENDIAN code aligns the bytes in each word correctly. +# +# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors: +#'Taking the address of a bit field is not allowed. ' +#'An expression with bit field exists as the operand of "sizeof" ' +# (written by Wayne Schroeder ) +# +# j90 is considered the base machine type for unicos machines, +# so this configuration is now called "cray-j90" ... +"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::", + +# +# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov) +# +# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added +# another use. Basically, the problem is that the T3E uses some bit fields +# for some st_addr stuff, and then sizeof and address-of fails +# I could not use the ams/alpha.o option because the Cray assembler, 'cam' +# did not like it. +"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::", + +# DGUX, 88100. +"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::", +"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::", +"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", + +# Sinix/ReliantUNIX RM400 +# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ +"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::", +"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::", + +# SIEMENS BS2000/OSD: an EBCDIC-based mainframe +"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + +# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe +# You need to compile using the c89.sh wrapper in the tools directory, because the +# IBM compiler does not like the -L switch after any object modules. +# +"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + +# Visual C targets +# +# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 +"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", +"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", +"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", +"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", +# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement +# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' +"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +# Unified CE target +"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", + +# Borland C++ 4.5 +"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", + +# MinGW +"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", +# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll +# compiled with one compiler with application compiled with another +# compiler. It's possible to engage Applink support in mingw64 build, +# but it's not done, because till mingw64 supports structured exception +# handling, one can't seriously consider its binaries for using with +# non-mingw64 run-time environment. And as mingw64 is always consistent +# with itself, Applink is never engaged and can as well be omitted. +"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", + +# UWIN +"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", + +# Cygwin +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", + +# NetWare from David Ward (dsward@novell.com) +# requires either MetroWerks NLM development tools, or gcc / nlmconv +# NetWare defaults socket bio to WinSock sockets. However, +# the builds can be configured to use BSD sockets instead. +# netware-clib => legacy CLib c-runtime support +"netware-clib", "mwccnlm::::::${x86_gcc_opts}::", +"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", +"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", +"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", +# netware-libc => LibC/NKS support +"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", + +# DJGPP +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", + +# Ultrix from Bernhard Simon +"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", +"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", +# K&R C is no longer supported; you need gcc on old Ultrix installations +##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", + +##### MacOS X (a.k.a. Rhapsody or Darwin) setup +"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", +"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +# iPhoneOS/iOS +"iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + +##### A/UX +"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", + +##### Sony NEWS-OS 4.x +"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", + +##### GNU Hurd +"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", + +##### OS/2 EMX +"OS2-EMX", "gcc::::::::", + +##### VxWorks for various targets +"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::", +"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::", +"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", +"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", +"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:", +"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:", + +##### Compaq Non-Stop Kernel (Tandem) +"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", + +# uClinux +"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", +"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", + +); + +my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A + debug-VC-WIN64I debug-VC-WIN64A + VC-NT VC-CE VC-WIN32 debug-VC-WIN32 + BC-32 + netware-clib netware-clib-bsdsock + netware-libc netware-libc-bsdsock); + +my $idx = 0; +my $idx_cc = $idx++; +my $idx_cflags = $idx++; +my $idx_unistd = $idx++; +my $idx_thread_cflag = $idx++; +my $idx_sys_id = $idx++; +my $idx_lflags = $idx++; +my $idx_bn_ops = $idx++; +my $idx_cpuid_obj = $idx++; +my $idx_bn_obj = $idx++; +my $idx_ec_obj = $idx++; +my $idx_des_obj = $idx++; +my $idx_aes_obj = $idx++; +my $idx_bf_obj = $idx++; +my $idx_md5_obj = $idx++; +my $idx_sha1_obj = $idx++; +my $idx_cast_obj = $idx++; +my $idx_rc4_obj = $idx++; +my $idx_rmd160_obj = $idx++; +my $idx_rc5_obj = $idx++; +my $idx_wp_obj = $idx++; +my $idx_cmll_obj = $idx++; +my $idx_modes_obj = $idx++; +my $idx_engines_obj = $idx++; +my $idx_perlasm_scheme = $idx++; +my $idx_dso_scheme = $idx++; +my $idx_shared_target = $idx++; +my $idx_shared_cflag = $idx++; +my $idx_shared_ldflag = $idx++; +my $idx_shared_extension = $idx++; +my $idx_ranlib = $idx++; +my $idx_arflags = $idx++; +my $idx_multilib = $idx++; + +my $prefix=""; +my $libdir=""; +my $openssldir=""; +my $exe_ext=""; +my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; +my $cross_compile_prefix=""; +my $fipsdir="/usr/local/ssl/fips-2.0"; +my $fipslibdir=""; +my $baseaddr="0xFB00000"; +my $no_threads=0; +my $threads=0; +my $no_shared=0; # but "no-shared" is default +my $zlib=1; # but "no-zlib" is default +my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used +my $no_rfc3779=1; # but "no-rfc3779" is default +my $no_asm=0; +my $no_dso=0; +my $no_gmp=0; +my @skip=(); +my $Makefile="Makefile"; +my $des_locl="crypto/des/des_locl.h"; +my $des ="crypto/des/des.h"; +my $bn ="crypto/bn/bn.h"; +my $md2 ="crypto/md2/md2.h"; +my $rc4 ="crypto/rc4/rc4.h"; +my $rc4_locl="crypto/rc4/rc4_locl.h"; +my $idea ="crypto/idea/idea.h"; +my $rc2 ="crypto/rc2/rc2.h"; +my $bf ="crypto/bf/bf_locl.h"; +my $bn_asm ="bn_asm.o"; +my $des_enc="des_enc.o fcrypt_b.o"; +my $aes_enc="aes_core.o aes_cbc.o"; +my $bf_enc ="bf_enc.o"; +my $cast_enc="c_enc.o"; +my $rc4_enc="rc4_enc.o rc4_skey.o"; +my $rc5_enc="rc5_enc.o"; +my $md5_obj=""; +my $sha1_obj=""; +my $rmd160_obj=""; +my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o"; +my $processor=""; +my $default_ranlib; +my $perl; +my $fips=0; + +if (exists $ENV{FIPSDIR}) + { + $fipsdir = $ENV{FIPSDIR}; + $fipsdir =~ s/\/$//; + } + +# All of the following is disabled by default (RC5 was enabled before 0.9.8): + +my %disabled = ( # "what" => "comment" [or special keyword "experimental"] + "ec_nistp_64_gcc_128" => "default", + "gmp" => "default", + "jpake" => "experimental", + "libunbound" => "experimental", + "md2" => "default", + "rc5" => "default", + "rfc3779" => "default", + "sctp" => "default", + "shared" => "default", + "ssl-trace" => "default", + "ssl2" => "default", + "store" => "experimental", + "unit-test" => "default", + "weak-ssl-ciphers" => "default", + "zlib" => "default", + "zlib-dynamic" => "default" + ); +my @experimental = (); + +# This is what $depflags will look like with the above defaults +# (we need this to see if we should advise the user to run "make depend"): +my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS"; + +# Explicit "no-..." options will be collected in %disabled along with the defaults. +# To remove something from %disabled, use "enable-foo" (unless it's experimental). +# For symmetry, "disable-foo" is a synonym for "no-foo". + +# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable. +# We will collect such requests in @experimental. +# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO. + + +my $no_sse2=0; + +&usage if ($#ARGV < 0); + +my $flags; +my $depflags; +my $openssl_experimental_defines; +my $openssl_algorithm_defines; +my $openssl_thread_defines; +my $openssl_sys_defines=""; +my $openssl_other_defines; +my $libs; +my $libkrb5=""; +my $target; +my $options; +my $symlink; +my $make_depend=0; +my %withargs=(); + +my @argvcopy=@ARGV; +my $argvstring=""; +my $argv_unprocessed=1; + +while($argv_unprocessed) + { + $flags=""; + $depflags=""; + $openssl_experimental_defines=""; + $openssl_algorithm_defines=""; + $openssl_thread_defines=""; + $openssl_sys_defines=""; + $openssl_other_defines=""; + $libs=""; + $target=""; + $options=""; + $symlink=1; + + $argv_unprocessed=0; + $argvstring=join(' ',@argvcopy); + +PROCESS_ARGS: + foreach (@argvcopy) + { + s /^-no-/no-/; # some people just can't read the instructions + + # rewrite some options in "enable-..." form + s /^-?-?shared$/enable-shared/; + s /^sctp$/enable-sctp/; + s /^threads$/enable-threads/; + s /^zlib$/enable-zlib/; + s /^zlib-dynamic$/enable-zlib-dynamic/; + + if (/^no-(.+)$/ || /^disable-(.+)$/) + { + if (!($disabled{$1} eq "experimental")) + { + if ($1 eq "ssl") + { + $disabled{"ssl2"} = "option(ssl)"; + $disabled{"ssl3"} = "option(ssl)"; + } + elsif ($1 eq "tls") + { + $disabled{"tls1"} = "option(tls)" + } + elsif ($1 eq "ssl3-method") + { + $disabled{"ssl3-method"} = "option(ssl)"; + $disabled{"ssl3"} = "option(ssl)"; + } + else + { + $disabled{$1} = "option"; + } + } + } + elsif (/^enable-(.+)$/ || /^experimental-(.+)$/) + { + my $algo = $1; + if ($disabled{$algo} eq "experimental") + { + die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n" + unless (/^experimental-/); + push @experimental, $algo; + } + delete $disabled{$algo}; + + $threads = 1 if ($algo eq "threads"); + } + elsif (/^--test-sanity$/) + { + exit(&test_sanity()); + } + elsif (/^--strict-warnings/) + { + $strict_warnings = 1; + } + elsif (/^reconfigure/ || /^reconf/) + { + if (open(IN,"<$Makefile")) + { + while () + { + chomp; + if (/^CONFIGURE_ARGS=(.*)/) + { + $argvstring=$1; + @argvcopy=split(' ',$argvstring); + die "Incorrect data to reconfigure, please do a normal configuration\n" + if (grep(/^reconf/,@argvcopy)); + print "Reconfiguring with: $argvstring\n"; + $argv_unprocessed=1; + close(IN); + last PROCESS_ARGS; + } + } + close(IN); + } + die "Insufficient data to reconfigure, please do a normal configuration\n"; + } + elsif (/^386$/) + { $processor=386; } + elsif (/^fips$/) + { + $fips=1; + } + elsif (/^rsaref$/) + { + # No RSAref support any more since it's not needed. + # The check for the option is there so scripts aren't + # broken + } + elsif (/^[-+]/) + { + if (/^--prefix=(.*)$/) + { + $prefix=$1; + } + elsif (/^--libdir=(.*)$/) + { + $libdir=$1; + } + elsif (/^--openssldir=(.*)$/) + { + $openssldir=$1; + } + elsif (/^--install.prefix=(.*)$/) + { + $install_prefix=$1; + } + elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/) + { + $withargs{"krb5-".$1}=$2; + } + elsif (/^--with-zlib-lib=(.*)$/) + { + $withargs{"zlib-lib"}=$1; + } + elsif (/^--with-zlib-include=(.*)$/) + { + $withargs{"zlib-include"}="-I$1"; + } + elsif (/^--with-fipsdir=(.*)$/) + { + $fipsdir="$1"; + } + elsif (/^--with-fipslibdir=(.*)$/) + { + $fipslibdir="$1"; + } + elsif (/^--with-baseaddr=(.*)$/) + { + $baseaddr="$1"; + } + elsif (/^--cross-compile-prefix=(.*)$/) + { + $cross_compile_prefix=$1; + } + elsif (/^-[lL](.*)$/ or /^-Wl,/) + { + $libs.=$_." "; + } + else # common if (/^[-+]/), just pass down... + { + $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; + $flags.=$_." "; + } + } + elsif ($_ =~ /^([^:]+):(.+)$/) + { + eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string + $target=$1; + } + else + { + die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); + $target=$_; + } + + unless ($_ eq $target || /^no-/ || /^disable-/) + { + # "no-..." follows later after implied disactivations + # have been derived. (Don't take this too seroiusly, + # we really only write OPTIONS to the Makefile out of + # nostalgia.) + + if ($options eq "") + { $options = $_; } + else + { $options .= " ".$_; } + } + } + } + + + +if ($processor eq "386") + { + $disabled{"sse2"} = "forced"; + } + +if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") + { + $disabled{"krb5"} = "krb5-flavor not specified"; + } + +if (!defined($disabled{"zlib-dynamic"})) + { + # "zlib-dynamic" was specifically enabled, so enable "zlib" + delete $disabled{"zlib"}; + } + +if (defined($disabled{"rijndael"})) + { + $disabled{"aes"} = "forced"; + } +if (defined($disabled{"des"})) + { + $disabled{"mdc2"} = "forced"; + } +if (defined($disabled{"ec"})) + { + $disabled{"ecdsa"} = "forced"; + $disabled{"ecdh"} = "forced"; + } + +# SSL 2.0 requires MD5 and RSA +if (defined($disabled{"md5"}) || defined($disabled{"rsa"})) + { + $disabled{"ssl2"} = "forced"; + } + +if ($fips && $fipslibdir eq "") + { + $fipslibdir = $fipsdir . "/lib/"; + } + +# RSAX ENGINE sets default non-FIPS RSA method. +if ($fips) + { + $disabled{"rsax"} = "forced"; + } + +# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH +if (defined($disabled{"md5"}) || defined($disabled{"sha"}) + || (defined($disabled{"rsa"}) + && (defined($disabled{"dsa"}) || defined($disabled{"dh"})))) + { + $disabled{"ssl3"} = "forced"; + $disabled{"tls1"} = "forced"; + } + +if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) + || defined($disabled{"dh"})) + { + $disabled{"gost"} = "forced"; + } + +# SRP and HEARTBEATS require TLSEXT +if (defined($disabled{"tlsext"})) + { + $disabled{"srp"} = "forced"; + $disabled{"heartbeats"} = "forced"; + } + +if ($target eq "TABLE") { + foreach $target (sort keys %table) { + print_table_entry($target); + } + exit 0; +} + +if ($target eq "LIST") { + foreach (sort keys %table) { + print; + print "\n"; + } + exit 0; +} + +if ($target =~ m/^CygWin32(-.*)$/) { + $target = "Cygwin".$1; +} + +print "Configuring for $target\n"; + +&usage if (!defined($table{$target})); + + +foreach (sort (keys %disabled)) + { + $options .= " no-$_"; + + printf " no-%-12s %-10s", $_, "[$disabled{$_}]"; + + if (/^dso$/) + { $no_dso = 1; } + elsif (/^threads$/) + { $no_threads = 1; } + elsif (/^shared$/) + { $no_shared = 1; } + elsif (/^zlib$/) + { $zlib = 0; } + elsif (/^static-engine$/) + { } + elsif (/^zlib-dynamic$/) + { } + elsif (/^symlinks$/) + { $symlink = 0; } + elsif (/^sse2$/) + { $no_sse2 = 1; } + else + { + my ($ALGO, $algo); + ($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/; + + if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/) + { + $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n"; + print " OPENSSL_NO_$ALGO"; + + if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; } + elsif (/^asm$/) { $no_asm = 1; } + } + else + { + $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n"; + print " OPENSSL_NO_$ALGO"; + + if (/^krb5$/) + { $no_krb5 = 1; } + else + { + push @skip, $algo; + # fix-up crypto/directory name(s) + @skip[$#skip]="whrlpool" if $algo eq "whirlpool"; + print " (skip dir)"; + + $depflags .= " -DOPENSSL_NO_$ALGO"; + } + } + } + + print "\n"; + } + +my $exp_cflags = ""; +foreach (sort @experimental) + { + my $ALGO; + ($ALGO = $_) =~ tr/[a-z]/[A-Z]/; + + # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined + $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n"; + $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO"; + } + +my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; + +$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/); +$exe_ext=".nlm" if ($target =~ /netware/); +$exe_ext=".pm" if ($target =~ /vos/); +$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); +$prefix=$openssldir if $prefix eq ""; + +$default_ranlib= &which("ranlib") or $default_ranlib="true"; +$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") + or $perl="perl"; +my $make = $ENV{'MAKE'} || "make"; + +$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq ""; + +chop $openssldir if $openssldir =~ /\/$/; +chop $prefix if $prefix =~ /.\/$/; + +$openssldir=$prefix . "/ssl" if $openssldir eq ""; +$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; + + +print "IsMK1MF=$IsMK1MF\n"; + +my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); +my $cc = $fields[$idx_cc]; +# Allow environment CC to override compiler... +if($ENV{CC}) { + $cc = $ENV{CC}; +} + +my $cflags = $fields[$idx_cflags]; +my $unistd = $fields[$idx_unistd]; +my $thread_cflag = $fields[$idx_thread_cflag]; +my $sys_id = $fields[$idx_sys_id]; +my $lflags = $fields[$idx_lflags]; +my $bn_ops = $fields[$idx_bn_ops]; +my $cpuid_obj = $fields[$idx_cpuid_obj]; +my $bn_obj = $fields[$idx_bn_obj]; +my $ec_obj = $fields[$idx_ec_obj]; +my $des_obj = $fields[$idx_des_obj]; +my $aes_obj = $fields[$idx_aes_obj]; +my $bf_obj = $fields[$idx_bf_obj]; +my $md5_obj = $fields[$idx_md5_obj]; +my $sha1_obj = $fields[$idx_sha1_obj]; +my $cast_obj = $fields[$idx_cast_obj]; +my $rc4_obj = $fields[$idx_rc4_obj]; +my $rmd160_obj = $fields[$idx_rmd160_obj]; +my $rc5_obj = $fields[$idx_rc5_obj]; +my $wp_obj = $fields[$idx_wp_obj]; +my $cmll_obj = $fields[$idx_cmll_obj]; +my $modes_obj = $fields[$idx_modes_obj]; +my $engines_obj = $fields[$idx_engines_obj]; +my $perlasm_scheme = $fields[$idx_perlasm_scheme]; +my $dso_scheme = $fields[$idx_dso_scheme]; +my $shared_target = $fields[$idx_shared_target]; +my $shared_cflag = $fields[$idx_shared_cflag]; +my $shared_ldflag = $fields[$idx_shared_ldflag]; +my $shared_extension = $fields[$idx_shared_extension]; +my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib]; +my $ar = $ENV{'AR'} || "ar"; +my $arflags = $fields[$idx_arflags]; +my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres"; +my $multilib = $fields[$idx_multilib]; + +# if $prefix/lib$multilib is not an existing directory, then +# assume that it's not searched by linker automatically, in +# which case adding $multilib suffix causes more grief than +# we're ready to tolerate, so don't... +$multilib="" if !-d "$prefix/lib$multilib"; + +$libdir="lib$multilib" if $libdir eq ""; + +$cflags = "$cflags$exp_cflags"; + +# '%' in $lflags is used to split flags to "pre-" and post-flags +my ($prelflags,$postlflags)=split('%',$lflags); +if (defined($postlflags)) { $lflags=$postlflags; } +else { $lflags=$prelflags; undef $prelflags; } + +if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) + { + $cflags =~ s/\-mno\-cygwin\s*//; + $shared_ldflag =~ s/\-mno\-cygwin\s*//; + } + +if ($target =~ /linux.*\-mips/ && !$no_asm && $flags !~ /\-m(ips|arch=)/) { + # minimally required architecture flags for assembly modules + $cflags="-mips2 $cflags" if ($target =~ /mips32/); + $cflags="-mips3 $cflags" if ($target =~ /mips64/); +} + +my $no_shared_warn=0; +my $no_user_cflags=0; + +if ($flags ne "") { $cflags="$flags$cflags"; } +else { $no_user_cflags=1; } + +# Kerberos settings. The flavor must be provided from outside, either through +# the script "config" or manually. +if (!$no_krb5) + { + my ($lresolv, $lpath, $lext); + if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) + { + die "Sorry, Heimdal is currently not supported\n"; + } + ##### HACK to force use of Heimdal. + ##### WARNING: Since we don't really have adequate support for Heimdal, + ##### using this will break the build. You'll have to make + ##### changes to the source, and if you do, please send + ##### patches to openssl-dev@openssl.org + if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/) + { + warn "Heimdal isn't really supported. Your build WILL break\n"; + warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n"; + $withargs{"krb5-dir"} = "/usr/heimdal" + if $withargs{"krb5-dir"} eq ""; + $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. + "/lib -lgssapi -lkrb5 -lcom_err" + if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; + $cflags="-DKRB5_HEIMDAL $cflags"; + } + if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) + { + $withargs{"krb5-dir"} = "/usr/kerberos" + if $withargs{"krb5-dir"} eq ""; + $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. + "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" + if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; + $cflags="-DKRB5_MIT $cflags"; + $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; + if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) + { + $cflags="-DKRB5_MIT_OLD11 $cflags"; + } + } + LRESOLV: + foreach $lpath ("/lib", "/usr/lib") + { + foreach $lext ("a", "so") + { + $lresolv = "$lpath/libresolv.$lext"; + last LRESOLV if (-r "$lresolv"); + $lresolv = ""; + } + } + $withargs{"krb5-lib"} .= " -lresolv" + if ("$lresolv" ne ""); + $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" + if $withargs{"krb5-include"} eq "" && + $withargs{"krb5-dir"} ne ""; + } + +# The DSO code currently always implements all functions so that no +# applications will have to worry about that from a compilation point +# of view. However, the "method"s may return zero unless that platform +# has support compiled in for them. Currently each method is enabled +# by a define "DSO_" ... we translate the "dso_scheme" config +# string entry into using the following logic; +my $dso_cflags; +if (!$no_dso && $dso_scheme ne "") + { + $dso_scheme =~ tr/[a-z]/[A-Z]/; + if ($dso_scheme eq "DLFCN") + { + $dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H"; + } + elsif ($dso_scheme eq "DLFCN_NO_H") + { + $dso_cflags = "-DDSO_DLFCN"; + } + else + { + $dso_cflags = "-DDSO_$dso_scheme"; + } + $cflags = "$dso_cflags $cflags"; + } + +my $thread_cflags; +my $thread_defines; +if ($thread_cflag ne "(unknown)" && !$no_threads) + { + # If we know how to do it, support threads by default. + $threads = 1; + } +if ($thread_cflag eq "(unknown)" && $threads) + { + # If the user asked for "threads", [s]he is also expected to + # provide any system-dependent compiler options that are + # necessary. + if ($no_user_cflags) + { + print "You asked for multi-threading support, but didn't\n"; + print "provide any system-specific compiler options\n"; + exit(1); + } + $thread_cflags="-DOPENSSL_THREADS $cflags" ; + $thread_defines .= "#define OPENSSL_THREADS\n"; + } +else + { + $thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags"; + $thread_defines .= "#define OPENSSL_THREADS\n"; +# my $def; +# foreach $def (split ' ',$thread_cflag) +# { +# if ($def =~ s/^-D// && $def !~ /^_/) +# { +# $thread_defines .= "#define $def\n"; +# } +# } + } + +$lflags="$libs$lflags" if ($libs ne ""); + +if ($no_asm) + { + $cpuid_obj=$bn_obj=$ec_obj= + $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= + $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=""; + } + +if (!$no_shared) + { + $cast_obj=""; # CAST assembler is not PIC + } + +if ($threads) + { + $cflags=$thread_cflags; + $openssl_thread_defines .= $thread_defines; + } + +if ($zlib) + { + $cflags = "-DZLIB $cflags"; + if (defined($disabled{"zlib-dynamic"})) + { + if (defined($withargs{"zlib-lib"})) + { + $lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz"; + } + else + { + $lflags = "$lflags -lz"; + } + } + else + { + $cflags = "-DZLIB_SHARED $cflags"; + } + } + +# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org +my $shared_mark = ""; +if ($shared_target eq "") + { + $no_shared_warn = 1 if !$no_shared; + $no_shared = 1; + } +if (!$no_shared) + { + if ($shared_cflag ne "") + { + $cflags = "$shared_cflag -DOPENSSL_PIC $cflags"; + } + } + +if (!$IsMK1MF) + { + # add {no-}static-engine to options to allow mkdef.pl to work without extra arguments + if ($no_shared) + { + $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n"; + $options.=" static-engine"; + } + else + { + $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n"; + $options.=" no-static-engine"; + } + } + +$cpuid_obj.=" uplink.o uplink-x86.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/); + +# +# Platform fix-ups +# +if ($target =~ /\-icc$/) # Intel C compiler + { + my $iccver=0; + if (open(FD,"$cc -V 2>&1 |")) + { + while() { $iccver=$1 if (/Version ([0-9]+)\./); } + close(FD); + } + if ($iccver>=8) + { + $cflags=~s/\-KPIC/-fPIC/; + # Eliminate unnecessary dependency from libirc.a. This is + # essential for shared library support, as otherwise + # apps/openssl can end up in endless loop upon startup... + $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset"; + } + if ($iccver>=9) + { + $lflags.=" -i-static"; + $lflags=~s/\-no_cpprt/-no-cpprt/; + } + if ($iccver>=10) + { + $lflags=~s/\-i\-static/-static-intel/; + } + if ($iccver>=11) + { + $cflags.=" -no-intel-extensions"; # disable Cilk + $lflags=~s/\-no\-cpprt/-no-cxxlib/; + } + } + +# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time +# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on +# .so objects. Apparently application RPATH is not global and does +# not apply to .so linked with other .so. Problem manifests itself +# when libssl.so fails to load libcrypto.so. One can argue that we +# should engrave this into Makefile.shared rules or into BSD-* config +# lines above. Meanwhile let's try to be cautious and pass -rpath to +# linker only when --prefix is not /usr. +if ($target =~ /^BSD\-/) + { + $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); + } + +if ($sys_id ne "") + { + #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; + $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n"; + } + +if ($ranlib eq "") + { + $ranlib = $default_ranlib; + } + +#my ($bn1)=split(/\s+/,$bn_obj); +#$bn1 = "" unless defined $bn1; +#$bn1=$bn_asm unless ($bn1 =~ /\.o$/); +#$bn_obj="$bn1"; + +$cpuid_obj="" if ($processor eq "386"); + +$bn_obj = $bn_asm unless $bn_obj ne ""; +# bn-586 is the only one implementing bn_*_part_words +$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/); +$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/); + +$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/); +$cflags.=" -DOPENSSL_BN_ASM_MONT5" if ($bn_obj =~ /-mont5/); +$cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/); + +if ($fips) + { + $openssl_other_defines.="#define OPENSSL_FIPS\n"; + $cflags .= " -I\$(FIPSDIR)/include"; + } + +$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); +$des_obj=$des_enc unless ($des_obj =~ /\.o$/); +$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); +$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); +$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); +if ($rc4_obj =~ /\.o$/) + { + $cflags.=" -DRC4_ASM"; + } +else + { + $rc4_obj=$rc4_enc; + } +if ($sha1_obj =~ /\.o$/) + { +# $sha1_obj=$sha1_enc; + $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/); + $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/); + $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/); + if ($sha1_obj =~ /sse2/) + { if ($no_sse2) + { $sha1_obj =~ s/\S*sse2\S+//; } + elsif ($cflags !~ /OPENSSL_IA32_SSE2/) + { $cflags.=" -DOPENSSL_IA32_SSE2"; } + } + } +if ($md5_obj =~ /\.o$/) + { +# $md5_obj=$md5_enc; + $cflags.=" -DMD5_ASM"; + } +if ($rmd160_obj =~ /\.o$/) + { +# $rmd160_obj=$rmd160_enc; + $cflags.=" -DRMD160_ASM"; + } +if ($aes_obj =~ /\.o$/) + { + $cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/);; + # aes-ctr.o is not a real file, only indication that assembler + # module implements AES_ctr32_encrypt... + $cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//); + # aes-xts.o indicates presense of AES_xts_[en|de]crypt... + $cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//); + $aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2); + $cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/); + $cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/); + } +else { + $aes_obj=$aes_enc; + } +$wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386"); +if ($wp_obj =~ /\.o$/ && !$disabled{"whirlpool"}) + { + $cflags.=" -DWHIRLPOOL_ASM"; + } +else { + $wp_obj="wp_block.o"; + } +$cmll_obj=$cmll_enc unless ($cmll_obj =~ /.o$/); +if ($modes_obj =~ /ghash\-/) + { + $cflags.=" -DGHASH_ASM"; + } +if ($ec_obj =~ /ecp_nistz256/) + { + $cflags.=" -DECP_NISTZ256_ASM"; + } + +# "Stringify" the C flags string. This permits it to be made part of a string +# and works as well on command lines. +$cflags =~ s/([\\\"])/\\\1/g; + +my $version = "unknown"; +my $version_num = "unknown"; +my $major = "unknown"; +my $minor = "unknown"; +my $shlib_version_number = "unknown"; +my $shlib_version_history = "unknown"; +my $shlib_major = "unknown"; +my $shlib_minor = "unknown"; + +open(IN,') + { + $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; + $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/; + $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/; + $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/; + } +close(IN); +if ($shlib_version_history ne "") { $shlib_version_history .= ":"; } + +if ($version =~ /(^[0-9]*)\.([0-9\.]*)/) + { + $major=$1; + $minor=$2; + } + +if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) + { + $shlib_major=$1; + $shlib_minor=$2; + } + +my $ecc = $cc; +$ecc = "clang" if `$cc --version 2>&1` =~ /clang/; + +if ($strict_warnings) + { + my $wopt; + die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); + foreach $wopt (split /\s+/, $gcc_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } + if ($ecc eq "clang") + { + foreach $wopt (split /\s+/, $clang_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } + } + } + +open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; +print OUT "### Generated automatically from Makefile.org by Configure.\n\n"; +my $sdirs=0; +while () + { + chomp; + $sdirs = 1 if /^SDIRS=/; + if ($sdirs) { + my $dir; + foreach $dir (@skip) { + s/(\s)$dir /$1/; + s/\s$dir$//; + } + } + $sdirs = 0 unless /\\$/; + s/engines // if (/^DIRS=/ && $disabled{"engine"}); + s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"}); + s/^VERSION=.*/VERSION=$version/; + s/^MAJOR=.*/MAJOR=$major/; + s/^MINOR=.*/MINOR=$minor/; + s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; + s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; + s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; + s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/; + s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/; + s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/; + s/^MULTILIB=.*$/MULTILIB=$multilib/; + s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/; + s/^LIBDIR=.*$/LIBDIR=$libdir/; + s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/; + s/^PLATFORM=.*$/PLATFORM=$target/; + s/^OPTIONS=.*$/OPTIONS=$options/; + s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/; + if ($cross_compile_prefix) + { + s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/; + s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/; + s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; + s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; + s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; + } + else { + s/^CC=.*$/CC= $cc/; + s/^AR=\s*ar/AR= $ar/; + s/^RANLIB=.*/RANLIB= $ranlib/; + s/^RC=.*/RC= $windres/; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang"; + } + s/^CFLAG=.*$/CFLAG= $cflags/; + s/^DEPFLAG=.*$/DEPFLAG=$depflags/; + s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/; + s/^EX_LIBS=.*$/EX_LIBS= $lflags/; + s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; + s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/; + s/^BN_ASM=.*$/BN_ASM= $bn_obj/; + s/^EC_ASM=.*$/EC_ASM= $ec_obj/; + s/^DES_ENC=.*$/DES_ENC= $des_obj/; + s/^AES_ENC=.*$/AES_ENC= $aes_obj/; + s/^BF_ENC=.*$/BF_ENC= $bf_obj/; + s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; + s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/; + s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/; + s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; + s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; + s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; + s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/; + s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/; + s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/; + s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/; + s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/; + s/^PROCESSOR=.*/PROCESSOR= $processor/; + s/^ARFLAGS=.*/ARFLAGS= $arflags/; + s/^PERL=.*/PERL= $perl/; + s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; + s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; + s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; + s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; + + s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; + s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; + s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; + s/^BASEADDR=.*/BASEADDR=$baseaddr/; + + s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; + s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; + s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); + if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) + { + my $sotmp = $1; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/) + { + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) + { + my $sotmp = $1; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) + { + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/; + } + s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/; + print OUT $_."\n"; + } +close(IN); +close(OUT); +if ((compare($Makefile, "$Makefile.new")) + or file_newer('Configure', $Makefile) + or file_newer('config', $Makefile) + or file_newer('Makefile.org', $Makefile)) + { + rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile; + rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n"; + } +else + { unlink("$Makefile.new"); } + +print "CC =$cc\n"; +print "CFLAG =$cflags\n"; +print "EX_LIBS =$lflags\n"; +print "CPUID_OBJ =$cpuid_obj\n"; +print "BN_ASM =$bn_obj\n"; +print "EC_ASM =$ec_obj\n"; +print "DES_ENC =$des_obj\n"; +print "AES_ENC =$aes_obj\n"; +print "BF_ENC =$bf_obj\n"; +print "CAST_ENC =$cast_obj\n"; +print "RC4_ENC =$rc4_obj\n"; +print "RC5_ENC =$rc5_obj\n"; +print "MD5_OBJ_ASM =$md5_obj\n"; +print "SHA1_OBJ_ASM =$sha1_obj\n"; +print "RMD160_OBJ_ASM=$rmd160_obj\n"; +print "CMLL_ENC =$cmll_obj\n"; +print "MODES_OBJ =$modes_obj\n"; +print "ENGINES_OBJ =$engines_obj\n"; +print "PROCESSOR =$processor\n"; +print "RANLIB =$ranlib\n"; +print "ARFLAGS =$arflags\n"; +print "PERL =$perl\n"; +print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" + if $withargs{"krb5-include"} ne ""; + +my $des_ptr=0; +my $des_risc1=0; +my $des_risc2=0; +my $des_unroll=0; +my $bn_ll=0; +my $def_int=2; +my $rc4_int=$def_int; +my $md2_int=$def_int; +my $idea_int=$def_int; +my $rc2_int=$def_int; +my $rc4_idx=0; +my $rc4_chunk=0; +my $bf_ptr=0; +my @type=("char","short","int","long"); +my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0); +my $export_var_as_fn=0; + +my $des_int; + +foreach (sort split(/\s+/,$bn_ops)) + { + $des_ptr=1 if /DES_PTR/; + $des_risc1=1 if /DES_RISC1/; + $des_risc2=1 if /DES_RISC2/; + $des_unroll=1 if /DES_UNROLL/; + $des_int=1 if /DES_INT/; + $bn_ll=1 if /BN_LLONG/; + $rc4_int=0 if /RC4_CHAR/; + $rc4_int=3 if /RC4_LONG/; + $rc4_idx=1 if /RC4_INDEX/; + $rc4_chunk=1 if /RC4_CHUNK/; + $rc4_chunk=2 if /RC4_CHUNK_LL/; + $md2_int=0 if /MD2_CHAR/; + $md2_int=3 if /MD2_LONG/; + $idea_int=1 if /IDEA_SHORT/; + $idea_int=3 if /IDEA_LONG/; + $rc2_int=1 if /RC2_SHORT/; + $rc2_int=3 if /RC2_LONG/; + $bf_ptr=1 if $_ eq "BF_PTR"; + $bf_ptr=2 if $_ eq "BF_PTR2"; + ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/; + $export_var_as_fn=1 if /EXPORT_VAR_AS_FN/; + } + +open(IN,'crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n"; +print OUT "/* opensslconf.h */\n"; +print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; + +print OUT "#ifdef __cplusplus\n"; +print OUT "extern \"C\" {\n"; +print OUT "#endif\n"; +print OUT "/* OpenSSL was configured with the following options: */\n"; +my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; +$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; +$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg; +$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; +$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq ""; +$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; +$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; +$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; +print OUT $openssl_sys_defines; +print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n"; +print OUT $openssl_experimental_defines; +print OUT "\n"; +print OUT $openssl_algorithm_defines; +print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n"; +print OUT $openssl_thread_defines; +print OUT $openssl_other_defines,"\n"; + +print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n"; +print OUT " asks for it. This is a transient feature that is provided for those\n"; +print OUT " who haven't had the time to do the appropriate changes in their\n"; +print OUT " applications. */\n"; +print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n"; +print OUT $openssl_algorithm_defines_trans; +print OUT "#endif\n\n"; + +print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj ne "mem_clr.o"); + +while () + { + if (/^#define\s+OPENSSLDIR/) + { + my $foo = $openssldir; + $foo =~ s/\\/\\\\/g; + print OUT "#define OPENSSLDIR \"$foo\"\n"; + } + elsif (/^#define\s+ENGINESDIR/) + { + my $foo = "$prefix/$libdir/engines"; + $foo =~ s/\\/\\\\/g; + print OUT "#define ENGINESDIR \"$foo\"\n"; + } + elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) + { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" + if $export_var_as_fn; + printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n", + ($export_var_as_fn)?"define":"undef"; } + elsif (/^#define\s+OPENSSL_UNISTD/) + { + $unistd = "" if $unistd eq ""; + print OUT "#define OPENSSL_UNISTD $unistd\n"; + } + elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/) + { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/) + { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/) + { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/) + { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+EIGHT_BIT/) + { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/) + { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; } + elsif (/^\#define\s+DES_LONG\s+.*/) + { printf OUT "#define DES_LONG unsigned %s\n", + ($des_int)?'int':'long'; } + elsif (/^\#(define|undef)\s+DES_PTR/) + { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_RISC1/) + { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_RISC2/) + { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_UNROLL/) + { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; } + elsif (/^#define\s+RC4_INT\s/) + { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; } + elsif (/^#undef\s+RC4_CHUNK/) + { + printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0; + printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1; + printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2; + } + elsif (/^#((define)|(undef))\s+RC4_INDEX/) + { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; } + elsif (/^#(define|undef)\s+I386_ONLY/) + { printf OUT "#%s I386_ONLY\n", ($processor eq "386")? + "define":"undef"; } + elsif (/^#define\s+MD2_INT\s/) + { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; } + elsif (/^#define\s+IDEA_INT\s/) + {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];} + elsif (/^#define\s+RC2_INT\s/) + {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];} + elsif (/^#(define|undef)\s+BF_PTR/) + { + printf OUT "#undef BF_PTR\n" if $bf_ptr == 0; + printf OUT "#define BF_PTR\n" if $bf_ptr == 1; + printf OUT "#define BF_PTR2\n" if $bf_ptr == 2; + } + else + { print OUT $_; } + } +close(IN); +print OUT "#ifdef __cplusplus\n"; +print OUT "}\n"; +print OUT "#endif\n"; +close(OUT); +if (compare("crypto/opensslconf.h.new","crypto/opensslconf.h")) + { + rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; + rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; + } +else + { unlink("crypto/opensslconf.h.new"); } + +# Fix the date + +print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l; +print "SIXTY_FOUR_BIT mode\n" if $b64; +print "THIRTY_TWO_BIT mode\n" if $b32; +print "SIXTEEN_BIT mode\n" if $b16; +print "EIGHT_BIT mode\n" if $b8; +print "DES_PTR used\n" if $des_ptr; +print "DES_RISC1 used\n" if $des_risc1; +print "DES_RISC2 used\n" if $des_risc2; +print "DES_UNROLL used\n" if $des_unroll; +print "DES_INT used\n" if $des_int; +print "BN_LLONG mode\n" if $bn_ll; +print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int; +print "RC4_INDEX mode\n" if $rc4_idx; +print "RC4_CHUNK is undefined\n" if $rc4_chunk==0; +print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1; +print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2; +print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int; +print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int; +print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; +print "BF_PTR used\n" if $bf_ptr == 1; +print "BF_PTR2 used\n" if $bf_ptr == 2; + +if($IsMK1MF) { + open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; + printf OUT <ms/version32.rc") || die "Can't open ms/version32.rc"; + print OUT < + +LANGUAGE 0x09,0x01 + +1 VERSIONINFO + FILEVERSION $v1,$v2,$v3,$v4 + PRODUCTVERSION $v1,$v2,$v3,$v4 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x01L +#else + FILEFLAGS 0x00L +#endif + FILEOS VOS__WINDOWS32 + FILETYPE VFT_DLL + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + // Required: + VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" + VALUE "FileDescription", "OpenSSL Shared Library\\0" + VALUE "FileVersion", "$version\\0" +#if defined(CRYPTO) + VALUE "InternalName", "libeay32\\0" + VALUE "OriginalFilename", "libeay32.dll\\0" +#elif defined(SSL) + VALUE "InternalName", "ssleay32\\0" + VALUE "OriginalFilename", "ssleay32.dll\\0" +#endif + VALUE "ProductName", "The OpenSSL Toolkit\\0" + VALUE "ProductVersion", "$version\\0" + // Optional: + //VALUE "Comments", "\\0" + VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + //VALUE "LegalTrademarks", "\\0" + //VALUE "PrivateBuild", "\\0" + //VALUE "SpecialBuild", "\\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 0x4b0 + END +END +EOF + close(OUT); + } + +print < 78) + { + print STDERR "\n"; + $k=length($i); + } + print STDERR $i . " "; + } + foreach $i (sort keys %table) + { + next if $i !~ /^debug/; + $k += length($i) + 1; + if ($k > 78) + { + print STDERR "\n"; + $k=length($i); + } + print STDERR $i . " "; + } + print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n"; + exit(1); + } + +sub which + { + my($name)=@_; + my $path; + foreach $path (split /:/, $ENV{PATH}) + { + if (-f "$path/$name$exe_ext" and -x _) + { + return "$path/$name$exe_ext" unless ($name eq "perl" and + system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\'')); + } + } + } + +sub dofile + { + my $f; my $p; my %m; my @a; my $k; my $ff; + ($f,$p,%m)=@_; + + open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n"; + @a=; + close(IN); + foreach $k (keys %m) + { + grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a); + } + open(OUT,">$f.new") || die "unable to open $f.new:$!\n"; + print OUT @a; + close(OUT); + rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f; + rename("$f.new",$f) || die "unable to rename $f.new\n"; + } + +sub print_table_entry + { + my $target = shift; + + my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags, + $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj, + $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj, + $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, + $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag, + $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)= + split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); + + print < (stat($file2))[9] + } diff --git a/openssl/FAQ b/openssl/FAQ new file mode 100644 index 0000000..22c5cf7 --- /dev/null +++ b/openssl/FAQ @@ -0,0 +1,2 @@ +The FAQ is now maintained on the web: + https://www.openssl.org/docs/faq.html diff --git a/openssl/GitConfigure b/openssl/GitConfigure new file mode 100755 index 0000000..bbab33e --- /dev/null +++ b/openssl/GitConfigure @@ -0,0 +1,8 @@ +#!/bin/sh + +BRANCH=`git rev-parse --abbrev-ref HEAD` + +./Configure $@ no-symlinks +make files +util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH +make -f makefile.$BRANCH init diff --git a/openssl/GitMake b/openssl/GitMake new file mode 100755 index 0000000..47beffd --- /dev/null +++ b/openssl/GitMake @@ -0,0 +1,5 @@ +#!/bin/sh + +BRANCH=`git rev-parse --abbrev-ref HEAD` + +make -f makefile.$BRANCH $@ diff --git a/openssl/INSTALL b/openssl/INSTALL new file mode 100644 index 0000000..aa7e35f --- /dev/null +++ b/openssl/INSTALL @@ -0,0 +1,367 @@ + + INSTALLATION ON THE UNIX PLATFORM + --------------------------------- + + [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) + and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS, + INSTALL.MacOS and INSTALL.NW. + + This document describes installation on operating systems in the Unix + family.] + + To install OpenSSL, you will need: + + * make + * Perl 5 + * an ANSI C compiler + * a development environment in form of development libraries and C + header files + * a supported Unix operating system + + Quick Start + ----------- + + If you want to just get on with it, do: + + $ ./config + $ make + $ make test + $ make install + + [If any of these steps fails, see section Installation in Detail below.] + + This will build and install OpenSSL in the default location, which is (for + historical reasons) /usr/local/ssl. If you want to install it anywhere else, + run config like this: + + $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl + + + Configuration Options + --------------------- + + There are several options to ./config (or ./Configure) to customize + the build: + + --prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl. + Configuration files used by OpenSSL will be in DIR/ssl + or the directory specified by --openssldir. + + --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, + the library files and binaries are also installed there. + + no-threads Don't try to build with support for multi-threaded + applications. + + threads Build with support for multi-threaded applications. + This will usually require additional system-dependent options! + See "Note on multi-threading" below. + + no-zlib Don't try to build with support for zlib compression and + decompression. + + zlib Build with support for zlib compression/decompression. + + zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically + when needed. This is only supported on systems where loading + of shared libraries is supported. This is the default choice. + + no-shared Don't try to create shared libraries. + + shared In addition to the usual static libraries, create shared + libraries on platforms where it's supported. See "Note on + shared libraries" below. + + no-asm Do not use assembler code. + + 386 In 32-bit x86 builds, when generating assembly modules, + use the 80386 instruction set only (the default x86 code + is more efficient, but requires at least a 486). Note: + This doesn't affect code generated by compiler, you're + likely to complement configuration command line with + suitable compiler-specific option. + + no-sse2 Exclude SSE2 code paths from 32-bit x86 assembly modules. + Normally SSE2 extension is detected at run-time, but the + decision whether or not the machine code will be executed + is taken solely on CPU capability vector. This means that + if you happen to run OS kernel which does not support SSE2 + extension on Intel P4 processor, then your application + might be exposed to "illegal instruction" exception. + There might be a way to enable support in kernel, e.g. + FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and + there is a way to disengage SSE2 code paths upon application + start-up, but if you aim for wider "audience" running + such kernel, consider no-sse2. Both the 386 and + no-asm options imply no-sse2. + + no- Build without the specified cipher (bf, cast, des, dh, dsa, + hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). + The crypto/ directory can be removed after running + "make depend". + + -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will + be passed through to the compiler to allow you to + define preprocessor symbols, specify additional libraries, + library directories or other compiler options. It might be + worth noting that some compilers generate code specifically + for processor the compiler currently executes on. This is + not necessarily what you might have in mind, since it might + be unsuitable for execution on other, typically older, + processor. Consult your compiler documentation. + + -DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using + BSD. Useful if you are running ocf-linux or something + similar. Once enabled you can also enable the use of + cryptodev digests, which is usually slower unless you have + large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force + it. + + Installation in Detail + ---------------------- + + 1a. Configure OpenSSL for your operation system automatically: + + $ ./config [options] + + This guesses at your operating system (and compiler, if necessary) and + configures OpenSSL based on this guess. Run ./config -t to see + if it guessed correctly. If you want to use a different compiler, you + are cross-compiling for another platform, or the ./config guess was + wrong for other reasons, go to step 1b. Otherwise go to step 2. + + On some systems, you can include debugging information as follows: + + $ ./config -d [options] + + 1b. Configure OpenSSL for your operating system manually + + OpenSSL knows about a range of different operating system, hardware and + compiler combinations. To see the ones it knows about, run + + $ ./Configure + + Pick a suitable name from the list that matches your system. For most + operating systems there is a choice between using "cc" or "gcc". When + you have identified your system (and if necessary compiler) use this name + as the argument to ./Configure. For example, a "linux-elf" user would + run: + + $ ./Configure linux-elf [options] + + If your system is not available, you will have to edit the Configure + program and add the correct configuration for your system. The + generic configurations "cc" or "gcc" should usually work on 32 bit + systems. + + Configure creates the file Makefile.ssl from Makefile.org and + defines various macros in crypto/opensslconf.h (generated from + crypto/opensslconf.h.in). + + 2. Build OpenSSL by running: + + $ make + + This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the + OpenSSL binary ("openssl"). The libraries will be built in the top-level + directory, and the binary will be in the "apps" directory. + + If the build fails, look at the output. There may be reasons + for the failure that aren't problems in OpenSSL itself (like + missing standard headers). If you are having problems you can + get help by sending an email to the openssl-users email list (see + https://www.openssl.org/community/mailinglists.html for details). If + it is a bug with OpenSSL itself, please open an issue on GitHub, at + https://github.com/openssl/openssl/issues. Please review the existing + ones first; maybe the bug was already reported or has already been + fixed. + + (If you encounter assembler error messages, try the "no-asm" + configuration option as an immediate fix.) + + Compiling parts of OpenSSL with gcc and others with the system + compiler will result in unresolved symbols on some systems. + + 3. After a successful build, the libraries should be tested. Run: + + $ make test + + If a test fails, look at the output. There may be reasons for + the failure that isn't a problem in OpenSSL itself (like a missing + or malfunctioning bc). If it is a problem with OpenSSL itself, + try removing any compiler optimization flags from the CFLAG line + in Makefile.ssl and run "make clean; make". Please send a bug + report to , including the output of + "make report" in order to be added to the request tracker at + http://www.openssl.org/support/rt.html. + + 4. If everything tests ok, install OpenSSL with + + $ make install + + This will create the installation directory (if it does not exist) and + then the following subdirectories: + + certs Initially empty, this is the default location + for certificate files. + man/man1 Manual pages for the 'openssl' command line tool + man/man3 Manual pages for the libraries (very incomplete) + misc Various scripts. + private Initially empty, this is the default location + for private key files. + + If you didn't choose a different installation prefix, the + following additional subdirectories will be created: + + bin Contains the openssl binary and a few other + utility programs. + include/openssl Contains the header files needed if you want to + compile programs with libcrypto or libssl. + lib Contains the OpenSSL library files themselves. + + Use "make install_sw" to install the software without documentation, + and "install_docs_html" to install HTML renditions of the manual + pages. + + Package builders who want to configure the library for standard + locations, but have the package installed somewhere else so that + it can easily be packaged, can use + + $ make INSTALL_PREFIX=/tmp/package-root install + + (or specify "--install_prefix=/tmp/package-root" as a configure + option). The specified prefix will be prepended to all + installation target filenames. + + + NOTE: The header files used to reside directly in the include + directory, but have now been moved to include/openssl so that + OpenSSL can co-exist with other libraries which use some of the + same filenames. This means that applications that use OpenSSL + should now use C preprocessor directives of the form + + #include + + instead of "#include ", which was used with library versions + up to OpenSSL 0.9.2b. + + If you install a new version of OpenSSL over an old library version, + you should delete the old header files in the include directory. + + Compatibility issues: + + * COMPILING existing applications + + To compile an application that uses old filenames -- e.g. + "#include " --, it will usually be enough to find + the CFLAGS definition in the application's Makefile and + add a C option such as + + -I/usr/local/ssl/include/openssl + + to it. + + But don't delete the existing -I option that points to + the ..../include directory! Otherwise, OpenSSL header files + could not #include each other. + + * WRITING applications + + To write an application that is able to handle both the new + and the old directory layout, so that it can still be compiled + with library versions up to OpenSSL 0.9.2b without bothering + the user, you can proceed as follows: + + - Always use the new filename of OpenSSL header files, + e.g. #include . + + - Create a directory "incl" that contains only a symbolic + link named "openssl", which points to the "include" directory + of OpenSSL. + For example, your application's Makefile might contain the + following rule, if OPENSSLDIR is a pathname (absolute or + relative) of the directory where OpenSSL resides: + + incl/openssl: + -mkdir incl + cd $(OPENSSLDIR) # Check whether the directory really exists + -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl + + You will have to add "incl/openssl" to the dependencies + of those C files that include some OpenSSL header file. + + - Add "-Iincl" to your CFLAGS. + + With these additions, the OpenSSL header files will be available + under both name variants if an old library version is used: + Your application can reach them under names like , + while the header files still are able to #include each other + with names of the form . + + + Note on multi-threading + ----------------------- + + For some systems, the OpenSSL Configure script knows what compiler options + are needed to generate a library that is suitable for multi-threaded + applications. On these systems, support for multi-threading is enabled + by default; use the "no-threads" option to disable (this should never be + necessary). + + On other systems, to enable support for multi-threading, you will have + to specify at least two options: "threads", and a system-dependent option. + (The latter is "-D_REENTRANT" on various systems.) The default in this + case, obviously, is not to include support for multi-threading (but + you can still use "no-threads" to suppress an annoying warning message + from the Configure script.) + + + Note on shared libraries + ------------------------ + + Shared libraries have certain caveats. Binary backward compatibility + can't be guaranteed before OpenSSL version 1.0. The only reason to + use them would be to conserve memory on systems where several programs + are using OpenSSL. + + For some systems, the OpenSSL Configure script knows what is needed to + build shared libraries for libcrypto and libssl. On these systems, + the shared libraries are currently not created by default, but giving + the option "shared" will get them created. This method supports Makefile + targets for shared library creation, like linux-shared. Those targets + can currently be used on their own just as well, but this is expected + to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information. + + Note on support for multiple builds + ----------------------------------- + + OpenSSL is usually built in its source tree. Unfortunately, this doesn't + support building for multiple platforms from the same source tree very well. + It is however possible to build in a separate tree through the use of lots + of symbolic links, which should be prepared like this: + + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do + mkdir -p `dirname $F` + rm -f $F; ln -s $OPENSSL_SOURCE/$F $F + echo $F '->' $OPENSSL_SOURCE/$F + done + make -f Makefile.org clean + + OPENSSL_SOURCE is an environment variable that contains the absolute (this + is important!) path to the OpenSSL source tree. + + Also, operations like 'make update' should still be made in the source tree. diff --git a/openssl/INSTALL.DJGPP b/openssl/INSTALL.DJGPP new file mode 100644 index 0000000..1047ec9 --- /dev/null +++ b/openssl/INSTALL.DJGPP @@ -0,0 +1,47 @@ + + + INSTALLATION ON THE DOS PLATFORM WITH DJGPP + ------------------------------------------- + + OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time + environment for 16-bit DOS, but only with long filename support. + If you wish to compile on native DOS with 8+3 filenames, you will + have to tweak the installation yourself, including renaming files + with illegal or duplicate names. + + You should have a full DJGPP environment installed, including the + latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package + requires that PERL and BC also be installed. + + All of these can be obtained from the usual DJGPP mirror sites or + directly at "http://www.delorie.com/pub/djgpp". For help on which + files to download, see the DJGPP "ZIP PICKER" page at + "http://www.delorie.com/djgpp/zip-picker.html". You also need to have + the WATT-32 networking package installed before you try to compile + OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/". + The Makefile assumes that the WATT-32 code is in the directory + specified by the environment variable WATT_ROOT. If you have watt-32 + in directory "watt32" under your main DJGPP directory, specify + WATT_ROOT="/dev/env/DJDIR/watt32". + + To compile OpenSSL, start your BASH shell, then configure for DJGPP by + running "./Configure" with appropriate arguments: + + ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP + + And finally fire up "make". You may run out of DPMI selectors when + running in a DOS box under Windows. If so, just close the BASH + shell, go back to Windows, and restart BASH. Then run "make" again. + + RUN-TIME CAVEAT LECTOR + -------------- + + Quoting FAQ: + + "Cryptographic software needs a source of unpredictable data to work + correctly. Many open source operating systems provide a "randomness + device" (/dev/urandom or /dev/random) that serves this purpose." + + As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd + party "randomness" DOS driver. One such driver, NOISE.SYS, can be + obtained from "http://www.rahul.net/dkaufman/index.html". diff --git a/openssl/INSTALL.MacOS b/openssl/INSTALL.MacOS new file mode 100644 index 0000000..01c60d8 --- /dev/null +++ b/openssl/INSTALL.MacOS @@ -0,0 +1,72 @@ +OpenSSL - Port To The Macintosh OS 9 or Earlier +=============================================== + +Thanks to Roy Wood initial support for Mac OS (pre +X) is now provided. "Initial" means that unlike other platforms where you +get an SDK and a "swiss army" openssl application, on Macintosh you only +get one sample application which fetches a page over HTTPS(*) and dumps it +in a window. We don't even build the test applications so that we can't +guarantee that all algorithms are operational. + +Required software: + +- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar; +- Scriptable Finder; +- CodeWarrior Pro 5; + +Installation procedure: + +- fetch the source at ftp://ftp.openssl.org/ (well, you probably already + did, huh?) +- unpack the .tar.gz file: + - if you have StuffIt Expander then just drag it over it; + - otherwise uncompress it with MacGzip and then unpack with SUNtar; +- locate MacOS folder in OpenSSL source tree and open it; +- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it + "in-place", i.e. unpacked files should end-up in the very same folder; +- execute mklinks.as; +- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****); +- that's it for now; + +(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40 + to 42, change appropriately. +(**) If you use SUNtar, then it might have already unbinhexed the files + in question. +(***) The project file was saved with CW Pro 5.3. If you have an earlier + version and it refuses to open it, then download + http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it + overwriting the original OpenSSL.mcp. +(****) Other targets are works in progress. If you feel like giving 'em a + shot, then you should know that OpenSSL* and Lib* targets are + supposed to be built with the GUSI, MacOS library which mimics + BSD sockets and some other POSIX APIs. The GUSI distribution is + expected to be found in the same directory as the openssl source tree, + i.e., in the parent directory to the one where this very file, + namely INSTALL.MacOS, resides. For more information about GUSI, see + http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html + +Finally some essential comments from our generous contributor:-) + +"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a +hack, but it works for what I'm doing. If you don't like the way I've done +it, then feel free to change what I've done. I freely admit that I've done +some less-than-ideal things in my port, and if you don't like the way I've +done something, then feel free to change it-- I won't be offended! + +... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket" +library I wrote. My MacSocket library is a wrapper around OpenTransport, +handling stuff like endpoint creation, reading, writing, etc. It is not +designed as a high-performance package such as you'd use in a webserver, +but is fine for lots of other applications. MacSocket also uses some other +code libraries I've written to deal with string manipulations and error +handling. Feel free to use these things in your own code, but give me +credit and/or send me free stuff in appreciation! :-) + +... + +If you have any questions, feel free to email me as the following: + +roy@centricsystems.ca + +-Roy Wood" + diff --git a/openssl/INSTALL.NW b/openssl/INSTALL.NW new file mode 100644 index 0000000..609a730 --- /dev/null +++ b/openssl/INSTALL.NW @@ -0,0 +1,454 @@ + +INSTALLATION ON THE NETWARE PLATFORM +------------------------------------ + +Notes about building OpenSSL for NetWare. + + +BUILD PLATFORM: +--------------- +The build scripts (batch files, perl scripts, etc) have been developed and +tested on W2K. The scripts should run fine on other Windows platforms +(NT, Win9x, WinXP) but they have not been tested. They may require some +modifications. + + +Supported NetWare Platforms - NetWare 5.x, NetWare 6.x: +------------------------------------------------------- +OpenSSL can either use the WinSock interfaces introduced in NetWare 5, +or the BSD socket interface. Previous versions of NetWare, 4.x and 3.x, +are only supported if OpenSSL is build for CLIB and BSD sockets; +WinSock builds only support NetWare 5 and up. + +On NetWare there are two c-runtime libraries. There is the legacy CLIB +interfaces and the newer LIBC interfaces. Being ANSI-C libraries, the +functionality in CLIB and LIBC is similar but the LIBC interfaces are built +using Novell Kernal Services (NKS) which is designed to leverage +multi-processor environments. + +The NetWare port of OpenSSL can be configured to build using CLIB or LIBC. +The CLIB build was developed and tested using NetWare 5.0 sp6.0a. The LIBC +build was developed and tested using the NetWare 6.0 FCS. + +The necessary LIBC functionality ships with NetWare 6. However, earlier +NetWare 5.x versions will require updates in order to run the OpenSSL LIBC +build (NetWare 5.1 SP8 is known to work). + +As of June 2005, the LIBC build can be configured to use BSD sockets instead +of WinSock sockets. Call Configure (usually through netware\build.bat) using +a target of "netware-libc-bsdsock" instead of "netware-libc". + +As of June 2007, support for CLIB and BSD sockets is also now available +using a target of "netware-clib-bsdsock" instead of "netware-clib"; +also gcc builds are now supported on both Linux and Win32 (post 0.9.8e). + +REQUIRED TOOLS: +--------------- +Based upon the configuration and build options used, some or all of the +following tools may be required: + +* Perl for Win32 - required (http://www.activestate.com/ActivePerl) + Used to run the various perl scripts on the build platform. + +* Perl 5.8.0 for NetWare v3.20 (or later) - required + (http://developer.novell.com) Used to run the test script on NetWare + after building. + +* Compiler / Linker - required: + Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare (commercial): + Provides command line tools used for building. + Tools: + mwccnlm.exe - C/C++ Compiler for NetWare + mwldnlm.exe - Linker for NetWare + mwasmnlm.exe - x86 assembler for NetWare (if using assembly option) + + gcc / nlmconv Cross-Compiler, available from Novell Forge (free): + http://forge.novell.com/modules/xfmod/project/?aunixnw + +* Assemblers - optional: + If you intend to build using the assembly options you will need an + assembler. Work has been completed to support two assemblers, Metrowerks + and NASM. However, during development, a bug was found in the Metrowerks + assembler which generates incorrect code. Until this problem is fixed, + the Metrowerks assembler cannot be used. + + mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools. + (version 2.2 Built Aug 23, 1999 - not useable due to code + generation bug) + + nasmw.exe - Netwide Assembler NASM + version 0.98 was used in development and testing + +* Make Tool - required: + In order to build you will need a make tool. Two make tools are + supported, GNU make (gmake.exe) or Microsoft nmake.exe. + + make.exe - GNU make for Windows (version 3.75 used for development) + http://gnuwin32.sourceforge.net/packages/make.htm + + nmake.exe - Microsoft make (Version 6.00.8168.0 used for development) + http://support.microsoft.com/kb/132084/EN-US/ + +* Novell Developer Kit (NDK) - required: (http://developer.novell.com) + + CLIB - BUILDS: + + WinSock2 Developer Components for NetWare: + For initial development, the October 27, 2000 version was used. + However, future versions should also work. + + NOTE: The WinSock2 components include headers & import files for + NetWare, but you will also need the winsock2.h and supporting + headers (pshpack4.h, poppack.h, qos.h) delivered in the + Microsoft SDK. Note: The winsock2.h support headers may change + with various versions of winsock2.h. Check the dependencies + section on the NDK WinSock2 download page for the latest + information on dependencies. These components are unsupported by + Novell. They are provided as a courtesy, but it is strongly + suggested that all development be done using LIBC, not CLIB. + + As of June 2005, the WinSock2 components are available at: + http://forgeftp.novell.com//ws2comp/ + + + NLM and NetWare libraries for C (including CLIB and XPlat): + If you are going to build a CLIB version of OpenSSL, you will + need the CLIB headers and imports. The March, 2001 NDK release or + later is recommended. + + Earlier versions should work but haven't been tested. In recent + versions the import files have been consolidated and function + names moved. This means you may run into link problems + (undefined symbols) when using earlier versions. The functions + are available in earlier versions, but you will have to modifiy + the make files to include additional import files (see + openssl\util\pl\netware.pl). + + + LIBC - BUILDS: + + Libraries for C (LIBC) - LIBC headers and import files + If you are going to build a LIBC version of OpenSSL, you will + need the LIBC headers and imports. The March 14, 2002 NDK release or + later is required. + + NOTE: The LIBC SDK includes the necessary WinSock2 support. + It is not necessary to download the WinSock2 NDK when building for + LIBC. The LIBC SDK also includes the appropriate BSD socket support + if configuring to use BSD sockets. + + +BUILDING: +--------- +Before building, you will need to set a few environment variables. You can +set them manually or you can modify the "netware\set_env.bat" file. + +The set_env.bat file is a template you can use to set up the path +and environment variables you will need to build. Modify the +various lines to point to YOUR tools and run set_env.bat. + + netware\set_env.bat [compiler] + + target - "netware-clib" - CLIB NetWare build + - "netware-libc" - LIBC NetWare build + + compiler - "gnuc" - GNU GCC Compiler + - "codewarrior" - MetroWerks CodeWarrior (default) + +If you don't use set_env.bat, you will need to set up the following +environment variables: + + PATH - Set PATH to point to the tools you will use. + + INCLUDE - The location of the NDK include files. + + CLIB ex: set INCLUDE=c:\ndk\nwsdk\include\nlm + LIBC ex: set INCLUDE=c:\ndk\libc\include + + PRELUDE - The absolute path of the prelude object to link with. For + a CLIB build it is recommended you use the "clibpre.o" files shipped + with the Metrowerks PDK for NetWare. For a LIBC build you should + use the "libcpre.o" file delivered with the LIBC NDK components. + + CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o + LIBC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o + + IMPORTS - The locaton of the NDK import files. + + CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports + LIBC ex: set IMPORTS=c:\ndk\libc\imports + + +In order to build, you need to run the Perl scripts to configure the build +process and generate a make file. There is a batch file, +"netware\build.bat", to automate the process. + +Build.bat runs the build configuration scripts and generates a make file. +If an assembly option is specified, it also runs the scripts to generate +the assembly code. Always run build.bat from the "openssl" directory. + + netware\build [target] [debug opts] [assembly opts] [configure opts] + + target - "netware-clib" - CLIB NetWare build (WinSock Sockets) + - "netware-clib-bsdsock" - CLIB NetWare build (BSD Sockets) + - "netware-libc" - LIBC NetWare build (WinSock Sockets) + - "netware-libc-bsdsock" - LIBC NetWare build (BSD Sockets) + + debug opts - "debug" - build debug + + assembly opts - "nw-mwasm" - use Metrowerks assembler + "nw-nasm" - use NASM assembler + "no-asm" - don't use assembly + + configure opts- all unrecognized arguments are passed to the + perl 'configure' script. See that script for + internal documentation regarding options that + are available. + + examples: + + CLIB build, debug, without assembly: + netware\build.bat netware-clib debug no-asm + + LIBC build, non-debug, using NASM assembly, add mdc2 support: + netware\build.bat netware-libc nw-nasm enable-mdc2 + + LIBC build, BSD sockets, non-debug, without assembly: + netware\build.bat netware-libc-bsdsock no-asm + +Running build.bat generates a make file to be processed by your make +tool (gmake or nmake): + + CLIB ex: gmake -f netware\nlm_clib_dbg.mak + LIBC ex: gmake -f netware\nlm_libc.mak + LIBC ex: gmake -f netware\nlm_libc_bsdsock.mak + + +You can also run the build scripts manually if you do not want to use the +build.bat file. Run the following scripts in the "\openssl" +subdirectory (in the order listed below): + + perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock] + configures no assembly build for specified netware environment + (CLIB or LIBC). + + perl util\mkfiles.pl >MINFO + generates a listing of source files (used by mk1mf) + + perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak + generates the makefile for NetWare + + gmake -f netware\nlm.mak + build with the make tool (nmake.exe also works) + +NOTE: If you are building using the assembly option, you must also run the +various Perl scripts to generate the assembly files. See build.bat +for an example of running the various assembly scripts. You must use the +"no-asm" option to build without assembly. The configure and mk1mf scripts +also have various other options. See the scripts for more information. + + +The output from the build is placed in the following directories: + + CLIB Debug build: + out_nw_clib.dbg - static libs & test nlm(s) + tmp_nw_clib.dbg - temporary build files + outinc_nw_clib - necessary include files + + CLIB Non-debug build: + out_nw_clib - static libs & test nlm(s) + tmp_nw_clib - temporary build files + outinc_nw_clib - necesary include files + + LIBC Debug build: + out_nw_libc.dbg - static libs & test nlm(s) + tmp_nw_libc.dbg - temporary build files + outinc_nw_libc - necessary include files + + LIBC Non-debug build: + out_nw_libc - static libs & test nlm(s) + tmp_nw_libc - temporary build files + outinc_nw_libc - necesary include files + + +TESTING: +-------- +The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib, +rsaglue.lib ) and several test programs. You should copy the test programs +to your NetWare server and run the tests. + +The batch file "netware\cpy_tests.bat" will copy all the necessary files +to your server for testing. In order to run the batch file, you need a +drive mapped to your target server. It will create an "OpenSSL" directory +on the drive and copy the test files to it. CAUTION: If a directory with the +name of "OpenSSL" already exists, it will be deleted. + +To run cpy_tests.bat: + + netware\cpy_tests [output directory] [NetWare drive] + + output directory - "out_nw_clib.dbg", "out_nw_libc", etc. + NetWare drive - drive letter of mapped drive + + CLIB ex: netware\cpy_tests out_nw_clib m: + LIBC ex: netware\cpy_tests out_nw_libc m: + + +The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server +should be used to execute the tests. Before running the script, make sure +your SEARCH PATH includes the "OpenSSL" directory. For example, if you +copied the files to the "sys:" volume you use the command: + + SEARCH ADD SYS:\OPENSSL + + +To run do_tests.pl type (at the console prompt): + + perl \openssl\do_tests.pl [options] + + options: + -p - pause after executing each test + +The do_tests.pl script generates a log file "\openssl\test_out\tests.log" +which should be reviewed for errors. Any errors will be denoted by the word +"ERROR" in the log. + +DEVELOPING WITH THE OPENSSL SDK: +-------------------------------- +Now that everything is built and tested, you are ready to use the OpenSSL +libraries in your development. + +There is no real installation procedure, just copy the static libs and +headers to your build location. The libs (crypto.lib & ssl.lib) are +located in the appropriate "out_nw_XXXX" directory +(out_nw_clib, out_nw_libc, etc). + +The headers are located in the appropriate "outinc_nw_XXX" directory +(outinc_nw_clib, outinc_nw_libc). + +One suggestion is to create the following directory +structure for the OpenSSL SDK: + + \openssl + |- bin + | |- openssl.nlm + | |- (other tests you want) + | + |- lib + | | - crypto.lib + | | - ssl.lib + | + |- include + | | - openssl + | | | - (all the headers in "outinc_nw\openssl") + + +The program "openssl.nlm" can be very useful. It has dozens of +options and you may want to keep it handy for debugging, testing, etc. + +When building your apps using OpenSSL, define "NETWARE". It is needed by +some of the OpenSSL headers. One way to do this is with a compile option, +for example "-DNETWARE". + + + +NOTES: +------ + +Resource leaks in Tests +------------------------ +Some OpenSSL tests do not clean up resources and NetWare reports +the resource leaks when the tests unload. If this really bugs you, +you can stop the messages by setting the developer option off at the console +prompt (set developer option = off). Or better yet, fix the tests to +clean up the resources! + + +Multi-threaded Development +--------------------------- +The NetWare version of OpenSSL is thread-safe, however multi-threaded +applications must provide the necessary locking function callbacks. This +is described in doc\threads.doc. The file "openssl-x.x.x\crypto\threads\mttest.c" +is a multi-threaded test program and demonstrates the locking functions. + + +What is openssl2.nlm? +--------------------- +The openssl program has numerous options and can be used for many different +things. Many of the options operate in an interactive mode requiring the +user to enter data. Because of this, a default screen is created for the +program. However, when running the test script it is not desirable to +have a seperate screen. Therefore, the build also creates openssl2.nlm. +Openssl2.nlm is functionally identical but uses the console screen. +Openssl2 can be used when a non-interactive mode is desired. + +NOTE: There are may other possibilities (command line options, etc) +which could have been used to address the screen issue. The openssl2.nlm +option was chosen because it impacted only the build not the code. + + +Why only static libraries? +-------------------------- +Globals, globals, and more globals. The OpenSSL code uses many global +variables that are allocated and initialized when used for the first time. + +On NetWare, most applications (at least historically) run in the kernel. +When running in the kernel, there is one instance of global variables. +For regular application type NLM(s) this isn't a problem because they are +the only ones using the globals. However, for a library NLM (an NLM which +exposes functions and has no threads of execution), the globals cause +problems. Applications could inadvertently step on each other if they +change some globals. Even worse, the first application that triggers a +global to be allocated and initialized has the allocated memory charged to +itself. Now when that application unloads, NetWare will clean up all the +applicaton's memory. The global pointer variables inside OpenSSL now +point to freed memory. An abend waiting to happen! + +To work correctly in the kernel, library NLM(s) that use globals need to +provide a set of globals (instance data) for each application. Another +option is to require the library only be loaded in a protected address +space along with the application using it. + +Modifying the OpenSSL code to provide a set of globals (instance data) for +each application isn't technically difficult, but due to the large number +globals it would require substantial code changes and it wasn't done. Hence, +the build currently only builds static libraries which are then linked +into each application. + +NOTE: If you are building a library NLM that uses the OpenSSL static +libraries, you will still have to deal with the global variable issue. +This is because when you link in the OpenSSL code you bring in all the +globals. One possible solution for the global pointer variables is to +register memory functions with OpenSSL which allocate memory and charge it +to your library NLM (see the function CRYPTO_set_mem_functions). However, +be aware that now all memory allocated by OpenSSL is charged to your NLM. + + +CodeWarrior Tools and W2K +--------------------------- +There have been problems reported with the CodeWarrior Linker +(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000. The +problems cause the link step to fail. The only work around is to obtain an +updated linker from Metrowerks. It is expected Metrowerks will release +PDK 3.0 (in beta testing at this time - May, 2001) in the near future which +will fix these problems. + + +Makefile "vclean" +------------------ +The generated makefile has a "vclean" target which cleans up the build +directories. If you have been building successfully and suddenly +experience problems, use "vclean" (gmake -f netware\nlm_xxxx.mak vclean) and retry. + + +"Undefined Symbol" Linker errors +-------------------------------- +There have been linker errors reported when doing a CLIB build. The problems +occur because some versions of the CLIB SDK import files inadvertently +left out some symbols. One symbol in particular is "_lrotl". The missing +functions are actually delivered in the binaries, but they were left out of +the import files. The issues should be fixed in the September 2001 release +of the NDK. If you experience the problems you can temporarily +work around it by manually adding the missing symbols to your version of +"clib.imp". + diff --git a/openssl/INSTALL.OS2 b/openssl/INSTALL.OS2 new file mode 100644 index 0000000..530316d --- /dev/null +++ b/openssl/INSTALL.OS2 @@ -0,0 +1,31 @@ + + Installation on OS/2 + -------------------- + + You need to have the following tools installed: + + * EMX GCC + * PERL + * GNU make + + + To build the makefile, run + + > os2\os2-emx + + This will configure OpenSSL and create OS2-EMX.mak which you then use to + build the OpenSSL libraries & programs by running + + > make -f os2-emx.mak + + If that finishes successfully you will find the libraries and programs in the + "out" directory. + + Alternatively, you can make a dynamic build that puts the library code into + crypto.dll and ssl.dll by running + + > make -f os2-emx-dll.mak + + This will build the above mentioned dlls and a matching pair of import + libraries in the "out_dll" directory along with the set of test programs + and the openssl application. diff --git a/openssl/INSTALL.VMS b/openssl/INSTALL.VMS new file mode 100644 index 0000000..e5d43a5 --- /dev/null +++ b/openssl/INSTALL.VMS @@ -0,0 +1,293 @@ + VMS Installation instructions + written by Richard Levitte + + + +Intro: +====== + +This file is divided in the following parts: + + Requirements - Mandatory reading. + Checking the distribution - Mandatory reading. + Compilation - Mandatory reading. + Logical names - Mandatory reading. + Test - Mandatory reading. + Installation - Mandatory reading. + Backward portability - Read if it's an issue. + Possible bugs or quirks - A few warnings on things that + may go wrong or may surprise you. + TODO - Things that are to come. + + +Requirements: +============= + +To build and install OpenSSL, you will need: + + * DEC C or some other ANSI C compiler. VAX C is *not* supported. + [Note: OpenSSL has only been tested with DEC C. Compiling with + a different ANSI C compiler may require some work] + +Checking the distribution: +========================== + +There have been reports of places where the distribution didn't quite get +through, for example if you've copied the tree from a NFS-mounted Unix +mount point. + +The easiest way to check if everything got through as it should is to check +for one of the following files: + + [.CRYPTO]OPENSSLCONF.H_IN + [.CRYPTO]OPENSSLCONF_H.IN + +They should never exist both at once, but one of them should (preferably +the first variant). If you can't find any of those two, something went +wrong. + +The best way to get a correct distribution is to download the gzipped tar +file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and +use VMSTAR to unpack the resulting tar file. + +GUNZIP is available in many places on the net. One of the distribution +points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ . + +VMSTAR is also available in many places on the net. The recommended place +to find information about it is http://www.free.lp.se/vmstar/ . + + +Compilation: +============ + +I've used the very good command procedures written by Robert Byer +, and just slightly modified them, making +them slightly more general and easier to maintain. + +You can actually compile in almost any directory separately. Look +for a command procedure name xxx-LIB.COM (in the library directories) +or MAKExxx.COM (in the program directories) and read the comments at +the top to understand how to use them. However, if you want to +compile all you can get, the simplest is to use MAKEVMS.COM in the top +directory. The syntax is the following: + + @MAKEVMS