Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 14 Jun 2009 19:45:17 +0000 (UTC)
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r194206 - in head/crypto/openssl: . apps certs certs/demo certs/expired crypto crypto/aes crypto/aes/asm crypto/asn1 crypto/bf crypto/bio crypto/bn crypto/bn/asm crypto/buffer crypto/ca...
Message-ID:  <200906141945.n5EJjHbW058273@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: simon
Date: Sun Jun 14 19:45:16 2009
New Revision: 194206
URL: http://svn.freebsd.org/changeset/base/194206

Log:
  Merge OpenSSL 0.9.8k into head.
  
  Approved by:	re

Added:
  head/crypto/openssl/apps/cms.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/apps/cms.c
  head/crypto/openssl/apps/genpkey.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/apps/genpkey.c
  head/crypto/openssl/apps/md4.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/apps/md4.c
  head/crypto/openssl/apps/pkey.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/apps/pkey.c
  head/crypto/openssl/apps/pkeyparam.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/apps/pkeyparam.c
  head/crypto/openssl/apps/pkeyutl.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/apps/pkeyutl.c
  head/crypto/openssl/apps/ts.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/apps/ts.c
  head/crypto/openssl/apps/tsget
     - copied unchanged from r194205, vendor-crypto/openssl/dist/apps/tsget
  head/crypto/openssl/certs/README.RootCerts
     - copied unchanged from r194205, vendor-crypto/openssl/dist/certs/README.RootCerts
  head/crypto/openssl/crypto/aes/aes_wrap.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/aes/aes_wrap.c
  head/crypto/openssl/crypto/aes/aes_x86core.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c
  head/crypto/openssl/crypto/aes/asm/aes-armv4.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/aes/asm/aes-armv4.pl
  head/crypto/openssl/crypto/aes/asm/aes-ppc.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/aes/asm/aes-ppc.pl
  head/crypto/openssl/crypto/aes/asm/aes-s390x.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/aes/asm/aes-s390x.pl
  head/crypto/openssl/crypto/aes/asm/aes-sparcv9.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/aes/asm/aes-sparcv9.pl
  head/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/aes/asm/aes-x86_64.pl
  head/crypto/openssl/crypto/asn1/ameth_lib.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c
  head/crypto/openssl/crypto/asn1/asn1_locl.h
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/asn1/asn1_locl.h
  head/crypto/openssl/crypto/asn1/asn_mime.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c
  head/crypto/openssl/crypto/asn1/bio_asn1.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c
  head/crypto/openssl/crypto/asn1/bio_ndef.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/asn1/bio_ndef.c
  head/crypto/openssl/crypto/asn1/x_nx509.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/asn1/x_nx509.c
  head/crypto/openssl/crypto/bn/asm/alpha-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/alpha-mont.pl
  head/crypto/openssl/crypto/bn/asm/armv4-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/armv4-mont.pl
  head/crypto/openssl/crypto/bn/asm/mips3-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/mips3-mont.pl
  head/crypto/openssl/crypto/bn/asm/mo-586.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/mo-586.pl
  head/crypto/openssl/crypto/bn/asm/ppc-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/ppc-mont.pl
  head/crypto/openssl/crypto/bn/asm/ppc64-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/ppc64-mont.pl
  head/crypto/openssl/crypto/bn/asm/s390x-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/s390x-mont.pl
  head/crypto/openssl/crypto/bn/asm/s390x.S
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/s390x.S
  head/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/sparcv9-mont.pl
  head/crypto/openssl/crypto/bn/asm/sparcv9a-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/sparcv9a-mont.pl
  head/crypto/openssl/crypto/bn/asm/via-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/via-mont.pl
  head/crypto/openssl/crypto/bn/asm/x86-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/x86-mont.pl
  head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl
  head/crypto/openssl/crypto/bn/bn_opt.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/bn_opt.c
  head/crypto/openssl/crypto/bn/bn_x931p.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c
  head/crypto/openssl/crypto/buffer/buf_str.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/buffer/buf_str.c
  head/crypto/openssl/crypto/camellia/asm/
     - copied from r194205, vendor-crypto/openssl/dist/crypto/camellia/asm/
  head/crypto/openssl/crypto/cms/
     - copied from r194205, vendor-crypto/openssl/dist/crypto/cms/
  head/crypto/openssl/crypto/des/des_lib.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/des/des_lib.c
  head/crypto/openssl/crypto/dsa/dsa_utl.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/dsa/dsa_utl.c
  head/crypto/openssl/crypto/dyn_lck.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/dyn_lck.c
  head/crypto/openssl/crypto/err/err_bio.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/err/err_bio.c
  head/crypto/openssl/crypto/err/err_def.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/err/err_def.c
  head/crypto/openssl/crypto/err/err_str.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/err/err_str.c
  head/crypto/openssl/crypto/evp/dig_eng.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/evp/dig_eng.c
  head/crypto/openssl/crypto/evp/e_seed.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/evp/e_seed.c
  head/crypto/openssl/crypto/evp/enc_min.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/evp/enc_min.c
  head/crypto/openssl/crypto/evp/evp_cnf.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/evp/evp_cnf.c
  head/crypto/openssl/crypto/fips_err.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/fips_err.c
  head/crypto/openssl/crypto/fips_err.h
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/fips_err.h
  head/crypto/openssl/crypto/jpake/
     - copied from r194205, vendor-crypto/openssl/dist/crypto/jpake/
  head/crypto/openssl/crypto/o_init.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/o_init.c
  head/crypto/openssl/crypto/ppccpuid.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/ppccpuid.pl
  head/crypto/openssl/crypto/rand/rand_eng.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/rand/rand_eng.c
  head/crypto/openssl/crypto/rc4/rc4_fblk.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/rc4/rc4_fblk.c
  head/crypto/openssl/crypto/rsa/rsa_eng.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/rsa/rsa_eng.c
  head/crypto/openssl/crypto/rsa/rsa_x931g.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/rsa/rsa_x931g.c
  head/crypto/openssl/crypto/s390xcpuid.S
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/s390xcpuid.S
  head/crypto/openssl/crypto/seed/
     - copied from r194205, vendor-crypto/openssl/dist/crypto/seed/
  head/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/sha/asm/sha1-x86_64.pl
  head/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/sha/asm/sha512-x86_64.pl
  head/crypto/openssl/crypto/sparcv9cap.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/crypto/sparcv9cap.c
  head/crypto/openssl/demos/jpake/
     - copied from r194205, vendor-crypto/openssl/dist/demos/jpake/
  head/crypto/openssl/engines/e_capi.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/engines/e_capi.c
  head/crypto/openssl/engines/e_capi.ec
     - copied unchanged from r194205, vendor-crypto/openssl/dist/engines/e_capi.ec
  head/crypto/openssl/engines/e_capi_err.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/engines/e_capi_err.c
  head/crypto/openssl/engines/e_capi_err.h
     - copied unchanged from r194205, vendor-crypto/openssl/dist/engines/e_capi_err.h
  head/crypto/openssl/fips/
     - copied from r194205, vendor-crypto/openssl/dist/fips/
  head/crypto/openssl/test/SHAmix.r
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/SHAmix.r
  head/crypto/openssl/test/SHAmix.x
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/SHAmix.x
  head/crypto/openssl/test/bftest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/bftest.c
  head/crypto/openssl/test/bntest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/bntest.c
  head/crypto/openssl/test/casttest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/casttest.c
  head/crypto/openssl/test/cms-examples.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/cms-examples.pl
  head/crypto/openssl/test/cms-test.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/cms-test.pl
  head/crypto/openssl/test/destest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/destest.c
  head/crypto/openssl/test/dhtest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/dhtest.c
  head/crypto/openssl/test/dsatest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/dsatest.c
  head/crypto/openssl/test/ecdhtest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/ecdhtest.c
  head/crypto/openssl/test/ecdsatest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/ecdsatest.c
  head/crypto/openssl/test/ectest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/ectest.c
  head/crypto/openssl/test/enginetest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/enginetest.c
  head/crypto/openssl/test/evp_test.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/evp_test.c
  head/crypto/openssl/test/exptest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/exptest.c
  head/crypto/openssl/test/fips_aesavs.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_aesavs.c
  head/crypto/openssl/test/fips_desmovs.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_desmovs.c
  head/crypto/openssl/test/fips_dsatest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_dsatest.c
  head/crypto/openssl/test/fips_dssvs.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_dssvs.c
  head/crypto/openssl/test/fips_hmactest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_hmactest.c
  head/crypto/openssl/test/fips_randtest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_randtest.c
  head/crypto/openssl/test/fips_rngvs.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_rngvs.c
  head/crypto/openssl/test/fips_rsagtest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_rsagtest.c
  head/crypto/openssl/test/fips_rsastest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_rsastest.c
  head/crypto/openssl/test/fips_rsavtest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_rsavtest.c
  head/crypto/openssl/test/fips_shatest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_shatest.c
  head/crypto/openssl/test/fips_test_suite.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/fips_test_suite.c
  head/crypto/openssl/test/hmactest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/hmactest.c
  head/crypto/openssl/test/ideatest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/ideatest.c
  head/crypto/openssl/test/jpaketest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/jpaketest.c
  head/crypto/openssl/test/md2test.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/md2test.c
  head/crypto/openssl/test/md4test.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/md4test.c
  head/crypto/openssl/test/md5test.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/md5test.c
  head/crypto/openssl/test/mdc2test.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/mdc2test.c
  head/crypto/openssl/test/randtest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/randtest.c
  head/crypto/openssl/test/rc2test.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/rc2test.c
  head/crypto/openssl/test/rc4test.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/rc4test.c
  head/crypto/openssl/test/rc5test.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/rc5test.c
  head/crypto/openssl/test/rmdtest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/rmdtest.c
  head/crypto/openssl/test/rsa_test.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/rsa_test.c
  head/crypto/openssl/test/sha1test.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/sha1test.c
  head/crypto/openssl/test/sha256t.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/sha256t.c
  head/crypto/openssl/test/sha512t.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/sha512t.c
  head/crypto/openssl/test/shatest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/shatest.c
  head/crypto/openssl/test/smcont.txt
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/smcont.txt
  head/crypto/openssl/test/smime-certs/
     - copied from r194205, vendor-crypto/openssl/dist/test/smime-certs/
  head/crypto/openssl/test/ssltest.c
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/ssltest.c
  head/crypto/openssl/test/testfipsssl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/test/testfipsssl
  head/crypto/openssl/util/arx.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/util/arx.pl
  head/crypto/openssl/util/fipslink.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/util/fipslink.pl
  head/crypto/openssl/util/mksdef.pl
     - copied unchanged from r194205, vendor-crypto/openssl/dist/util/mksdef.pl
Deleted:
  head/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head
  head/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS
  head/crypto/openssl/certs/RegTP-5R.pem
  head/crypto/openssl/certs/RegTP-6R.pem
  head/crypto/openssl/certs/aol1.pem
  head/crypto/openssl/certs/aol2.pem
  head/crypto/openssl/certs/aoltw1.pem
  head/crypto/openssl/certs/aoltw2.pem
  head/crypto/openssl/certs/argena.pem
  head/crypto/openssl/certs/argeng.pem
  head/crypto/openssl/certs/demo/nortelCA.pem
  head/crypto/openssl/certs/demo/timCA.pem
  head/crypto/openssl/certs/demo/tjhCA.pem
  head/crypto/openssl/certs/demo/vsigntca.pem
  head/crypto/openssl/certs/eng1.pem
  head/crypto/openssl/certs/eng2.pem
  head/crypto/openssl/certs/eng3.pem
  head/crypto/openssl/certs/eng4.pem
  head/crypto/openssl/certs/eng5.pem
  head/crypto/openssl/certs/expired/ICE-CA.pem
  head/crypto/openssl/certs/expired/ICE-root.pem
  head/crypto/openssl/certs/expired/ICE-user.pem
  head/crypto/openssl/certs/expired/RegTP-4R.pem
  head/crypto/openssl/certs/expired/factory.pem
  head/crypto/openssl/certs/expired/rsa-cca.pem
  head/crypto/openssl/certs/expired/rsa-ssca.pem
  head/crypto/openssl/certs/expired/vsign2.pem
  head/crypto/openssl/certs/expired/vsign3.pem
  head/crypto/openssl/certs/thawteCb.pem
  head/crypto/openssl/certs/thawteCp.pem
  head/crypto/openssl/certs/vsign1.pem
  head/crypto/openssl/certs/vsign3.pem
  head/crypto/openssl/certs/vsignss.pem
  head/crypto/openssl/certs/wellsfgo.pem
  head/crypto/openssl/crypto/md5/asm/md5-sparcv9.S
Modified:
  head/crypto/openssl/   (props changed)
  head/crypto/openssl/CHANGES
  head/crypto/openssl/Configure
  head/crypto/openssl/FAQ
  head/crypto/openssl/INSTALL
  head/crypto/openssl/LICENSE
  head/crypto/openssl/Makefile
  head/crypto/openssl/Makefile.org
  head/crypto/openssl/Makefile.shared
  head/crypto/openssl/NEWS
  head/crypto/openssl/README
  head/crypto/openssl/apps/Makefile
  head/crypto/openssl/apps/apps.c
  head/crypto/openssl/apps/apps.h
  head/crypto/openssl/apps/asn1pars.c
  head/crypto/openssl/apps/ca.c
  head/crypto/openssl/apps/crl.c
  head/crypto/openssl/apps/dgst.c
  head/crypto/openssl/apps/dsa.c
  head/crypto/openssl/apps/ec.c
  head/crypto/openssl/apps/enc.c
  head/crypto/openssl/apps/engine.c
  head/crypto/openssl/apps/gendsa.c
  head/crypto/openssl/apps/genrsa.c
  head/crypto/openssl/apps/nseq.c
  head/crypto/openssl/apps/ocsp.c
  head/crypto/openssl/apps/openssl.c
  head/crypto/openssl/apps/pkcs12.c
  head/crypto/openssl/apps/pkcs8.c
  head/crypto/openssl/apps/progs.h
  head/crypto/openssl/apps/progs.pl
  head/crypto/openssl/apps/rand.c
  head/crypto/openssl/apps/req.c
  head/crypto/openssl/apps/rsa.c
  head/crypto/openssl/apps/rsautl.c
  head/crypto/openssl/apps/s_apps.h
  head/crypto/openssl/apps/s_cb.c
  head/crypto/openssl/apps/s_client.c
  head/crypto/openssl/apps/s_server.c
  head/crypto/openssl/apps/smime.c
  head/crypto/openssl/apps/speed.c
  head/crypto/openssl/apps/spkac.c
  head/crypto/openssl/apps/version.c
  head/crypto/openssl/apps/x509.c
  head/crypto/openssl/config
  head/crypto/openssl/crypto/Makefile
  head/crypto/openssl/crypto/aes/Makefile
  head/crypto/openssl/crypto/aes/aes.h
  head/crypto/openssl/crypto/aes/aes_cbc.c
  head/crypto/openssl/crypto/aes/aes_core.c
  head/crypto/openssl/crypto/aes/aes_ige.c
  head/crypto/openssl/crypto/aes/asm/aes-586.pl
  head/crypto/openssl/crypto/aes/asm/aes-ia64.S
  head/crypto/openssl/crypto/asn1/Makefile
  head/crypto/openssl/crypto/asn1/a_bytes.c
  head/crypto/openssl/crypto/asn1/a_mbstr.c
  head/crypto/openssl/crypto/asn1/a_object.c
  head/crypto/openssl/crypto/asn1/a_sign.c
  head/crypto/openssl/crypto/asn1/a_strex.c
  head/crypto/openssl/crypto/asn1/a_strnid.c
  head/crypto/openssl/crypto/asn1/a_type.c
  head/crypto/openssl/crypto/asn1/a_verify.c
  head/crypto/openssl/crypto/asn1/asn1.h
  head/crypto/openssl/crypto/asn1/asn1_err.c
  head/crypto/openssl/crypto/asn1/asn1_gen.c
  head/crypto/openssl/crypto/asn1/asn1_lib.c
  head/crypto/openssl/crypto/asn1/asn1_par.c
  head/crypto/openssl/crypto/asn1/asn1t.h
  head/crypto/openssl/crypto/asn1/asn_moid.c
  head/crypto/openssl/crypto/asn1/asn_pack.c
  head/crypto/openssl/crypto/asn1/nsseq.c
  head/crypto/openssl/crypto/asn1/p5_pbe.c
  head/crypto/openssl/crypto/asn1/p5_pbev2.c
  head/crypto/openssl/crypto/asn1/p8_pkey.c
  head/crypto/openssl/crypto/asn1/t_bitst.c
  head/crypto/openssl/crypto/asn1/t_crl.c
  head/crypto/openssl/crypto/asn1/t_req.c
  head/crypto/openssl/crypto/asn1/t_spki.c
  head/crypto/openssl/crypto/asn1/t_x509.c
  head/crypto/openssl/crypto/asn1/t_x509a.c
  head/crypto/openssl/crypto/asn1/tasn_dec.c
  head/crypto/openssl/crypto/asn1/tasn_enc.c
  head/crypto/openssl/crypto/asn1/tasn_fre.c
  head/crypto/openssl/crypto/asn1/tasn_new.c
  head/crypto/openssl/crypto/asn1/tasn_prn.c
  head/crypto/openssl/crypto/asn1/tasn_typ.c
  head/crypto/openssl/crypto/asn1/tasn_utl.c
  head/crypto/openssl/crypto/asn1/x_algor.c
  head/crypto/openssl/crypto/asn1/x_bignum.c
  head/crypto/openssl/crypto/asn1/x_crl.c
  head/crypto/openssl/crypto/asn1/x_exten.c
  head/crypto/openssl/crypto/asn1/x_long.c
  head/crypto/openssl/crypto/asn1/x_name.c
  head/crypto/openssl/crypto/asn1/x_x509a.c
  head/crypto/openssl/crypto/bf/Makefile
  head/crypto/openssl/crypto/bf/bf_skey.c
  head/crypto/openssl/crypto/bf/blowfish.h
  head/crypto/openssl/crypto/bio/Makefile
  head/crypto/openssl/crypto/bio/b_print.c
  head/crypto/openssl/crypto/bio/b_sock.c
  head/crypto/openssl/crypto/bio/bio.h
  head/crypto/openssl/crypto/bio/bss_bio.c
  head/crypto/openssl/crypto/bio/bss_dgram.c
  head/crypto/openssl/crypto/bio/bss_file.c
  head/crypto/openssl/crypto/bio/bss_mem.c
  head/crypto/openssl/crypto/bio/bss_sock.c
  head/crypto/openssl/crypto/bn/Makefile
  head/crypto/openssl/crypto/bn/asm/ia64.S
  head/crypto/openssl/crypto/bn/bn.h
  head/crypto/openssl/crypto/bn/bn_blind.c
  head/crypto/openssl/crypto/bn/bn_div.c
  head/crypto/openssl/crypto/bn/bn_err.c
  head/crypto/openssl/crypto/bn/bn_exp.c
  head/crypto/openssl/crypto/bn/bn_gcd.c
  head/crypto/openssl/crypto/bn/bn_gf2m.c
  head/crypto/openssl/crypto/bn/bn_lcl.h
  head/crypto/openssl/crypto/bn/bn_lib.c
  head/crypto/openssl/crypto/bn/bn_mont.c
  head/crypto/openssl/crypto/bn/bn_mul.c
  head/crypto/openssl/crypto/bn/bn_nist.c
  head/crypto/openssl/crypto/bn/bn_prime.c
  head/crypto/openssl/crypto/bn/bn_prime.h
  head/crypto/openssl/crypto/bn/bn_prime.pl
  head/crypto/openssl/crypto/bn/bn_rand.c
  head/crypto/openssl/crypto/bn/bn_shift.c
  head/crypto/openssl/crypto/bn/bntest.c
  head/crypto/openssl/crypto/buffer/Makefile
  head/crypto/openssl/crypto/buffer/buffer.c
  head/crypto/openssl/crypto/camellia/Makefile
  head/crypto/openssl/crypto/camellia/camellia.h
  head/crypto/openssl/crypto/camellia/cmll_misc.c
  head/crypto/openssl/crypto/cast/Makefile
  head/crypto/openssl/crypto/cast/c_skey.c
  head/crypto/openssl/crypto/cast/cast.h
  head/crypto/openssl/crypto/comp/Makefile
  head/crypto/openssl/crypto/comp/c_zlib.c
  head/crypto/openssl/crypto/comp/comp.h
  head/crypto/openssl/crypto/comp/comp_err.c
  head/crypto/openssl/crypto/conf/Makefile
  head/crypto/openssl/crypto/conf/conf.h
  head/crypto/openssl/crypto/conf/conf_api.c
  head/crypto/openssl/crypto/conf/conf_mall.c
  head/crypto/openssl/crypto/conf/conf_mod.c
  head/crypto/openssl/crypto/conf/conf_sap.c
  head/crypto/openssl/crypto/cryptlib.c
  head/crypto/openssl/crypto/cryptlib.h
  head/crypto/openssl/crypto/crypto.h
  head/crypto/openssl/crypto/des/Makefile
  head/crypto/openssl/crypto/des/asm/des_enc.m4
  head/crypto/openssl/crypto/des/des.h
  head/crypto/openssl/crypto/des/des_enc.c
  head/crypto/openssl/crypto/des/des_old.c
  head/crypto/openssl/crypto/des/des_old.h
  head/crypto/openssl/crypto/des/ecb_enc.c
  head/crypto/openssl/crypto/des/enc_read.c
  head/crypto/openssl/crypto/des/enc_writ.c
  head/crypto/openssl/crypto/des/set_key.c
  head/crypto/openssl/crypto/des/times/usparc.cc
  head/crypto/openssl/crypto/des/xcbc_enc.c
  head/crypto/openssl/crypto/dh/Makefile
  head/crypto/openssl/crypto/dh/dh.h
  head/crypto/openssl/crypto/dh/dh_asn1.c
  head/crypto/openssl/crypto/dh/dh_check.c
  head/crypto/openssl/crypto/dh/dh_err.c
  head/crypto/openssl/crypto/dh/dh_gen.c
  head/crypto/openssl/crypto/dh/dh_key.c
  head/crypto/openssl/crypto/dsa/Makefile
  head/crypto/openssl/crypto/dsa/dsa.h
  head/crypto/openssl/crypto/dsa/dsa_asn1.c
  head/crypto/openssl/crypto/dsa/dsa_err.c
  head/crypto/openssl/crypto/dsa/dsa_gen.c
  head/crypto/openssl/crypto/dsa/dsa_key.c
  head/crypto/openssl/crypto/dsa/dsa_lib.c
  head/crypto/openssl/crypto/dsa/dsa_ossl.c
  head/crypto/openssl/crypto/dsa/dsa_sign.c
  head/crypto/openssl/crypto/dsa/dsa_vrf.c
  head/crypto/openssl/crypto/dso/Makefile
  head/crypto/openssl/crypto/ec/Makefile
  head/crypto/openssl/crypto/ec/ec.h
  head/crypto/openssl/crypto/ec/ec_err.c
  head/crypto/openssl/crypto/ec/ec_key.c
  head/crypto/openssl/crypto/ec/ec_mult.c
  head/crypto/openssl/crypto/ec/ectest.c
  head/crypto/openssl/crypto/ecdh/Makefile
  head/crypto/openssl/crypto/ecdh/ecdhtest.c
  head/crypto/openssl/crypto/ecdsa/Makefile
  head/crypto/openssl/crypto/ecdsa/ecdsatest.c
  head/crypto/openssl/crypto/ecdsa/ecs_ossl.c
  head/crypto/openssl/crypto/engine/Makefile
  head/crypto/openssl/crypto/engine/eng_all.c
  head/crypto/openssl/crypto/engine/eng_cnf.c
  head/crypto/openssl/crypto/engine/eng_err.c
  head/crypto/openssl/crypto/engine/eng_int.h
  head/crypto/openssl/crypto/engine/eng_padlock.c
  head/crypto/openssl/crypto/engine/eng_pkey.c
  head/crypto/openssl/crypto/engine/eng_table.c
  head/crypto/openssl/crypto/engine/engine.h
  head/crypto/openssl/crypto/engine/enginetest.c
  head/crypto/openssl/crypto/err/Makefile
  head/crypto/openssl/crypto/err/err.c
  head/crypto/openssl/crypto/err/err.h
  head/crypto/openssl/crypto/err/err_all.c
  head/crypto/openssl/crypto/err/err_prn.c
  head/crypto/openssl/crypto/err/openssl.ec
  head/crypto/openssl/crypto/evp/Makefile
  head/crypto/openssl/crypto/evp/bio_md.c
  head/crypto/openssl/crypto/evp/c_allc.c
  head/crypto/openssl/crypto/evp/digest.c
  head/crypto/openssl/crypto/evp/e_aes.c
  head/crypto/openssl/crypto/evp/e_camellia.c
  head/crypto/openssl/crypto/evp/e_des.c
  head/crypto/openssl/crypto/evp/e_des3.c
  head/crypto/openssl/crypto/evp/e_null.c
  head/crypto/openssl/crypto/evp/e_rc4.c
  head/crypto/openssl/crypto/evp/evp.h
  head/crypto/openssl/crypto/evp/evp_acnf.c
  head/crypto/openssl/crypto/evp/evp_enc.c
  head/crypto/openssl/crypto/evp/evp_err.c
  head/crypto/openssl/crypto/evp/evp_lib.c
  head/crypto/openssl/crypto/evp/evp_locl.h
  head/crypto/openssl/crypto/evp/evp_pbe.c
  head/crypto/openssl/crypto/evp/evp_pkey.c
  head/crypto/openssl/crypto/evp/evp_test.c
  head/crypto/openssl/crypto/evp/evptests.txt
  head/crypto/openssl/crypto/evp/m_dss.c
  head/crypto/openssl/crypto/evp/m_dss1.c
  head/crypto/openssl/crypto/evp/m_md2.c
  head/crypto/openssl/crypto/evp/m_md4.c
  head/crypto/openssl/crypto/evp/m_md5.c
  head/crypto/openssl/crypto/evp/m_mdc2.c
  head/crypto/openssl/crypto/evp/m_sha.c
  head/crypto/openssl/crypto/evp/m_sha1.c
  head/crypto/openssl/crypto/evp/names.c
  head/crypto/openssl/crypto/evp/p5_crpt.c
  head/crypto/openssl/crypto/evp/p5_crpt2.c
  head/crypto/openssl/crypto/evp/p_sign.c
  head/crypto/openssl/crypto/evp/p_verify.c
  head/crypto/openssl/crypto/ex_data.c
  head/crypto/openssl/crypto/hmac/Makefile
  head/crypto/openssl/crypto/hmac/hmac.c
  head/crypto/openssl/crypto/hmac/hmac.h
  head/crypto/openssl/crypto/idea/Makefile
  head/crypto/openssl/crypto/idea/i_skey.c
  head/crypto/openssl/crypto/idea/idea.h
  head/crypto/openssl/crypto/krb5/Makefile
  head/crypto/openssl/crypto/lhash/Makefile
  head/crypto/openssl/crypto/md2/Makefile
  head/crypto/openssl/crypto/md2/md2.h
  head/crypto/openssl/crypto/md2/md2_dgst.c
  head/crypto/openssl/crypto/md32_common.h
  head/crypto/openssl/crypto/md4/Makefile
  head/crypto/openssl/crypto/md4/md4.h
  head/crypto/openssl/crypto/md4/md4_dgst.c
  head/crypto/openssl/crypto/md4/md4_locl.h
  head/crypto/openssl/crypto/md4/md4test.c
  head/crypto/openssl/crypto/md5/Makefile
  head/crypto/openssl/crypto/md5/asm/md5-586.pl
  head/crypto/openssl/crypto/md5/asm/md5-x86_64.pl
  head/crypto/openssl/crypto/md5/md5.h
  head/crypto/openssl/crypto/md5/md5_dgst.c
  head/crypto/openssl/crypto/md5/md5_locl.h
  head/crypto/openssl/crypto/md5/md5test.c
  head/crypto/openssl/crypto/mdc2/Makefile
  head/crypto/openssl/crypto/mdc2/mdc2.h
  head/crypto/openssl/crypto/mdc2/mdc2dgst.c
  head/crypto/openssl/crypto/mem.c
  head/crypto/openssl/crypto/mem_clr.c
  head/crypto/openssl/crypto/mem_dbg.c
  head/crypto/openssl/crypto/o_str.c
  head/crypto/openssl/crypto/objects/Makefile
  head/crypto/openssl/crypto/objects/obj_dat.c
  head/crypto/openssl/crypto/objects/obj_dat.h
  head/crypto/openssl/crypto/objects/obj_dat.pl
  head/crypto/openssl/crypto/objects/obj_mac.h
  head/crypto/openssl/crypto/objects/obj_mac.num
  head/crypto/openssl/crypto/objects/objects.txt
  head/crypto/openssl/crypto/ocsp/Makefile
  head/crypto/openssl/crypto/ocsp/ocsp.h
  head/crypto/openssl/crypto/ocsp/ocsp_asn.c
  head/crypto/openssl/crypto/ocsp/ocsp_err.c
  head/crypto/openssl/crypto/ocsp/ocsp_ht.c
  head/crypto/openssl/crypto/ocsp/ocsp_srv.c
  head/crypto/openssl/crypto/ocsp/ocsp_vfy.c
  head/crypto/openssl/crypto/opensslconf.h
  head/crypto/openssl/crypto/opensslconf.h.in
  head/crypto/openssl/crypto/opensslv.h
  head/crypto/openssl/crypto/ossl_typ.h
  head/crypto/openssl/crypto/pem/Makefile
  head/crypto/openssl/crypto/pem/pem.h
  head/crypto/openssl/crypto/pem/pem_all.c
  head/crypto/openssl/crypto/pem/pem_info.c
  head/crypto/openssl/crypto/pem/pem_lib.c
  head/crypto/openssl/crypto/pem/pem_x509.c
  head/crypto/openssl/crypto/pem/pem_xaux.c
  head/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
  head/crypto/openssl/crypto/perlasm/x86ms.pl
  head/crypto/openssl/crypto/perlasm/x86nasm.pl
  head/crypto/openssl/crypto/perlasm/x86unix.pl
  head/crypto/openssl/crypto/pkcs12/Makefile
  head/crypto/openssl/crypto/pkcs12/p12_add.c
  head/crypto/openssl/crypto/pkcs12/p12_asn.c
  head/crypto/openssl/crypto/pkcs12/p12_attr.c
  head/crypto/openssl/crypto/pkcs12/p12_crpt.c
  head/crypto/openssl/crypto/pkcs12/p12_crt.c
  head/crypto/openssl/crypto/pkcs12/p12_decr.c
  head/crypto/openssl/crypto/pkcs12/p12_init.c
  head/crypto/openssl/crypto/pkcs12/p12_key.c
  head/crypto/openssl/crypto/pkcs12/p12_kiss.c
  head/crypto/openssl/crypto/pkcs12/p12_mutl.c
  head/crypto/openssl/crypto/pkcs12/p12_npas.c
  head/crypto/openssl/crypto/pkcs12/p12_p8d.c
  head/crypto/openssl/crypto/pkcs12/p12_p8e.c
  head/crypto/openssl/crypto/pkcs12/p12_utl.c
  head/crypto/openssl/crypto/pkcs12/pkcs12.h
  head/crypto/openssl/crypto/pkcs7/Makefile
  head/crypto/openssl/crypto/pkcs7/p7/a1   (props changed)
  head/crypto/openssl/crypto/pkcs7/p7/a2   (props changed)
  head/crypto/openssl/crypto/pkcs7/p7/cert.p7c   (props changed)
  head/crypto/openssl/crypto/pkcs7/p7/smime.p7m   (props changed)
  head/crypto/openssl/crypto/pkcs7/p7/smime.p7s   (props changed)
  head/crypto/openssl/crypto/pkcs7/pk7_asn1.c
  head/crypto/openssl/crypto/pkcs7/pk7_attr.c
  head/crypto/openssl/crypto/pkcs7/pk7_mime.c
  head/crypto/openssl/crypto/pkcs7/pk7_smime.c
  head/crypto/openssl/crypto/pqueue/Makefile
  head/crypto/openssl/crypto/pqueue/pq_compat.h
  head/crypto/openssl/crypto/rand/Makefile
  head/crypto/openssl/crypto/rand/md_rand.c
  head/crypto/openssl/crypto/rand/rand.h
  head/crypto/openssl/crypto/rand/rand_err.c
  head/crypto/openssl/crypto/rand/rand_lcl.h
  head/crypto/openssl/crypto/rand/rand_lib.c
  head/crypto/openssl/crypto/rand/rand_nw.c
  head/crypto/openssl/crypto/rand/rand_unix.c
  head/crypto/openssl/crypto/rand/randfile.c
  head/crypto/openssl/crypto/rc2/Makefile
  head/crypto/openssl/crypto/rc2/rc2.h
  head/crypto/openssl/crypto/rc2/rc2_skey.c
  head/crypto/openssl/crypto/rc4/Makefile
  head/crypto/openssl/crypto/rc4/asm/rc4-586.pl
  head/crypto/openssl/crypto/rc4/asm/rc4-ia64.S
  head/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
  head/crypto/openssl/crypto/rc4/rc4.h
  head/crypto/openssl/crypto/rc4/rc4_skey.c
  head/crypto/openssl/crypto/rc5/Makefile
  head/crypto/openssl/crypto/rc5/rc5.h
  head/crypto/openssl/crypto/rc5/rc5_skey.c
  head/crypto/openssl/crypto/ripemd/Makefile
  head/crypto/openssl/crypto/ripemd/README
  head/crypto/openssl/crypto/ripemd/asm/rmd-586.pl
  head/crypto/openssl/crypto/ripemd/ripemd.h
  head/crypto/openssl/crypto/ripemd/rmd_dgst.c
  head/crypto/openssl/crypto/ripemd/rmd_locl.h
  head/crypto/openssl/crypto/ripemd/rmdtest.c
  head/crypto/openssl/crypto/rsa/Makefile
  head/crypto/openssl/crypto/rsa/rsa.h
  head/crypto/openssl/crypto/rsa/rsa_asn1.c
  head/crypto/openssl/crypto/rsa/rsa_eay.c
  head/crypto/openssl/crypto/rsa/rsa_err.c
  head/crypto/openssl/crypto/rsa/rsa_gen.c
  head/crypto/openssl/crypto/rsa/rsa_lib.c
  head/crypto/openssl/crypto/rsa/rsa_null.c
  head/crypto/openssl/crypto/rsa/rsa_oaep.c
  head/crypto/openssl/crypto/rsa/rsa_pss.c
  head/crypto/openssl/crypto/rsa/rsa_sign.c
  head/crypto/openssl/crypto/rsa/rsa_ssl.c
  head/crypto/openssl/crypto/rsa/rsa_test.c
  head/crypto/openssl/crypto/rsa/rsa_x931.c
  head/crypto/openssl/crypto/sha/Makefile
  head/crypto/openssl/crypto/sha/asm/sha1-586.pl
  head/crypto/openssl/crypto/sha/asm/sha1-ia64.pl
  head/crypto/openssl/crypto/sha/asm/sha512-ia64.pl
  head/crypto/openssl/crypto/sha/sha.h
  head/crypto/openssl/crypto/sha/sha1_one.c
  head/crypto/openssl/crypto/sha/sha1dgst.c
  head/crypto/openssl/crypto/sha/sha1test.c
  head/crypto/openssl/crypto/sha/sha256.c
  head/crypto/openssl/crypto/sha/sha512.c
  head/crypto/openssl/crypto/sha/sha_dgst.c
  head/crypto/openssl/crypto/sha/sha_locl.h
  head/crypto/openssl/crypto/sha/shatest.c
  head/crypto/openssl/crypto/stack/Makefile
  head/crypto/openssl/crypto/stack/safestack.h
  head/crypto/openssl/crypto/store/Makefile
  head/crypto/openssl/crypto/store/str_lib.c
  head/crypto/openssl/crypto/symhacks.h
  head/crypto/openssl/crypto/txt_db/Makefile
  head/crypto/openssl/crypto/ui/Makefile
  head/crypto/openssl/crypto/ui/ui_lib.c
  head/crypto/openssl/crypto/ui/ui_openssl.c
  head/crypto/openssl/crypto/x509/Makefile
  head/crypto/openssl/crypto/x509/by_dir.c
  head/crypto/openssl/crypto/x509/x509.h
  head/crypto/openssl/crypto/x509/x509_att.c
  head/crypto/openssl/crypto/x509/x509_cmp.c
  head/crypto/openssl/crypto/x509/x509_trs.c
  head/crypto/openssl/crypto/x509/x509_txt.c
  head/crypto/openssl/crypto/x509/x509_vfy.c
  head/crypto/openssl/crypto/x509/x509_vpm.c
  head/crypto/openssl/crypto/x509/x509cset.c
  head/crypto/openssl/crypto/x509/x509spki.c
  head/crypto/openssl/crypto/x509v3/Makefile
  head/crypto/openssl/crypto/x509v3/ext_dat.h
  head/crypto/openssl/crypto/x509v3/pcy_cache.c
  head/crypto/openssl/crypto/x509v3/pcy_data.c
  head/crypto/openssl/crypto/x509v3/pcy_int.h
  head/crypto/openssl/crypto/x509v3/pcy_lib.c
  head/crypto/openssl/crypto/x509v3/pcy_map.c
  head/crypto/openssl/crypto/x509v3/pcy_node.c
  head/crypto/openssl/crypto/x509v3/pcy_tree.c
  head/crypto/openssl/crypto/x509v3/tabtest.c
  head/crypto/openssl/crypto/x509v3/v3_addr.c
  head/crypto/openssl/crypto/x509v3/v3_akey.c
  head/crypto/openssl/crypto/x509v3/v3_akeya.c
  head/crypto/openssl/crypto/x509v3/v3_alt.c
  head/crypto/openssl/crypto/x509v3/v3_asid.c
  head/crypto/openssl/crypto/x509v3/v3_bcons.c
  head/crypto/openssl/crypto/x509v3/v3_bitst.c
  head/crypto/openssl/crypto/x509v3/v3_conf.c
  head/crypto/openssl/crypto/x509v3/v3_cpols.c
  head/crypto/openssl/crypto/x509v3/v3_crld.c
  head/crypto/openssl/crypto/x509v3/v3_enum.c
  head/crypto/openssl/crypto/x509v3/v3_extku.c
  head/crypto/openssl/crypto/x509v3/v3_genn.c
  head/crypto/openssl/crypto/x509v3/v3_ia5.c
  head/crypto/openssl/crypto/x509v3/v3_info.c
  head/crypto/openssl/crypto/x509v3/v3_int.c
  head/crypto/openssl/crypto/x509v3/v3_lib.c
  head/crypto/openssl/crypto/x509v3/v3_ncons.c
  head/crypto/openssl/crypto/x509v3/v3_ocsp.c
  head/crypto/openssl/crypto/x509v3/v3_pci.c
  head/crypto/openssl/crypto/x509v3/v3_pcons.c
  head/crypto/openssl/crypto/x509v3/v3_pku.c
  head/crypto/openssl/crypto/x509v3/v3_pmaps.c
  head/crypto/openssl/crypto/x509v3/v3_prn.c
  head/crypto/openssl/crypto/x509v3/v3_purp.c
  head/crypto/openssl/crypto/x509v3/v3_skey.c
  head/crypto/openssl/crypto/x509v3/v3_sxnet.c
  head/crypto/openssl/crypto/x509v3/v3_utl.c
  head/crypto/openssl/crypto/x509v3/v3conf.c
  head/crypto/openssl/crypto/x509v3/v3prin.c
  head/crypto/openssl/crypto/x509v3/x509v3.h
  head/crypto/openssl/crypto/x86_64cpuid.pl
  head/crypto/openssl/crypto/x86cpuid.pl
  head/crypto/openssl/demos/asn1/ocsp.c
  head/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h
  head/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h
  head/crypto/openssl/demos/engines/zencod/hw_zencod_err.h
  head/crypto/openssl/doc/apps/ciphers.pod
  head/crypto/openssl/doc/apps/dgst.pod
  head/crypto/openssl/doc/apps/enc.pod
  head/crypto/openssl/doc/apps/ocsp.pod
  head/crypto/openssl/doc/apps/openssl.pod
  head/crypto/openssl/doc/apps/rand.pod
  head/crypto/openssl/doc/apps/rsautl.pod
  head/crypto/openssl/doc/apps/s_client.pod
  head/crypto/openssl/doc/apps/s_server.pod
  head/crypto/openssl/doc/apps/verify.pod
  head/crypto/openssl/doc/apps/x509.pod
  head/crypto/openssl/doc/c-indentation.el
  head/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
  head/crypto/openssl/doc/crypto/DH_set_method.pod
  head/crypto/openssl/doc/crypto/DSA_set_method.pod
  head/crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod
  head/crypto/openssl/doc/crypto/RAND_bytes.pod
  head/crypto/openssl/doc/crypto/RAND_egd.pod
  head/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
  head/crypto/openssl/doc/crypto/RSA_set_method.pod
  head/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod
  head/crypto/openssl/doc/crypto/des_modes.pod
  head/crypto/openssl/doc/crypto/engine.pod
  head/crypto/openssl/doc/openssl_button.gif   (props changed)
  head/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
  head/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
  head/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
  head/crypto/openssl/doc/ssl/SSL_SESSION_free.pod
  head/crypto/openssl/doc/ssl/SSL_free.pod
  head/crypto/openssl/doc/ssl/SSL_read.pod
  head/crypto/openssl/doc/ssleay.txt
  head/crypto/openssl/doc/standards.txt
  head/crypto/openssl/e_os.h
  head/crypto/openssl/engines/Makefile
  head/crypto/openssl/engines/e_4758cca_err.h
  head/crypto/openssl/engines/e_aep.c
  head/crypto/openssl/engines/e_aep_err.h
  head/crypto/openssl/engines/e_atalla_err.h
  head/crypto/openssl/engines/e_chil.c
  head/crypto/openssl/engines/e_chil_err.c
  head/crypto/openssl/engines/e_chil_err.h
  head/crypto/openssl/engines/e_cswift_err.h
  head/crypto/openssl/engines/e_gmp.c
  head/crypto/openssl/engines/e_gmp_err.h
  head/crypto/openssl/engines/e_nuron_err.h
  head/crypto/openssl/engines/e_sureware_err.h
  head/crypto/openssl/engines/e_ubsec.c
  head/crypto/openssl/engines/e_ubsec_err.h
  head/crypto/openssl/openssl.spec
  head/crypto/openssl/ssl/Makefile
  head/crypto/openssl/ssl/d1_both.c
  head/crypto/openssl/ssl/d1_clnt.c
  head/crypto/openssl/ssl/d1_enc.c
  head/crypto/openssl/ssl/d1_lib.c
  head/crypto/openssl/ssl/d1_pkt.c
  head/crypto/openssl/ssl/d1_srvr.c
  head/crypto/openssl/ssl/dtls1.h
  head/crypto/openssl/ssl/kssl.c
  head/crypto/openssl/ssl/s23_clnt.c
  head/crypto/openssl/ssl/s23_srvr.c
  head/crypto/openssl/ssl/s2_clnt.c
  head/crypto/openssl/ssl/s2_srvr.c
  head/crypto/openssl/ssl/s3_clnt.c
  head/crypto/openssl/ssl/s3_enc.c
  head/crypto/openssl/ssl/s3_lib.c
  head/crypto/openssl/ssl/s3_pkt.c
  head/crypto/openssl/ssl/s3_srvr.c
  head/crypto/openssl/ssl/ssl.h
  head/crypto/openssl/ssl/ssl3.h
  head/crypto/openssl/ssl/ssl_algs.c
  head/crypto/openssl/ssl/ssl_asn1.c
  head/crypto/openssl/ssl/ssl_cert.c
  head/crypto/openssl/ssl/ssl_ciph.c
  head/crypto/openssl/ssl/ssl_err.c
  head/crypto/openssl/ssl/ssl_lib.c
  head/crypto/openssl/ssl/ssl_locl.h
  head/crypto/openssl/ssl/ssl_rsa.c
  head/crypto/openssl/ssl/ssl_sess.c
  head/crypto/openssl/ssl/ssl_stat.c
  head/crypto/openssl/ssl/ssl_txt.c
  head/crypto/openssl/ssl/ssltest.c
  head/crypto/openssl/ssl/t1_enc.c
  head/crypto/openssl/ssl/t1_lib.c
  head/crypto/openssl/ssl/tls1.h
  head/crypto/openssl/test/CAss.cnf
  head/crypto/openssl/test/Makefile
  head/crypto/openssl/test/Uss.cnf
  head/crypto/openssl/test/evptests.txt
  head/crypto/openssl/test/igetest.c
  head/crypto/openssl/test/times
  head/crypto/openssl/util/clean-depend.pl
  head/crypto/openssl/util/copy.pl
  head/crypto/openssl/util/domd
  head/crypto/openssl/util/libeay.num
  head/crypto/openssl/util/mk1mf.pl
  head/crypto/openssl/util/mkdef.pl
  head/crypto/openssl/util/mkerr.pl
  head/crypto/openssl/util/mkfiles.pl
  head/crypto/openssl/util/mklink.pl
  head/crypto/openssl/util/opensslwrap.sh
  head/crypto/openssl/util/pl/VC-32.pl
  head/crypto/openssl/util/pl/netware.pl
  head/crypto/openssl/util/shlib_wrap.sh
  head/crypto/openssl/util/ssleay.num

Modified: head/crypto/openssl/CHANGES
==============================================================================
--- head/crypto/openssl/CHANGES	Sun Jun 14 18:04:22 2009	(r194205)
+++ head/crypto/openssl/CHANGES	Sun Jun 14 19:45:16 2009	(r194206)
@@ -2,13 +2,455 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
+ Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
+
+  *) Don't set val to NULL when freeing up structures, it is freed up by
+     underlying code. If sizeof(void *) > sizeof(long) this can result in
+     zeroing past the valid field. (CVE-2009-0789)
+     [Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
+
+  *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
+     checked correctly. This would allow some invalid signed attributes to
+     appear to verify correctly. (CVE-2009-0591)
+     [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+  *) Reject UniversalString and BMPString types with invalid lengths. This
+     prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
+     a legal length. (CVE-2009-0590)
+     [Steve Henson]
+
+  *) Set S/MIME signing as the default purpose rather than setting it 
+     unconditionally. This allows applications to override it at the store
+     level.
+     [Steve Henson]
+
+  *) Permit restricted recursion of ASN1 strings. This is needed in practice
+     to handle some structures.
+     [Steve Henson]
+
+  *) Improve efficiency of mem_gets: don't search whole buffer each time
+     for a '\n'
+     [Jeremy Shapiro <jnshapir@us.ibm.com>]
+
+  *) New -hex option for openssl rand.
+     [Matthieu Herrb]
+
+  *) Print out UTF8String and NumericString when parsing ASN1.
+     [Steve Henson]
+
+  *) Support NumericString type for name components.
+     [Steve Henson]
+
+  *) Allow CC in the environment to override the automatically chosen
+     compiler. Note that nothing is done to ensure flags work with the
+     chosen compiler.
+     [Ben Laurie]
+
+ Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
+
+  *) Properly check EVP_VerifyFinal() and similar return values
+     (CVE-2008-5077).
+     [Ben Laurie, Bodo Moeller, Google Security Team]
+
+  *) Enable TLS extensions by default.
+     [Ben Laurie]
+
+  *) Allow the CHIL engine to be loaded, whether the application is
+     multithreaded or not. (This does not release the developer from the
+     obligation to set up the dynamic locking callbacks.)
+     [Sander Temme <sander@temme.net>]
+
+  *) Use correct exit code if there is an error in dgst command.
+     [Steve Henson; problem pointed out by Roland Dirlewanger]
+
+  *) Tweak Configure so that you need to say "experimental-jpake" to enable
+     JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+     [Bodo Moeller]
+
+  *) Add experimental JPAKE support, including demo authentication in
+     s_client and s_server.
+     [Ben Laurie]
+
+  *) Set the comparison function in v3_addr_canonize().
+     [Rob Austein <sra@hactrn.net>]
+
+  *) Add support for XMPP STARTTLS in s_client.
+     [Philip Paeps <philip@freebsd.org>]
+
+  *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
+     to ensure that even with this option, only ciphersuites in the
+     server's preference list will be accepted.  (Note that the option
+     applies only when resuming a session, so the earlier behavior was
+     just about the algorithm choice for symmetric cryptography.)
+     [Bodo Moeller]
+
+ Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
+
+  *) Fix a state transitition in s3_srvr.c and d1_srvr.c
+     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+     [Nagendra Modadugu]
+
+  *) The fix in 0.9.8c that supposedly got rid of unsafe
+     double-checked locking was incomplete for RSA blinding,
+     addressing just one layer of what turns out to have been
+     doubly unsafe triple-checked locking.
+
+     So now fix this for real by retiring the MONT_HELPER macro
+     in crypto/rsa/rsa_eay.c.
+
+     [Bodo Moeller; problem pointed out by Marius Schilder]
+
+  *) Various precautionary measures:
+
+     - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
+
+     - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
+       (NB: This would require knowledge of the secret session ticket key
+       to exploit, in which case you'd be SOL either way.)
+
+     - Change bn_nist.c so that it will properly handle input BIGNUMs
+       outside the expected range.
+
+     - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
+       builds.
+
+     [Neel Mehta, Bodo Moeller]
+
+  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+     the load fails. Useful for distros.
+     [Ben Laurie and the FreeBSD team]
+
+  *) Add support for Local Machine Keyset attribute in PKCS#12 files.
+     [Steve Henson]
+
+  *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+     [Huang Ying]
+
+  *) Expand ENGINE to support engine supplied SSL client certificate functions.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+     keystores. Support for SSL/TLS client authentication too.
+     Not compiled unless enable-capieng specified to Configure.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
+     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+     attribute creation routines such as certifcate requests and PKCS#12
+     files.
+     [Steve Henson]
+
+ Changes between 0.9.8g and 0.9.8h  [28 May 2008]
+
+  *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+     handshake which could lead to a cilent crash as found using the
+     Codenomicon TLS test suite (CVE-2008-1672) 
+     [Steve Henson, Mark Cox]
+
+  *) Fix double free in TLS server name extensions which could lead to
+     a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) 
+     [Joe Orton]
+
+  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+     Clear the error queue to ensure that error entries left from
+     older function calls do not interfere with the correct operation.
+     [Lutz Jaenicke, Erik de Castro Lopo]
+
+  *) Remove root CA certificates of commercial CAs:
+
+     The OpenSSL project does not recommend any specific CA and does not
+     have any policy with respect to including or excluding any CA.
+     Therefore it does not make any sense to ship an arbitrary selection
+     of root CA certificates with the OpenSSL software.
+     [Lutz Jaenicke]
+
+  *) RSA OAEP patches to fix two separate invalid memory reads.
+     The first one involves inputs when 'lzero' is greater than
+     'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
+     before the beginning of from). The second one involves inputs where
+     the 'db' section contains nothing but zeroes (there is a one-byte
+     invalid read after the end of 'db').
+     [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+  *) Partial backport from 0.9.9-dev:
+
+     Introduce bn_mul_mont (dedicated Montgomery multiplication
+     procedure) as a candidate for BIGNUM assembler implementation.
+     While 0.9.9-dev uses assembler for various architectures, only
+     x86_64 is available by default here in the 0.9.8 branch, and
+     32-bit x86 is available through a compile-time setting.
+
+     To try the 32-bit x86 assembler implementation, use Configure
+     option "enable-montasm" (which exists only for this backport).
+
+     As "enable-montasm" for 32-bit x86 disclaims code stability
+     anyway, in this constellation we activate additional code
+     backported from 0.9.9-dev for further performance improvements,
+     namely BN_from_montgomery_word.  (To enable this otherwise,
+     e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
+
+     [Andy Polyakov (backport partially by Bodo Moeller)]
+
+  *) Add TLS session ticket callback. This allows an application to set
+     TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
+     values. This is useful for key rollover for example where several key
+     sets may exist with different names.
+     [Steve Henson]
+
+  *) Reverse ENGINE-internal logic for caching default ENGINE handles.
+     This was broken until now in 0.9.8 releases, such that the only way
+     a registered ENGINE could be used (assuming it initialises
+     successfully on the host) was to explicitly set it as the default
+     for the relevant algorithms. This is in contradiction with 0.9.7
+     behaviour and the documentation. With this fix, when an ENGINE is
+     registered into a given algorithm's table of implementations, the
+     'uptodate' flag is reset so that auto-discovery will be used next
+     time a new context for that algorithm attempts to select an
+     implementation.
+     [Ian Lister (tweaked by Geoff Thorpe)]
+
+  *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
+     implemention in the following ways:
+
+     Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
+     hard coded.
+
+     Lack of BER streaming support means one pass streaming processing is
+     only supported if data is detached: setting the streaming flag is
+     ignored for embedded content.
+
+     CMS support is disabled by default and must be explicitly enabled
+     with the enable-cms configuration option.
+     [Steve Henson]
+
+  *) Update the GMP engine glue to do direct copies between BIGNUM and
+     mpz_t when openssl and GMP use the same limb size. Otherwise the
+     existing "conversion via a text string export" trick is still used.
+     [Paul Sheer <paulsheer@gmail.com>]
+
+  *) Zlib compression BIO. This is a filter BIO which compressed and
+     uncompresses any data passed through it.
+     [Steve Henson]
+
+  *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
+     RFC3394 compatible AES key wrapping.
+     [Steve Henson]
+
+  *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
+     sets string data without copying. X509_ALGOR_set0() and
+     X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
+     data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
+     from an X509_ATTRIBUTE structure optionally checking it occurs only
+     once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
+     data.
+     [Steve Henson]
+
+  *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
+     to get the expected BN_FLG_CONSTTIME behavior.
+     [Bodo Moeller (Google)]
+  
+  *) Netware support:
+
+     - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
+     - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
+     - added some more tests to do_tests.pl
+     - fixed RunningProcess usage so that it works with newer LIBC NDKs too
+     - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
+     - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
+       netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
+     - various changes to netware.pl to enable gcc-cross builds on Win32
+       platform
+     - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
+     - various changes to fix missing prototype warnings
+     - fixed x86nasm.pl to create correct asm files for NASM COFF output
+     - added AES, WHIRLPOOL and CPUID assembler code to build files
+     - added missing AES assembler make rules to mk1mf.pl
+     - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
+     [Guenter Knauf <eflash@gmx.net>]
+
+  *) Implement certificate status request TLS extension defined in RFC3546.
+     A client can set the appropriate parameters and receive the encoded
+     OCSP response via a callback. A server can query the supplied parameters
+     and set the encoded OCSP response in the callback. Add simplified examples
+     to s_client and s_server.
+     [Steve Henson]
+
+ Changes between 0.9.8f and 0.9.8g  [19 Oct 2007]
+
+  *) Fix various bugs:
+     + Binary incompatibility of ssl_ctx_st structure
+     + DTLS interoperation with non-compliant servers
+     + Don't call get_session_cb() without proposed session
+     + Fix ia64 assembler code
+     [Andy Polyakov, Steve Henson]
+
+ Changes between 0.9.8e and 0.9.8f  [11 Oct 2007]
+
+  *) DTLS Handshake overhaul. There were longstanding issues with
+     OpenSSL DTLS implementation, which were making it impossible for
+     RFC 4347 compliant client to communicate with OpenSSL server.
+     Unfortunately just fixing these incompatibilities would "cut off"
+     pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e
+     server keeps tolerating non RFC compliant syntax. The opposite is
+     not true, 0.9.8f client can not communicate with earlier server.
+     This update even addresses CVE-2007-4995.
+     [Andy Polyakov]
+
+  *) Changes to avoid need for function casts in OpenSSL: some compilers
+     (gcc 4.2 and later) reject their use.
+     [Kurt Roeckx <kurt@roeckx.be>, Peter Hartley <pdh@utter.chaos.org.uk>,
+      Steve Henson]
+  
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+     
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add initial support for TLS extensions, specifically for the server_name
+     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
+     have new members for a host name.  The SSL data structure has an
+     additional member SSL_CTX *initial_ctx so that new sessions can be
+     stored in that context to allow for session resumption, even after the
+     SSL has been switched to a new SSL_CTX in reaction to a client's
+     server_name extension.
+
+     New functions (subject to change):
+
+         SSL_get_servername()
+         SSL_get_servername_type()
+         SSL_set_SSL_CTX()
+
+     New CTRL codes and macros (subject to change):
+
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+                                 - SSL_CTX_set_tlsext_servername_callback()
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+                                      - SSL_CTX_set_tlsext_servername_arg()
+         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
+
+     openssl s_client has a new '-servername ...' option.
+
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecogninzed_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
+
+     [Peter Sylvester,  Remy Allais, Christophe Renou, Steve Henson]
+
+  *) Add AES and SSE2 assembly language support to VC++ build.
+     [Steve Henson]
+
+  *) Mitigate attack on final subtraction in Montgomery reduction.
+     [Andy Polyakov]
+
+  *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
+     (which previously caused an internal error).
+     [Bodo Moeller]
+
+  *) Squeeze another 10% out of IGE mode when in != out.
+     [Ben Laurie]
+
+  *) AES IGE mode speedup.
+     [Dean Gaudet (Google)]
+
+  *) Add the Korean symmetric 128-bit cipher SEED (see
+     http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
+     add SEED ciphersuites from RFC 4162:
+
+        TLS_RSA_WITH_SEED_CBC_SHA      =  "SEED-SHA"
+        TLS_DHE_DSS_WITH_SEED_CBC_SHA  =  "DHE-DSS-SEED-SHA"
+        TLS_DHE_RSA_WITH_SEED_CBC_SHA  =  "DHE-RSA-SEED-SHA"
+        TLS_DH_anon_WITH_SEED_CBC_SHA  =  "ADH-SEED-SHA"
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, SEED remains excluded from compilation unless OpenSSL
+     is configured with 'enable-seed'.
+     [KISA, Bodo Moeller]
+
+  *) Mitigate branch prediction attacks, which can be practical if a
+     single processor is shared, allowing a spy process to extract
+     information.  For detailed background information, see
+     http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,
+     J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL
+     and Necessary Software Countermeasures").  The core of the change
+     are new versions BN_div_no_branch() and
+     BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
+     respectively, which are slower, but avoid the security-relevant
+     conditional branches.  These are automatically called by BN_div()
+     and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
+     of the input BIGNUMs.  Also, BN_is_bit_set() has been changed to
+     remove a conditional branch.
+
+     BN_FLG_CONSTTIME is the new name for the previous
+     BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
+     modular exponentiation.  (Since OpenSSL 0.9.7h, setting this flag
+     in the exponent causes BN_mod_exp_mont() to use the alternative
+     implementation in BN_mod_exp_mont_consttime().)  The old name
+     remains as a deprecated alias.
+
+     Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
+     RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
+     constant-time implementations for more than just exponentiation.
+     Here too the old name is kept as a deprecated alias.
+
+     BN_BLINDING_new() will now use BN_dup() for the modulus so that
+     the BN_BLINDING structure gets an independent copy of the
+     modulus.  This means that the previous "BIGNUM *m" argument to
+     BN_BLINDING_new() and to BN_BLINDING_create_param() now
+     essentially becomes "const BIGNUM *m", although we can't actually
+     change this in the header file before 0.9.9.  It allows
+     RSA_setup_blinding() to use BN_with_flags() on the modulus to
+     enable BN_FLG_CONSTTIME.
+
+     [Matthew D Wood (Intel Corp)]
+
+  *) In the SSL/TLS server implementation, be strict about session ID
+     context matching (which matters if an application uses a single
+     external cache for different purposes).  Previously,
+     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+     set.  This did ensure strict client verification, but meant that,
+     with applications using a single external cache for quite
+     different requirements, clients could circumvent ciphersuite
+     restrictions for a given session ID context by starting a session
+     in a different context.
+     [Bodo Moeller]
 
   *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
      a ciphersuite string such as "DEFAULT:RSA" cannot enable
      authentication-only ciphersuites.
      [Bodo Moeller]
 
+  *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
+     not complete and could lead to a possible single byte overflow
+     (CVE-2007-5135) [Ben Laurie]
+
+ Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
+
   *) Since AES128 and AES256 (and similarly Camellia128 and
      Camellia256) share a single mask bit in the logic of
      ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
@@ -1047,7 +1489,20 @@
      differing sizes.
      [Richard Levitte]
 
- Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]
+ Changes between 0.9.7m and 0.9.7n  [xx XXX xxxx]
+
+  *) In the SSL/TLS server implementation, be strict about session ID
+     context matching (which matters if an application uses a single
+     external cache for different purposes).  Previously,
+     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+     set.  This did ensure strict client verification, but meant that,
+     with applications using a single external cache for quite
+     different requirements, clients could circumvent ciphersuite
+     restrictions for a given session ID context by starting a session
+     in a different context.
+     [Bodo Moeller]
+
+ Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]
 
   *) Cleanse PEM buffers before freeing them since they may contain 
      sensitive data.
@@ -1063,6 +1518,20 @@
      kludge to work properly if AES128 is available and AES256 isn't.
      [Victor Duchovni]
 
+  *) Expand security boundary to match 1.1.1 module.
+     [Steve Henson]
+
+  *) Remove redundant features: hash file source, editing of test vectors
+     modify fipsld to use external fips_premain.c signature.
+     [Steve Henson]
+
+  *) New perl script mkfipsscr.pl to create shell scripts or batch files to
+     run algorithm test programs.
+     [Steve Henson]
+
+  *) Make algorithm test programs more tolerant of whitespace.
+     [Steve Henson]
+
   *) Have SSL/TLS server implementation tolerate "mismatched" record
      protocol version while receiving ClientHello even if the
      ClientHello is fragmented.  (The server can't insist on the

Modified: head/crypto/openssl/Configure
==============================================================================
--- head/crypto/openssl/Configure	Sun Jun 14 18:04:22 2009	(r194205)
+++ head/crypto/openssl/Configure	Sun Jun 14 19:45:16 2009	(r194206)
@@ -6,11 +6,13 @@ eval 'exec perl -S $0 ${1+"$@"}'
 ##
 
 require 5.000;
-use strict;
+eval 'use strict;';
+
+print STDERR "Warning: perl module strict not found.\n" if ($@);
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -54,6 +56,8 @@ my $usage="Usage: Configure [no-<cipher>
 # [no-]zlib     [don't] compile support for zlib compression.
 # zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
 #		library and will be loaded in run-time by the OpenSSL library.
+# enable-montasm 0.9.8 branch only: enable Montgomery x86 assembler backport
+#               from 0.9.9
 # 386           generate 80386 code
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
@@ -97,6 +101,11 @@ my $usage="Usage: Configure [no-<cipher>
 # SHA512_ASM	sha512_block is implemented in assembler
 # AES_ASM	ASE_[en|de]crypt is implemented in assembler
 
+# Minimum warning options... any contributions to OpenSSL should at least get
+# past these. 
+
+my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
 
 # MD2_CHAR slags pentium pros
@@ -114,12 +123,12 @@ my $tlib="-lnsl -lsocket";
 my $bits1="THIRTY_TWO_BIT ";
 my $bits2="SIXTY_FOUR_BIT ";
 
-my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o:rm86-elf.o:r586-elf.o";
-my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o:rm86-cof.o:r586-cof.o";
-my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o";
+my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o";
+my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o";
+my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o";
 
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o::::md5-x86_64.o:::rc4-x86_64.o::";
-my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::";
+my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::";
 
 my $no_asm="::::::::::";
 
@@ -150,12 +159,15 @@ my %table=(
 "debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
+"debug-ben-debug",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG  -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -march=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
 "debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -201,11 +213,11 @@ my %table=(
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 ####
 "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with Sun C setups
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
@@ -213,11 +225,11 @@ my %table=(
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
 "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
 
 #### SunOS configs, assuming sparc for the gcc one.
 #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
@@ -231,10 +243,10 @@ my %table=(
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-cc -o32' manually.
 "irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # N64 ABI builds.
 "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -321,8 +333,7 @@ my %table=(
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 ####
 "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -bpowerpc64-linux is transient option, -m64 should be the one to use...
-"linux-ppc64",	"gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -333,9 +344,9 @@ my %table=(
 "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -365,7 +376,7 @@ my %table=(
 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
 # simply *happens* to work around a compiler bug in gcc 3.3.3,
 # triggered by RIPEMD160 code.
-"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
@@ -403,12 +414,12 @@ my %table=(
 
 #### IBM's AIX.
 "aix3-cc",  "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:",
-"aix64-gcc","gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn::::::-X64",
+"aix-gcc",  "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
 # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
 # at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
 
 #
 # Cray T90 and similar (SDSC)
@@ -479,15 +490,20 @@ my %table=(
 "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
 "debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
 
-# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools
+# NetWare from David Ward (dsward@novell.com)
+# requires either MetroWerks NLM development tools, or gcc / nlmconv
+# NetWare defaults socket bio to WinSock sockets. However,
+# the builds can be configured to use BSD sockets instead.
 # netware-clib => legacy CLib c-runtime support
-"netware-clib", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-clib", "mwccnlm::::::${x86_gcc_opts}::",
+"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::",
+"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
+"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
 # netware-libc => LibC/NKS support
-# NetWare defaults socket bio to WinSock sockets. However, the LibC build can be
-# configured to use BSD sockets instead.
 "netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
 "netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
 "netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
 
 # DJGPP
 "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:",
@@ -500,8 +516,11 @@ my %table=(
 
 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
-"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 
 ##### A/UX
@@ -530,7 +549,9 @@ my %table=(
 
 my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
 		    VC-NT VC-CE VC-WIN32
-		    BC-32 OS2-EMX netware-clib netware-libc netware-libc-bsdsock);
+		    BC-32 OS2-EMX
+		    netware-clib netware-clib-bsdsock
+		    netware-libc netware-libc-bsdsock);
 
 my $idx = 0;
 my $idx_cc = $idx++;
@@ -563,12 +584,18 @@ my $prefix="";
 my $openssldir="";
 my $exe_ext="";
 my $install_prefix="";
+my $fipslibdir="/usr/local/ssl/fips-1.0/lib/";
+my $nofipscanistercheck=0;
+my $fipsdso=0;
+my $fipscanisterinternal="n";
+my $baseaddr="0xFB00000";
 my $no_threads=0;
 my $threads=0;
 my $no_shared=0; # but "no-shared" is default
 my $zlib=1;      # but "no-zlib" is default
 my $no_krb5=0;   # but "no-krb5" is implied unless "--with-krb5-..." is used
 my $no_rfc3779=1; # but "no-rfc3779" is default
+my $montasm=1;   # but "no-montasm" is default
 my $no_asm=0;
 my $no_dso=0;
 my $no_gmp=0;
@@ -585,10 +612,11 @@ my $rc2	="crypto/rc2/rc2.h";
 my $bf	="crypto/bf/bf_locl.h";
 my $bn_asm	="bn_asm.o";
 my $des_enc="des_enc.o fcrypt_b.o";
+my $fips_des_enc="fips_des_enc.o";
 my $aes_enc="aes_core.o aes_cbc.o";
 my $bf_enc	="bf_enc.o";
 my $cast_enc="c_enc.o";
-my $rc4_enc="rc4_enc.o";
+my $rc4_enc="rc4_enc.o rc4_skey.o";
 my $rc5_enc="rc5_enc.o";
 my $md5_obj="";
 my $sha1_obj="";
@@ -596,27 +624,40 @@ my $rmd160_obj="";
 my $processor="";
 my $default_ranlib;
 my $perl;
+my $fips=0;
 
 
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
-my %disabled = ( # "what"         => "comment"
-		 "camellia"	  => "default",
-		 "gmp"		  => "default",
+my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+                 "camellia"       => "default",
+                 "capieng"        => "default",
+                 "cms"            => "default",
+                 "gmp"            => "default",
+                 "jpake"          => "experimental",
                  "mdc2"           => "default",
+                 "montasm"        => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9)
                  "rc5"            => "default",
-		 "rfc3779"	  => "default",
+                 "rfc3779"        => "default",
+                 "seed"           => "default",
                  "shared"         => "default",
                  "zlib"           => "default",
                  "zlib-dynamic"   => "default"
                );
+my @experimental = ();
+
+# This is what $depflags will look like with the above defaults
+# (we need this to see if we should advise the user to run "make depend"):
+my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED";
+
 
-# Additional "no-..." options will be collected in %disabled.
-# To remove something from %disabled, use e.g. "enable-rc5".
-# For symmetry, "disable-..." is a synonym for "no-...".
+# Explicit "no-..." options will be collected in %disabled along with the defaults.
+# To remove something from %disabled, use "enable-foo" (unless it's experimental).
+# For symmetry, "disable-foo" is a synonym for "no-foo".
 
-# This is what $depflags will look like with the above default:
-my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 ";
+# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
+# We will collect such requests in @experimental.
+# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
 
 
 my $no_sse2=0;
@@ -625,6 +666,7 @@ my $no_sse2=0;
 
 my $flags;
 my $depflags;
+my $openssl_experimental_defines;
 my $openssl_algorithm_defines;
 my $openssl_thread_defines;
 my $openssl_sys_defines="";
@@ -645,6 +687,7 @@ while($argv_unprocessed)
 	{
 	$flags="";
 	$depflags="";
+	$openssl_experimental_defines="";
 	$openssl_algorithm_defines="";
 	$openssl_thread_defines="";
 	$openssl_sys_defines="";
@@ -670,25 +713,35 @@ PROCESS_ARGS:
 
 		if (/^no-(.+)$/ || /^disable-(.+)$/)
 			{
-			if ($1 eq "ssl")
+			if (!($disabled{$1} eq "experimental"))
 				{
-				$disabled{"ssl2"} = "option(ssl)";
-				$disabled{"ssl3"} = "option(ssl)";
-				}
-			elsif ($1 eq "tls")
-				{
-				$disabled{"tls1"} = "option(tls)"
-				}
-			else
-				{
-				$disabled{$1} = "option";
+				if ($1 eq "ssl")
+					{
+					$disabled{"ssl2"} = "option(ssl)";
+					$disabled{"ssl3"} = "option(ssl)";
+					}
+				elsif ($1 eq "tls")
+					{
+					$disabled{"tls1"} = "option(tls)"
+					}
+				else
+					{
+					$disabled{$1} = "option";
+					}
 				}
 			}			
-		elsif (/^enable-(.+)$/)
+		elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
 			{
-			delete $disabled{$1};
+			my $algo = $1;
+			if ($disabled{$algo} eq "experimental")
+				{
+				die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
+					unless (/^experimental-/);
+				push @experimental, $algo;
+				}
+			delete $disabled{$algo};
 
-			$threads = 1 if ($1 eq "threads");
+			$threads = 1 if ($algo eq "threads");
 			}
 		elsif (/^--test-sanity$/)
 			{
@@ -719,12 +772,36 @@ PROCESS_ARGS:
 			}
 		elsif (/^386$/)
 			{ $processor=386; }
+		elsif (/^fips$/)
+			{
+			$fips=1;
+		        }
 		elsif (/^rsaref$/)
 			{
 			# No RSAref support any more since it's not needed.
 			# The check for the option is there so scripts aren't
 			# broken
 			}
+		elsif (/^nofipscanistercheck$/)
+			{
+			$fips = 1;
+			$nofipscanistercheck = 1;
+			}
+		elsif (/^fipscanisterbuild$/)
+			{
+			$fips = 1;
+			$nofipscanistercheck = 1;
+			$fipslibdir="";
+			$fipscanisterinternal="y";
+			}
+		elsif (/^fipsdso$/)
+			{
+			$fips = 1;
+			$nofipscanistercheck = 1;
+			$fipslibdir="";
+			$fipscanisterinternal="y";
+			$fipsdso = 1;
+			}
 		elsif (/^[-+]/)
 			{
 			if (/^-[lL](.*)$/)
@@ -759,6 +836,14 @@ PROCESS_ARGS:
 				{
 				$withargs{"zlib-include"}="-I$1";
 				}
+			elsif (/^--with-fipslibdir=(.*)$/)
+				{
+				$fipslibdir="$1/";
+				}
+			elsif (/^--with-baseaddr=(.*)$/)
+				{
+				$baseaddr="$1";
+				}
 			else
 				{
 				print STDERR $usage;
@@ -838,6 +923,10 @@ if (defined($disabled{"md5"}) || defined
 	$disabled{"tls1"} = "forced";
 	}
 
+if (defined($disabled{"tls1"}))
+	{
+	$disabled{"tlsext"} = "forced";
+	}
 
 if ($target eq "TABLE") {
 	foreach $target (sort keys %table) {
@@ -862,6 +951,54 @@ print "Configuring for $target\n";
 
 &usage if (!defined($table{$target}));
 
+my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+my $cc = $fields[$idx_cc];
+# Allow environment CC to override compiler...
+if($ENV{CC}) {
+    $cc = $ENV{CC};
+}
+my $cflags = $fields[$idx_cflags];
+my $unistd = $fields[$idx_unistd];
+my $thread_cflag = $fields[$idx_thread_cflag];
+my $sys_id = $fields[$idx_sys_id];
+my $lflags = $fields[$idx_lflags];
+my $bn_ops = $fields[$idx_bn_ops];
+my $cpuid_obj = $fields[$idx_cpuid_obj];
+my $bn_obj = $fields[$idx_bn_obj];
+my $des_obj = $fields[$idx_des_obj];
+my $aes_obj = $fields[$idx_aes_obj];
+my $bf_obj = $fields[$idx_bf_obj];
+my $md5_obj = $fields[$idx_md5_obj];
+my $sha1_obj = $fields[$idx_sha1_obj];
+my $cast_obj = $fields[$idx_cast_obj];
+my $rc4_obj = $fields[$idx_rc4_obj];
+my $rmd160_obj = $fields[$idx_rmd160_obj];
+my $rc5_obj = $fields[$idx_rc5_obj];
+my $dso_scheme = $fields[$idx_dso_scheme];
+my $shared_target = $fields[$idx_shared_target];
+my $shared_cflag = $fields[$idx_shared_cflag];
+my $shared_ldflag = $fields[$idx_shared_ldflag];
+my $shared_extension = $fields[$idx_shared_extension];
+my $ranlib = $fields[$idx_ranlib];
+my $arflags = $fields[$idx_arflags];
+
+if ($fips)
+	{
+	delete $disabled{"shared"} if ($disabled{"shared"} eq "default");
+	$disabled{"asm"}="forced"
+		if ($target !~ "VC\-.*" &&
+		    "$cpuid_obj:$bn_obj:$aes_obj:$des_obj:$sha1_obj" eq "::::");
+	}
+
+foreach (sort @experimental)
+	{
+	my $ALGO;
+	($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
+
+	# opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
+	$openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
+	$cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
+	}
 
 foreach (sort (keys %disabled))
 	{
@@ -877,6 +1014,8 @@ foreach (sort (keys %disabled))
 		{ $no_shared = 1; }
 	elsif (/^zlib$/)
 		{ $zlib = 0; }
+	elsif (/^montasm$/)
+		{ $montasm = 0; }
 	elsif (/^static-engine$/)
 		{ }
 	elsif (/^zlib-dynamic$/)
@@ -910,7 +1049,7 @@ foreach (sort (keys %disabled))
 				push @skip, $algo;
 				print " (skip dir)";
 
-				$depflags .="-DOPENSSL_NO_$ALGO ";
+				$depflags .= " -DOPENSSL_NO_$ALGO";

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906141945.n5EJjHbW058273>