svn commit: r238384 - in vendor-crypto/openssl/dist: . apps apps/demoCA bugs certs/demo crypto crypto/aes crypto/aes/asm crypto/asn1 crypto/bf crypto/bf/asm crypto/bio crypto/bn crypto/bn/asm crypt...

Jung-uk Kim jkim at FreeBSD.org
Wed Jul 11 23:31:39 UTC 2012


Author: jkim
Date: Wed Jul 11 23:31:36 2012
New Revision: 238384
URL: http://svn.freebsd.org/changeset/base/238384

Log:
  Import OpenSSL 1.0.1c.
  
  Approved by:	benl (maintainer)

Added:
  vendor-crypto/openssl/dist/apps/genpkey.c   (contents, props changed)
  vendor-crypto/openssl/dist/apps/pkey.c   (contents, props changed)
  vendor-crypto/openssl/dist/apps/pkeyparam.c   (contents, props changed)
  vendor-crypto/openssl/dist/apps/pkeyutl.c   (contents, props changed)
  vendor-crypto/openssl/dist/apps/srp.c   (contents, props changed)
  vendor-crypto/openssl/dist/apps/ts.c   (contents, props changed)
  vendor-crypto/openssl/dist/apps/tsget
  vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-armv4.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-mips.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-parisc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-ppc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-s390x.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-sparcv9.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aesni-x86.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aesni-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/bsaes-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/arm_arch.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/armcap.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/armv4cpuid.S   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/asn1/asn1_locl.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/asn1/bio_ndef.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/asn1/x_nx509.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/armv4-gf2m.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/armv4-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/ia64-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/mips-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/mips.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/mips3-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/modexp512-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/parisc-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/ppc-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/ppc64-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/s390x-gf2m.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/s390x-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/s390x.S   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/sparcv9-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/sparcv9a-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/via-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/x86-gf2m.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/x86-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gf2m.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/camellia/asm/cmll-x86.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/camellia/asm/cmll-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/camellia/cmll_utl.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/cmac/
  vendor-crypto/openssl/dist/crypto/cmac/Makefile   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/cmac/cm_ameth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/cmac/cm_pmeth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/cmac/cmac.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/cmac/cmac.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/dh/dh_ameth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/dh/dh_pmeth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/dh/dh_prn.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/dsa/dsa_ameth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/dsa/dsa_locl.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/dsa/dsa_pmeth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/dsa/dsa_prn.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/dso/dso_beos.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ec2_oct.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ec_ameth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ec_oct.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ec_pmeth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/eck_prn.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ecp_nistp224.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ecp_nistp256.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ecp_nistp521.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ecp_nistputil.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ecp_oct.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/engine/eng_rdrand.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/engine/eng_rsax.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/engine/tb_asnmth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/engine/tb_pkmeth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/evp/e_rc4_hmac_md5.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/evp/evp_fips.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/evp/m_sigver.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/evp/m_wp.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/evp/pmeth_fn.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/evp/pmeth_gn.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/evp/pmeth_lib.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/fips_ers.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/hmac/hm_ameth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/hmac/hm_pmeth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/md5/asm/md5-ia64.S   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/
  vendor-crypto/openssl/dist/crypto/modes/Makefile   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/asm/
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-armv4.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-ia64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-parisc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-s390x.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-sparcv9.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-x86.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/cbc128.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/ccm128.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/cfb128.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/ctr128.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/cts128.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/gcm128.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/modes.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/modes_lcl.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/ofb128.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/xts128.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/o_fips.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/objects/obj_xref.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/objects/obj_xref.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/objects/obj_xref.txt   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/objects/objxref.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/pariscid.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/pem/pvkfmt.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/perlasm/ppc-xlate.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/perlasm/x86gas.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/perlasm/x86masm.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/pkcs7/bio_pk7.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ppccap.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ppccpuid.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-ia64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-md5-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-parisc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-s390x.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/rc4/rc4_utl.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/rsa/rsa_ameth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/rsa/rsa_crpt.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/rsa/rsa_locl.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/rsa/rsa_pmeth.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/rsa/rsa_prn.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/s390xcap.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/s390xcpuid.S   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-armv4-large.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-mips.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-parisc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-ppc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-s390x.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-sparcv9.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-sparcv9a.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-thumb.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha256-586.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha256-armv4.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-586.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-armv4.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-mips.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-parisc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-ppc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-s390x.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-sparcv9.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sparcv9cap.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/srp/
  vendor-crypto/openssl/dist/crypto/srp/Makefile   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/srp/srp.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/srp/srp_grps.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/srp/srp_lcl.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/srp/srp_lib.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/srp/srp_vfy.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/srp/srptest.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/
  vendor-crypto/openssl/dist/crypto/ts/Makefile   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_asn1.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_conf.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_err.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_lib.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_req_print.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_req_utils.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_rsp_print.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_rsp_sign.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_rsp_utils.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_rsp_verify.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ts/ts_verify_ctx.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/vms_rms.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/whrlpool/
  vendor-crypto/openssl/dist/crypto/whrlpool/Makefile   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/whrlpool/asm/
  vendor-crypto/openssl/dist/crypto/whrlpool/asm/wp-mmx.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/whrlpool/asm/wp-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/whrlpool/whrlpool.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/whrlpool/wp_block.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/whrlpool/wp_dgst.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/whrlpool/wp_locl.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/whrlpool/wp_test.c   (contents, props changed)
  vendor-crypto/openssl/dist/doc/apps/cms.pod
  vendor-crypto/openssl/dist/doc/apps/genpkey.pod
  vendor-crypto/openssl/dist/doc/apps/pkey.pod
  vendor-crypto/openssl/dist/doc/apps/pkeyparam.pod
  vendor-crypto/openssl/dist/doc/apps/pkeyutl.pod
  vendor-crypto/openssl/dist/doc/apps/ts.pod
  vendor-crypto/openssl/dist/doc/apps/tsget.pod
  vendor-crypto/openssl/dist/doc/crypto/BIO_new_CMS.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_add0_cert.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_add1_recipient_cert.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_compress.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_decrypt.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_encrypt.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_final.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_get0_RecipientInfos.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_get0_SignerInfos.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_get0_type.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_get1_ReceiptRequest.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_sign.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_sign_add1_signer.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_sign_receipt.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_uncompress.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_verify.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_verify_receipt.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_DigestSignInit.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_CTX_ctrl.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_CTX_new.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_cmp.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_decrypt.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_derive.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_encrypt.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_get_default_digest.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_keygen.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_print_private.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_sign.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_verify.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_verifyrecover.pod
  vendor-crypto/openssl/dist/doc/crypto/PEM_write_bio_CMS_stream.pod
  vendor-crypto/openssl/dist/doc/crypto/PEM_write_bio_PKCS7_stream.pod
  vendor-crypto/openssl/dist/doc/crypto/PKCS7_sign_add_signer.pod
  vendor-crypto/openssl/dist/doc/crypto/SMIME_read_CMS.pod
  vendor-crypto/openssl/dist/doc/crypto/SMIME_write_CMS.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_STORE_CTX_get_error.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_STORE_CTX_new.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_STORE_set_verify_cb_func.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_verify_cert.pod
  vendor-crypto/openssl/dist/doc/crypto/i2d_CMS_bio_stream.pod
  vendor-crypto/openssl/dist/doc/crypto/i2d_PKCS7_bio_stream.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_psk_client_callback.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_get_psk_identity.pod
  vendor-crypto/openssl/dist/engines/ccgost/
  vendor-crypto/openssl/dist/engines/ccgost/Makefile   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/README.gost
  vendor-crypto/openssl/dist/engines/ccgost/e_gost_err.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/e_gost_err.h   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost2001.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost2001_keyx.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost2001_keyx.h   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost89.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost89.h   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost94_keyx.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_ameth.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_asn1.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_crypt.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_ctl.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_eng.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_keywrap.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_keywrap.h   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_lcl.h   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_md.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_params.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_params.h   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_pmeth.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gost_sign.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gosthash.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gosthash.h   (contents, props changed)
  vendor-crypto/openssl/dist/engines/ccgost/gostsum.c   (contents, props changed)
  vendor-crypto/openssl/dist/engines/e_padlock.c   (contents, props changed)
  vendor-crypto/openssl/dist/ssl/d1_srtp.c   (contents, props changed)
  vendor-crypto/openssl/dist/ssl/srtp.h   (contents, props changed)
  vendor-crypto/openssl/dist/ssl/tls_srp.c   (contents, props changed)
  vendor-crypto/openssl/dist/util/cygwin.sh   (contents, props changed)
  vendor-crypto/openssl/dist/util/mkrc.pl   (contents, props changed)
Deleted:
  vendor-crypto/openssl/dist/apps/demoCA/
  vendor-crypto/openssl/dist/apps/md4.c
  vendor-crypto/openssl/dist/apps/winrand.c
  vendor-crypto/openssl/dist/bugs/
  vendor-crypto/openssl/dist/certs/demo/
  vendor-crypto/openssl/dist/crypto/LPdir_nyi.c
  vendor-crypto/openssl/dist/crypto/LPdir_vms.c
  vendor-crypto/openssl/dist/crypto/LPdir_win.c
  vendor-crypto/openssl/dist/crypto/LPdir_win32.c
  vendor-crypto/openssl/dist/crypto/LPdir_wince.c
  vendor-crypto/openssl/dist/crypto/asn1/a_hdr.c
  vendor-crypto/openssl/dist/crypto/asn1/a_meth.c
  vendor-crypto/openssl/dist/crypto/asn1/p8_key.c
  vendor-crypto/openssl/dist/crypto/bf/bfs.cpp
  vendor-crypto/openssl/dist/crypto/bn/asm/mo-586.pl
  vendor-crypto/openssl/dist/crypto/bn/bn_opt.c
  vendor-crypto/openssl/dist/crypto/cast/casts.cpp
  vendor-crypto/openssl/dist/crypto/des/asm/des686.pl
  vendor-crypto/openssl/dist/crypto/des/des3s.cpp
  vendor-crypto/openssl/dist/crypto/des/des_lib.c
  vendor-crypto/openssl/dist/crypto/des/dess.cpp
  vendor-crypto/openssl/dist/crypto/des/t/
  vendor-crypto/openssl/dist/crypto/des/times/
  vendor-crypto/openssl/dist/crypto/dsa/dsa_utl.c
  vendor-crypto/openssl/dist/crypto/dyn_lck.c
  vendor-crypto/openssl/dist/crypto/ec/ec2_smpt.c
  vendor-crypto/openssl/dist/crypto/engine/eng_padlock.c
  vendor-crypto/openssl/dist/crypto/err/err_bio.c
  vendor-crypto/openssl/dist/crypto/err/err_def.c
  vendor-crypto/openssl/dist/crypto/err/err_str.c
  vendor-crypto/openssl/dist/crypto/err/openssl.ec
  vendor-crypto/openssl/dist/crypto/evp/dig_eng.c
  vendor-crypto/openssl/dist/crypto/evp/enc_min.c
  vendor-crypto/openssl/dist/crypto/evp/evp_cnf.c
  vendor-crypto/openssl/dist/crypto/fips_err.c
  vendor-crypto/openssl/dist/crypto/md4/md4s.cpp
  vendor-crypto/openssl/dist/crypto/md5/md5s.cpp
  vendor-crypto/openssl/dist/crypto/perlasm/x86ms.pl
  vendor-crypto/openssl/dist/crypto/perlasm/x86unix.pl
  vendor-crypto/openssl/dist/crypto/pqueue/pq_compat.h
  vendor-crypto/openssl/dist/crypto/rand/rand_eng.c
  vendor-crypto/openssl/dist/crypto/rand/rand_nw.c
  vendor-crypto/openssl/dist/crypto/rand/rand_os2.c
  vendor-crypto/openssl/dist/crypto/rand/rand_vms.c
  vendor-crypto/openssl/dist/crypto/rand/rand_win.c
  vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-ia64.S
  vendor-crypto/openssl/dist/crypto/rc4/rc4_fblk.c
  vendor-crypto/openssl/dist/crypto/rc4/rc4s.cpp
  vendor-crypto/openssl/dist/crypto/rc5/rc5s.cpp
  vendor-crypto/openssl/dist/crypto/ripemd/asm/rips.cpp
  vendor-crypto/openssl/dist/crypto/rsa/rsa_eng.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_x931g.c
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-sse2.pl
  vendor-crypto/openssl/dist/crypto/sha/sha1s.cpp
  vendor-crypto/openssl/dist/crypto/tmdiff.c
  vendor-crypto/openssl/dist/crypto/tmdiff.h
  vendor-crypto/openssl/dist/demos/
  vendor-crypto/openssl/dist/engines/alpha.opt
  vendor-crypto/openssl/dist/engines/e_4758cca.ec
  vendor-crypto/openssl/dist/engines/e_aep.ec
  vendor-crypto/openssl/dist/engines/e_atalla.ec
  vendor-crypto/openssl/dist/engines/e_capi.ec
  vendor-crypto/openssl/dist/engines/e_chil.ec
  vendor-crypto/openssl/dist/engines/e_cswift.ec
  vendor-crypto/openssl/dist/engines/e_gmp.ec
  vendor-crypto/openssl/dist/engines/e_nuron.ec
  vendor-crypto/openssl/dist/engines/e_sureware.ec
  vendor-crypto/openssl/dist/engines/e_ubsec.ec
  vendor-crypto/openssl/dist/engines/ia64.opt
  vendor-crypto/openssl/dist/engines/vax.opt
  vendor-crypto/openssl/dist/fips/
  vendor-crypto/openssl/dist/openssl.doxy
  vendor-crypto/openssl/dist/openssl.spec
  vendor-crypto/openssl/dist/test/
  vendor-crypto/openssl/dist/times/
  vendor-crypto/openssl/dist/tools/
  vendor-crypto/openssl/dist/util/arx.pl
  vendor-crypto/openssl/dist/util/fipslink.pl
  vendor-crypto/openssl/dist/util/mksdef.pl
Modified:
  vendor-crypto/openssl/dist/CHANGES
  vendor-crypto/openssl/dist/CHANGES.SSLeay
  vendor-crypto/openssl/dist/Configure
  vendor-crypto/openssl/dist/FREEBSD-Xlist
  vendor-crypto/openssl/dist/FREEBSD-upgrade
  vendor-crypto/openssl/dist/INSTALL
  vendor-crypto/openssl/dist/Makefile
  vendor-crypto/openssl/dist/Makefile.org
  vendor-crypto/openssl/dist/Makefile.shared
  vendor-crypto/openssl/dist/NEWS
  vendor-crypto/openssl/dist/README
  vendor-crypto/openssl/dist/apps/Makefile
  vendor-crypto/openssl/dist/apps/apps.c
  vendor-crypto/openssl/dist/apps/apps.h
  vendor-crypto/openssl/dist/apps/asn1pars.c
  vendor-crypto/openssl/dist/apps/ca.c
  vendor-crypto/openssl/dist/apps/ciphers.c
  vendor-crypto/openssl/dist/apps/client.pem
  vendor-crypto/openssl/dist/apps/cms.c
  vendor-crypto/openssl/dist/apps/crl2p7.c
  vendor-crypto/openssl/dist/apps/dgst.c
  vendor-crypto/openssl/dist/apps/dh.c
  vendor-crypto/openssl/dist/apps/dhparam.c
  vendor-crypto/openssl/dist/apps/dsa.c
  vendor-crypto/openssl/dist/apps/ec.c
  vendor-crypto/openssl/dist/apps/ecparam.c
  vendor-crypto/openssl/dist/apps/enc.c
  vendor-crypto/openssl/dist/apps/engine.c
  vendor-crypto/openssl/dist/apps/errstr.c
  vendor-crypto/openssl/dist/apps/gendh.c
  vendor-crypto/openssl/dist/apps/genrsa.c
  vendor-crypto/openssl/dist/apps/ocsp.c
  vendor-crypto/openssl/dist/apps/openssl.c
  vendor-crypto/openssl/dist/apps/openssl.cnf
  vendor-crypto/openssl/dist/apps/pkcs12.c
  vendor-crypto/openssl/dist/apps/pkcs7.c
  vendor-crypto/openssl/dist/apps/pkcs8.c
  vendor-crypto/openssl/dist/apps/prime.c
  vendor-crypto/openssl/dist/apps/progs.h
  vendor-crypto/openssl/dist/apps/progs.pl
  vendor-crypto/openssl/dist/apps/req.c
  vendor-crypto/openssl/dist/apps/rsa.c
  vendor-crypto/openssl/dist/apps/rsautl.c
  vendor-crypto/openssl/dist/apps/s_apps.h
  vendor-crypto/openssl/dist/apps/s_cb.c
  vendor-crypto/openssl/dist/apps/s_client.c
  vendor-crypto/openssl/dist/apps/s_server.c
  vendor-crypto/openssl/dist/apps/s_socket.c
  vendor-crypto/openssl/dist/apps/s_time.c
  vendor-crypto/openssl/dist/apps/server.pem
  vendor-crypto/openssl/dist/apps/server2.pem
  vendor-crypto/openssl/dist/apps/sess_id.c
  vendor-crypto/openssl/dist/apps/smime.c
  vendor-crypto/openssl/dist/apps/speed.c
  vendor-crypto/openssl/dist/apps/verify.c
  vendor-crypto/openssl/dist/apps/x509.c
  vendor-crypto/openssl/dist/config
  vendor-crypto/openssl/dist/crypto/Makefile
  vendor-crypto/openssl/dist/crypto/aes/Makefile
  vendor-crypto/openssl/dist/crypto/aes/aes.h
  vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c
  vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c
  vendor-crypto/openssl/dist/crypto/aes/aes_core.c
  vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c
  vendor-crypto/openssl/dist/crypto/aes/aes_ige.c
  vendor-crypto/openssl/dist/crypto/aes/aes_misc.c
  vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-586.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-x86_64.pl
  vendor-crypto/openssl/dist/crypto/asn1/Makefile
  vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c
  vendor-crypto/openssl/dist/crypto/asn1/a_digest.c
  vendor-crypto/openssl/dist/crypto/asn1/a_dup.c
  vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c
  vendor-crypto/openssl/dist/crypto/asn1/a_int.c
  vendor-crypto/openssl/dist/crypto/asn1/a_object.c
  vendor-crypto/openssl/dist/crypto/asn1/a_octet.c
  vendor-crypto/openssl/dist/crypto/asn1/a_set.c
  vendor-crypto/openssl/dist/crypto/asn1/a_sign.c
  vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c
  vendor-crypto/openssl/dist/crypto/asn1/a_time.c
  vendor-crypto/openssl/dist/crypto/asn1/a_type.c
  vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c
  vendor-crypto/openssl/dist/crypto/asn1/a_verify.c
  vendor-crypto/openssl/dist/crypto/asn1/asn1.h
  vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c
  vendor-crypto/openssl/dist/crypto/asn1/asn1_gen.c
  vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c
  vendor-crypto/openssl/dist/crypto/asn1/asn1_mac.h
  vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c
  vendor-crypto/openssl/dist/crypto/asn1/asn1t.h
  vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c
  vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c
  vendor-crypto/openssl/dist/crypto/asn1/charmap.h
  vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c
  vendor-crypto/openssl/dist/crypto/asn1/d2i_pu.c
  vendor-crypto/openssl/dist/crypto/asn1/i2d_pr.c
  vendor-crypto/openssl/dist/crypto/asn1/n_pkey.c
  vendor-crypto/openssl/dist/crypto/asn1/nsseq.c
  vendor-crypto/openssl/dist/crypto/asn1/p5_pbe.c
  vendor-crypto/openssl/dist/crypto/asn1/p5_pbev2.c
  vendor-crypto/openssl/dist/crypto/asn1/p8_pkey.c
  vendor-crypto/openssl/dist/crypto/asn1/t_crl.c
  vendor-crypto/openssl/dist/crypto/asn1/t_pkey.c
  vendor-crypto/openssl/dist/crypto/asn1/t_req.c
  vendor-crypto/openssl/dist/crypto/asn1/t_spki.c
  vendor-crypto/openssl/dist/crypto/asn1/t_x509.c
  vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c
  vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c
  vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c
  vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c
  vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c
  vendor-crypto/openssl/dist/crypto/asn1/tasn_typ.c
  vendor-crypto/openssl/dist/crypto/asn1/x_algor.c
  vendor-crypto/openssl/dist/crypto/asn1/x_crl.c
  vendor-crypto/openssl/dist/crypto/asn1/x_long.c
  vendor-crypto/openssl/dist/crypto/asn1/x_name.c
  vendor-crypto/openssl/dist/crypto/asn1/x_pubkey.c
  vendor-crypto/openssl/dist/crypto/asn1/x_req.c
  vendor-crypto/openssl/dist/crypto/asn1/x_x509.c
  vendor-crypto/openssl/dist/crypto/bf/Makefile
  vendor-crypto/openssl/dist/crypto/bf/asm/bf-586.pl
  vendor-crypto/openssl/dist/crypto/bf/bf_skey.c
  vendor-crypto/openssl/dist/crypto/bf/blowfish.h
  vendor-crypto/openssl/dist/crypto/bio/Makefile
  vendor-crypto/openssl/dist/crypto/bio/b_print.c
  vendor-crypto/openssl/dist/crypto/bio/b_sock.c
  vendor-crypto/openssl/dist/crypto/bio/bio.h
  vendor-crypto/openssl/dist/crypto/bio/bio_cb.c
  vendor-crypto/openssl/dist/crypto/bio/bio_err.c
  vendor-crypto/openssl/dist/crypto/bio/bio_lcl.h
  vendor-crypto/openssl/dist/crypto/bio/bio_lib.c
  vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c
  vendor-crypto/openssl/dist/crypto/bio/bss_bio.c
  vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c
  vendor-crypto/openssl/dist/crypto/bio/bss_fd.c
  vendor-crypto/openssl/dist/crypto/bio/bss_file.c
  vendor-crypto/openssl/dist/crypto/bio/bss_log.c
  vendor-crypto/openssl/dist/crypto/bio/bss_mem.c
  vendor-crypto/openssl/dist/crypto/bn/Makefile
  vendor-crypto/openssl/dist/crypto/bn/asm/bn-586.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/co-586.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/ppc.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/sparcv8plus.S
  vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c
  vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl
  vendor-crypto/openssl/dist/crypto/bn/bn.h
  vendor-crypto/openssl/dist/crypto/bn/bn_asm.c
  vendor-crypto/openssl/dist/crypto/bn/bn_blind.c
  vendor-crypto/openssl/dist/crypto/bn/bn_ctx.c
  vendor-crypto/openssl/dist/crypto/bn/bn_div.c
  vendor-crypto/openssl/dist/crypto/bn/bn_exp.c
  vendor-crypto/openssl/dist/crypto/bn/bn_gf2m.c
  vendor-crypto/openssl/dist/crypto/bn/bn_lcl.h
  vendor-crypto/openssl/dist/crypto/bn/bn_lib.c
  vendor-crypto/openssl/dist/crypto/bn/bn_mont.c
  vendor-crypto/openssl/dist/crypto/bn/bn_nist.c
  vendor-crypto/openssl/dist/crypto/bn/bn_print.c
  vendor-crypto/openssl/dist/crypto/bn/bn_shift.c
  vendor-crypto/openssl/dist/crypto/bn/bntest.c
  vendor-crypto/openssl/dist/crypto/bn/exptest.c
  vendor-crypto/openssl/dist/crypto/buffer/Makefile
  vendor-crypto/openssl/dist/crypto/buffer/buf_err.c
  vendor-crypto/openssl/dist/crypto/buffer/buf_str.c
  vendor-crypto/openssl/dist/crypto/buffer/buffer.c
  vendor-crypto/openssl/dist/crypto/buffer/buffer.h
  vendor-crypto/openssl/dist/crypto/camellia/Makefile
  vendor-crypto/openssl/dist/crypto/camellia/camellia.c
  vendor-crypto/openssl/dist/crypto/camellia/camellia.h
  vendor-crypto/openssl/dist/crypto/camellia/cmll_cbc.c
  vendor-crypto/openssl/dist/crypto/camellia/cmll_cfb.c
  vendor-crypto/openssl/dist/crypto/camellia/cmll_ctr.c
  vendor-crypto/openssl/dist/crypto/camellia/cmll_locl.h
  vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c
  vendor-crypto/openssl/dist/crypto/camellia/cmll_ofb.c
  vendor-crypto/openssl/dist/crypto/cast/Makefile
  vendor-crypto/openssl/dist/crypto/cast/asm/cast-586.pl
  vendor-crypto/openssl/dist/crypto/cast/c_skey.c
  vendor-crypto/openssl/dist/crypto/cast/cast.h
  vendor-crypto/openssl/dist/crypto/cms/Makefile
  vendor-crypto/openssl/dist/crypto/cms/cms.h
  vendor-crypto/openssl/dist/crypto/cms/cms_asn1.c
  vendor-crypto/openssl/dist/crypto/cms/cms_env.c
  vendor-crypto/openssl/dist/crypto/cms/cms_err.c
  vendor-crypto/openssl/dist/crypto/cms/cms_ess.c
  vendor-crypto/openssl/dist/crypto/cms/cms_io.c
  vendor-crypto/openssl/dist/crypto/cms/cms_lcl.h
  vendor-crypto/openssl/dist/crypto/cms/cms_lib.c
  vendor-crypto/openssl/dist/crypto/cms/cms_sd.c
  vendor-crypto/openssl/dist/crypto/cms/cms_smime.c
  vendor-crypto/openssl/dist/crypto/comp/Makefile
  vendor-crypto/openssl/dist/crypto/comp/c_rle.c
  vendor-crypto/openssl/dist/crypto/comp/c_zlib.c
  vendor-crypto/openssl/dist/crypto/comp/comp_err.c
  vendor-crypto/openssl/dist/crypto/conf/Makefile
  vendor-crypto/openssl/dist/crypto/conf/README
  vendor-crypto/openssl/dist/crypto/conf/conf.h
  vendor-crypto/openssl/dist/crypto/conf/conf_api.c
  vendor-crypto/openssl/dist/crypto/conf/conf_def.c
  vendor-crypto/openssl/dist/crypto/conf/conf_err.c
  vendor-crypto/openssl/dist/crypto/conf/conf_lib.c
  vendor-crypto/openssl/dist/crypto/conf/conf_mall.c
  vendor-crypto/openssl/dist/crypto/conf/conf_mod.c
  vendor-crypto/openssl/dist/crypto/cpt_err.c
  vendor-crypto/openssl/dist/crypto/cryptlib.c
  vendor-crypto/openssl/dist/crypto/cryptlib.h
  vendor-crypto/openssl/dist/crypto/crypto.h
  vendor-crypto/openssl/dist/crypto/des/Makefile
  vendor-crypto/openssl/dist/crypto/des/asm/crypt586.pl
  vendor-crypto/openssl/dist/crypto/des/asm/des-586.pl
  vendor-crypto/openssl/dist/crypto/des/asm/des_enc.m4
  vendor-crypto/openssl/dist/crypto/des/des.h
  vendor-crypto/openssl/dist/crypto/des/des_enc.c
  vendor-crypto/openssl/dist/crypto/des/des_locl.h
  vendor-crypto/openssl/dist/crypto/des/ecb_enc.c
  vendor-crypto/openssl/dist/crypto/des/enc_read.c
  vendor-crypto/openssl/dist/crypto/des/enc_writ.c
  vendor-crypto/openssl/dist/crypto/des/fcrypt_b.c
  vendor-crypto/openssl/dist/crypto/des/set_key.c
  vendor-crypto/openssl/dist/crypto/des/xcbc_enc.c
  vendor-crypto/openssl/dist/crypto/dh/Makefile
  vendor-crypto/openssl/dist/crypto/dh/dh.h
  vendor-crypto/openssl/dist/crypto/dh/dh_asn1.c
  vendor-crypto/openssl/dist/crypto/dh/dh_check.c
  vendor-crypto/openssl/dist/crypto/dh/dh_err.c
  vendor-crypto/openssl/dist/crypto/dh/dh_gen.c
  vendor-crypto/openssl/dist/crypto/dh/dh_key.c
  vendor-crypto/openssl/dist/crypto/dh/dh_lib.c
  vendor-crypto/openssl/dist/crypto/dsa/Makefile
  vendor-crypto/openssl/dist/crypto/dsa/dsa.h
  vendor-crypto/openssl/dist/crypto/dsa/dsa_asn1.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_err.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_key.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_lib.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_sign.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_vrf.c
  vendor-crypto/openssl/dist/crypto/dsa/dsatest.c
  vendor-crypto/openssl/dist/crypto/dso/Makefile
  vendor-crypto/openssl/dist/crypto/dso/dso.h
  vendor-crypto/openssl/dist/crypto/dso/dso_dl.c
  vendor-crypto/openssl/dist/crypto/dso/dso_dlfcn.c
  vendor-crypto/openssl/dist/crypto/dso/dso_err.c
  vendor-crypto/openssl/dist/crypto/dso/dso_lib.c
  vendor-crypto/openssl/dist/crypto/dso/dso_null.c
  vendor-crypto/openssl/dist/crypto/dso/dso_openssl.c
  vendor-crypto/openssl/dist/crypto/ec/Makefile
  vendor-crypto/openssl/dist/crypto/ec/ec.h
  vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c
  vendor-crypto/openssl/dist/crypto/ec/ec2_smpl.c
  vendor-crypto/openssl/dist/crypto/ec/ec_asn1.c
  vendor-crypto/openssl/dist/crypto/ec/ec_curve.c
  vendor-crypto/openssl/dist/crypto/ec/ec_cvt.c
  vendor-crypto/openssl/dist/crypto/ec/ec_err.c
  vendor-crypto/openssl/dist/crypto/ec/ec_key.c
  vendor-crypto/openssl/dist/crypto/ec/ec_lcl.h
  vendor-crypto/openssl/dist/crypto/ec/ec_lib.c
  vendor-crypto/openssl/dist/crypto/ec/ec_mult.c
  vendor-crypto/openssl/dist/crypto/ec/ecp_mont.c
  vendor-crypto/openssl/dist/crypto/ec/ecp_nist.c
  vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c
  vendor-crypto/openssl/dist/crypto/ec/ectest.c
  vendor-crypto/openssl/dist/crypto/ecdh/Makefile
  vendor-crypto/openssl/dist/crypto/ecdh/ecdh.h
  vendor-crypto/openssl/dist/crypto/ecdh/ecdhtest.c
  vendor-crypto/openssl/dist/crypto/ecdh/ech_err.c
  vendor-crypto/openssl/dist/crypto/ecdh/ech_lib.c
  vendor-crypto/openssl/dist/crypto/ecdh/ech_locl.h
  vendor-crypto/openssl/dist/crypto/ecdh/ech_ossl.c
  vendor-crypto/openssl/dist/crypto/ecdsa/Makefile
  vendor-crypto/openssl/dist/crypto/ecdsa/ecdsa.h
  vendor-crypto/openssl/dist/crypto/ecdsa/ecdsatest.c
  vendor-crypto/openssl/dist/crypto/ecdsa/ecs_err.c
  vendor-crypto/openssl/dist/crypto/ecdsa/ecs_lib.c
  vendor-crypto/openssl/dist/crypto/ecdsa/ecs_locl.h
  vendor-crypto/openssl/dist/crypto/ecdsa/ecs_ossl.c
  vendor-crypto/openssl/dist/crypto/engine/Makefile
  vendor-crypto/openssl/dist/crypto/engine/eng_all.c
  vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c
  vendor-crypto/openssl/dist/crypto/engine/eng_dyn.c
  vendor-crypto/openssl/dist/crypto/engine/eng_err.c
  vendor-crypto/openssl/dist/crypto/engine/eng_fat.c
  vendor-crypto/openssl/dist/crypto/engine/eng_int.h
  vendor-crypto/openssl/dist/crypto/engine/eng_lib.c
  vendor-crypto/openssl/dist/crypto/engine/eng_list.c
  vendor-crypto/openssl/dist/crypto/engine/eng_openssl.c
  vendor-crypto/openssl/dist/crypto/engine/eng_table.c
  vendor-crypto/openssl/dist/crypto/engine/engine.h
  vendor-crypto/openssl/dist/crypto/engine/enginetest.c
  vendor-crypto/openssl/dist/crypto/err/Makefile
  vendor-crypto/openssl/dist/crypto/err/err.c
  vendor-crypto/openssl/dist/crypto/err/err.h
  vendor-crypto/openssl/dist/crypto/err/err_all.c
  vendor-crypto/openssl/dist/crypto/err/err_prn.c
  vendor-crypto/openssl/dist/crypto/evp/Makefile
  vendor-crypto/openssl/dist/crypto/evp/bio_enc.c
  vendor-crypto/openssl/dist/crypto/evp/bio_md.c
  vendor-crypto/openssl/dist/crypto/evp/bio_ok.c
  vendor-crypto/openssl/dist/crypto/evp/c_all.c
  vendor-crypto/openssl/dist/crypto/evp/c_allc.c
  vendor-crypto/openssl/dist/crypto/evp/c_alld.c
  vendor-crypto/openssl/dist/crypto/evp/digest.c
  vendor-crypto/openssl/dist/crypto/evp/e_aes.c
  vendor-crypto/openssl/dist/crypto/evp/e_camellia.c
  vendor-crypto/openssl/dist/crypto/evp/e_des.c
  vendor-crypto/openssl/dist/crypto/evp/e_des3.c
  vendor-crypto/openssl/dist/crypto/evp/e_idea.c
  vendor-crypto/openssl/dist/crypto/evp/e_null.c
  vendor-crypto/openssl/dist/crypto/evp/e_rc2.c
  vendor-crypto/openssl/dist/crypto/evp/e_rc4.c
  vendor-crypto/openssl/dist/crypto/evp/e_seed.c
  vendor-crypto/openssl/dist/crypto/evp/e_xcbc_d.c
  vendor-crypto/openssl/dist/crypto/evp/encode.c
  vendor-crypto/openssl/dist/crypto/evp/evp.h
  vendor-crypto/openssl/dist/crypto/evp/evp_enc.c
  vendor-crypto/openssl/dist/crypto/evp/evp_err.c
  vendor-crypto/openssl/dist/crypto/evp/evp_key.c
  vendor-crypto/openssl/dist/crypto/evp/evp_lib.c
  vendor-crypto/openssl/dist/crypto/evp/evp_locl.h
  vendor-crypto/openssl/dist/crypto/evp/evp_pbe.c
  vendor-crypto/openssl/dist/crypto/evp/evp_pkey.c
  vendor-crypto/openssl/dist/crypto/evp/evp_test.c
  vendor-crypto/openssl/dist/crypto/evp/evptests.txt
  vendor-crypto/openssl/dist/crypto/evp/m_dss.c
  vendor-crypto/openssl/dist/crypto/evp/m_dss1.c
  vendor-crypto/openssl/dist/crypto/evp/m_ecdsa.c
  vendor-crypto/openssl/dist/crypto/evp/m_md2.c
  vendor-crypto/openssl/dist/crypto/evp/m_md4.c
  vendor-crypto/openssl/dist/crypto/evp/m_md5.c
  vendor-crypto/openssl/dist/crypto/evp/m_mdc2.c
  vendor-crypto/openssl/dist/crypto/evp/m_ripemd.c
  vendor-crypto/openssl/dist/crypto/evp/m_sha.c
  vendor-crypto/openssl/dist/crypto/evp/m_sha1.c
  vendor-crypto/openssl/dist/crypto/evp/names.c
  vendor-crypto/openssl/dist/crypto/evp/p5_crpt.c
  vendor-crypto/openssl/dist/crypto/evp/p5_crpt2.c
  vendor-crypto/openssl/dist/crypto/evp/p_dec.c
  vendor-crypto/openssl/dist/crypto/evp/p_enc.c
  vendor-crypto/openssl/dist/crypto/evp/p_lib.c
  vendor-crypto/openssl/dist/crypto/evp/p_open.c
  vendor-crypto/openssl/dist/crypto/evp/p_seal.c
  vendor-crypto/openssl/dist/crypto/evp/p_sign.c
  vendor-crypto/openssl/dist/crypto/evp/p_verify.c
  vendor-crypto/openssl/dist/crypto/ex_data.c
  vendor-crypto/openssl/dist/crypto/fips_err.h
  vendor-crypto/openssl/dist/crypto/hmac/Makefile
  vendor-crypto/openssl/dist/crypto/hmac/hmac.c
  vendor-crypto/openssl/dist/crypto/hmac/hmac.h
  vendor-crypto/openssl/dist/crypto/ia64cpuid.S
  vendor-crypto/openssl/dist/crypto/idea/Makefile
  vendor-crypto/openssl/dist/crypto/idea/i_skey.c
  vendor-crypto/openssl/dist/crypto/idea/idea.h
  vendor-crypto/openssl/dist/crypto/jpake/Makefile
  vendor-crypto/openssl/dist/crypto/jpake/jpake.c
  vendor-crypto/openssl/dist/crypto/jpake/jpaketest.c
  vendor-crypto/openssl/dist/crypto/krb5/Makefile
  vendor-crypto/openssl/dist/crypto/lhash/Makefile
  vendor-crypto/openssl/dist/crypto/lhash/lh_stats.c
  vendor-crypto/openssl/dist/crypto/lhash/lhash.c
  vendor-crypto/openssl/dist/crypto/lhash/lhash.h
  vendor-crypto/openssl/dist/crypto/md2/Makefile
  vendor-crypto/openssl/dist/crypto/md2/md2_dgst.c
  vendor-crypto/openssl/dist/crypto/md32_common.h
  vendor-crypto/openssl/dist/crypto/md4/Makefile
  vendor-crypto/openssl/dist/crypto/md4/md4.h
  vendor-crypto/openssl/dist/crypto/md4/md4_dgst.c
  vendor-crypto/openssl/dist/crypto/md5/Makefile
  vendor-crypto/openssl/dist/crypto/md5/asm/md5-586.pl
  vendor-crypto/openssl/dist/crypto/md5/asm/md5-x86_64.pl
  vendor-crypto/openssl/dist/crypto/md5/md5.h
  vendor-crypto/openssl/dist/crypto/md5/md5_dgst.c
  vendor-crypto/openssl/dist/crypto/md5/md5_locl.h
  vendor-crypto/openssl/dist/crypto/mdc2/Makefile
  vendor-crypto/openssl/dist/crypto/mdc2/mdc2.h
  vendor-crypto/openssl/dist/crypto/mdc2/mdc2dgst.c
  vendor-crypto/openssl/dist/crypto/mem.c
  vendor-crypto/openssl/dist/crypto/mem_dbg.c
  vendor-crypto/openssl/dist/crypto/o_init.c
  vendor-crypto/openssl/dist/crypto/o_time.c
  vendor-crypto/openssl/dist/crypto/o_time.h
  vendor-crypto/openssl/dist/crypto/objects/Makefile
  vendor-crypto/openssl/dist/crypto/objects/o_names.c
  vendor-crypto/openssl/dist/crypto/objects/obj_dat.c
  vendor-crypto/openssl/dist/crypto/objects/obj_dat.h
  vendor-crypto/openssl/dist/crypto/objects/obj_dat.pl
  vendor-crypto/openssl/dist/crypto/objects/obj_err.c
  vendor-crypto/openssl/dist/crypto/objects/obj_lib.c
  vendor-crypto/openssl/dist/crypto/objects/obj_mac.h
  vendor-crypto/openssl/dist/crypto/objects/obj_mac.num
  vendor-crypto/openssl/dist/crypto/objects/objects.h
  vendor-crypto/openssl/dist/crypto/objects/objects.pl
  vendor-crypto/openssl/dist/crypto/objects/objects.txt
  vendor-crypto/openssl/dist/crypto/ocsp/Makefile
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp.h
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp_cl.c
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp_err.c
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ext.c
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ht.c
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp_lib.c
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp_prn.c
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp_vfy.c
  vendor-crypto/openssl/dist/crypto/opensslconf.h
  vendor-crypto/openssl/dist/crypto/opensslconf.h.in
  vendor-crypto/openssl/dist/crypto/opensslv.h
  vendor-crypto/openssl/dist/crypto/ossl_typ.h
  vendor-crypto/openssl/dist/crypto/pem/Makefile
  vendor-crypto/openssl/dist/crypto/pem/pem.h
  vendor-crypto/openssl/dist/crypto/pem/pem_all.c
  vendor-crypto/openssl/dist/crypto/pem/pem_err.c
  vendor-crypto/openssl/dist/crypto/pem/pem_info.c
  vendor-crypto/openssl/dist/crypto/pem/pem_lib.c
  vendor-crypto/openssl/dist/crypto/pem/pem_pkey.c
  vendor-crypto/openssl/dist/crypto/pem/pem_x509.c
  vendor-crypto/openssl/dist/crypto/pem/pem_xaux.c
  vendor-crypto/openssl/dist/crypto/perlasm/x86_64-xlate.pl
  vendor-crypto/openssl/dist/crypto/perlasm/x86asm.pl
  vendor-crypto/openssl/dist/crypto/perlasm/x86nasm.pl
  vendor-crypto/openssl/dist/crypto/pkcs12/Makefile
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_add.c
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_attr.c
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_crpt.c
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_crt.c
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_decr.c
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_key.c
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_kiss.c
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_mutl.c
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_utl.c
  vendor-crypto/openssl/dist/crypto/pkcs12/pk12err.c
  vendor-crypto/openssl/dist/crypto/pkcs12/pkcs12.h
  vendor-crypto/openssl/dist/crypto/pkcs7/Makefile
  vendor-crypto/openssl/dist/crypto/pkcs7/pk7_asn1.c
  vendor-crypto/openssl/dist/crypto/pkcs7/pk7_attr.c
  vendor-crypto/openssl/dist/crypto/pkcs7/pk7_doit.c
  vendor-crypto/openssl/dist/crypto/pkcs7/pk7_lib.c
  vendor-crypto/openssl/dist/crypto/pkcs7/pk7_mime.c
  vendor-crypto/openssl/dist/crypto/pkcs7/pk7_smime.c
  vendor-crypto/openssl/dist/crypto/pkcs7/pkcs7.h
  vendor-crypto/openssl/dist/crypto/pkcs7/pkcs7err.c
  vendor-crypto/openssl/dist/crypto/pqueue/Makefile
  vendor-crypto/openssl/dist/crypto/pqueue/pqueue.c
  vendor-crypto/openssl/dist/crypto/pqueue/pqueue.h
  vendor-crypto/openssl/dist/crypto/rand/Makefile
  vendor-crypto/openssl/dist/crypto/rand/md_rand.c
  vendor-crypto/openssl/dist/crypto/rand/rand.h
  vendor-crypto/openssl/dist/crypto/rand/rand_egd.c
  vendor-crypto/openssl/dist/crypto/rand/rand_err.c
  vendor-crypto/openssl/dist/crypto/rand/rand_lcl.h
  vendor-crypto/openssl/dist/crypto/rand/rand_lib.c
  vendor-crypto/openssl/dist/crypto/rand/rand_unix.c
  vendor-crypto/openssl/dist/crypto/rand/randfile.c
  vendor-crypto/openssl/dist/crypto/rc2/Makefile
  vendor-crypto/openssl/dist/crypto/rc2/rc2_skey.c
  vendor-crypto/openssl/dist/crypto/rc4/Makefile
  vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-586.pl
  vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-x86_64.pl
  vendor-crypto/openssl/dist/crypto/rc4/rc4.h
  vendor-crypto/openssl/dist/crypto/rc4/rc4_enc.c
  vendor-crypto/openssl/dist/crypto/rc4/rc4_skey.c
  vendor-crypto/openssl/dist/crypto/rc4/rc4test.c
  vendor-crypto/openssl/dist/crypto/rc5/Makefile
  vendor-crypto/openssl/dist/crypto/rc5/asm/rc5-586.pl
  vendor-crypto/openssl/dist/crypto/rc5/rc5.h
  vendor-crypto/openssl/dist/crypto/rc5/rc5_locl.h
  vendor-crypto/openssl/dist/crypto/rc5/rc5_skey.c
  vendor-crypto/openssl/dist/crypto/ripemd/Makefile
  vendor-crypto/openssl/dist/crypto/ripemd/asm/rmd-586.pl
  vendor-crypto/openssl/dist/crypto/ripemd/ripemd.h
  vendor-crypto/openssl/dist/crypto/ripemd/rmd_dgst.c
  vendor-crypto/openssl/dist/crypto/ripemd/rmd_locl.h
  vendor-crypto/openssl/dist/crypto/rsa/Makefile
  vendor-crypto/openssl/dist/crypto/rsa/rsa.h
  vendor-crypto/openssl/dist/crypto/rsa/rsa_asn1.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_eay.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_err.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_gen.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_lib.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_oaep.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_pss.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_sign.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_test.c
  vendor-crypto/openssl/dist/crypto/seed/Makefile
  vendor-crypto/openssl/dist/crypto/seed/seed.c
  vendor-crypto/openssl/dist/crypto/seed/seed.h
  vendor-crypto/openssl/dist/crypto/seed/seed_cbc.c
  vendor-crypto/openssl/dist/crypto/seed/seed_cfb.c
  vendor-crypto/openssl/dist/crypto/seed/seed_ofb.c
  vendor-crypto/openssl/dist/crypto/sha/Makefile
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-586.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-ia64.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-x86_64.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-x86_64.pl
  vendor-crypto/openssl/dist/crypto/sha/sha.h
  vendor-crypto/openssl/dist/crypto/sha/sha1_one.c
  vendor-crypto/openssl/dist/crypto/sha/sha1dgst.c
  vendor-crypto/openssl/dist/crypto/sha/sha256.c
  vendor-crypto/openssl/dist/crypto/sha/sha512.c
  vendor-crypto/openssl/dist/crypto/sha/sha_dgst.c
  vendor-crypto/openssl/dist/crypto/sha/sha_locl.h
  vendor-crypto/openssl/dist/crypto/sha/shatest.c
  vendor-crypto/openssl/dist/crypto/sparccpuid.S
  vendor-crypto/openssl/dist/crypto/stack/Makefile
  vendor-crypto/openssl/dist/crypto/stack/safestack.h
  vendor-crypto/openssl/dist/crypto/stack/stack.c
  vendor-crypto/openssl/dist/crypto/stack/stack.h
  vendor-crypto/openssl/dist/crypto/store/Makefile
  vendor-crypto/openssl/dist/crypto/store/store.h
  vendor-crypto/openssl/dist/crypto/store/str_err.c
  vendor-crypto/openssl/dist/crypto/store/str_lib.c
  vendor-crypto/openssl/dist/crypto/store/str_mem.c
  vendor-crypto/openssl/dist/crypto/symhacks.h
  vendor-crypto/openssl/dist/crypto/threads/mttest.c
  vendor-crypto/openssl/dist/crypto/txt_db/Makefile
  vendor-crypto/openssl/dist/crypto/txt_db/txt_db.c
  vendor-crypto/openssl/dist/crypto/txt_db/txt_db.h
  vendor-crypto/openssl/dist/crypto/ui/Makefile
  vendor-crypto/openssl/dist/crypto/ui/ui.h
  vendor-crypto/openssl/dist/crypto/ui/ui_err.c
  vendor-crypto/openssl/dist/crypto/ui/ui_lib.c
  vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c
  vendor-crypto/openssl/dist/crypto/x509/Makefile
  vendor-crypto/openssl/dist/crypto/x509/by_dir.c
  vendor-crypto/openssl/dist/crypto/x509/by_file.c
  vendor-crypto/openssl/dist/crypto/x509/x509.h
  vendor-crypto/openssl/dist/crypto/x509/x509_cmp.c
  vendor-crypto/openssl/dist/crypto/x509/x509_err.c
  vendor-crypto/openssl/dist/crypto/x509/x509_lu.c
  vendor-crypto/openssl/dist/crypto/x509/x509_obj.c
  vendor-crypto/openssl/dist/crypto/x509/x509_req.c
  vendor-crypto/openssl/dist/crypto/x509/x509_set.c
  vendor-crypto/openssl/dist/crypto/x509/x509_trs.c
  vendor-crypto/openssl/dist/crypto/x509/x509_txt.c
  vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
  vendor-crypto/openssl/dist/crypto/x509/x509_vfy.h
  vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c
  vendor-crypto/openssl/dist/crypto/x509/x509cset.c
  vendor-crypto/openssl/dist/crypto/x509/x509name.c
  vendor-crypto/openssl/dist/crypto/x509/x509type.c
  vendor-crypto/openssl/dist/crypto/x509/x_all.c
  vendor-crypto/openssl/dist/crypto/x509v3/Makefile
  vendor-crypto/openssl/dist/crypto/x509v3/ext_dat.h
  vendor-crypto/openssl/dist/crypto/x509v3/pcy_cache.c
  vendor-crypto/openssl/dist/crypto/x509v3/pcy_data.c
  vendor-crypto/openssl/dist/crypto/x509v3/pcy_int.h
  vendor-crypto/openssl/dist/crypto/x509v3/pcy_map.c
  vendor-crypto/openssl/dist/crypto/x509v3/pcy_node.c
  vendor-crypto/openssl/dist/crypto/x509v3/pcy_tree.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_addr.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_alt.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_asid.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_conf.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_cpols.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_crld.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_enum.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_extku.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_genn.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_lib.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_ncons.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_ocsp.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_pci.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_pcons.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_pmaps.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_prn.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_skey.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_utl.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3err.c
  vendor-crypto/openssl/dist/crypto/x509v3/x509v3.h
  vendor-crypto/openssl/dist/crypto/x86_64cpuid.pl
  vendor-crypto/openssl/dist/crypto/x86cpuid.pl
  vendor-crypto/openssl/dist/doc/apps/asn1parse.pod
  vendor-crypto/openssl/dist/doc/apps/ca.pod
  vendor-crypto/openssl/dist/doc/apps/ciphers.pod
  vendor-crypto/openssl/dist/doc/apps/dgst.pod
  vendor-crypto/openssl/dist/doc/apps/dhparam.pod
  vendor-crypto/openssl/dist/doc/apps/dsa.pod
  vendor-crypto/openssl/dist/doc/apps/dsaparam.pod
  vendor-crypto/openssl/dist/doc/apps/ec.pod
  vendor-crypto/openssl/dist/doc/apps/ecparam.pod
  vendor-crypto/openssl/dist/doc/apps/enc.pod
  vendor-crypto/openssl/dist/doc/apps/gendsa.pod
  vendor-crypto/openssl/dist/doc/apps/genrsa.pod
  vendor-crypto/openssl/dist/doc/apps/ocsp.pod
  vendor-crypto/openssl/dist/doc/apps/openssl.pod
  vendor-crypto/openssl/dist/doc/apps/pkcs12.pod
  vendor-crypto/openssl/dist/doc/apps/pkcs7.pod
  vendor-crypto/openssl/dist/doc/apps/pkcs8.pod
  vendor-crypto/openssl/dist/doc/apps/req.pod
  vendor-crypto/openssl/dist/doc/apps/rsa.pod
  vendor-crypto/openssl/dist/doc/apps/s_client.pod
  vendor-crypto/openssl/dist/doc/apps/s_server.pod
  vendor-crypto/openssl/dist/doc/apps/smime.pod
  vendor-crypto/openssl/dist/doc/apps/speed.pod
  vendor-crypto/openssl/dist/doc/apps/spkac.pod
  vendor-crypto/openssl/dist/doc/apps/verify.pod
  vendor-crypto/openssl/dist/doc/apps/x509.pod
  vendor-crypto/openssl/dist/doc/apps/x509v3_config.pod
  vendor-crypto/openssl/dist/doc/crypto/ASN1_generate_nconf.pod
  vendor-crypto/openssl/dist/doc/crypto/BIO_f_md.pod
  vendor-crypto/openssl/dist/doc/crypto/BIO_f_ssl.pod
  vendor-crypto/openssl/dist/doc/crypto/BIO_s_file.pod
  vendor-crypto/openssl/dist/doc/crypto/BIO_s_mem.pod
  vendor-crypto/openssl/dist/doc/crypto/BN_BLINDING_new.pod
  vendor-crypto/openssl/dist/doc/crypto/DSA_get_ex_new_index.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_DigestInit.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_SignInit.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_VerifyInit.pod
  vendor-crypto/openssl/dist/doc/crypto/PKCS7_encrypt.pod
  vendor-crypto/openssl/dist/doc/crypto/PKCS7_sign.pod
  vendor-crypto/openssl/dist/doc/crypto/SMIME_write_PKCS7.pod
  vendor-crypto/openssl/dist/doc/crypto/d2i_RSAPublicKey.pod
  vendor-crypto/openssl/dist/doc/crypto/ecdsa.pod
  vendor-crypto/openssl/dist/doc/crypto/evp.pod
  vendor-crypto/openssl/dist/doc/crypto/hmac.pod
  vendor-crypto/openssl/dist/doc/crypto/lhash.pod
  vendor-crypto/openssl/dist/doc/crypto/threads.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_new.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_mode.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_options.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_ssl_version.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_alert_type_string.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_library_init.pod
  vendor-crypto/openssl/dist/doc/ssl/ssl.pod
  vendor-crypto/openssl/dist/doc/ssleay.txt
  vendor-crypto/openssl/dist/doc/standards.txt
  vendor-crypto/openssl/dist/e_os.h
  vendor-crypto/openssl/dist/e_os2.h
  vendor-crypto/openssl/dist/engines/Makefile
  vendor-crypto/openssl/dist/engines/e_4758cca.c
  vendor-crypto/openssl/dist/engines/e_aep.c
  vendor-crypto/openssl/dist/engines/e_capi.c
  vendor-crypto/openssl/dist/engines/e_capi_err.c
  vendor-crypto/openssl/dist/engines/e_chil.c
  vendor-crypto/openssl/dist/engines/e_gmp.c
  vendor-crypto/openssl/dist/engines/e_sureware.c
  vendor-crypto/openssl/dist/engines/e_ubsec.c
  vendor-crypto/openssl/dist/ssl/Makefile
  vendor-crypto/openssl/dist/ssl/bio_ssl.c
  vendor-crypto/openssl/dist/ssl/d1_both.c
  vendor-crypto/openssl/dist/ssl/d1_clnt.c
  vendor-crypto/openssl/dist/ssl/d1_enc.c
  vendor-crypto/openssl/dist/ssl/d1_lib.c
  vendor-crypto/openssl/dist/ssl/d1_meth.c
  vendor-crypto/openssl/dist/ssl/d1_pkt.c
  vendor-crypto/openssl/dist/ssl/d1_srvr.c
  vendor-crypto/openssl/dist/ssl/dtls1.h
  vendor-crypto/openssl/dist/ssl/kssl.c
  vendor-crypto/openssl/dist/ssl/kssl.h
  vendor-crypto/openssl/dist/ssl/kssl_lcl.h
  vendor-crypto/openssl/dist/ssl/s23_clnt.c
  vendor-crypto/openssl/dist/ssl/s23_lib.c
  vendor-crypto/openssl/dist/ssl/s23_meth.c
  vendor-crypto/openssl/dist/ssl/s23_srvr.c
  vendor-crypto/openssl/dist/ssl/s2_clnt.c
  vendor-crypto/openssl/dist/ssl/s2_enc.c
  vendor-crypto/openssl/dist/ssl/s2_lib.c
  vendor-crypto/openssl/dist/ssl/s2_meth.c
  vendor-crypto/openssl/dist/ssl/s2_pkt.c
  vendor-crypto/openssl/dist/ssl/s2_srvr.c
  vendor-crypto/openssl/dist/ssl/s3_both.c
  vendor-crypto/openssl/dist/ssl/s3_clnt.c
  vendor-crypto/openssl/dist/ssl/s3_enc.c
  vendor-crypto/openssl/dist/ssl/s3_lib.c
  vendor-crypto/openssl/dist/ssl/s3_meth.c
  vendor-crypto/openssl/dist/ssl/s3_pkt.c
  vendor-crypto/openssl/dist/ssl/s3_srvr.c
  vendor-crypto/openssl/dist/ssl/ssl.h
  vendor-crypto/openssl/dist/ssl/ssl2.h
  vendor-crypto/openssl/dist/ssl/ssl3.h
  vendor-crypto/openssl/dist/ssl/ssl_algs.c
  vendor-crypto/openssl/dist/ssl/ssl_asn1.c
  vendor-crypto/openssl/dist/ssl/ssl_cert.c
  vendor-crypto/openssl/dist/ssl/ssl_ciph.c
  vendor-crypto/openssl/dist/ssl/ssl_err.c
  vendor-crypto/openssl/dist/ssl/ssl_lib.c
  vendor-crypto/openssl/dist/ssl/ssl_locl.h
  vendor-crypto/openssl/dist/ssl/ssl_sess.c
  vendor-crypto/openssl/dist/ssl/ssl_stat.c
  vendor-crypto/openssl/dist/ssl/ssl_txt.c
  vendor-crypto/openssl/dist/ssl/ssltest.c
  vendor-crypto/openssl/dist/ssl/t1_clnt.c
  vendor-crypto/openssl/dist/ssl/t1_enc.c
  vendor-crypto/openssl/dist/ssl/t1_lib.c
  vendor-crypto/openssl/dist/ssl/t1_meth.c
  vendor-crypto/openssl/dist/ssl/t1_srvr.c
  vendor-crypto/openssl/dist/ssl/tls1.h
  vendor-crypto/openssl/dist/util/ck_errf.pl
  vendor-crypto/openssl/dist/util/clean-depend.pl
  vendor-crypto/openssl/dist/util/domd
  vendor-crypto/openssl/dist/util/libeay.num
  vendor-crypto/openssl/dist/util/mk1mf.pl
  vendor-crypto/openssl/dist/util/mkdef.pl
  vendor-crypto/openssl/dist/util/mkerr.pl
  vendor-crypto/openssl/dist/util/mkfiles.pl
  vendor-crypto/openssl/dist/util/mklink.pl
  vendor-crypto/openssl/dist/util/mkstack.pl
  vendor-crypto/openssl/dist/util/pl/BC-32.pl
  vendor-crypto/openssl/dist/util/pl/Mingw32.pl
  vendor-crypto/openssl/dist/util/pl/VC-32.pl
  vendor-crypto/openssl/dist/util/pl/netware.pl
  vendor-crypto/openssl/dist/util/point.sh
  vendor-crypto/openssl/dist/util/selftest.pl
  vendor-crypto/openssl/dist/util/shlib_wrap.sh
  vendor-crypto/openssl/dist/util/ssleay.num

Modified: vendor-crypto/openssl/dist/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist/CHANGES	Wed Jul 11 23:30:35 2012	(r238383)
+++ vendor-crypto/openssl/dist/CHANGES	Wed Jul 11 23:31:36 2012	(r238384)
@@ -2,10 +2,10 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8w and 0.9.8x [10 May 2012]
+ Changes between 1.0.1b and 1.0.1c [10 May 2012]
 
-  *) Sanity check record length before skipping explicit IV in DTLS
-     to fix DoS attack.
+  *) Sanity check record length before skipping explicit IV in TLS
+     1.2, 1.1 and DTLS to fix DoS attack.
 
      Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
      fuzzing as a service testing platform.
@@ -16,15 +16,34 @@
      Thanks to Solar Designer of Openwall for reporting this issue.
      [Steve Henson]
 
- Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
+  *) In FIPS mode don't try to use composite ciphers as they are not
+     approved.
+     [Steve Henson]
 
-  *) The fix for CVE-2012-2110 did not take into account that the 
-     'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
-     int in OpenSSL 0.9.8, making it still vulnerable. Fix by 
-     rejecting negative len parameter. (CVE-2012-2131)
-     [Tomas Hoger <thoger at redhat.com>]
+ Changes between 1.0.1a and 1.0.1b [26 Apr 2012]
+
+  *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
+     1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately
+     mean any application compiled against OpenSSL 1.0.0 headers setting
+     SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng
+     TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to
+     0x10000000L Any application which was previously compiled against
+     OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1
+     will need to be recompiled as a result. Letting be results in
+     inability to disable specifically TLS 1.1 and in client context,
+     in unlike event, limit maximum offered version to TLS 1.0 [see below].
+     [Steve Henson]
+
+  *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not
+     disable just protocol X, but all protocols above X *if* there are
+     protocols *below* X still enabled. In more practical terms it means
+     that if application wants to disable TLS1.0 in favor of TLS1.1 and
+     above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass
+     SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to
+     client side.
+     [Andy Polyakov]
 
- Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
+ Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
 
   *) Check for potentially exploitable overflows in asn1_d2i_read_bio
      BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
@@ -35,7 +54,310 @@
      (CVE-2012-2110)
      [Adam Langley (Google), Tavis Ormandy, Google Security Team]
 
- Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
+  *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
+     [Adam Langley]
+
+  *) Workarounds for some broken servers that "hang" if a client hello
+     record length exceeds 255 bytes.
+
+     1. Do not use record version number > TLS 1.0 in initial client
+        hello: some (but not all) hanging servers will now work.
+     2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
+	the number of ciphers sent in the client hello. This should be
+        set to an even number, such as 50, for example by passing:
+        -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
+        Most broken servers should now work.
+     3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
+	TLS 1.2 client support entirely.
+     [Steve Henson]
+
+  *) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
+     [Andy Polyakov]
+
+ Changes between 1.0.0h and 1.0.1  [14 Mar 2012]
+
+  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
+     STRING form instead of a DigestInfo.
+     [Steve Henson]
+
+  *) The format used for MDC2 RSA signatures is inconsistent between EVP
+     and the RSA_sign/RSA_verify functions. This was made more apparent when
+     OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular
+     those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect 
+     the correct format in RSA_verify so both forms transparently work.
+     [Steve Henson]
+
+  *) Some servers which support TLS 1.0 can choke if we initially indicate
+     support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
+     encrypted premaster secret. As a workaround use the maximum pemitted
+     client version in client hello, this should keep such servers happy
+     and still work with previous versions of OpenSSL.
+     [Steve Henson]
+
+  *) Add support for TLS/DTLS heartbeats.
+     [Robin Seggelmann <seggelmann at fh-muenster.de>]
+
+  *) Add support for SCTP.
+     [Robin Seggelmann <seggelmann at fh-muenster.de>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green at stratus.com>]
+
+  *) Extensive assembler packs updates, most notably:
+
+	- x86[_64]:     AES-NI, PCLMULQDQ, RDRAND support;
+	- x86[_64]:     SSSE3 support (SHA1, vector-permutation AES);
+	- x86_64:       bit-sliced AES implementation;
+	- ARM:          NEON support, contemporary platforms optimizations;
+	- s390x:        z196 support;
+	- *:            GHASH and GF(2^m) multiplication implementations;
+
+     [Andy Polyakov]
+
+  *) Make TLS-SRP code conformant with RFC 5054 API cleanup
+     (removal of unnecessary code)
+     [Peter Sylvester <peter.sylvester at edelweb.fr>]
+
+  *) Add TLS key material exporter from RFC 5705.
+     [Eric Rescorla]
+
+  *) Add DTLS-SRTP negotiation from RFC 5764.
+     [Eric Rescorla]
+
+  *) Add Next Protocol Negotiation,
+     http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
+     disabled with a no-npn flag to config or Configure. Code donated
+     by Google.
+     [Adam Langley <agl at google.com> and Ben Laurie]
+
+  *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
+     NIST-P256, NIST-P521, with constant-time single point multiplication on
+     typical inputs. Compiler support for the nonstandard type __uint128_t is
+     required to use this (present in gcc 4.4 and later, for 64-bit builds).
+     Code made available under Apache License version 2.0.
+
+     Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
+     line to include this in your build of OpenSSL, and run "make depend" (or
+     "make update"). This enables the following EC_METHODs:
+
+         EC_GFp_nistp224_method()
+         EC_GFp_nistp256_method()
+         EC_GFp_nistp521_method()
+
+     EC_GROUP_new_by_curve_name() will automatically use these (while
+     EC_GROUP_new_curve_GFp() currently prefers the more flexible
+     implementations).
+     [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
+
+  *) Use type ossl_ssize_t instad of ssize_t which isn't available on
+     all platforms. Move ssize_t definition from e_os.h to the public
+     header file e_os2.h as it now appears in public header file cms.h
+     [Steve Henson]
+
+  *) New -sigopt option to the ca, req and x509 utilities. Additional
+     signature parameters can be passed using this option and in
+     particular PSS. 
+     [Steve Henson]
+
+  *) Add RSA PSS signing function. This will generate and set the
+     appropriate AlgorithmIdentifiers for PSS based on those in the
+     corresponding EVP_MD_CTX structure. No application support yet.
+     [Steve Henson]
+
+  *) Support for companion algorithm specific ASN1 signing routines.
+     New function ASN1_item_sign_ctx() signs a pre-initialised
+     EVP_MD_CTX structure and sets AlgorithmIdentifiers based on
+     the appropriate parameters.
+     [Steve Henson]
+
+  *) Add new algorithm specific ASN1 verification initialisation function
+     to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1
+     handling will be the same no matter what EVP_PKEY_METHOD is used.
+     Add a PSS handler to support verification of PSS signatures: checked
+     against a number of sample certificates.
+     [Steve Henson]
+
+  *) Add signature printing for PSS. Add PSS OIDs.
+     [Steve Henson, Martin Kaiser <lists at kaiser.cx>]
+
+  *) Add algorithm specific signature printing. An individual ASN1 method
+     can now print out signatures instead of the standard hex dump. 
+
+     More complex signatures (e.g. PSS) can print out more meaningful
+     information. Include DSA version that prints out the signature
+     parameters r, s.
+     [Steve Henson]
+
+  *) Password based recipient info support for CMS library: implementing
+     RFC3211.
+     [Steve Henson]
+
+  *) Split password based encryption into PBES2 and PBKDF2 functions. This
+     neatly separates the code into cipher and PBE sections and is required
+     for some algorithms that split PBES2 into separate pieces (such as
+     password based CMS).
+     [Steve Henson]
+
+  *) Session-handling fixes:
+     - Fix handling of connections that are resuming with a session ID,
+       but also support Session Tickets.
+     - Fix a bug that suppressed issuing of a new ticket if the client
+       presented a ticket with an expired session.
+     - Try to set the ticket lifetime hint to something reasonable.
+     - Make tickets shorter by excluding irrelevant information.
+     - On the client side, don't ignore renewed tickets.
+     [Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix PSK session representation.
+     [Bodo Moeller]
+
+  *) Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
+
+     This work was sponsored by Intel.
+     [Andy Polyakov]
+
+  *) Add GCM support to TLS library. Some custom code is needed to split
+     the IV between the fixed (from PRF) and explicit (from TLS record)
+     portions. This adds all GCM ciphersuites supported by RFC5288 and 
+     RFC5289. Generalise some AES* cipherstrings to inlclude GCM and
+     add a special AESGCM string for GCM only.
+     [Steve Henson]
+
+  *) Expand range of ctrls for AES GCM. Permit setting invocation
+     field on decrypt and retrieval of invocation field only on encrypt.
+     [Steve Henson]
+
+  *) Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support.
+     As required by RFC5289 these ciphersuites cannot be used if for
+     versions of TLS earlier than 1.2.
+     [Steve Henson]
+
+  *) For FIPS capable OpenSSL interpret a NULL default public key method
+     as unset and return the appopriate default but do *not* set the default.
+     This means we can return the appopriate method in applications that
+     swicth between FIPS and non-FIPS modes.
+     [Steve Henson]
+
+  *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an
+     ENGINE is used then we cannot handle that in the FIPS module so we
+     keep original code iff non-FIPS operations are allowed.
+     [Steve Henson]
+
+  *) Add -attime option to openssl utilities.
+     [Peter Eckersley <pde at eff.org>, Ben Laurie and Steve Henson]
+
+  *) Redirect DSA and DH operations to FIPS module in FIPS mode.
+     [Steve Henson]
+
+  *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use
+     FIPS EC methods unconditionally for now.
+     [Steve Henson]
+
+  *) New build option no-ec2m to disable characteristic 2 code.
+     [Steve Henson]
+
+  *) Backport libcrypto audit of return value checking from 1.1.0-dev; not
+     all cases can be covered as some introduce binary incompatibilities.
+     [Steve Henson]
+
+  *) Redirect RSA operations to FIPS module including keygen,
+     encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.
+     [Steve Henson]
+
+  *) Add similar low level API blocking to ciphers.
+     [Steve Henson]
+
+  *) Low level digest APIs are not approved in FIPS mode: any attempt
+     to use these will cause a fatal error. Applications that *really* want
+     to use them can use the private_* version instead.
+     [Steve Henson]
+
+  *) Redirect cipher operations to FIPS module for FIPS builds. 
+     [Steve Henson]
+
+  *) Redirect digest operations to FIPS module for FIPS builds. 
+     [Steve Henson]
+
+  *) Update build system to add "fips" flag which will link in fipscanister.o
+     for static and shared library builds embedding a signature if needed.
+     [Steve Henson]
+
+  *) Output TLS supported curves in preference order instead of numerical
+     order. This is currently hardcoded for the highest order curves first.
+     This should be configurable so applications can judge speed vs strength.
+     [Steve Henson]
+
+  *) Add TLS v1.2 server support for client authentication. 
+     [Steve Henson]
+
+  *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers
+     and enable MD5.
+     [Steve Henson]
+
+  *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying
+     FIPS modules versions.
+     [Steve Henson]
+
+  *) Add TLS v1.2 client side support for client authentication. Keep cache
+     of handshake records longer as we don't know the hash algorithm to use
+     until after the certificate request message is received.
+     [Steve Henson]
+
+  *) Initial TLS v1.2 client support. Add a default signature algorithms
+     extension including all the algorithms we support. Parse new signature
+     format in client key exchange. Relax some ECC signing restrictions for
+     TLS v1.2 as indicated in RFC5246.
+     [Steve Henson]
+
+  *) Add server support for TLS v1.2 signature algorithms extension. Switch
+     to new signature format when needed using client digest preference.
+     All server ciphersuites should now work correctly in TLS v1.2. No client
+     support yet and no support for client certificates.
+     [Steve Henson]
+
+  *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch
+     to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based
+     ciphersuites. At present only RSA key exchange ciphersuites work with
+     TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete
+     SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods
+     and version checking.
+     [Steve Henson]
+
+  *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled
+     with this defined it will not be affected by any changes to ssl internal
+     structures. Add several utility functions to allow openssl application
+     to work with OPENSSL_NO_SSL_INTERN defined.
+     [Steve Henson]
+
+  *) Add SRP support.
+     [Tom Wu <tjw at cs.stanford.edu> and Ben Laurie]
+
+  *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
+     [Steve Henson]
+
+  *) Permit abbreviated handshakes when renegotiating using the function
+     SSL_renegotiate_abbreviated().
+     [Robin Seggelmann <seggelmann at fh-muenster.de>]
+
+  *) Add call to ENGINE_register_all_complete() to
+     ENGINE_load_builtin_engines(), so some implementations get used
+     automatically instead of needing explicit application support.
+     [Steve Henson]
+
+  *) Add support for TLS key exporter as described in RFC5705.
+     [Robin Seggelmann <seggelmann at fh-muenster.de>, Steve Henson]
+
+  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
+     a few changes are required:
+
+       Add SSL_OP_NO_TLSv1_1 flag.
+       Add TLSv1_1 methods.
+       Update version checking logic to handle version 1.1.
+       Add explicit IV handling (ported from DTLS code).
+       Add command line options to s_client/s_server.
+     [Steve Henson]
+
+ Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
 
   *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
      in CMS and PKCS7 code. When RSA decryption fails use a random key for
@@ -53,7 +375,7 @@
      Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
      [Steve Henson]
 
- Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
+ Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
 
   *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
      Thanks to Antonio Martin, Enterprise Secure Access Research and
@@ -61,6 +383,978 @@
      preparing a fix. (CVE-2012-0050)
      [Antonio Martin]
 
+ Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
+
+  *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+     of the Vaudenay padding oracle attack on CBC mode encryption
+     which enables an efficient plaintext recovery attack against
+     the OpenSSL implementation of DTLS. Their attack exploits timing
+     differences arising during decryption processing. A research
+     paper describing this attack can be found at:
+                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+     <seggelmann at fh-muenster.de> and Michael Tuexen <tuexen at fh-muenster.de>
+     for preparing the fix. (CVE-2011-4108)
+     [Robin Seggelmann, Michael Tuexen]
+
+  *) Clear bytes used for block padding of SSL 3.0 records.
+     (CVE-2011-4576)
+     [Adam Langley (Google)]
+
+  *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+     Kadianakis <desnacked at gmail.com> for discovering this issue and
+     Adam Langley for preparing the fix. (CVE-2011-4619)
+     [Adam Langley (Google)]
+
+  *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
+     [Andrey Kulikov <amdeich at gmail.com>]
+
+  *) Prevent malformed RFC3779 data triggering an assertion failure.
+     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+     and Rob Austein <sra at hactrn.net> for fixing it. (CVE-2011-4577)
+     [Rob Austein <sra at hactrn.net>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green at stratus.com>]
+
+  *) Fix ssl_ciph.c set-up race.
+     [Adam Langley (Google)]
+
+  *) Fix spurious failures in ecdsatest.c.
+     [Emilia Käsper (Google)]
+
+  *) Fix the BIO_f_buffer() implementation (which was mixing different
+     interpretations of the '..._len' fields).
+     [Adam Langley (Google)]
+
+  *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+     BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+     threads won't reuse the same blinding coefficients.
+
+     This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+     lock to call BN_BLINDING_invert_ex, and avoids one use of
+     BN_BLINDING_update for each BN_BLINDING structure (previously,
+     the last update always remained unused).
+     [Emilia Käsper (Google)]
+
+  *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
+     [Bob Buckholz (Google)]
+
+ Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
+
+  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+     [Kaspar Brand <ossl at velox.ch>]
+
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH. (CVE-2011-3210)
+     [Adam Langley (Google)]
+
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
+  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+     signature public key algorithm by using OID xref utilities instead.
+     Before this you could only use some ECC ciphersuites with SHA1 only.
+     [Steve Henson]
+
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+	http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
+ Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
+
+  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix bug in string printing code: if *any* escaping is enabled we must
+     escape the escape character (backslash) or the resulting string is
+     ambiguous.
+     [Steve Henson]
+
+ Changes between 1.0.0b and 1.0.0c  [2 Dec 2010]
+
+  *) Disable code workaround for ancient and obsolete Netscape browsers
+     and servers: an attacker can use it in a ciphersuite downgrade attack.
+     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+     [Steve Henson]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b  [16 Nov 2010]
+
+  *) Fix extension code to avoid race conditions which can result in a buffer
+     overrun vulnerability: resumed sessions must not be modified as they can
+     be shared by multiple threads. CVE-2010-3864
+     [Steve Henson]
+
+  *) Fix WIN32 build system to correctly link an ENGINE directory into
+     a DLL. 
+     [Steve Henson]
+
+ Changes between 1.0.0 and 1.0.0a  [01 Jun 2010]
+
+  *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover 
+     (CVE-2010-1633)
+     [Steve Henson, Peter-Michael Hager <hager at dortmund.net>]
+
+ Changes between 0.9.8n and 1.0.0  [29 Mar 2010]
+
+  *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
+     context. The operation can be customised via the ctrl mechanism in
+     case ENGINEs want to include additional functionality.
+     [Steve Henson]
+
+  *) Tolerate yet another broken PKCS#8 key format: private key value negative.
+     [Steve Henson]
+
+  *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
+     output hashes compatible with older versions of OpenSSL.
+     [Willy Weisz <weisz at vcpc.univie.ac.at>]
+
+  *) Fix compression algorithm handling: if resuming a session use the
+     compression algorithm of the resumed session instead of determining
+     it from client hello again. Don't allow server to change algorithm.
+     [Steve Henson]
+
+  *) Add load_crls() function to apps tidying load_certs() too. Add option
+     to verify utility to allow additional CRLs to be included.
+     [Steve Henson]
+
+  *) Update OCSP request code to permit adding custom headers to the request:
+     some responders need this.
+     [Steve Henson]
+
+  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+     correctly.
+     [Julia Lawall <julia at diku.dk>]
+
+  *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
+     needlessly dereferenced structures, used obsolete functions and
+     didn't handle all updated verify codes correctly.
+     [Steve Henson]
+
+  *) Disable MD2 in the default configuration.
+     [Steve Henson]
+
+  *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
+     indicate the initial BIO being pushed or popped. This makes it possible
+     to determine whether the BIO is the one explicitly called or as a result
+     of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so
+     it handles reference counts correctly and doesn't zero out the I/O bio
+     when it is not being explicitly popped. WARNING: applications which
+     included workarounds for the old buggy behaviour will need to be modified
+     or they could free up already freed BIOs.
+     [Steve Henson]
+
+  *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
+     renaming to all platforms (within the 0.9.8 branch, this was
+     done conditionally on Netware platforms to avoid a name clash).
+     [Guenter <lists at gknw.net>]
+
+  *) Add ECDHE and PSK support to DTLS.
+     [Michael Tuexen <tuexen at fh-muenster.de>]
+
+  *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't
+     be used on C++.
+     [Steve Henson]
+
+  *) Add "missing" function EVP_MD_flags() (without this the only way to
+     retrieve a digest flags is by accessing the structure directly. Update
+     EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest
+     or cipher is registered as in the "from" argument. Print out all
+     registered digests in the dgst usage message instead of manually 
+     attempting to work them out.
+     [Steve Henson]
+
+  *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
+     this allows the use of compression and extensions. Change default cipher
+     string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
+     by default unless an application cipher string requests it.
+     [Steve Henson]
+
+  *) Alter match criteria in PKCS12_parse(). It used to try to use local
+     key ids to find matching certificates and keys but some PKCS#12 files
+     don't follow the (somewhat unwritten) rules and this strategy fails.
+     Now just gather all certificates together and the first private key
+     then look for the first certificate that matches the key.
+     [Steve Henson]
+
+  *) Support use of registered digest and cipher names for dgst and cipher
+     commands instead of having to add each one as a special case. So now
+     you can do:
+
+        openssl sha256 foo
+
+     as well as:
+
+        openssl dgst -sha256 foo
+
+     and this works for ENGINE based algorithms too.
+
+     [Steve Henson]
+
+  *) Update Gost ENGINE to support parameter files.
+     [Victor B. Wagner <vitus at cryptocom.ru>]
+
+  *) Support GeneralizedTime in ca utility. 
+     [Oliver Martin <oliver at volatilevoid.net>, Steve Henson]
+
+  *) Enhance the hash format used for certificate directory links. The new
+     form uses the canonical encoding (meaning equivalent names will work
+     even if they aren't identical) and uses SHA1 instead of MD5. This form
+     is incompatible with the older format and as a result c_rehash should
+     be used to rebuild symbolic links.
+     [Steve Henson]
+
+  *) Make PKCS#8 the default write format for private keys, replacing the
+     traditional format. This form is standardised, more secure and doesn't
+     include an implicit MD5 dependency.
+     [Steve Henson]
+
+  *) Add a $gcc_devteam_warn option to Configure. The idea is that any code
+     committed to OpenSSL should pass this lot as a minimum.
+     [Steve Henson]
+
+  *) Add session ticket override functionality for use by EAP-FAST.
+     [Jouni Malinen <j at w1.fi>]
+
+  *) Modify HMAC functions to return a value. Since these can be implemented
+     in an ENGINE errors can occur.
+     [Steve Henson]
+
+  *) Type-checked OBJ_bsearch_ex.
+     [Ben Laurie]
+
+  *) Type-checked OBJ_bsearch. Also some constification necessitated
+     by type-checking.  Still to come: TXT_DB, bsearch(?),
+     OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
+     CONF_VALUE.
+     [Ben Laurie]
+
+  *) New function OPENSSL_gmtime_adj() to add a specific number of days and
+     seconds to a tm structure directly, instead of going through OS
+     specific date routines. This avoids any issues with OS routines such
+     as the year 2038 bug. New *_adj() functions for ASN1 time structures
+     and X509_time_adj_ex() to cover the extended range. The existing
+     X509_time_adj() is still usable and will no longer have any date issues.
+     [Steve Henson]
+
+  *) Delta CRL support. New use deltas option which will attempt to locate
+     and search any appropriate delta CRLs available.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for CRLs partitioned by reason code. Reorganise CRL processing
+     code and add additional score elements. Validate alternate CRL paths
+     as part of the CRL checking and indicate a new error "CRL path validation
+     error" in this case. Applications wanting additional details can use
+     the verify callback and check the new "parent" field. If this is not
+     NULL CRL path validation is taking place. Existing applications wont
+     see this because it requires extended CRL support which is off by
+     default.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for freshest CRL extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Initial indirect CRL support. Currently only supported in the CRLs
+     passed directly and not via lookup. Process certificate issuer
+     CRL entry extension and lookup CRL entries by bother issuer name
+     and serial number. Check and process CRL issuer entry in IDP extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add support for distinct certificate and CRL paths. The CRL issuer
+     certificate is validated separately in this case. Only enabled if
+     an extended CRL support flag is set: this flag will enable additional
+     CRL functionality in future.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add support for policy mappings extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Fixes to pathlength constraint, self issued certificate handling,
+     policy processing to align with RFC3280 and PKITS tests.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for name constraints certificate extension. DN, email, DNS
+     and URI types are currently supported.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) To cater for systems that provide a pointer-based thread ID rather
+     than numeric, deprecate the current numeric thread ID mechanism and
+     replace it with a structure and associated callback type. This
+     mechanism allows a numeric "hash" to be extracted from a thread ID in
+     either case, and on platforms where pointers are larger than 'long',
+     mixing is done to help ensure the numeric 'hash' is usable even if it
+     can't be guaranteed unique. The default mechanism is to use "&errno"
+     as a pointer-based thread ID to distinguish between threads.
+
+     Applications that want to provide their own thread IDs should now use
+     CRYPTO_THREADID_set_callback() to register a callback that will call
+     either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer().
+
+     Note that ERR_remove_state() is now deprecated, because it is tied
+     to the assumption that thread IDs are numeric.  ERR_remove_state(0)
+     to free the current thread's error state should be replaced by
+     ERR_remove_thread_state(NULL).
+
+     (This new approach replaces the functions CRYPTO_set_idptr_callback(),
+     CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in
+     OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an
+     application was previously providing a numeric thread callback that
+     was inappropriate for distinguishing threads, then uniqueness might
+     have been obtained with &errno that happened immediately in the
+     intermediate development versions of OpenSSL; this is no longer the
+     case, the numeric thread callback will now override the automatic use
+     of &errno.)
+     [Geoff Thorpe, with help from Bodo Moeller]
+
+  *) Initial support for different CRL issuing certificates. This covers a
+     simple case where the self issued certificates in the chain exist and
+     the real CRL issuer is higher in the existing chain.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Removed effectively defunct crypto/store from the build.
+     [Ben Laurie]
+
+  *) Revamp of STACK to provide stronger type-checking. Still to come:
+     TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
+     ASN1_STRING, CONF_VALUE.
+     [Ben Laurie]
+
+  *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
+     RAM on SSL connections.  This option can save about 34k per idle SSL.
+     [Nick Mathewson]
+
+  *) Revamp of LHASH to provide stronger type-checking. Still to come:
+     STACK, TXT_DB, bsearch, qsort.
+     [Ben Laurie]
+
+  *) Initial support for Cryptographic Message Syntax (aka CMS) based
+     on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
+     support for data, signedData, compressedData, digestedData and
+     encryptedData, envelopedData types included. Scripts to check against
+     RFC4134 examples draft and interop and consistency checks of many
+     content types and variants.
+     [Steve Henson]
+
+  *) Add options to enc utility to support use of zlib compression BIO.
+     [Steve Henson]
+
+  *) Extend mk1mf to support importing of options and assembly language
+     files from Configure script, currently only included in VC-WIN32.
+     The assembly language rules can now optionally generate the source
+     files from the associated perl scripts.
+     [Steve Henson]
+
+  *) Implement remaining functionality needed to support GOST ciphersuites.
+     Interop testing has been performed using CryptoPro implementations.
+     [Victor B. Wagner <vitus at cryptocom.ru>]
+
+  *) s390x assembler pack.
+     [Andy Polyakov]
+
+  *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
+     "family."
+     [Andy Polyakov]
+
+  *) Implement Opaque PRF Input TLS extension as specified in
+     draft-rescorla-tls-opaque-prf-input-00.txt.  Since this is not an
+     official specification yet and no extension type assignment by
+     IANA exists, this extension (for now) will have to be explicitly
+     enabled when building OpenSSL by providing the extension number
+     to use.  For example, specify an option
+
+         -DTLSEXT_TYPE_opaque_prf_input=0x9527
+
+     to the "config" or "Configure" script to enable the extension,
+     assuming extension number 0x9527 (which is a completely arbitrary
+     and unofficial assignment based on the MD5 hash of the Internet
+     Draft).  Note that by doing so, you potentially lose
+     interoperability with other TLS implementations since these might
+     be using the same extension number for other purposes.
+
+     SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
+     opaque PRF input value to use in the handshake.  This will create
+     an interal copy of the length-'len' string at 'src', and will
+     return non-zero for success.
+
+     To get more control and flexibility, provide a callback function
+     by using
+
+          SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
+          SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
+
+     where
+
+          int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
+          void *arg;
+
+     Callback function 'cb' will be called in handshakes, and is
+     expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
+     Argument 'arg' is for application purposes (the value as given to
+     SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
+     be provided to the callback function).  The callback function
+     has to return non-zero to report success: usually 1 to use opaque
+     PRF input just if possible, or 2 to enforce use of the opaque PRF
+     input.  In the latter case, the library will abort the handshake
+     if opaque PRF input is not successfully negotiated.
+
+     Arguments 'peerinput' and 'len' given to the callback function
+     will always be NULL and 0 in the case of a client.  A server will
+     see the client's opaque PRF input through these variables if
+     available (NULL and 0 otherwise).  Note that if the server
+     provides an opaque PRF input, the length must be the same as the
+     length of the client's opaque PRF input.
+
+     Note that the callback function will only be called when creating
+     a new session (session resumption can resume whatever was
+     previously negotiated), and will not be called in SSL 2.0
+     handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
+     SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
+     for applications that need to enforce opaque PRF input.
+
+     [Bodo Moeller]
+
+  *) Update ssl code to support digests other than SHA1+MD5 for handshake
+     MAC. 
+
+     [Victor B. Wagner <vitus at cryptocom.ru>]
+
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+     
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Final changes to avoid use of pointer pointer casts in OpenSSL.
+     OpenSSL should now compile cleanly on gcc 4.2
+     [Peter Hartley <pdh at utter.chaos.org.uk>, Steve Henson]
+
+  *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
+     support including streaming MAC support: this is required for GOST
+     ciphersuite support.
+     [Victor B. Wagner <vitus at cryptocom.ru>, Steve Henson]
+
+  *) Add option -stream to use PKCS#7 streaming in smime utility. New
+     function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
+     to output in BER and PEM format.
+     [Steve Henson]
+
+  *) Experimental support for use of HMAC via EVP_PKEY interface. This
+     allows HMAC to be handled via the EVP_DigestSign*() interface. The
+     EVP_PKEY "key" in this case is the HMAC key, potentially allowing
+     ENGINE support for HMAC keys which are unextractable. New -mac and
+     -macopt options to dgst utility.
+     [Steve Henson]
+
+  *) New option -sigopt to dgst utility. Update dgst to use
+     EVP_Digest{Sign,Verify}*. These two changes make it possible to use
+     alternative signing paramaters such as X9.31 or PSS in the dgst 
+     utility.
+     [Steve Henson]
+
+  *) Change ssl_cipher_apply_rule(), the internal function that does
+     the work each time a ciphersuite string requests enabling
+     ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
+     removing ("!foo+bar") a class of ciphersuites: Now it maintains
+     the order of disabled ciphersuites such that those ciphersuites
+     that most recently went from enabled to disabled not only stay
+     in order with respect to each other, but also have higher priority
+     than other disabled ciphersuites the next time ciphersuites are
+     enabled again.
+
+     This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
+     the same ciphersuites as with "HIGH" alone, but in a specific
+     order where the PSK ciphersuites come first (since they are the
+     most recently disabled ciphersuites when "HIGH" is parsed).
+
+     Also, change ssl_create_cipher_list() (using this new
+     funcionality) such that between otherwise identical
+     cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
+     the default order.
+     [Bodo Moeller]
+
+  *) Change ssl_create_cipher_list() so that it automatically
+     arranges the ciphersuites in reasonable order before starting
+     to process the rule string.  Thus, the definition for "DEFAULT"
+     (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
+     remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
+     This makes it much easier to arrive at a reasonable default order
+     in applications for which anonymous ciphers are OK (meaning
+     that you can't actually use DEFAULT).
+     [Bodo Moeller; suggested by Victor Duchovni]
+
+  *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
+     processing) into multiple integers instead of setting
+     "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
+     "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
+     (These masks as well as the individual bit definitions are hidden
+     away into the non-exported interface ssl/ssl_locl.h, so this
+     change to the definition of the SSL_CIPHER structure shouldn't
+     affect applications.)  This give us more bits for each of these
+     categories, so there is no longer a need to coagulate AES128 and
+     AES256 into a single algorithm bit, and to coagulate Camellia128
+     and Camellia256 into a single algorithm bit, which has led to all
+     kinds of kludges.
+
+     Thus, among other things, the kludge introduced in 0.9.7m and
+     0.9.8e for masking out AES256 independently of AES128 or masking
+     out Camellia256 independently of AES256 is not needed here in 0.9.9.
+
+     With the change, we also introduce new ciphersuite aliases that
+     so far were missing: "AES128", "AES256", "CAMELLIA128", and
+     "CAMELLIA256".
+     [Bodo Moeller]
+
+  *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
+     Use the leftmost N bytes of the signature input if the input is
+     larger than the prime q (with N being the size in bytes of q).
+     [Nils Larsch]
+
+  *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
+     it yet and it is largely untested.
+     [Steve Henson]
+
+  *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
+     [Nils Larsch]
+
+  *) Initial incomplete changes to avoid need for function casts in OpenSSL
+     some compilers (gcc 4.2 and later) reject their use. Safestack is
+     reimplemented.  Update ASN1 to avoid use of legacy functions. 
+     [Steve Henson]
+
+  *) Win32/64 targets are linked with Winsock2.
+     [Andy Polyakov]
+
+  *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
+     to external functions. This can be used to increase CRL handling 
+     efficiency especially when CRLs are very large by (for example) storing
+     the CRL revoked certificates in a database.
+     [Steve Henson]
+
+  *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
+     new CRLs added to a directory can be used. New command line option
+     -verify_return_error to s_client and s_server. This causes real errors
+     to be returned by the verify callback instead of carrying on no matter
+     what. This reflects the way a "real world" verify callback would behave.
+     [Steve Henson]
+
+  *) GOST engine, supporting several GOST algorithms and public key formats.
+     Kindly donated by Cryptocom.
+     [Cryptocom]
+
+  *) Partial support for Issuing Distribution Point CRL extension. CRLs
+     partitioned by DP are handled but no indirect CRL or reason partitioning
+     (yet). Complete overhaul of CRL handling: now the most suitable CRL is
+     selected via a scoring technique which handles IDP and AKID in CRLs.
+     [Steve Henson]
+
+  *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
+     will ultimately be used for all verify operations: this will remove the
+     X509_STORE dependency on certificate verification and allow alternative
+     lookup methods.  X509_STORE based implementations of these two callbacks.
+     [Steve Henson]
+
+  *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
+     Modify get_crl() to find a valid (unexpired) CRL if possible.

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***


More information about the svn-src-all mailing list