svn commit: r289848 - in vendor-crypto/openssl/dist: . apps crypto crypto/aes crypto/aes/asm crypto/asn1 crypto/bio crypto/bn crypto/bn/asm crypto/buffer crypto/camellia crypto/camellia/asm crypto/...

Jung-uk Kim jkim at FreeBSD.org
Fri Oct 23 19:46:04 UTC 2015


Author: jkim
Date: Fri Oct 23 19:46:02 2015
New Revision: 289848
URL: https://svnweb.freebsd.org/changeset/base/289848

Log:
  Import OpenSSL 1.0.2d.

Added:
  vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aesp8-ppc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aest4-sparcv9.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/aesv8-armx.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/bsaes-armv7.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-ppc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/arm64cpuid.S   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/mips3.s   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-avx2.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/sparct4-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/sparcv9-gf2m.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/asm/vis3-mont.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/rsaz_exp.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/bn/rsaz_exp.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/camellia/asm/cmllt4-sparcv9.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/cms/cms_kari.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/des/asm/dest4-sparcv9.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/dh/dh_kdf.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/dh/dh_rfc5114.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/asm/
  vendor-crypto/openssl/dist/crypto/ec/asm/ecp_nistz256-avx2.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/asm/ecp_nistz256-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ecp_nistz256.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ec/ecp_nistz256_table.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ecdh/ech_kdf.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha256.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/md5/asm/md5-sparcv9.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/asm/aesni-gcm-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/asm/ghashp8-ppc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/asm/ghashv8-armx.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/modes/wrap128.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/perlasm/sparcv9_modes.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/ppc_arch.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-armv8.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-mb-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha256-mb-x86_64.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-armv8.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512p8-ppc.pl   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/sparc_arch.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/x509/vpm_int.h   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/x509v3/v3_scts.c   (contents, props changed)
  vendor-crypto/openssl/dist/crypto/x509v3/v3nametest.c   (contents, props changed)
  vendor-crypto/openssl/dist/doc/crypto/ASN1_TIME_set.pod
  vendor-crypto/openssl/dist/doc/crypto/EC_GFp_simple_method.pod
  vendor-crypto/openssl/dist/doc/crypto/EC_GROUP_copy.pod
  vendor-crypto/openssl/dist/doc/crypto/EC_GROUP_new.pod
  vendor-crypto/openssl/dist/doc/crypto/EC_KEY_new.pod
  vendor-crypto/openssl/dist/doc/crypto/EC_POINT_add.pod
  vendor-crypto/openssl/dist/doc/crypto/EC_POINT_new.pod
  vendor-crypto/openssl/dist/doc/crypto/OPENSSL_instrument_bus.pod
  vendor-crypto/openssl/dist/doc/crypto/SSLeay_version.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_check_host.pod
  vendor-crypto/openssl/dist/doc/crypto/d2i_ECPKParameters.pod
  vendor-crypto/openssl/dist/doc/crypto/ec.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_CTX_new.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_CTX_set_flags.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_cmd.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_cmd_argv.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add1_chain_cert.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_get0_param.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set1_curves.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cert_cb.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_custom_cli_ext.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_use_serverinfo.pod
  vendor-crypto/openssl/dist/ssl/ssl_conf.c   (contents, props changed)
  vendor-crypto/openssl/dist/ssl/t1_ext.c   (contents, props changed)
  vendor-crypto/openssl/dist/ssl/t1_trce.c   (contents, props changed)
  vendor-crypto/openssl/dist/util/copy-if-different.pl   (contents, props changed)
Deleted:
  vendor-crypto/openssl/dist/crypto/bn/asm/modexp512-x86_64.pl
  vendor-crypto/openssl/dist/crypto/engine/eng_rsax.c
  vendor-crypto/openssl/dist/crypto/evp/evp_fips.c
  vendor-crypto/openssl/dist/ssl/d1_enc.c
Modified:
  vendor-crypto/openssl/dist/CHANGES
  vendor-crypto/openssl/dist/Configure
  vendor-crypto/openssl/dist/FAQ
  vendor-crypto/openssl/dist/FREEBSD-Xlist
  vendor-crypto/openssl/dist/FREEBSD-upgrade
  vendor-crypto/openssl/dist/Makefile
  vendor-crypto/openssl/dist/Makefile.org
  vendor-crypto/openssl/dist/NEWS
  vendor-crypto/openssl/dist/README
  vendor-crypto/openssl/dist/apps/apps.c
  vendor-crypto/openssl/dist/apps/apps.h
  vendor-crypto/openssl/dist/apps/ca.c
  vendor-crypto/openssl/dist/apps/ciphers.c
  vendor-crypto/openssl/dist/apps/cms.c
  vendor-crypto/openssl/dist/apps/crl.c
  vendor-crypto/openssl/dist/apps/dgst.c
  vendor-crypto/openssl/dist/apps/dhparam.c
  vendor-crypto/openssl/dist/apps/ecparam.c
  vendor-crypto/openssl/dist/apps/genrsa.c
  vendor-crypto/openssl/dist/apps/ocsp.c
  vendor-crypto/openssl/dist/apps/openssl.cnf
  vendor-crypto/openssl/dist/apps/pkcs8.c
  vendor-crypto/openssl/dist/apps/s_apps.h
  vendor-crypto/openssl/dist/apps/s_cb.c
  vendor-crypto/openssl/dist/apps/s_client.c
  vendor-crypto/openssl/dist/apps/s_server.c
  vendor-crypto/openssl/dist/apps/s_socket.c
  vendor-crypto/openssl/dist/apps/smime.c
  vendor-crypto/openssl/dist/apps/speed.c
  vendor-crypto/openssl/dist/apps/verify.c
  vendor-crypto/openssl/dist/apps/x509.c
  vendor-crypto/openssl/dist/config
  vendor-crypto/openssl/dist/crypto/Makefile
  vendor-crypto/openssl/dist/crypto/aes/Makefile
  vendor-crypto/openssl/dist/crypto/aes/aes_wrap.c
  vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-586.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-armv4.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-mips.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-ppc.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/aes-x86_64.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/aesni-x86.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/aesni-x86_64.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/bsaes-x86_64.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86.pl
  vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl
  vendor-crypto/openssl/dist/crypto/arm_arch.h
  vendor-crypto/openssl/dist/crypto/armcap.c
  vendor-crypto/openssl/dist/crypto/armv4cpuid.S
  vendor-crypto/openssl/dist/crypto/asn1/Makefile
  vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c
  vendor-crypto/openssl/dist/crypto/asn1/a_time.c
  vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c
  vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c
  vendor-crypto/openssl/dist/crypto/asn1/asn1.h
  vendor-crypto/openssl/dist/crypto/asn1/asn1_locl.h
  vendor-crypto/openssl/dist/crypto/asn1/t_x509.c
  vendor-crypto/openssl/dist/crypto/asn1/x_crl.c
  vendor-crypto/openssl/dist/crypto/asn1/x_x509.c
  vendor-crypto/openssl/dist/crypto/bio/b_dump.c
  vendor-crypto/openssl/dist/crypto/bio/b_sock.c
  vendor-crypto/openssl/dist/crypto/bio/bio.h
  vendor-crypto/openssl/dist/crypto/bio/bio_err.c
  vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c
  vendor-crypto/openssl/dist/crypto/bio/bss_conn.c
  vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c
  vendor-crypto/openssl/dist/crypto/bio/bss_fd.c
  vendor-crypto/openssl/dist/crypto/bn/Makefile
  vendor-crypto/openssl/dist/crypto/bn/asm/armv4-gf2m.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/armv4-mont.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/mips-mont.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/mips.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/ppc-mont.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/ppc.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/ppc64-mont.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c
  vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl
  vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl
  vendor-crypto/openssl/dist/crypto/bn/bn.h
  vendor-crypto/openssl/dist/crypto/bn/bn_asm.c
  vendor-crypto/openssl/dist/crypto/bn/bn_exp.c
  vendor-crypto/openssl/dist/crypto/bn/bn_gf2m.c
  vendor-crypto/openssl/dist/crypto/bn/bn_lcl.h
  vendor-crypto/openssl/dist/crypto/bn/bntest.c
  vendor-crypto/openssl/dist/crypto/buffer/buf_str.c
  vendor-crypto/openssl/dist/crypto/buffer/buffer.h
  vendor-crypto/openssl/dist/crypto/camellia/Makefile
  vendor-crypto/openssl/dist/crypto/camellia/asm/cmll-x86_64.pl
  vendor-crypto/openssl/dist/crypto/cast/cast_lcl.h
  vendor-crypto/openssl/dist/crypto/cms/Makefile
  vendor-crypto/openssl/dist/crypto/cms/cms.h
  vendor-crypto/openssl/dist/crypto/cms/cms_asn1.c
  vendor-crypto/openssl/dist/crypto/cms/cms_env.c
  vendor-crypto/openssl/dist/crypto/cms/cms_err.c
  vendor-crypto/openssl/dist/crypto/cms/cms_lcl.h
  vendor-crypto/openssl/dist/crypto/cms/cms_lib.c
  vendor-crypto/openssl/dist/crypto/cms/cms_sd.c
  vendor-crypto/openssl/dist/crypto/cms/cms_smime.c
  vendor-crypto/openssl/dist/crypto/cryptlib.c
  vendor-crypto/openssl/dist/crypto/cversion.c
  vendor-crypto/openssl/dist/crypto/des/Makefile
  vendor-crypto/openssl/dist/crypto/des/asm/des-586.pl
  vendor-crypto/openssl/dist/crypto/des/asm/des_enc.m4
  vendor-crypto/openssl/dist/crypto/des/des_locl.h
  vendor-crypto/openssl/dist/crypto/des/read_pwd.c
  vendor-crypto/openssl/dist/crypto/dh/Makefile
  vendor-crypto/openssl/dist/crypto/dh/dh.h
  vendor-crypto/openssl/dist/crypto/dh/dh_ameth.c
  vendor-crypto/openssl/dist/crypto/dh/dh_asn1.c
  vendor-crypto/openssl/dist/crypto/dh/dh_check.c
  vendor-crypto/openssl/dist/crypto/dh/dh_err.c
  vendor-crypto/openssl/dist/crypto/dh/dh_key.c
  vendor-crypto/openssl/dist/crypto/dh/dh_pmeth.c
  vendor-crypto/openssl/dist/crypto/dh/dhtest.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa.h
  vendor-crypto/openssl/dist/crypto/dsa/dsa_ameth.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_err.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_locl.h
  vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c
  vendor-crypto/openssl/dist/crypto/dsa/dsa_pmeth.c
  vendor-crypto/openssl/dist/crypto/ebcdic.c
  vendor-crypto/openssl/dist/crypto/ec/Makefile
  vendor-crypto/openssl/dist/crypto/ec/ec.h
  vendor-crypto/openssl/dist/crypto/ec/ec_ameth.c
  vendor-crypto/openssl/dist/crypto/ec/ec_curve.c
  vendor-crypto/openssl/dist/crypto/ec/ec_cvt.c
  vendor-crypto/openssl/dist/crypto/ec/ec_err.c
  vendor-crypto/openssl/dist/crypto/ec/ec_lcl.h
  vendor-crypto/openssl/dist/crypto/ec/ec_lib.c
  vendor-crypto/openssl/dist/crypto/ec/ec_pmeth.c
  vendor-crypto/openssl/dist/crypto/ec/eck_prn.c
  vendor-crypto/openssl/dist/crypto/ec/ecp_nistp521.c
  vendor-crypto/openssl/dist/crypto/ecdh/Makefile
  vendor-crypto/openssl/dist/crypto/ecdh/ecdh.h
  vendor-crypto/openssl/dist/crypto/ecdh/ecdhtest.c
  vendor-crypto/openssl/dist/crypto/ecdh/ech_ossl.c
  vendor-crypto/openssl/dist/crypto/ecdsa/ecdsa.h
  vendor-crypto/openssl/dist/crypto/ecdsa/ecs_err.c
  vendor-crypto/openssl/dist/crypto/ecdsa/ecs_lib.c
  vendor-crypto/openssl/dist/crypto/ecdsa/ecs_locl.h
  vendor-crypto/openssl/dist/crypto/ecdsa/ecs_ossl.c
  vendor-crypto/openssl/dist/crypto/engine/Makefile
  vendor-crypto/openssl/dist/crypto/engine/eng_all.c
  vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c
  vendor-crypto/openssl/dist/crypto/engine/engine.h
  vendor-crypto/openssl/dist/crypto/evp/Makefile
  vendor-crypto/openssl/dist/crypto/evp/c_allc.c
  vendor-crypto/openssl/dist/crypto/evp/digest.c
  vendor-crypto/openssl/dist/crypto/evp/e_aes.c
  vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c
  vendor-crypto/openssl/dist/crypto/evp/e_camellia.c
  vendor-crypto/openssl/dist/crypto/evp/e_des.c
  vendor-crypto/openssl/dist/crypto/evp/e_des3.c
  vendor-crypto/openssl/dist/crypto/evp/e_null.c
  vendor-crypto/openssl/dist/crypto/evp/encode.c
  vendor-crypto/openssl/dist/crypto/evp/evp.h
  vendor-crypto/openssl/dist/crypto/evp/evp_enc.c
  vendor-crypto/openssl/dist/crypto/evp/evp_err.c
  vendor-crypto/openssl/dist/crypto/evp/evp_extra_test.c
  vendor-crypto/openssl/dist/crypto/evp/evp_lib.c
  vendor-crypto/openssl/dist/crypto/evp/evp_locl.h
  vendor-crypto/openssl/dist/crypto/evp/evp_test.c
  vendor-crypto/openssl/dist/crypto/evp/evptests.txt
  vendor-crypto/openssl/dist/crypto/evp/m_dss.c
  vendor-crypto/openssl/dist/crypto/evp/m_dss1.c
  vendor-crypto/openssl/dist/crypto/evp/m_ecdsa.c
  vendor-crypto/openssl/dist/crypto/evp/m_sha1.c
  vendor-crypto/openssl/dist/crypto/evp/m_sigver.c
  vendor-crypto/openssl/dist/crypto/evp/p_lib.c
  vendor-crypto/openssl/dist/crypto/evp/pmeth_lib.c
  vendor-crypto/openssl/dist/crypto/hmac/hm_ameth.c
  vendor-crypto/openssl/dist/crypto/hmac/hmac.c
  vendor-crypto/openssl/dist/crypto/hmac/hmactest.c
  vendor-crypto/openssl/dist/crypto/jpake/jpake.c
  vendor-crypto/openssl/dist/crypto/md32_common.h
  vendor-crypto/openssl/dist/crypto/md5/Makefile
  vendor-crypto/openssl/dist/crypto/md5/md5_locl.h
  vendor-crypto/openssl/dist/crypto/modes/Makefile
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-armv4.pl
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-s390x.pl
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-sparcv9.pl
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-x86.pl
  vendor-crypto/openssl/dist/crypto/modes/asm/ghash-x86_64.pl
  vendor-crypto/openssl/dist/crypto/modes/cbc128.c
  vendor-crypto/openssl/dist/crypto/modes/gcm128.c
  vendor-crypto/openssl/dist/crypto/modes/modes.h
  vendor-crypto/openssl/dist/crypto/modes/modes_lcl.h
  vendor-crypto/openssl/dist/crypto/o_str.c
  vendor-crypto/openssl/dist/crypto/o_time.c
  vendor-crypto/openssl/dist/crypto/o_time.h
  vendor-crypto/openssl/dist/crypto/objects/obj_dat.h
  vendor-crypto/openssl/dist/crypto/objects/obj_mac.h
  vendor-crypto/openssl/dist/crypto/objects/obj_mac.num
  vendor-crypto/openssl/dist/crypto/objects/obj_xref.h
  vendor-crypto/openssl/dist/crypto/objects/obj_xref.txt
  vendor-crypto/openssl/dist/crypto/objects/objects.txt
  vendor-crypto/openssl/dist/crypto/objects/objxref.pl
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp.h
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ht.c
  vendor-crypto/openssl/dist/crypto/ocsp/ocsp_lib.c
  vendor-crypto/openssl/dist/crypto/opensslconf.h
  vendor-crypto/openssl/dist/crypto/opensslv.h
  vendor-crypto/openssl/dist/crypto/ossl_typ.h
  vendor-crypto/openssl/dist/crypto/pem/Makefile
  vendor-crypto/openssl/dist/crypto/pem/pem.h
  vendor-crypto/openssl/dist/crypto/pem/pem_all.c
  vendor-crypto/openssl/dist/crypto/pem/pem_err.c
  vendor-crypto/openssl/dist/crypto/pem/pem_lib.c
  vendor-crypto/openssl/dist/crypto/pem/pem_pkey.c
  vendor-crypto/openssl/dist/crypto/perlasm/ppc-xlate.pl
  vendor-crypto/openssl/dist/crypto/perlasm/x86_64-xlate.pl
  vendor-crypto/openssl/dist/crypto/perlasm/x86asm.pl
  vendor-crypto/openssl/dist/crypto/perlasm/x86gas.pl
  vendor-crypto/openssl/dist/crypto/perlasm/x86masm.pl
  vendor-crypto/openssl/dist/crypto/perlasm/x86nasm.pl
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_decr.c
  vendor-crypto/openssl/dist/crypto/pkcs12/p12_p8e.c
  vendor-crypto/openssl/dist/crypto/ppccap.c
  vendor-crypto/openssl/dist/crypto/ppccpuid.pl
  vendor-crypto/openssl/dist/crypto/rc4/Makefile
  vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-586.pl
  vendor-crypto/openssl/dist/crypto/rc4/rc4_enc.c
  vendor-crypto/openssl/dist/crypto/rc5/rc5_locl.h
  vendor-crypto/openssl/dist/crypto/rsa/Makefile
  vendor-crypto/openssl/dist/crypto/rsa/rsa.h
  vendor-crypto/openssl/dist/crypto/rsa/rsa_ameth.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_asn1.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_err.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_oaep.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_pmeth.c
  vendor-crypto/openssl/dist/crypto/rsa/rsa_sign.c
  vendor-crypto/openssl/dist/crypto/sha/Makefile
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-586.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-armv4-large.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-mips.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-ppc.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-sparcv9.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha1-x86_64.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha256-586.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha256-armv4.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-586.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-armv4.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-ia64.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-mips.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-ppc.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-sparcv9.pl
  vendor-crypto/openssl/dist/crypto/sha/asm/sha512-x86_64.pl
  vendor-crypto/openssl/dist/crypto/sha/sha512.c
  vendor-crypto/openssl/dist/crypto/sparccpuid.S
  vendor-crypto/openssl/dist/crypto/sparcv9cap.c
  vendor-crypto/openssl/dist/crypto/srp/Makefile
  vendor-crypto/openssl/dist/crypto/srp/srptest.c
  vendor-crypto/openssl/dist/crypto/stack/safestack.h
  vendor-crypto/openssl/dist/crypto/stack/stack.c
  vendor-crypto/openssl/dist/crypto/stack/stack.h
  vendor-crypto/openssl/dist/crypto/symhacks.h
  vendor-crypto/openssl/dist/crypto/ts/ts_rsp_sign.c
  vendor-crypto/openssl/dist/crypto/ts/ts_rsp_verify.c
  vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c
  vendor-crypto/openssl/dist/crypto/whrlpool/asm/wp-mmx.pl
  vendor-crypto/openssl/dist/crypto/whrlpool/asm/wp-x86_64.pl
  vendor-crypto/openssl/dist/crypto/x509/Makefile
  vendor-crypto/openssl/dist/crypto/x509/verify_extra_test.c
  vendor-crypto/openssl/dist/crypto/x509/x509.h
  vendor-crypto/openssl/dist/crypto/x509/x509_cmp.c
  vendor-crypto/openssl/dist/crypto/x509/x509_err.c
  vendor-crypto/openssl/dist/crypto/x509/x509_lu.c
  vendor-crypto/openssl/dist/crypto/x509/x509_set.c
  vendor-crypto/openssl/dist/crypto/x509/x509_trs.c
  vendor-crypto/openssl/dist/crypto/x509/x509_txt.c
  vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
  vendor-crypto/openssl/dist/crypto/x509/x509_vfy.h
  vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c
  vendor-crypto/openssl/dist/crypto/x509/x_all.c
  vendor-crypto/openssl/dist/crypto/x509v3/Makefile
  vendor-crypto/openssl/dist/crypto/x509v3/ext_dat.h
  vendor-crypto/openssl/dist/crypto/x509v3/v3_lib.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3_utl.c
  vendor-crypto/openssl/dist/crypto/x509v3/v3err.c
  vendor-crypto/openssl/dist/crypto/x509v3/x509v3.h
  vendor-crypto/openssl/dist/crypto/x86_64cpuid.pl
  vendor-crypto/openssl/dist/crypto/x86cpuid.pl
  vendor-crypto/openssl/dist/doc/apps/c_rehash.pod
  vendor-crypto/openssl/dist/doc/apps/ciphers.pod
  vendor-crypto/openssl/dist/doc/apps/cms.pod
  vendor-crypto/openssl/dist/doc/apps/genpkey.pod
  vendor-crypto/openssl/dist/doc/apps/ocsp.pod
  vendor-crypto/openssl/dist/doc/apps/pkcs8.pod
  vendor-crypto/openssl/dist/doc/apps/req.pod
  vendor-crypto/openssl/dist/doc/apps/s_client.pod
  vendor-crypto/openssl/dist/doc/apps/s_server.pod
  vendor-crypto/openssl/dist/doc/apps/smime.pod
  vendor-crypto/openssl/dist/doc/apps/verify.pod
  vendor-crypto/openssl/dist/doc/apps/x509.pod
  vendor-crypto/openssl/dist/doc/crypto/ASN1_STRING_length.pod
  vendor-crypto/openssl/dist/doc/crypto/ASN1_STRING_print_ex.pod
  vendor-crypto/openssl/dist/doc/crypto/BIO_f_ssl.pod
  vendor-crypto/openssl/dist/doc/crypto/BIO_find_type.pod
  vendor-crypto/openssl/dist/doc/crypto/BIO_s_accept.pod
  vendor-crypto/openssl/dist/doc/crypto/BIO_s_connect.pod
  vendor-crypto/openssl/dist/doc/crypto/BN_BLINDING_new.pod
  vendor-crypto/openssl/dist/doc/crypto/BN_CTX_new.pod
  vendor-crypto/openssl/dist/doc/crypto/BN_generate_prime.pod
  vendor-crypto/openssl/dist/doc/crypto/BN_rand.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_add0_cert.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_get0_RecipientInfos.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_get0_SignerInfos.pod
  vendor-crypto/openssl/dist/doc/crypto/CMS_verify.pod
  vendor-crypto/openssl/dist/doc/crypto/DH_generate_parameters.pod
  vendor-crypto/openssl/dist/doc/crypto/DSA_generate_parameters.pod
  vendor-crypto/openssl/dist/doc/crypto/ERR_remove_state.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_BytesToKey.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_DigestInit.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_CTX_ctrl.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_cmp.pod
  vendor-crypto/openssl/dist/doc/crypto/OPENSSL_VERSION_NUMBER.pod
  vendor-crypto/openssl/dist/doc/crypto/OPENSSL_config.pod
  vendor-crypto/openssl/dist/doc/crypto/OPENSSL_ia32cap.pod
  vendor-crypto/openssl/dist/doc/crypto/OPENSSL_load_builtin_modules.pod
  vendor-crypto/openssl/dist/doc/crypto/OpenSSL_add_all_algorithms.pod
  vendor-crypto/openssl/dist/doc/crypto/PKCS7_verify.pod
  vendor-crypto/openssl/dist/doc/crypto/RAND_egd.pod
  vendor-crypto/openssl/dist/doc/crypto/RSA_generate_key.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_NAME_add_entry_by_txt.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_STORE_CTX_get_error.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
  vendor-crypto/openssl/dist/doc/crypto/crypto.pod
  vendor-crypto/openssl/dist/doc/crypto/d2i_DSAPublicKey.pod
  vendor-crypto/openssl/dist/doc/crypto/d2i_X509.pod
  vendor-crypto/openssl/dist/doc/crypto/d2i_X509_CRL.pod
  vendor-crypto/openssl/dist/doc/crypto/ecdsa.pod
  vendor-crypto/openssl/dist/doc/crypto/evp.pod
  vendor-crypto/openssl/dist/doc/crypto/hmac.pod
  vendor-crypto/openssl/dist/doc/crypto/i2d_PKCS7_bio_stream.pod
  vendor-crypto/openssl/dist/doc/crypto/rand.pod
  vendor-crypto/openssl/dist/doc/crypto/sha.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CIPHER_get_name.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_COMP_add_compression_method.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_sess_set_cache_size.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cert_store.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cipher_list.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_use_certificate.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_accept.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_do_handshake.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_shutdown.pod
  vendor-crypto/openssl/dist/doc/ssl/ssl.pod
  vendor-crypto/openssl/dist/doc/ssleay.txt
  vendor-crypto/openssl/dist/e_os.h
  vendor-crypto/openssl/dist/e_os2.h
  vendor-crypto/openssl/dist/engines/Makefile
  vendor-crypto/openssl/dist/engines/ccgost/Makefile
  vendor-crypto/openssl/dist/engines/ccgost/gost89.c
  vendor-crypto/openssl/dist/engines/ccgost/gost_crypt.c
  vendor-crypto/openssl/dist/engines/ccgost/gost_pmeth.c
  vendor-crypto/openssl/dist/engines/e_capi.c
  vendor-crypto/openssl/dist/engines/vendor_defns/hwcryptohook.h
  vendor-crypto/openssl/dist/ssl/Makefile
  vendor-crypto/openssl/dist/ssl/d1_both.c
  vendor-crypto/openssl/dist/ssl/d1_clnt.c
  vendor-crypto/openssl/dist/ssl/d1_lib.c
  vendor-crypto/openssl/dist/ssl/d1_meth.c
  vendor-crypto/openssl/dist/ssl/d1_pkt.c
  vendor-crypto/openssl/dist/ssl/d1_srtp.c
  vendor-crypto/openssl/dist/ssl/d1_srvr.c
  vendor-crypto/openssl/dist/ssl/dtls1.h
  vendor-crypto/openssl/dist/ssl/heartbeat_test.c
  vendor-crypto/openssl/dist/ssl/s23_clnt.c
  vendor-crypto/openssl/dist/ssl/s23_srvr.c
  vendor-crypto/openssl/dist/ssl/s2_clnt.c
  vendor-crypto/openssl/dist/ssl/s2_lib.c
  vendor-crypto/openssl/dist/ssl/s3_both.c
  vendor-crypto/openssl/dist/ssl/s3_cbc.c
  vendor-crypto/openssl/dist/ssl/s3_clnt.c
  vendor-crypto/openssl/dist/ssl/s3_enc.c
  vendor-crypto/openssl/dist/ssl/s3_lib.c
  vendor-crypto/openssl/dist/ssl/s3_pkt.c
  vendor-crypto/openssl/dist/ssl/s3_srvr.c
  vendor-crypto/openssl/dist/ssl/srtp.h
  vendor-crypto/openssl/dist/ssl/ssl.h
  vendor-crypto/openssl/dist/ssl/ssl3.h
  vendor-crypto/openssl/dist/ssl/ssl_algs.c
  vendor-crypto/openssl/dist/ssl/ssl_cert.c
  vendor-crypto/openssl/dist/ssl/ssl_ciph.c
  vendor-crypto/openssl/dist/ssl/ssl_err.c
  vendor-crypto/openssl/dist/ssl/ssl_lib.c
  vendor-crypto/openssl/dist/ssl/ssl_locl.h
  vendor-crypto/openssl/dist/ssl/ssl_rsa.c
  vendor-crypto/openssl/dist/ssl/ssl_sess.c
  vendor-crypto/openssl/dist/ssl/ssl_txt.c
  vendor-crypto/openssl/dist/ssl/ssltest.c
  vendor-crypto/openssl/dist/ssl/t1_clnt.c
  vendor-crypto/openssl/dist/ssl/t1_enc.c
  vendor-crypto/openssl/dist/ssl/t1_lib.c
  vendor-crypto/openssl/dist/ssl/t1_meth.c
  vendor-crypto/openssl/dist/ssl/t1_srvr.c
  vendor-crypto/openssl/dist/ssl/tls1.h
  vendor-crypto/openssl/dist/util/files.pl
  vendor-crypto/openssl/dist/util/libeay.num
  vendor-crypto/openssl/dist/util/mk1mf.pl
  vendor-crypto/openssl/dist/util/mkdef.pl
  vendor-crypto/openssl/dist/util/mkerr.pl
  vendor-crypto/openssl/dist/util/mkstack.pl
  vendor-crypto/openssl/dist/util/pl/BC-32.pl
  vendor-crypto/openssl/dist/util/pl/VC-32.pl
  vendor-crypto/openssl/dist/util/pl/unix.pl
  vendor-crypto/openssl/dist/util/ssleay.num

Modified: vendor-crypto/openssl/dist/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist/CHANGES	Fri Oct 23 19:45:22 2015	(r289847)
+++ vendor-crypto/openssl/dist/CHANGES	Fri Oct 23 19:46:02 2015	(r289848)
@@ -2,7 +2,7 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
+ Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
 
   *) Alternate chains certificate forgery
 
@@ -17,13 +17,13 @@
      (Google/BoringSSL).
      [Matt Caswell]
 
- Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
+ Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
 
   *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
      incompatibility in the handling of HMAC. The previous ABI has now been
      restored.
 
- Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
+ Changes between 1.0.2a and 1.0.2b [11 Jun 2015]
 
   *) Malformed ECParameters causes infinite loop
 
@@ -91,10 +91,65 @@
      (CVE-2015-1791)
      [Matt Caswell]
 
+  *) Removed support for the two export grade static DH ciphersuites
+     EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
+     were newly added (along with a number of other static DH ciphersuites) to
+     1.0.2. However the two export ones have *never* worked since they were
+     introduced. It seems strange in any case to be adding new export
+     ciphersuites, and given "logjam" it also does not seem correct to fix them.
+     [Matt Caswell]
+
+  *) Only support 256-bit or stronger elliptic curves with the
+     'ecdh_auto' setting (server) or by default (client). Of supported
+     curves, prefer P-256 (both).
+     [Emilia Kasper]
+
   *) Reject DH handshakes with parameters shorter than 768 bits.
      [Kurt Roeckx and Emilia Kasper]
 
- Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
+ Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
+
+  *) ClientHello sigalgs DoS fix
+
+     If a client connects to an OpenSSL 1.0.2 server and renegotiates with an
+     invalid signature algorithms extension a NULL pointer dereference will
+     occur. This can be exploited in a DoS attack against the server.
+
+     This issue was was reported to OpenSSL by David Ramos of Stanford
+     University.
+     (CVE-2015-0291)
+     [Stephen Henson and Matt Caswell]
+
+  *) Multiblock corrupted pointer fix
+
+     OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
+     feature only applies on 64 bit x86 architecture platforms that support AES
+     NI instructions. A defect in the implementation of "multiblock" can cause
+     OpenSSL's internal write buffer to become incorrectly set to NULL when
+     using non-blocking IO. Typically, when the user application is using a
+     socket BIO for writing, this will only result in a failed connection.
+     However if some other BIO is used then it is likely that a segmentation
+     fault will be triggered, thus enabling a potential DoS attack.
+
+     This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller.
+     (CVE-2015-0290)
+     [Matt Caswell]
+
+  *) Segmentation fault in DTLSv1_listen fix
+
+     The DTLSv1_listen function is intended to be stateless and processes the
+     initial ClientHello from many peers. It is common for user code to loop
+     over the call to DTLSv1_listen until a valid ClientHello is received with
+     an associated cookie. A defect in the implementation of DTLSv1_listen means
+     that state is preserved in the SSL object from one invocation to the next
+     that can lead to a segmentation fault. Errors processing the initial
+     ClientHello can trigger this scenario. An example of such an error could be
+     that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
+     server.
+
+     This issue was reported to OpenSSL by Per Allansson.
+     (CVE-2015-0207)
+     [Matt Caswell]
 
   *) Segmentation fault in ASN1_TYPE_cmp fix
 
@@ -107,6 +162,20 @@
      (CVE-2015-0286)
      [Stephen Henson]
 
+  *) Segmentation fault for invalid PSS parameters fix
+
+     The signature verification routines will crash with a NULL pointer
+     dereference if presented with an ASN.1 signature using the RSA PSS
+     algorithm and invalid parameters. Since these routines are used to verify
+     certificate signature algorithms this can be used to crash any
+     certificate verification operation and exploited in a DoS attack. Any
+     application which performs certificate verification is vulnerable including
+     OpenSSL clients and servers which enable client authentication.
+
+     This issue was was reported to OpenSSL by Brian Carpenter.
+     (CVE-2015-0208)
+     [Stephen Henson]
+
   *) ASN.1 structure reuse memory corruption fix
 
      Reusing a structure in ASN.1 parsing may allow an attacker to cause
@@ -145,6 +214,36 @@
      (CVE-2015-0293)
      [Emilia Käsper]
 
+  *) Empty CKE with client auth and DHE fix
+
+     If client auth is used then a server can seg fault in the event of a DHE
+     ciphersuite being selected and a zero length ClientKeyExchange message
+     being sent by the client. This could be exploited in a DoS attack.
+     (CVE-2015-1787)
+     [Matt Caswell]
+
+  *) Handshake with unseeded PRNG fix
+
+     Under certain conditions an OpenSSL 1.0.2 client can complete a handshake
+     with an unseeded PRNG. The conditions are:
+     - The client is on a platform where the PRNG has not been seeded
+     automatically, and the user has not seeded manually
+     - A protocol specific client method version has been used (i.e. not
+     SSL_client_methodv23)
+     - A ciphersuite is used that does not require additional random data from
+     the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
+
+     If the handshake succeeds then the client random that has been used will
+     have been generated from a PRNG with insufficient entropy and therefore the
+     output may be predictable.
+
+     For example using the following command with an unseeded openssl will
+     succeed on an unpatched platform:
+
+     openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
+     (CVE-2015-0285)
+     [Matt Caswell]
+
   *) Use After Free following d2i_ECPrivatekey error fix
 
      A malformed EC private key file consumed via the d2i_ECPrivateKey function
@@ -171,6 +270,336 @@
   *) Removed the export ciphers from the DEFAULT ciphers
      [Kurt Roeckx]
 
+ Changes between 1.0.1l and 1.0.2 [22 Jan 2015]
+
+  *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g.
+     ARMv5 through ARMv8, as opposite to "locking" it to single one.
+     So far those who have to target multiple plaforms would compromise
+     and argue that binary targeting say ARMv5 would still execute on
+     ARMv8. "Universal" build resolves this compromise by providing
+     near-optimal performance even on newer platforms.
+     [Andy Polyakov]
+
+  *) Accelerated NIST P-256 elliptic curve implementation for x86_64
+     (other platforms pending).
+     [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov]
+
+  *) Add support for the SignedCertificateTimestampList certificate and
+     OCSP response extensions from RFC6962.
+     [Rob Stradling]
+
+  *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+     for corner cases. (Certain input points at infinity could lead to
+     bogus results, with non-infinity inputs mapped to infinity too.)
+     [Bodo Moeller]
+
+  *) Initial support for PowerISA 2.0.7, first implemented in POWER8.
+     This covers AES, SHA256/512 and GHASH. "Initial" means that most
+     common cases are optimized and there still is room for further
+     improvements. Vector Permutation AES for Altivec is also added.
+     [Andy Polyakov]
+
+  *) Add support for little-endian ppc64 Linux target.
+     [Marcelo Cerri (IBM)]
+
+  *) Initial support for AMRv8 ISA crypto extensions. This covers AES,
+     SHA1, SHA256 and GHASH. "Initial" means that most common cases
+     are optimized and there still is room for further improvements.
+     Both 32- and 64-bit modes are supported.
+     [Andy Polyakov, Ard Biesheuvel (Linaro)]
+
+  *) Improved ARMv7 NEON support.
+     [Andy Polyakov]
+
+  *) Support for SPARC Architecture 2011 crypto extensions, first
+     implemented in SPARC T4. This covers AES, DES, Camellia, SHA1,
+     SHA256/512, MD5, GHASH and modular exponentiation.
+     [Andy Polyakov, David Miller]
+
+  *) Accelerated modular exponentiation for Intel processors, a.k.a.
+     RSAZ.
+     [Shay Gueron & Vlad Krasnov (Intel Corp)]
+
+  *) Support for new and upcoming Intel processors, including AVX2,
+     BMI and SHA ISA extensions. This includes additional "stitched"
+     implementations, AESNI-SHA256 and GCM, and multi-buffer support
+     for TLS encrypt.
+
+     This work was sponsored by Intel Corp.
+     [Andy Polyakov]
+
+  *) Support for DTLS 1.2. This adds two sets of DTLS methods: DTLS_*_method()
+     supports both DTLS 1.2 and 1.0 and should use whatever version the peer
+     supports and DTLSv1_2_*_method() which supports DTLS 1.2 only.
+     [Steve Henson]
+
+  *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
+     this fixes a limiation in previous versions of OpenSSL.
+     [Steve Henson]
+
+  *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
+     MGF1 digest and OAEP label.
+     [Steve Henson]
+
+  *) Add EVP support for key wrapping algorithms, to avoid problems with
+     existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
+     the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
+     algorithms and include tests cases.
+     [Steve Henson]
+
+  *) Add functions to allocate and set the fields of an ECDSA_METHOD
+     structure.
+     [Douglas E. Engert, Steve Henson]
+
+  *) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the
+     difference in days and seconds between two tm or ASN1_TIME structures.
+     [Steve Henson]
+
+  *) Add -rev test option to s_server to just reverse order of characters
+     received by client and send back to server. Also prints an abbreviated
+     summary of the connection parameters.
+     [Steve Henson]
+
+  *) New option -brief for s_client and s_server to print out a brief summary
+     of connection parameters.
+     [Steve Henson]
+
+  *) Add callbacks for arbitrary TLS extensions.
+     [Trevor Perrin <trevp at trevp.net> and Ben Laurie]
+
+  *) New option -crl_download in several openssl utilities to download CRLs
+     from CRLDP extension in certificates.
+     [Steve Henson]
+
+  *) New options -CRL and -CRLform for s_client and s_server for CRLs.
+     [Steve Henson]
+
+  *) New function X509_CRL_diff to generate a delta CRL from the difference
+     of two full CRLs. Add support to "crl" utility.
+     [Steve Henson]
+
+  *) New functions to set lookup_crls function and to retrieve
+     X509_STORE from X509_STORE_CTX.
+     [Steve Henson]
+
+  *) Print out deprecated issuer and subject unique ID fields in
+     certificates.
+     [Steve Henson]
+
+  *) Extend OCSP I/O functions so they can be used for simple general purpose
+     HTTP as well as OCSP. New wrapper function which can be used to download
+     CRLs using the OCSP API.
+     [Steve Henson]
+
+  *) Delegate command line handling in s_client/s_server to SSL_CONF APIs.
+     [Steve Henson]
+
+  *) SSL_CONF* functions. These provide a common framework for application
+     configuration using configuration files or command lines.
+     [Steve Henson]
+
+  *) SSL/TLS tracing code. This parses out SSL/TLS records using the
+     message callback and prints the results. Needs compile time option
+     "enable-ssl-trace". New options to s_client and s_server to enable
+     tracing.
+     [Steve Henson]
+
+  *) New ctrl and macro to retrieve supported points extensions.
+     Print out extension in s_server and s_client.
+     [Steve Henson]
+
+  *) New functions to retrieve certificate signature and signature
+     OID NID.
+     [Steve Henson]
+
+  *) Add functions to retrieve and manipulate the raw cipherlist sent by a
+     client to OpenSSL.
+     [Steve Henson]
+
+  *) New Suite B modes for TLS code. These use and enforce the requirements
+     of RFC6460: restrict ciphersuites, only permit Suite B algorithms and
+     only use Suite B curves. The Suite B modes can be set by using the
+     strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring.
+     [Steve Henson]
+
+  *) New chain verification flags for Suite B levels of security. Check
+     algorithms are acceptable when flags are set in X509_verify_cert.
+     [Steve Henson]
+
+  *) Make tls1_check_chain return a set of flags indicating checks passed
+     by a certificate chain. Add additional tests to handle client
+     certificates: checks for matching certificate type and issuer name
+     comparison.
+     [Steve Henson]
+
+  *) If an attempt is made to use a signature algorithm not in the peer
+     preference list abort the handshake. If client has no suitable
+     signature algorithms in response to a certificate request do not
+     use the certificate.
+     [Steve Henson]
+
+  *) If server EC tmp key is not in client preference list abort handshake.
+     [Steve Henson]
+
+  *) Add support for certificate stores in CERT structure. This makes it
+     possible to have different stores per SSL structure or one store in
+     the parent SSL_CTX. Include distint stores for certificate chain
+     verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
+     to build and store a certificate chain in CERT structure: returing
+     an error if the chain cannot be built: this will allow applications
+     to test if a chain is correctly configured.
+
+     Note: if the CERT based stores are not set then the parent SSL_CTX
+     store is used to retain compatibility with existing behaviour.
+
+     [Steve Henson]
+
+  *) New function ssl_set_client_disabled to set a ciphersuite disabled
+     mask based on the current session, check mask when sending client
+     hello and checking the requested ciphersuite.
+     [Steve Henson]
+
+  *) New ctrls to retrieve and set certificate types in a certificate
+     request message. Print out received values in s_client. If certificate
+     types is not set with custom values set sensible values based on
+     supported signature algorithms.
+     [Steve Henson]
+
+  *) Support for distinct client and server supported signature algorithms.
+     [Steve Henson]
+
+  *) Add certificate callback. If set this is called whenever a certificate
+     is required by client or server. An application can decide which
+     certificate chain to present based on arbitrary criteria: for example
+     supported signature algorithms. Add very simple example to s_server.
+     This fixes many of the problems and restrictions of the existing client
+     certificate callback: for example you can now clear an existing
+     certificate and specify the whole chain.
+     [Steve Henson]
+
+  *) Add new "valid_flags" field to CERT_PKEY structure which determines what
+     the certificate can be used for (if anything). Set valid_flags field 
+     in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
+     to have similar checks in it.
+
+     Add new "cert_flags" field to CERT structure and include a "strict mode".
+     This enforces some TLS certificate requirements (such as only permitting
+     certificate signature algorithms contained in the supported algorithms
+     extension) which some implementations ignore: this option should be used
+     with caution as it could cause interoperability issues.
+     [Steve Henson]
+
+  *) Update and tidy signature algorithm extension processing. Work out
+     shared signature algorithms based on preferences and peer algorithms
+     and print them out in s_client and s_server. Abort handshake if no
+     shared signature algorithms.
+     [Steve Henson]
+
+  *) Add new functions to allow customised supported signature algorithms
+     for SSL and SSL_CTX structures. Add options to s_client and s_server
+     to support them.
+     [Steve Henson]
+
+  *) New function SSL_certs_clear() to delete all references to certificates
+     from an SSL structure. Before this once a certificate had been added
+     it couldn't be removed.
+     [Steve Henson]
+
+  *) Integrate hostname, email address and IP address checking with certificate
+     verification. New verify options supporting checking in opensl utility.
+     [Steve Henson]
+
+  *) Fixes and wildcard matching support to hostname and email checking
+     functions. Add manual page.
+     [Florian Weimer (Red Hat Product Security Team)]
+
+  *) New functions to check a hostname email or IP address against a
+     certificate. Add options x509 utility to print results of checks against
+     a certificate.
+     [Steve Henson]
+
+  *) Fix OCSP checking.
+     [Rob Stradling <rob.stradling at comodo.com> and Ben Laurie]
+
+  *) Initial experimental support for explicitly trusted non-root CAs. 
+     OpenSSL still tries to build a complete chain to a root but if an
+     intermediate CA has a trust setting included that is used. The first
+     setting is used: whether to trust (e.g., -addtrust option to the x509
+     utility) or reject.
+     [Steve Henson]
+
+  *) Add -trusted_first option which attempts to find certificates in the
+     trusted store even if an untrusted chain is also supplied.
+     [Steve Henson]
+
+  *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE,
+     platform support for Linux and Android.
+     [Andy Polyakov]
+
+  *) Support for linux-x32, ILP32 environment in x86_64 framework.
+     [Andy Polyakov]
+
+  *) Experimental multi-implementation support for FIPS capable OpenSSL.
+     When in FIPS mode the approved implementations are used as normal,
+     when not in FIPS mode the internal unapproved versions are used instead.
+     This means that the FIPS capable OpenSSL isn't forced to use the
+     (often lower perfomance) FIPS implementations outside FIPS mode.
+     [Steve Henson]
+
+  *) Transparently support X9.42 DH parameters when calling
+     PEM_read_bio_DHparameters. This means existing applications can handle
+     the new parameter format automatically.
+     [Steve Henson]
+
+  *) Initial experimental support for X9.42 DH parameter format: mainly
+     to support use of 'q' parameter for RFC5114 parameters.
+     [Steve Henson]
+
+  *) Add DH parameters from RFC5114 including test data to dhtest.
+     [Steve Henson]
+
+  *) Support for automatic EC temporary key parameter selection. If enabled
+     the most preferred EC parameters are automatically used instead of
+     hardcoded fixed parameters. Now a server just has to call:
+     SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically
+     support ECDH and use the most appropriate parameters.
+     [Steve Henson]
+
+  *) Enhance and tidy EC curve and point format TLS extension code. Use
+     static structures instead of allocation if default values are used.
+     New ctrls to set curves we wish to support and to retrieve shared curves.
+     Print out shared curves in s_server. New options to s_server and s_client
+     to set list of supported curves.
+     [Steve Henson]
+
+  *) New ctrls to retrieve supported signature algorithms and 
+     supported curve values as an array of NIDs. Extend openssl utility
+     to print out received values.
+     [Steve Henson]
+
+  *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
+     between NIDs and the more common NIST names such as "P-256". Enhance
+     ecparam utility and ECC method to recognise the NIST names for curves.
+     [Steve Henson]
+
+  *) Enhance SSL/TLS certificate chain handling to support different
+     chains for each certificate instead of one chain in the parent SSL_CTX.
+     [Steve Henson]
+
+  *) Support for fixed DH ciphersuite client authentication: where both
+     server and client use DH certificates with common parameters.
+     [Steve Henson]
+
+  *) Support for fixed DH ciphersuites: those requiring DH server
+     certificates.
+     [Steve Henson]
+
+  *) New function i2d_re_X509_tbs for re-encoding the TBS portion of
+     the certificate.
+     Note: Related 1.0.2-beta specific macros X509_get_cert_info,
+     X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and
+     X509_CINF_get_signature were reverted post internal team review.
+
  Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
 
   *) Build fixes for the Windows and OpenVMS platforms

Modified: vendor-crypto/openssl/dist/Configure
==============================================================================
--- vendor-crypto/openssl/dist/Configure	Fri Oct 23 19:45:22 2015	(r289847)
+++ vendor-crypto/openssl/dist/Configure	Fri Oct 23 19:46:02 2015	(r289848)
@@ -105,6 +105,25 @@ my $usage="Usage: Configure [no-<cipher>
 
 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
 
+# TODO(openssl-team): fix problems and investigate if (at least) the following
+# warnings can also be enabled:
+# -Wconditional-uninitialized, -Wswitch-enum, -Wunused-macros,
+# -Wmissing-field-initializers, -Wmissing-variable-declarations,
+# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
+# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
+# -Wextended-offsetof
+my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token  -Wno-extended-offsetof";
+
+# These are used in addition to $gcc_devteam_warn when the compiler is clang.
+# TODO(openssl-team): fix problems and investigate if (at least) the
+# following warnings can also be enabled: -Wconditional-uninitialized,
+# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers,
+# -Wmissing-variable-declarations,
+# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
+# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
+# -Wextended-offsetof
+my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
+
 my $strict_warnings = 0;
 
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@@ -124,24 +143,25 @@ my $tlib="-lnsl -lsocket";
 my $bits1="THIRTY_TWO_BIT ";
 my $bits2="SIXTY_FOUR_BIT ";
 
-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
 
 my $x86_elf_asm="$x86_asm:elf";
 
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
-my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
-my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
-my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
-my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
-my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
-my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void";
-my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
-my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
-my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::";
-my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::::";
-my $no_asm=":::::::::::::::void";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:";
+my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void";
+my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void";
+my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void";
+my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
+my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//;
+my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
+my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void";
+my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:";
+my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
+my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
+my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:";
+my $ppc32_asm=$ppc64_asm;
+my $no_asm="::::::::::::::::void";
 
 # As for $BSDthreads. Idea is to maintain "collective" set of flags,
 # which would cover all BSD flavors. -pthread applies to them all, 
@@ -152,7 +172,7 @@ my $no_asm=":::::::::::::::void";
 # seems to be sufficient?
 my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
 
-#config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
+#config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
 
 my %table=(
 # File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -174,14 +194,14 @@ my %table=(
 "debug-ben-debug-64",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-ben-macos",	"cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
 "debug-ben-macos-gcc46",	"gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
-"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-ben-darwin64","cc:$gcc_devteam_warn -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-ben-debug-64-clang",	"clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-ben-no-opt",	"gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
 "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -193,9 +213,9 @@ my %table=(
 "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "dist",		"cc:-O::(unknown)::::::",
 
@@ -225,7 +245,7 @@ my %table=(
 "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
  
 #### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 
 #### SPARC Solaris with GNU C setups
@@ -300,7 +320,7 @@ my %table=(
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
 "hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
 
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -347,20 +367,57 @@ my %table=(
 # throw in -D[BL]_ENDIAN, whichever appropriate...
 "linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ppc",	"gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# It's believed that majority of ARM toolchains predefine appropriate -march.
-# If you compiler does not, do complement config command line with one!
-"linux-armv4",	"gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#######################################################################
+# Note that -march is not among compiler options in below linux-armv4
+# target line. Not specifying one is intentional to give you choice to:
+#
+# a) rely on your compiler default by not specifying one;
+# b) specify your target platform explicitly for optimal performance,
+#    e.g. -march=armv6 or -march=armv7-a;
+# c) build "universal" binary that targets *range* of platforms by
+#    specifying minimum and maximum supported architecture;
+#
+# As for c) option. It actually makes no sense to specify maximum to be
+# less than ARMv7, because it's the least requirement for run-time
+# switch between platform-specific code paths. And without run-time
+# switch performance would be equivalent to one for minimum. Secondly,
+# there are some natural limitations that you'd have to accept and
+# respect. Most notably you can *not* build "universal" binary for
+# big-endian platform. This is because ARMv7 processor always picks
+# instructions in little-endian order. Another similar limitation is
+# that -mthumb can't "cross" -march=armv6t2 boundary, because that's
+# where it became Thumb-2. Well, this limitation is a bit artificial,
+# because it's not really impossible, but it's deemed too tricky to
+# support. And of course you have to be sure that your binutils are
+# actually up to the task of handling maximum target platform. With all
+# this in mind here is an example of how to configure "universal" build:
+#
+#       ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
+#
+"linux-armv4",	"gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Configure script adds minimally required -march for assembly support,
+# if no -march was specified at command line. mips32 and mips64 below
+# refer to contemporary MIPS Architecture specifications, MIPS32 and
+# MIPS64, rather than to kernel bitness.
+"linux-mips32",	"gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64",   "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"linux64-mips64",   "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### IA-32 targets...
-"linux-ia32-icc",	"icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia32-icc",	"icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-aout",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
 ####
 "linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ppc64",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-clang",	"clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x32",	"gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
 "linux64-s390x",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### So called "highgprs" target for z/Architecture CPUs
 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
@@ -407,6 +464,7 @@ my %table=(
 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### *BSD [do see comment about ${BSDthreads} above!]
 "BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -421,7 +479,7 @@ my %table=(
 # triggered by RIPEMD160 code.
 "BSD-sparc64",	"gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64",	"cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
@@ -454,11 +512,11 @@ my %table=(
 # UnixWare 2.0x fails destest with -O.
 "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # SCO 5 - Ben Laurie <ben at algroup.co.uk> says the -O breaks the SCO cc.
-"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### IBM's AIX.
 "aix3-cc",  "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
@@ -518,9 +576,9 @@ my %table=(
 # Visual C targets
 #
 # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
-"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
+"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
 "VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
-"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
+"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
 "debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
 # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
 # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
@@ -547,9 +605,8 @@ my %table=(
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
 
 # Cygwin
-"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
 
 # NetWare from David Ward (dsward at novell.com)
 # requires either MetroWerks NLM development tools, or gcc / nlmconv
@@ -581,7 +638,8 @@ my %table=(
 "darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 # iPhoneOS/iOS
 "iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
@@ -634,6 +692,7 @@ my $idx_lflags = $idx++;
 my $idx_bn_ops = $idx++;
 my $idx_cpuid_obj = $idx++;
 my $idx_bn_obj = $idx++;
+my $idx_ec_obj = $idx++;
 my $idx_des_obj = $idx++;
 my $idx_aes_obj = $idx++;
 my $idx_bf_obj = $idx++;
@@ -714,11 +773,13 @@ my %disabled = ( # "what"         => "co
 		 "ec_nistp_64_gcc_128" => "default",
 		 "gmp"		  => "default",
 		 "jpake"          => "experimental",
+		 "libunbound"     => "experimental",
 		 "md2"            => "default",
 		 "rc5"            => "default",
 		 "rfc3779"	  => "default",
 		 "sctp"       => "default",
 		 "shared"         => "default",
+		 "ssl-trace"	  => "default",
 		 "store"	  => "experimental",
 		 "unit-test"	  => "default",
 		 "zlib"           => "default",
@@ -728,7 +789,7 @@ my @experimental = ();
 
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -873,16 +934,7 @@ PROCESS_ARGS:
 			}
 		elsif (/^[-+]/)
 			{
-			if (/^-[lL](.*)$/ or /^-Wl,/)
-				{
-				$libs.=$_." ";
-				}
-			elsif (/^-[^-]/ or /^\+/)
-				{
-				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
-				$flags.=$_." ";
-				}
-			elsif (/^--prefix=(.*)$/)
+			if (/^--prefix=(.*)$/)
 				{
 				$prefix=$1;
 				}
@@ -926,10 +978,14 @@ PROCESS_ARGS:
 				{
 				$cross_compile_prefix=$1;
 				}
-			else
+			elsif (/^-[lL](.*)$/ or /^-Wl,/)
+				{
+				$libs.=$_." ";
+				}
+			else	# common if (/^[-+]/), just pass down...
 				{
-				print STDERR $usage;
-				exit(1);
+				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
+				$flags.=$_." ";
 				}
 			}
 		elsif ($_ =~ /^([^:]+):(.+)$/)
@@ -1156,6 +1212,7 @@ my $cc = $fields[$idx_cc];
 if($ENV{CC}) {
     $cc = $ENV{CC};
 }
+
 my $cflags = $fields[$idx_cflags];
 my $unistd = $fields[$idx_unistd];
 my $thread_cflag = $fields[$idx_thread_cflag];
@@ -1164,6 +1221,7 @@ my $lflags = $fields[$idx_lflags];
 my $bn_ops = $fields[$idx_bn_ops];
 my $cpuid_obj = $fields[$idx_cpuid_obj];
 my $bn_obj = $fields[$idx_bn_obj];
+my $ec_obj = $fields[$idx_ec_obj];
 my $des_obj = $fields[$idx_des_obj];
 my $aes_obj = $fields[$idx_aes_obj];
 my $bf_obj = $fields[$idx_bf_obj];
@@ -1209,6 +1267,12 @@ if ($target =~ /^mingw/ && `$cc --target
 	$shared_ldflag =~ s/\-mno\-cygwin\s*//;
 	}
 
+if ($target =~ /linux.*\-mips/ && !$no_asm && $flags !~ /\-m(ips|arch=)/) {
+	# minimally required architecture flags for assembly modules
+	$cflags="-mips2 $cflags" if ($target =~ /mips32/);
+	$cflags="-mips3 $cflags" if ($target =~ /mips64/);
+}
+
 my $no_shared_warn=0;
 my $no_user_cflags=0;
 
@@ -1335,7 +1399,7 @@ $lflags="$libs$lflags" if ($libs ne "");
 
 if ($no_asm)
 	{
-	$cpuid_obj=$bn_obj=
+	$cpuid_obj=$bn_obj=$ec_obj=
 	$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
 	$modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
 	}
@@ -1416,6 +1480,7 @@ if ($target =~ /\-icc$/)	# Intel C compi
 		}
 	if ($iccver>=8)
 		{
+		$cflags=~s/\-KPIC/-fPIC/;
 		# Eliminate unnecessary dependency from libirc.a. This is
 		# essential for shared library support, as otherwise
 		# apps/openssl can end up in endless loop upon startup...
@@ -1423,12 +1488,17 @@ if ($target =~ /\-icc$/)	# Intel C compi
 		}
 	if ($iccver>=9)
 		{
-		$cflags.=" -i-static";
-		$cflags=~s/\-no_cpprt/-no-cpprt/;
+		$lflags.=" -i-static";
+		$lflags=~s/\-no_cpprt/-no-cpprt/;
 		}
 	if ($iccver>=10)
 		{
-		$cflags=~s/\-i\-static/-static-intel/;
+		$lflags=~s/\-i\-static/-static-intel/;
+		}
+	if ($iccver>=11)
+		{
+		$cflags.=" -no-intel-extensions";	# disable Cilk
+		$lflags=~s/\-no\-cpprt/-no-cxxlib/;
 		}
 	}
 
@@ -1509,7 +1579,7 @@ if ($rmd160_obj =~ /\.o$/)
 	}
 if ($aes_obj =~ /\.o$/)
 	{
-	$cflags.=" -DAES_ASM";
+	$cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/);;
 	# aes-ctr.o is not a real file, only indication that assembler
 	# module implements AES_ctr32_encrypt...
 	$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
@@ -1531,10 +1601,14 @@ else	{
 	$wp_obj="wp_block.o";
 	}
 $cmll_obj=$cmll_enc	unless ($cmll_obj =~ /.o$/);
-if ($modes_obj =~ /ghash/)
+if ($modes_obj =~ /ghash\-/)
 	{
 	$cflags.=" -DGHASH_ASM";
 	}
+if ($ec_obj =~ /ecp_nistz256/)
+	{
+	$cflags.=" -DECP_NISTZ256_ASM";
+	}
 
 # "Stringify" the C flags string.  This permits it to be made part of a string
 # and works as well on command lines.
@@ -1574,12 +1648,21 @@ if ($shlib_version_number =~ /(^[0-9]*)\
 
 if ($strict_warnings)
 	{
+	my $ecc = $cc;
+	$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
 	my $wopt;
-	die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
+	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
 	foreach $wopt (split /\s+/, $gcc_devteam_warn)
 		{
 		$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
 		}
+	if ($ecc eq "clang")
+		{
+		foreach $wopt (split /\s+/, $clang_devteam_warn)
+			{
+			$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+			}
+		}
 	}
 
 open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
@@ -1638,6 +1721,7 @@ while (<IN>)
 	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
 	s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
 	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
+	s/^EC_ASM=.*$/EC_ASM= $ec_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^AES_ENC=.*$/AES_ENC= $aes_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -1699,6 +1783,7 @@ print "CFLAG         =$cflags\n";
 print "EX_LIBS       =$lflags\n";
 print "CPUID_OBJ     =$cpuid_obj\n";
 print "BN_ASM        =$bn_obj\n";
+print "EC_ASM        =$ec_obj\n";
 print "DES_ENC       =$des_obj\n";
 print "AES_ENC       =$aes_obj\n";
 print "BF_ENC        =$bf_obj\n";
@@ -1997,7 +2082,7 @@ BEGIN
 	    VALUE "ProductVersion", "$version\\0"
 	    // Optional:
 	    //VALUE "Comments", "\\0"
-	    VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+	    VALUE "LegalCopyright", "Copyright  © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
 	    //VALUE "LegalTrademarks", "\\0"
 	    //VALUE "PrivateBuild", "\\0"
 	    //VALUE "SpecialBuild", "\\0"
@@ -2106,12 +2191,12 @@ sub print_table_entry
 	{
 	my $target = shift;
 
-	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
-	my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
-	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
-	my $rc5_obj,my $wp_obj,my $cmll_obj,my $modes_obj, my $engines_obj,
-	my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag,
-	my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags,my $multilib)=
+	my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags,
+	    $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj,
+	    $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj,
+	    $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj,
+	    $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag,
+	    $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 			
 	print <<EOF
@@ -2126,6 +2211,7 @@ sub print_table_entry
 \$bn_ops       = $bn_ops
 \$cpuid_obj    = $cpuid_obj
 \$bn_obj       = $bn_obj
+\$ec_obj       = $ec_obj
 \$des_obj      = $des_obj
 \$aes_obj      = $aes_obj
 \$bf_obj       = $bf_obj

Modified: vendor-crypto/openssl/dist/FAQ
==============================================================================
--- vendor-crypto/openssl/dist/FAQ	Fri Oct 23 19:45:22 2015	(r289847)
+++ vendor-crypto/openssl/dist/FAQ	Fri Oct 23 19:46:02 2015	(r289848)
@@ -83,7 +83,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1e was released on Feb 11th, 2013.
+OpenSSL 1.0.1a was released on Apr 19th, 2012.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -184,14 +184,18 @@ Therefore the answer to the common quest
 backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
 in the next minor release.
 
+* What happens when the letter release reaches z?
+
+It was decided after the release of OpenSSL 0.9.8y the next version should
+be 0.9.8za then 0.9.8zb and so on.

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***


More information about the svn-src-all mailing list