[openssl-commits] [openssl] master update

Richard Levitte levitte at openssl.org
Fri Jan 30 13:46:22 UTC 2015


The branch master has been updated
       via  4fdde1aa0c2146342a279dc11757e4e566248d6b (commit)
       via  e00ab250c878f7a7f0ae908a6305cebf6883a244 (commit)
       via  09ebad72dffe74933a5d5976bfb191d9dd041a89 (commit)
       via  36ed7adfbc2230dbc5db926c3e667a1ff491e8c1 (commit)
       via  36759bb75152cece52bcf3b514e4336036deb6d3 (commit)
       via  132536f96e1baba466baa7323c0d74bd7948dd5b (commit)
       via  c168a027cfe1459e946dade4179938f34894fe1d (commit)
      from  be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6 (commit)


- Log -----------------------------------------------------------------
commit 4fdde1aa0c2146342a279dc11757e4e566248d6b
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Jan 30 14:30:25 2015 +0100

    Update on the use of logical names for OpenSSL configuration
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

commit e00ab250c878f7a7f0ae908a6305cebf6883a244
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Jan 30 12:36:13 2015 +0100

    VMS exit codes weren't handled well enough and were unclear
    
    Making a specific variable $failure_code and a bit of commenting in the
    VMS section should help clear things up.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

commit 09ebad72dffe74933a5d5976bfb191d9dd041a89
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Jan 29 14:36:27 2015 +0100

    VMS adjustments:
    
    Add missing crypto modules and files to copy to crypto/install-crypto.com
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

commit 36ed7adfbc2230dbc5db926c3e667a1ff491e8c1
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Jan 29 14:35:46 2015 +0100

    VMS adjustments:
    
    test/cms-test.pl adjusted to handle NL: instead of /dev/null on VMS
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

commit 36759bb75152cece52bcf3b514e4336036deb6d3
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Jan 29 14:27:21 2015 +0100

    VMS build changes
    
    crypto/crypto-lib.com:
     Remove all APPS building, as they are gone.
     Depend on the variable SDIRS that's defined by makevms.com.
     Remake the whole partial module list mechanism to check for variables with a counter.
     Define the logical name INTERNAL to allow for '#include "internal/foo.h"'.
    
    makevms.com:
     Define SDIRS, to allow for removal of crypto modules and pass that information to crypto/crypto-lib.com.
     Allow for experimental modules.
     Update the allowed things to disable.
     Update the things disabled by default to match Configure.
     Update headers to be copied.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

commit 132536f96e1baba466baa7323c0d74bd7948dd5b
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Jan 29 13:13:28 2015 +0100

    VMS adjustments:
    
    catch up with the Unix build.
    A number of new tests, among others test/tocsp.com
    Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

commit c168a027cfe1459e946dade4179938f34894fe1d
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Jan 29 13:07:53 2015 +0100

    VMS adjustments:
    
    Add new symbols that are longer than 31 chars to symhacks.
    VMS doesn't have <sys/un.h>, reflect that in e_os.h.
    MS_CALLBACK has been removed, ssl_task.c needs adjustment.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 INSTALL.VMS               |   26 ++--
 crypto/crypto-lib.com     |  287 ++++++++++++++++-----------------------------
 crypto/install-crypto.com |   10 +-
 crypto/symhacks.h         |   24 ++++
 e_os.h                    |    1 +
 engines/makeengines.com   |   24 ++--
 makevms.com               |  162 ++++++++++++++++++-------
 ssl/ssl-lib.com           |   17 ++-
 ssl/ssl_task.c            |    4 +-
 test/cms-test.pl          |   25 +++-
 test/maketests.com        |   86 ++++++++------
 test/tests.com            |  103 ++++++++++------
 test/tocsp.com            |  165 ++++++++++++++++++++++++++
 13 files changed, 586 insertions(+), 348 deletions(-)
 create mode 100644 test/tocsp.com

diff --git a/INSTALL.VMS b/INSTALL.VMS
index 6a50e6f..7c530a1 100644
--- a/INSTALL.VMS
+++ b/INSTALL.VMS
@@ -130,15 +130,23 @@ Currently, the logical names supported are:
       OPENSSL_NO_ASM    with value YES, the assembler parts of OpenSSL will
                         not be used.  Instead, plain C implementations are
                         used.  This is good to try if something doesn't work.
-      OPENSSL_NO_'alg'  with value YES, the corresponding crypto algorithm
-                        will not be implemented.  Supported algorithms to
-                        do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
-                        SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
-                        SSL3.  So, for example, having the logical name
-                        OPENSSL_NO_RSA with the value YES means that the
-                        LIBCRYPTO.OLB library will not contain an RSA
-                        implementation.
-
+      OPENSSL_NO_'alg'  with value YES, the corresponding crypto algorithm,
+                        protocol or other routine will not be implemented if
+                        disabling it is supported.  Supported algorithms to
+                        do this with are: AES, BF, CAMELLIA, CAST, CMS, COMP,
+                        DES, DGRAM, DH, DSA, EC, EC2M, ECDH, ECDSA, ENGINE,
+                        ERR, GOST, HEARTBEATS, HMAC, IDEA, KRB5, MD2, MD4,
+                        MD5, OCB, OCSP, PSK, RC2, RC4, RC5, RMD160, RSA, SCTP,
+                        SEED, SOCK, SRP, SRTP, TLSEXT, WHIRLPOOL.  So, for
+                        example, having the logical name OPENSSL_NO_RSA with
+                        the value YES means that the LIBCRYPTO.OLB library
+                        will not contain an RSA implementation.
+      OPENSSL_EXPERIMENTAL_'alg'
+                        with value YES, the corresponding experimental
+                        algorithm is enabled.  Note that is also requires
+                        the application using this to define the C macro
+                        OPENSSL_EXPERIMENTAL_'alg'.  Supported algorithms
+                        to do this with are: JPAKE, STORE.
 
 Test:
 =====
diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com
index 4db5063..84ca96e 100644
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -19,7 +19,6 @@ $!  Specify the following as P1 to build just that part or ALL to just
 $!  build everything.
 $!
 $!    	LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
-$!    	APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
 $!	ALL	   To do both LIBRARY and APPS
 $!
 $!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
@@ -102,22 +101,35 @@ $ LIB32 = "32"
 $ OPT_FILE = ""
 $ POINTER_SIZE = ""
 $!
-$! Define The Different Encryption Types.
-$! NOTE: Some might think this list ugly.  However, it's made this way to
-$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
-$! thereby making it fairly easy to verify that the lists are the same.
-$!
-$ ET_WHIRLPOOL = "WHRLPOOL"
-$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
-$ ENCRYPT_TYPES = "Basic,"+ -
-		  "OBJECTS,"+ -
-		  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
-		  "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
-		  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
-		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
-		  "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
-		  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
-		  "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC"
+$! Check if there's a SDIRS variable defined
+$!
+$ IF "''SDIRS'" .NES. ""
+$ THEN
+$!
+$!   If SDIRS was defined, define ENCRYPT_TYPES from it
+$!
+$     ENCRYPT_TYPES = "Basic,''SDIRS'"
+$!
+$! Otherwise
+$!
+$ ELSE
+$!
+$!   Define The Different Encryption Types.
+$!   NOTE: Some might think this list ugly.  However, it's made this way to
+$!   reflect the SDIRS variable in [-]Makefile.org as closely as possible,
+$!   thereby making it fairly easy to verify that the lists are the same.
+$!
+$   ET_WHIRLPOOL = "WHRLPOOL"
+$   IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
+$   ENCRYPT_TYPES = "Basic,"+ -
+		    "OBJECTS,"+ -
+		    "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
+		    "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
+		    "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
+		    "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
+		    "EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
+		    "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC"
+$ ENDIF
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
@@ -204,16 +216,14 @@ $ GOSUB CHECK_OPT_FILE
 $!
 $! Define The Different Encryption "library" Strings.
 $!
-$ APPS_DES = "DES/DES,CBC3_ENC"
-$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
-$
 $ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,"+ -
 	"ebcdic,uid,o_time,o_str,o_dir,thr_id,lock,fips_ers,"+ -
 	"o_init,o_fips"
+$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
-$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512"
+$ LIB_SHA = "sha1dgst,sha1_one,sha256,sha512"
 $ LIB_MDC2 = "mdc2dgst,mdc2_one"
 $ LIB_HMAC = "hmac,hm_ameth,hm_pmeth"
 $ LIB_RIPEMD = "rmd_dgst,rmd_one"
@@ -224,18 +234,19 @@ $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
 	"ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
 	"des_enc,fcrypt_b,"+ -
 	"fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ -
-	"ede_cbcm_enc,des_old,des_old2,read2pwd"
+	"des_old,des_old2,read2pwd"
+$ LIB_AES = "aes_misc,aes_ecb,aes_cfb,aes_ofb,aes_ige,aes_wrap,"+ -
+	"aes_core,aes_cbc"
 $ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"
-$ LIB_RC4 = "rc4_skey,rc4_enc"
+$ LIB_RC4 = "rc4_enc,rc4_skey"
 $ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64"
 $ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey"
 $ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
 $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
-$ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
-		 "cmll_cfb,cmll_ctr"
+$ LIB_CAMELLIA = "cmll_ecb,cmll_ofb,cmll_cfb,cmll_ctr,camellia,cmll_misc,cmll_cbc"
 $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
 $ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ -
-	"ccm128,xts128"
+	"ccm128,xts128,wrap128,ocb128"
 $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
      LIB_BN_ASM = "bn_asm"
@@ -243,7 +254,7 @@ $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
 	"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
 	"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
 	"bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
-	"bn_depr,bn_const,bn_x931p"
+	"bn_depr,bn_const,bn_x931p,bn_intern,bn_dh,bn_srp"
 $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
 	"ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
 	"ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn,"+ -
@@ -257,45 +268,42 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
 	"dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"
 $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
 $ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ -
-	"dh_ameth,dh_pmeth,dh_prn,dh_rfc5114"
-$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
+	"dh_ameth,dh_pmeth,dh_prn,dh_rfc5114,dh_kdf"
+$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err,ech_kdf"
 $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
-	"dso_openssl,dso_win32,dso_vms,dso_beos"
+	"dso_openssl,dso_win32,dso_vms"
 $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
 	"eng_table,eng_pkey,eng_fat,eng_all,"+ -
 	"tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ -
 	"tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ -
-	"eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,"+ -
-	"eng_rsax,eng_rdrand"
-$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ -
-	"aes_ige,aes_wrap"
+	"eng_openssl,eng_cnf,eng_dyn,eng_cryptodev,"+ -
+	"eng_rdrand"
 $ LIB_BUFFER = "buffer,buf_str,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_mem,bss_null,bss_fd,"+ -
 	"bss_file,bss_sock,bss_conn,"+ -
 	"bf_null,bf_buff,b_print,b_dump,"+ -
-	"b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
+	"b_sock,bss_acpt,bf_nbio,bss_log,bss_bio,"+ -
 	"bss_dgram,"+ -
-	"bf_lbuf"
+	"bf_lbuf,bss_rtcp"	! The last two are VMS specific
 $ LIB_STACK = "stack"
 $ LIB_LHASH = "lhash,lh_stats"
 $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
-	"rand_vms"
+	"rand_win,rand_unix,rand_vms,rand_os2,rand_nw"
 $ LIB_ERR = "err,err_all,err_prn"
-$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,evp_cnf,"+ -
+$ LIB_EVP_1 = "encode,digest,evp_enc,evp_key,evp_acnf,evp_cnf,"+ -
 	"e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
 	"e_rc4,e_aes,names,e_seed,"+ -
 	"e_xcbc_d,e_rc2,e_cast,e_rc5"
-$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + -
-	"m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
+$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha1,m_wp," + -
+	"m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
 	"p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
 	"bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
 	"c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
 	"evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
 $ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,"+ -
-	"e_aes_cbc_hmac_sha1,e_rc4_hmac_md5"
-$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
+	"e_aes_cbc_hmac_sha1,e_aes_cbc_hmac_sha256,e_rc4_hmac_md5"
+$ LIB_ASN1_1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
 	"a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
 	"a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
 	"x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
@@ -307,7 +315,8 @@ $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
 	"f_int,f_string,n_pkey,"+ -
 	"f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ -
 	"asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ -
-	"evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
+	"evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid,"+ -
+	"asn_mstbl"
 $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
 	"pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt"
 $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
@@ -338,7 +347,7 @@ $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
 $ LIB_KRB5 = "krb5_asn"
 $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
 	"cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ -
-	"cms_pwri"
+	"cms_pwri,cms_kari"
 $ LIB_PQUEUE = "pqueue"
 $ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ -
 	"ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -
@@ -383,8 +392,6 @@ $!
 $! Extract The Module Name From The Encryption List.
 $!
 $ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
-$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
-$ MODULE_NAME1 = MODULE_NAME
 $!
 $! Check To See If We Are At The End Of The Module List.
 $!
@@ -402,121 +409,71 @@ $!
 $! Increment The Moudle Counter.
 $!
 $ MODULE_COUNTER = MODULE_COUNTER + 1
+$
+$ IF MODULE_NAME.EQS."" THEN GOTO MODULE_NEXT
+$ MODULE_NAME1 = MODULE_NAME
+$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
 $!
-$! Create The Library and Apps Module Names.
+$! Check if the library module name actually is defined
 $!
-$ LIB_MODULE = "LIB_" + MODULE_NAME
-$ APPS_MODULE = "APPS_" + MODULE_NAME
-$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_")
-$ THEN
-$   MODULE_NAME = "ASN1"
-$ ENDIF
-$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_")
+$ PART_COUNTER = -1
+$ IF F$TYPE(LIB_'MODULE_NAME'_1) .NES. ""
 $ THEN
-$   MODULE_NAME = "EVP"
+$   PART_COUNTER = 1
+$ ELSE
+$   IF F$TYPE(LIB_'MODULE_NAME') .EQS. ""
+$   THEN
+$     WRITE SYS$ERROR ""
+$     WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist.  Continuing..."
+$     WRITE SYS$ERROR ""
+$     GOTO MODULE_NEXT
+$   ENDIF
 $ ENDIF
 $!
-$! Set state (can be LIB and APPS)
+$! Tell The User What Module We Are Building.
 $!
-$ STATE = "LIB"
-$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS"
+$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,")"
 $!
-$! Check if the library module name actually is defined
+$! Create The Library Module Names.
 $!
-$ IF F$TYPE('LIB_MODULE') .EQS. ""
+$ PART_NEXT:
+$ IF PART_COUNTER .EQ. 0 THEN GOTO MODULE_NEXT
+$
+$ IF PART_COUNTER .LT. 0
 $ THEN
-$   WRITE SYS$ERROR ""
-$   WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist.  Continuing..."
-$   WRITE SYS$ERROR ""
-$   GOTO MODULE_NEXT
+$   LIB_MODULE = "LIB_" + MODULE_NAME
+$ ELSE
+$   LIB_MODULE = "LIB_" + MODULE_NAME + "_''PART_COUNTER'"
 $ ENDIF
 $!
-$! Top Of The Module Loop.
+$! If there are no more parts, go to the next module
 $!
-$ MODULE_AGAIN:
+$ IF F$TYPE('LIB_MODULE') .EQS. "" THEN GOTO MODULE_NEXT
 $!
-$! Tell The User What Module We Are Building.
+$! Increment The Counter.
 $!
-$ IF (MODULE_NAME1.NES."") 
-$ THEN
-$   IF STATE .EQS. "LIB"
-$   THEN
-$     WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")"
-$   ELSE IF F$TYPE('APPS_MODULE') .NES. ""
-$     THEN
-$       WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")"
-$     ENDIF
-$   ENDIF
-$ ENDIF
+$ PART_COUNTER = PART_COUNTER + 1
 $!
 $!  Define A File Counter And Set It To "0".
 $!
 $ FILE_COUNTER = 0
-$ APPLICATION = ""
-$ APPLICATION_COUNTER = 0
 $!
 $! Top Of The File Loop.
 $!
 $ NEXT_FILE:
 $!
-$! Look in the LIB_MODULE is we're in state LIB
-$!
-$ IF STATE .EQS. "LIB"
-$ THEN
-$!
-$!   O.K, Extract The File Name From The File List.
-$!
-$   FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
+$! Extract The File Name From The File List.
 $!
-$!   else
-$!
-$ ELSE
-$   FILE_NAME = ","
-$!
-$   IF F$TYPE('APPS_MODULE') .NES. ""
-$   THEN
-$!
-$!     Extract The File Name From The File List.
-$!     This part is a bit more complicated.
-$!
-$     IF APPLICATION .EQS. ""
-$     THEN
-$       APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
-$       APPLICATION_COUNTER = APPLICATION_COUNTER + 1
-$       APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
-$       APPLICATION = F$ELEMENT(0,"/",APPLICATION)
-$       FILE_COUNTER = 0
-$     ENDIF
-$
-$!     WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
-$!     SHOW SYMBOL APPLICATION*
-$!
-$     IF APPLICATION .NES. ";"
-$     THEN
-$       FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS)
-$       IF FILE_NAME .EQS. ","
-$       THEN
-$         APPLICATION = ""
-$         GOTO NEXT_FILE
-$       ENDIF
-$     ENDIF
-$   ENDIF
-$ ENDIF
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
 $!
 $! Check To See If We Are At The End Of The File List.
 $!
 $ IF (FILE_NAME.EQS.",") 
 $ THEN 
 $!
-$!  We Are At The End Of The File List, Change State Or Goto FILE_DONE.
+$!  We Are At The End Of The File List, Goto FILE_DONE.
 $!
-$   IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY"
-$   THEN
-$     STATE = "APPS"
-$     GOTO MODULE_AGAIN
-$   ELSE
-$     GOTO FILE_DONE
-$   ENDIF
+$   GOTO FILE_DONE
 $!
 $! End The File List Check.
 $!
@@ -566,14 +523,7 @@ $ ENDIF
 $!
 $! Tell The User We Are Compiling The File.
 $!
-$ IF (MODULE_NAME.EQS."")
-$ THEN
-$   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File.  (",BUILDALL,",",STATE,")"
-$ ENDIF
-$ IF (MODULE_NAME.NES."")
-$ THEN 
-$   WRITE SYS$OUTPUT "        ",FILE_NAME,""
-$ ENDIF
+$ WRITE SYS$OUTPUT "        ",FILE_NAME,""
 $!
 $! Compile The File.
 $!
@@ -634,17 +584,14 @@ $       ENDIF
 $     ENDIF
 $   ENDIF
 $ ENDIF
-$ IF STATE .EQS. "LIB"
-$ THEN 
 $!
-$!   Add It To The Library.
+$! Add It To The Library.
 $!
-$   LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
+$ LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
 $!
-$!   Time To Clean Up The Object File.
+$! Time To Clean Up The Object File.
 $!
-$   DELETE 'OBJECT_FILE';*
-$ ENDIF
+$ DELETE 'OBJECT_FILE';*
 $!
 $! Go Back And Do It Again.
 $!
@@ -654,47 +601,9 @@ $! All Done With This Library Part.
 $!
 $ FILE_DONE:
 $!
-$! Time To Build Some Applications
-$!
-$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY"
-$ THEN
-$   APPLICATION_COUNTER = 0
-$ NEXT_APPLICATION:
-$   APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
-$   IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE
-$
-$   APPLICATION_COUNTER = APPLICATION_COUNTER + 1
-$   APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
-$   APPLICATION = F$ELEMENT(0,"/",APPLICATION)
-$
-$!   WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
-$!   SHOW SYMBOL APPLICATION*
-$!
-$! Tell the user what happens
-$!
-$   WRITE SYS$OUTPUT "        ",APPLICATION,".exe"
-$!
-$! Link The Program.
-$!
-$   ON ERROR THEN GOTO NEXT_APPLICATION
-$!
-$!  Link With A TCP/IP Library.
-$!
-$   LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' -
-     /EXE='EXE_DIR''APPLICATION'.EXE -
-     'OBJ_DIR''APPLICATION_OBJECTS', -
-     'CRYPTO_LIB'/LIBRARY -
-     'TCPIP_LIB' -
-     'ZLIB_LIB' -
-     ,'OPT_FILE' /OPTIONS
-$!
-$   GOTO NEXT_APPLICATION
-$  APPLICATION_DONE:
-$ ENDIF
-$!
-$! Go Back And Get The Next Module.
+$! Go Back And Get The Next Part.
 $!
-$ GOTO MODULE_NEXT
+$ GOTO PART_NEXT
 $!
 $! All Done With This Module.
 $!
@@ -851,7 +760,7 @@ $ ELSE
 $!
 $!  Else, Check To See If P1 Has A Valid Argument.
 $!
-$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
+$   IF (P1.EQS."LIBRARY")
 $   THEN
 $!
 $!    A Valid Argument.
@@ -869,7 +778,6 @@ $     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
 $     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
-$     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs."
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
@@ -1493,10 +1401,12 @@ $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A
 $ __HERE = F$EDIT(__HERE,"UPCASE")
 $ __TOP = __HERE - "CRYPTO]"
 $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]"
 $!
 $! Set up the logical name OPENSSL to point at the include directory
 $!
 $ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$ DEFINE INTERNAL/NOLOG '__INTERNAL'
 $!
 $! Done
 $!
@@ -1509,6 +1419,7 @@ $!
 $ IF __SAVE_OPENSSL .EQS. ""
 $ THEN
 $   DEASSIGN OPENSSL
+$   DEASSIGN INTERNAL
 $ ELSE
 $   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
 $ ENDIF
diff --git a/crypto/install-crypto.com b/crypto/install-crypto.com
index 85b3d58..e57b2ee 100755
--- a/crypto/install-crypto.com
+++ b/crypto/install-crypto.com
@@ -76,12 +76,12 @@ $ sdirs := , -
    'archd', -
    objects, -
    md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, -
-   des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, -
+   des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, modes, -
    bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, -
    buffer, bio, stack, lhash, rand, err, -
    evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, -
    ui, krb5, -
-   store, cms, pqueue, ts, jpake
+   cms, pqueue, ts, jpake, srp, store, cmac
 $!
 $ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
 $ exheader_'archd' := opensslconf.h
@@ -133,12 +133,14 @@ $ exheader_comp := comp.h
 $ exheader_ocsp := ocsp.h
 $ exheader_ui := ui.h, ui_compat.h
 $ exheader_krb5 := krb5_asn.h
-$! exheader_store := store.h, str_compat.h
-$ exheader_store := store.h
 $ exheader_cms := cms.h
 $ exheader_pqueue := pqueue.h
 $ exheader_ts := ts.h
 $ exheader_jpake := jpake.h
+$ exheader_srp := srp.h
+$! exheader_store := store.h, str_compat.h
+$ exheader_store := store.h
+$ exheader_cmac := cmac.h
 $ libs := ssl_libcrypto
 $!
 $ exe_dir := [-.'archd'.exe.crypto]
diff --git a/crypto/symhacks.h b/crypto/symhacks.h
index 56922c9..03cdb1a 100644
--- a/crypto/symhacks.h
+++ b/crypto/symhacks.h
@@ -189,6 +189,14 @@
                                                 SSL_CTX_set_not_resumbl_sess_cb
 #  undef SSL_set_not_resumable_session_callback
 #  define SSL_set_not_resumable_session_callback  SSL_set_not_resumbl_sess_cb
+#  undef ssl_check_clienthello_tlsext_late
+#  define ssl_check_clienthello_tlsext_late       ssl_chk_clienthello_tlsext_late
+#  undef ssl3_cbc_record_digest_supported
+#  define ssl3_cbc_record_digest_supported        ssl3_cbc_rcd_digest_supported
+#  undef SSL_COMP_set0_compression_methods
+#  define SSL_COMP_set0_compression_methods       SSL_COMP_set0_compr_methods
+#  undef SSL_COMP_free_compression_methods
+#  define SSL_COMP_free_compression_methods       SSL_COMP_free_compr_methods
 
 /* Hack some long ENGINE names */
 #  undef ENGINE_get_default_BN_mod_exp_crt
@@ -399,6 +407,18 @@
 #  define CMS_OriginatorIdentifierOrKey_it        CMS_OriginatorIdOrKey_it
 #  undef cms_SignerIdentifier_get0_signer_id
 #  define cms_SignerIdentifier_get0_signer_id     cms_SignerId_get0_signer_id
+#  undef CMS_RecipientInfo_kari_get0_orig_id
+#  define CMS_RecipientInfo_kari_get0_orig_id     CMS_RecipInfo_kari_get0_orig_id
+#  undef CMS_RecipientInfo_kari_get0_reks
+#  define CMS_RecipientInfo_kari_get0_reks        CMS_RecipInfo_kari_get0_reks
+#  undef CMS_RecipientInfo_kari_set0_pkey
+#  define CMS_RecipientInfo_kari_set0_pkey        CMS_RecipInfo_kari_set0_pkey
+#  undef CMS_RecipientInfo_kari_orig_id_cmp
+#  define CMS_RecipientInfo_kari_orig_id_cmp      CMS_RecipInfo_kari_orig_id_cmp
+#  undef CMS_RecipientEncryptedKey_cert_cmp
+#  define CMS_RecipientEncryptedKey_cert_cmp      CMS_RecipEncryptedKey_cert_cmp
+#  undef CMS_RecipientEncryptedKey_get0_id
+#  define CMS_RecipientEncryptedKey_get0_id       CMS_RecipEncryptedKey_get0_id
 
 /* Hack some long DTLS1 names */
 #  undef dtls1_retransmit_buffered_messages
@@ -416,6 +436,10 @@
 #  undef UI_method_set_prompt_constructor
 #  define UI_method_set_prompt_constructor        UI_method_set_prompt_constructr
 
+/* Hack some long RSA names */
+#  undef RSA_padding_check_PKCS1_OAEP_mgf1
+#  define RSA_padding_check_PKCS1_OAEP_mgf1       RSA_padding_chk_PKCS1_OAEP_mgf1
+
 # endif                         /* defined OPENSSL_SYS_VMS */
 
 /* Case insensitive linking causes problems.... */
diff --git a/e_os.h b/e_os.h
index 0fbc33c..f4a427a 100644
--- a/e_os.h
+++ b/e_os.h
@@ -385,6 +385,7 @@ extern FILE *_imp___iob;
                                      __VMS_EXIT |= 0x10000000; \
                                      exit(__VMS_EXIT); } while(0)
 #   define NO_SYS_PARAM_H
+#   define NO_SYS_UN_H
 
 #  elif defined(OPENSSL_SYS_NETWARE)
 #   include <fcntl.h>
diff --git a/engines/makeengines.com b/engines/makeengines.com
index 6329fbb..a0bd168 100644
--- a/engines/makeengines.com
+++ b/engines/makeengines.com
@@ -94,12 +94,12 @@ $! library that isn't necessarely ported to VMS.
 $!
 $ ENGINES = "," + P6
 $ IF ENGINES .EQS. "," THEN -
-	ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,"
+	ENGINES = ",4758cca,padlock,capi,"
 $!
 $! GOST requires a 64-bit integer type, unavailable on VAX.
 $!
 $ IF (ARCH .NES. "VAX") THEN -
-       ENGINES = ENGINES+ ",ccgost"
+       ENGINES = ENGINES+ ",gost"
 $!
 $! Check options.
 $!
@@ -156,20 +156,14 @@ $   TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ"
 $   TV_OBJ = ",''TV_OBJ_NAME'"
 $ ENDIF
 $ ENGINE_4758CCA = "e_4758cca"
-$ ENGINE_aep = "e_aep"
-$ ENGINE_atalla = "e_atalla"
-$ ENGINE_cswift = "e_cswift"
-$ ENGINE_chil = "e_chil"
-$ ENGINE_nuron = "e_nuron"
-$ ENGINE_sureware = "e_sureware"
-$ ENGINE_ubsec = "e_ubsec"
 $ ENGINE_padlock = "e_padlock"
-$
-$ ENGINE_ccgost_SUBDIR = "ccgost"
-$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
-		  "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
-		  "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
-		  "gost_sign"
+$ ENGINE_capi = "e_capi"
+$ 
+$ ENGINE_gost_SUBDIR = "ccgost"
+$ ENGINE_gost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
+		"gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
+		"gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
+		"gost_sign"
 $!
 $! Define which programs need to be linked with a TCP/IP library
 $!
diff --git a/makevms.com b/makevms.com
index 331b1be..cf759e4 100755
--- a/makevms.com
+++ b/makevms.com
@@ -243,9 +243,23 @@ $ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS"
 $ WRITE H_FILE "# define OPENSSL_SYS_VMS"
 $ WRITE H_FILE "#endif"
 $
+$!
+$! Defined the full SDIRS here.  It will be pruned depending on configuration.
+$! This is an exact copy of what's found in Makefile.org, with spaces replaced
+$! with commas.
+$!
+$ SDIRS := -
+        objects,-
+        md2,md4,md5,sha,mdc2,hmac,ripemd,whrlpool,-
+        des,aes,rc2,rc4,rc5,idea,bf,cast,camellia,seed,modes,-
+        bn,ec,rsa,dsa,ecdsa,dh,ecdh,dso,engine,-
+        buffer,bio,stack,lhash,rand,err,-
+        evp,asn1,pem,x509,x509v3,conf,txt_db,pkcs7,pkcs12,comp,ocsp,ui,krb5,-
+        cms,pqueue,ts,jpake,srp,store,cmac
+$
 $! One of the best way to figure out what the list should be is to do
 $! the following on a Unix system:
-$!   grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq
+$!   grep OPENSSL_NO_ crypto/include/internal/*.h crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq
 $! For that reason, the list will also always end up in alphabetical order
 $ CONFIG_LOGICALS := AES,-
 		     ASM,INLINE_ASM,-
@@ -266,46 +280,42 @@ $ CONFIG_LOGICALS := AES,-
 		     EC_NISTP_64_GCC_128,-
 		     ENGINE,-
 		     ERR,-
-		     EVP,-
-		     FP_API,-
 		     GMP,-
 		     GOST,-
-		     HASH_COMP,-
+		     HEARTBEATS,-
 		     HMAC,-
 		     IDEA,-
 		     JPAKE,-
 		     KRB5,-
-		     LHASH,-
 		     MD2,-
 		     MD4,-
 		     MD5,-
 		     MDC2,-
 		     NEXTPROTONEG,-
+		     OCB,-
 		     OCSP,-
 		     PSK,-
 		     RC2,-
 		     RC4,-
 		     RC5,-
-		     RIPEMD,-
+		     RMD160,-
 		     RSA,-
+		     SCTP,-
 		     SEED,-
-		     SHA,-
-		     SHA0,-
-		     SHA1,-
-		     SHA256,-
-		     SHA512,-
 		     SOCK,-
 		     SRP,-
+		     SRTP,-
+		     SSL3_METHOD,-
 		     SSL_INTERN,-
-		     STACK,-
+		     SSL_TRACE,-
 		     STATIC_ENGINE,-
 		     STDIO,-
 		     STORE,-
 		     TLSEXT,-
+		     UNIT_TEST,-
 		     WHIRLPOOL
-$! Add a few that we know about
-$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
-		     THREADS
+$ CONFIG_EXPERIMENTAL := JPAKE,-
+			 STORE
 $! The following rules, which dictate how some algorithm choices affect
 $! others, are picked from Configure.
 $! Quick syntax:
@@ -322,18 +332,29 @@ $! affect all following rules that depend on that algorithm being disabled.
 $! To force something to be enabled or disabled, have no algorithms in the
 $! algos part.
 $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;-
+			  RMD160/RIPEMD;-
 			  DES/MDC2;-
 			  EC/ECDSA,ECDH;-
 			  MD5/SSL3,TLS1;-
 			  SHA/SSL3,TLS1;-
+			  RSA,DSA/SSL3,TLS1;-
 			  DH/SSL3,TLS1;-
 			  TLS1/TLSEXT;-
 			  EC/GOST;-
 			  DSA/GOST;-
 			  DH/GOST;-
+			  TLSEXT/SRP,HEARTBEAT;-
 			  /STATIC_ENGINE;-
 			  /KRB5;-
-			  /EC_NISTP_64_GCC_128
+			  /DEPRECATED;-
+			  /EC_NISTP_64_GCC_128;-
+			  /GMP;-
+			  /MD2;-
+			  /RC5;-
+			  /RFC3779;-
+			  /SCTP;-
+			  /SSL_TRACE;-
+			  /UNIT_TEST
 $ CONFIG_ENABLE_RULES := ZLIB_DYNAMIC/ZLIB;-
 			 /THREADS
 $
@@ -346,25 +367,59 @@ $   CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + -
 			   ";/WHIRLPOOL"
 $ ENDIF
 $
+$! Keep track of things to remove from SDIRS, have the items surrounded
+$! with commas
+$ SKIP_SDIRS = ","
+$
 $ CONFIG_LOG_I = 0
-$ CONFIG_LOG_LOOP1:
+$ CONFIG_LOG_LOOP11:
 $   CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")
 $   CONFIG_LOG_I = CONFIG_LOG_I + 1
-$   IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP1
-$   IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP1_END
+$   IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP11
+$   IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP11_END
 $   IF F$TRNLNM("OPENSSL_NO_"+CONFIG_LOG_E)
 $   THEN
 $       CONFIG_DISABLED_'CONFIG_LOG_E' := YES
 $       CONFIG_ENABLED_'CONFIG_LOG_E' := NO
 $	CONFIG_CHANGED_'CONFIG_LOG_E' := YES
+$	IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .EQS. SKIP_SDIRS THEN -
+	    SKIP_SDIRS = SKIP_SDIRS + CONFIG_LOG_E + ","
 $   ELSE
 $       CONFIG_DISABLED_'CONFIG_LOG_E' := NO
 $       CONFIG_ENABLED_'CONFIG_LOG_E' := YES
-$	! Because all algorithms are assumed enabled by default
+$	! Because all non-experimental algorithms are assumed
+$	! enabled by default
 $	CONFIG_CHANGED_'CONFIG_LOG_E' := NO
+$	IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .NES. SKIP_SDIRS THEN -
+	    SKIP_SDIRS = SKIP_SDIRS - (CONFIG_LOG_E + ",")
 $   ENDIF
-$   GOTO CONFIG_LOG_LOOP1
-$ CONFIG_LOG_LOOP1_END:
+$   GOTO CONFIG_LOG_LOOP11
+$ CONFIG_LOG_LOOP11_END:
+$
+$ CONFIG_LOG_I = 0
+$ CONFIG_LOG_LOOP12:
+$   CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_EXPERIMENTAL),"TRIM")
+$   CONFIG_LOG_I = CONFIG_LOG_I + 1
+$   IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP12
+$   IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP12_END
+$   IF F$TRNLNM("OPENSSL_EXPERIMENTAL_"+CONFIG_LOG_E)
+$   THEN
+$	CONFIG_DISABLED_'CONFIG_LOG_E' := NO
+$	CONFIG_ENABLED_'CONFIG_LOG_E' := YES
+$	CONFIG_CHANGED_'CONFIG_LOG_E' := YES
+$	IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .NES. SKIP_SDIRS THEN -
+	    SKIP_SDIRS = SKIP_SDIRS - (CONFIG_LOG_E + ",")
+$   ELSE
+$	CONFIG_DISABLED_'CONFIG_LOG_E' := YES
+$	CONFIG_ENABLED_'CONFIG_LOG_E' := NO
+$	! Because all experimental algorithms are assumed
+$	! disabled by default
+$	CONFIG_CHANGED_'CONFIG_LOG_E' := NO
+$	IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .EQS. SKIP_SDIRS THEN -
+	    SKIP_SDIRS = SKIP_SDIRS + CONFIG_LOG_E + ","
+$   ENDIF
+$   GOTO CONFIG_LOG_LOOP12
+$ CONFIG_LOG_LOOP12_END:
 $
 $! Apply cascading disable rules
 $ CONFIG_DISABLE_I = 0
@@ -407,6 +462,8 @@ $       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES
 $       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO
 $	! Better not to assume defaults at this point...
 $	CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
+$	IF (SKIP_SDIRS - (","+CONFIG_DEPENDENT_E+",")) .EQS. SKIP_SDIRS THEN -
+	    SKIP_SDIRS = SKIP_SDIRS + CONFIG_DEPENDENT_E + ","
 $	WRITE SYS$ERROR -
          "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'"
 $	GOTO CONFIG_DISABLE_LOOP2
@@ -456,6 +513,8 @@ $       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO
 $       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES
 $	! Better not to assume defaults at this point...
 $	CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
+$	IF (SKIP_SDIRS - (","+CONFIG_DEPENDENT_E+",")) .NES. SKIP_SDIRS THEN -
+	    SKIP_SDIRS = SKIP_SDIRS - (CONFIG_DEPENDENT_E + ",")
 $	WRITE SYS$ERROR -
          "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'"
 $	GOTO CONFIG_ENABLE_LOOP2
@@ -464,6 +523,19 @@ $   ENDIF
 $   GOTO CONFIG_ENABLE_LOOP0
 $ CONFIG_ENABLE_LOOP0_END:
 $
+$! Fix SDIRS
+$ SDIRS = ","+F$EDIT(SDIRS,"COLLAPSE")+","
+$ CONFIG_SKIP_I = 0
+$ CONFIG_SDIRS_LOOP1:
+$   CONFIG_SKIP_E = F$EDIT(F$ELEMENT(CONFIG_SKIP_I,",",SKIP_SDIRS),"TRIM")
+$   CONFIG_SKIP_I = CONFIG_SKIP_I + 1
+$   IF CONFIG_SKIP_E .EQS. "" THEN GOTO CONFIG_SDIRS_LOOP1
+$   IF CONFIG_SKIP_E .EQS. "," THEN GOTO CONFIG_SDIRS_LOOP1_END
+$   IF (SDIRS - (","+CONFIG_SKIP_E+",")) .NES. SDIRS THEN -
+       SDIRS = SDIRS - (CONFIG_SKIP_E+",")
+$   GOTO CONFIG_SDIRS_LOOP1
+$ CONFIG_SDIRS_LOOP1_END: 
+$ 
 $! Write to the configuration
 $ CONFIG_LOG_I = 0
 $ CONFIG_LOG_LOOP2:
@@ -471,21 +543,32 @@ $   CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")
 $   CONFIG_LOG_I = CONFIG_LOG_I + 1
 $   IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP2
 $   IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP2_END
-$   IF CONFIG_CHANGED_'CONFIG_LOG_E'
+$   IF CONFIG_DISABLED_'CONFIG_LOG_E'
 $   THEN
-$     IF CONFIG_DISABLED_'CONFIG_LOG_E'
+$     WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E
+$     WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E
+$     WRITE H_FILE "#endif"
+$   ELSE
+$     IF CONFIG_CHANGED_'CONFIG_LOG_E'
 $     THEN
-$	WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E
-$	WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E
-$	WRITE H_FILE "#endif"
-$     ELSE
-$	WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E
-$	WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E
+$	WRITE H_FILE "#ifndef OPENSSL_EXPERIMENTAL_",CONFIG_LOG_E
+$	WRITE H_FILE "# ifndef OPENSSL_NO_",CONFIG_LOG_E
+$	WRITE H_FILE "#  define OPENSSL_NO_",CONFIG_LOG_E
+$	WRITE H_FILE "# endif"
 $	WRITE H_FILE "#endif"
+$
+$	IF F$TYPE(USER_CCDEFS) .NES. ""
+$	THEN
+$	  USER_CCDEFS = USER_CCDEFS + ",OPENSSL_EXPERIMENTAL_" + CONFIG_LOG_E
+$       ELSE
+$	  USER_CCDEFS = "OPENSSL_EXPERIMENTAL_" + CONFIG_LOG_E
+$       ENDIF
 $     ENDIF
 $   ENDIF
 $   GOTO CONFIG_LOG_LOOP2
 $ CONFIG_LOG_LOOP2_END:
+$
+$ WRITE/SYMBOL SYS$ERROR "SDIRS = """,SDIRS,""""
 $!
 $ WRITE H_FILE ""
 $ WRITE H_FILE "/* STCP support comes with TCPIP 5.7 ECO 2 "
@@ -689,7 +772,7 @@ $ copy 'exheader' sys$disk:[.include.openssl]
 $!
 $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.
 $!
-$ SDIRS := , -
+$ HEADER_SDIRS := , -
    'ARCHD', -
    OBJECTS, -
    MD2, MD4, MD5, SHA, MDC2, HMAC, RIPEMD, WHRLPOOL, -
@@ -760,20 +843,20 @@ $ EXHEADER_STORE := store.h
 $ EXHEADER_CMAC := cmac.h
 $!
 $ i = 0
-$ loop_sdirs:
-$   sdir = f$edit( f$element( i, ",", sdirs), "trim")
+$ loop_header_sdirs:
+$   sdir = f$edit( f$element( i, ",", header_sdirs), "trim")
 $   i = i + 1
-$   if (sdir .eqs. ",") then goto loop_sdirs_end
+$   if (sdir .eqs. ",") then goto loop_header_sdirs_end
 $   hdr_list = exheader_'sdir'
 $   if (sdir .nes. "") then sdir = "."+ sdir
 $   copy [.crypto'sdir']'hdr_list' sys$disk:[.include.openssl]
-$ goto loop_sdirs
-$ loop_sdirs_end:
+$ goto loop_header_sdirs
+$ loop_header_sdirs_end:
 $!
 $! Copy All The ".H" Files From The [.SSL] Directory.
 $!
 $! (keep these in the same order as ssl/Makefile)
-$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h
+$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h
 $ copy sys$disk:[.ssl]'exheader' sys$disk:[.include.openssl]
 $!
 $! Purge the [.include.openssl] header files.
@@ -803,11 +886,6 @@ $!
 $ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
    "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
 $!
-$! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications.
-$!  
-$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
-   "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
-$!
 $! Go Back To The Main Directory.
 $!
 $ SET DEFAULT [-]
diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com
index 51e2b12..b160a0a 100644
--- a/ssl/ssl-lib.com
+++ b/ssl/ssl-lib.com
@@ -213,16 +213,15 @@ $ ENDIF
 $!
 $! Define The Different SSL "library" Files.
 $!
-$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
-	    "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
-	    "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
-	    "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
-	    "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
-	    "d1_both,d1_enc,d1_srtp,"+ -
+$ LIB_SSL = "s3_meth,  s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ -
+	    "s23_meth,s23_srvr,s23_clnt,s23_lib,       s23_pkt,"+ -
+	    "t1_meth,  t1_srvr, t1_clnt, t1_lib, t1_enc,       t1_ext,"+ -
+	    "d1_meth,  d1_srvr, d1_clnt, d1_lib,        d1_pkt,"+ -
+	    "d1_both,d1_srtp,"+ -
 	    "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
 	    "ssl_ciph,ssl_stat,ssl_rsa,"+ -
-	    "ssl_asn1,ssl_txt,ssl_algs,"+ -
-	    "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce"
+	    "ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ -
+	    "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst"
 $!
 $ COMPILEWITH_CC5 = ""
 $!
@@ -240,7 +239,7 @@ $ NEXT_FILE:
 $!
 $! O.K, Extract The File Name From The File List.
 $!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
+$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"TRIM")
 $!
 $! Check To See If We Are At The End Of The File List.
 $!
diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c
index f0ed4e4..dad20c6 100644
--- a/ssl/ssl_task.c
+++ b/ssl/ssl_task.c
@@ -131,8 +131,8 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 
-int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
-                                int error);
+int verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+		    int error);
 BIO *bio_err = NULL;
 BIO *bio_stdout = NULL;
 BIO_METHOD *BIO_s_rtcp();
diff --git a/test/cms-test.pl b/test/cms-test.pl
index 7d4ca29..1c3f00d 100644
--- a/test/cms-test.pl
+++ b/test/cms-test.pl
@@ -58,19 +58,32 @@ my $redir = " 2> cms.err > cms.out";
 # Make VMS work
 if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
     $ossl_path = "pipe mcr OSSLX:openssl";
+    $null_path = "NL:";
+    # On VMS, the lowest 3 bits of the exit code indicates severity
+    # 1 is success (perl translates it to 0 for $?), 2 is error
+    # (perl doesn't translate it)
+    $failure_code = 512;	# 2 << 8 = 512
 }
 # Make MSYS work
 elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
     $ossl_path = "cmd /c ..\\apps\\openssl";
+    $null_path = "/dev/null";
+    $failure_code = 256;
 }
 elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
     $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
+    $null_path = "/dev/null";
+    $failure_code = 256;
 }
 elsif ( -f "..\\out32dll\\openssl.exe" ) {
     $ossl_path = "..\\out32dll\\openssl.exe";
+    $null_path = "/dev/null";
+    $failure_code = 256;
 }
 elsif ( -f "..\\out32\\openssl.exe" ) {
     $ossl_path = "..\\out32\\openssl.exe";
+    $null_path = "/dev/null";
+    $failure_code = 256;
 }
 else {
     die "Can't find OpenSSL executable";
@@ -87,12 +100,12 @@ my $no_ec2m;
 my $no_ecdh;
 my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
 
-system ("$ossl_path no-ec >/dev/null");
+system ("$ossl_path no-ec > $null_path");
 if ($? == 0)
 	{
 	$no_ec = 1;
 	}
-elsif ($? == 256)
+elsif ($? == $failure_code)
 	{
 	$no_ec = 0;
 	}
@@ -101,12 +114,12 @@ else
 	die "Error checking for EC support\n";
 	}
     
-system ("$ossl_path no-ec2m >/dev/null");
+system ("$ossl_path no-ec2m > $null_path");
 if ($? == 0)
 	{
 	$no_ec2m = 1;
 	}
-elsif ($? == 256)
+elsif ($? == $failure_code)
 	{
 	$no_ec2m = 0;
 	}
@@ -115,12 +128,12 @@ else
 	die "Error checking for EC2M support\n";
 	}
 
-system ("$ossl_path no-ecdh >/dev/null");
+system ("$ossl_path no-ecdh > $null_path");
 if ($? == 0)
 	{
 	$no_ecdh = 1;
 	}
-elsif ($? == 256)
+elsif ($? == $failure_code)
 	{
 	$no_ecdh = 0;
 	}
diff --git a/test/maketests.com b/test/maketests.com
index e7a6860..5919374 100644
--- a/test/maketests.com
+++ b/test/maketests.com
@@ -142,47 +142,56 @@ $!
 $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
 	       "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -
 	       "RC2TEST,RC4TEST,RC5TEST,"+ -
-	       "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
+	       "DESTEST,SHA1TEST,SHA256T,SHA512T,"+ -
 	       "MDC2TEST,RMDTEST,"+ -
 	       "RANDTEST,DHTEST,ENGINETEST,"+ -
-	       "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
-	       "EVP_TEST,IGETEST,JPAKETEST,SRPTEST"
+	       "GOST2814789TEST,"+ -
+	       "BFTEST,CASTTEST,SSLTEST,"+ -
+	       "EXPTEST,DSATEST,RSA_TEST,"+ -
+	       "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
+	       "V3NAMETEST,HEARTBEAT_TEST,P5_CRPT2_TEST,"+ -
+	       "CONSTANT_TIME_TEST"
 $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
 $!
 $! Additional directory information.
-$ T_D_BNTEST     := [-.crypto.bn]
-$ T_D_ECTEST     := [-.crypto.ec]
-$ T_D_ECDSATEST  := [-.crypto.ecdsa]
-$ T_D_ECDHTEST   := [-.crypto.ecdh]
-$ T_D_IDEATEST   := [-.crypto.idea]
-$ T_D_MD2TEST    := [-.crypto.md2]
-$ T_D_MD4TEST    := [-.crypto.md4]
-$ T_D_MD5TEST    := [-.crypto.md5]
-$ T_D_HMACTEST   := [-.crypto.hmac]
-$ T_D_WP_TEST    := [-.crypto.whrlpool]
-$ T_D_RC2TEST    := [-.crypto.rc2]
-$ T_D_RC4TEST    := [-.crypto.rc4]
-$ T_D_RC5TEST    := [-.crypto.rc5]
-$ T_D_DESTEST    := [-.crypto.des]
-$ T_D_SHATEST    := [-.crypto.sha]
-$ T_D_SHA1TEST   := [-.crypto.sha]
-$ T_D_SHA256T    := [-.crypto.sha]
-$ T_D_SHA512T    := [-.crypto.sha]
-$ T_D_MDC2TEST   := [-.crypto.mdc2]
-$ T_D_RMDTEST    := [-.crypto.ripemd]
-$ T_D_RANDTEST   := [-.crypto.rand]
-$ T_D_DHTEST     := [-.crypto.dh]
-$ T_D_ENGINETEST := [-.crypto.engine]
-$ T_D_BFTEST     := [-.crypto.bf]
-$ T_D_CASTTEST   := [-.crypto.cast]
-$ T_D_SSLTEST    := [-.ssl]
-$ T_D_EXPTEST    := [-.crypto.bn]
-$ T_D_DSATEST    := [-.crypto.dsa]
-$ T_D_RSA_TEST   := [-.crypto.rsa]
-$ T_D_EVP_TEST   := [-.crypto.evp]
-$ T_D_IGETEST    := [-.test]
-$ T_D_JPAKETEST  := [-.crypto.jpake]
-$ T_D_SRPTEST    := [-.crypto.srp]
+$ T_D_BNTEST             := [-.crypto.bn]
+$ T_D_ECTEST             := [-.crypto.ec]
+$ T_D_ECDSATEST          := [-.crypto.ecdsa]
+$ T_D_ECDHTEST           := [-.crypto.ecdh]
+$ T_D_IDEATEST           := [-.crypto.idea]
+$ T_D_MD2TEST            := [-.crypto.md2]
+$ T_D_MD4TEST            := [-.crypto.md4]
+$ T_D_MD5TEST            := [-.crypto.md5]
+$ T_D_HMACTEST           := [-.crypto.hmac]
+$ T_D_WP_TEST            := [-.crypto.whrlpool]
+$ T_D_RC2TEST            := [-.crypto.rc2]
+$ T_D_RC4TEST            := [-.crypto.rc4]
+$ T_D_RC5TEST            := [-.crypto.rc5]
+$ T_D_DESTEST            := [-.crypto.des]
+$ T_D_SHATEST            := [-.crypto.sha]
+$ T_D_SHA1TEST           := [-.crypto.sha]
+$ T_D_SHA256T            := [-.crypto.sha]
+$ T_D_SHA512T            := [-.crypto.sha]
+$ T_D_MDC2TEST           := [-.crypto.mdc2]
+$ T_D_RMDTEST            := [-.crypto.ripemd]
+$ T_D_RANDTEST           := [-.crypto.rand]
+$ T_D_DHTEST             := [-.crypto.dh]
+$ T_D_ENGINETEST         := [-.crypto.engine]
+$ T_D_GOST2814789TEST    := [-.engines.ccgost]
+$ T_D_BFTEST             := [-.crypto.bf]
+$ T_D_CASTTEST           := [-.crypto.cast]
+$ T_D_SSLTEST            := [-.ssl]
+$ T_D_EXPTEST            := [-.crypto.bn]
+$ T_D_DSATEST            := [-.crypto.dsa]
+$ T_D_RSA_TEST           := [-.crypto.rsa]
+$ T_D_EVP_TEST           := [-.crypto.evp]
+$ T_D_IGETEST            := [-.test]
+$ T_D_JPAKETEST          := [-.crypto.jpake]
+$ T_D_SRPTEST            := [-.crypto.srp]
+$ T_D_V3NAMETEST         := [-.crypto.x509v3]
+$ T_D_HEARTBEAT_TEST     := [-.ssl]
+$ T_D_P5_CRPT2_TEST      := [-.crypto.evp]
+$ T_D_CONSTANT_TIME_TEST := [-.crypto]
 $!
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
@@ -468,7 +477,7 @@ $ CHECK_OPTIONS:
 $!
 $! Set basic C compiler /INCLUDE directories.
 $!
-$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
+$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
 $!
 $! Check To See If P1 Is Blank.
 $!
@@ -1060,10 +1069,12 @@ $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A
 $ __HERE = F$EDIT(__HERE,"UPCASE")
 $ __TOP = __HERE - "TEST]"
 $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]"
 $!
 $! Set up the logical name OPENSSL to point at the include directory
 $!
 $ DEFINE OPENSSL /NOLOG '__INCLUDE'
+$ DEFINE INTERNAL /NOLOG '__INTERNAL'
 $!
 $! Done
 $!
@@ -1076,6 +1087,7 @@ $!
 $ IF __SAVE_OPENSSL .EQS. ""
 $ THEN
 $   DEASSIGN OPENSSL
+$   DEASSIGN INTERNAL
 $ ELSE
 $   DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
 $ ENDIF
diff --git a/test/tests.com b/test/tests.com
index 62be1e7..ba947be 100644
--- a/test/tests.com
+++ b/test/tests.com
@@ -27,6 +27,7 @@ $	endif
 $!
 $	texe_dir := sys$disk:[-.'__archd'.exe.test]
 $	exe_dir := sys$disk:[-.'__archd'.exe.apps]
+$	engines_dir := sys$disk:[-.'__archd'.exe.engines]
 $
 $	set default '__here'
 $
@@ -51,47 +52,55 @@ $! if there's a difference that needs to be taken care of.
 $	    tests := -
 	test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
 	test_md2,test_mdc2,test_wp,-
-	test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-
+	test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,-
 	test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
 	test_enc,test_x509,test_rsa,test_crl,test_sid,-
 	test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
 	test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
-	test_jpake,test_srp,test_cms
+	test_jpake,test_srp,test_cms,test_v3name,test_ocsp,-
+	test_gost2814789,test_heartbeat,test_p5_crpt2,-
+	test_constant_time
 $	endif
 $	tests = f$edit(tests,"COLLAPSE")
 $
-$	BNTEST :=	bntest
-$	ECTEST :=	ectest
-$	ECDSATEST :=	ecdsatest
-$	ECDHTEST :=	ecdhtest
-$	EXPTEST :=	exptest
-$	IDEATEST :=	ideatest
-$	SHATEST :=	shatest
-$	SHA1TEST :=	sha1test
-$	MDC2TEST :=	mdc2test
-$	RMDTEST :=	rmdtest
-$	MD2TEST :=	md2test
-$	MD4TEST :=	md4test
-$	MD5TEST :=	md5test
-$	HMACTEST :=	hmactest
-$	WPTEST :=	wp_test
-$	RC2TEST :=	rc2test
-$	RC4TEST :=	rc4test
-$	RC5TEST :=	rc5test
-$	BFTEST :=	bftest
-$	CASTTEST :=	casttest
-$	DESTEST :=	destest
-$	RANDTEST :=	randtest
-$	DHTEST :=	dhtest
-$	DSATEST :=	dsatest
-$	METHTEST :=	methtest
-$	SSLTEST :=	ssltest
-$	RSATEST :=	rsa_test
-$	ENGINETEST :=	enginetest
-$	EVPTEST :=	evp_test
-$	IGETEST :=	igetest
-$	JPAKETEST :=	jpaketest
-$	SRPTEST :=	srptest
+$	BNTEST :=		bntest
+$	ECTEST :=		ectest
+$	ECDSATEST :=		ecdsatest
+$	ECDHTEST :=		ecdhtest
+$	EXPTEST :=		exptest
+$	IDEATEST :=		ideatest
+$	SHA1TEST :=		sha1test
+$	SHA256TEST :=		sha256t
+$	SHA512TEST :=		sha512t
+$	MDC2TEST :=		mdc2test
+$	RMDTEST :=		rmdtest
+$	MD2TEST :=		md2test
+$	MD4TEST :=		md4test
+$	MD5TEST :=		md5test
+$	HMACTEST :=		hmactest
+$	WPTEST :=		wp_test
+$	RC2TEST :=		rc2test
+$	RC4TEST :=		rc4test
+$	RC5TEST :=		rc5test
+$	BFTEST :=		bftest
+$	CASTTEST :=		casttest
+$	DESTEST :=		destest
+$	RANDTEST :=		randtest
+$	DHTEST :=		dhtest
+$	DSATEST :=		dsatest
+$	METHTEST :=		methtest
+$	SSLTEST :=		ssltest
+$	RSATEST :=		rsa_test
+$	ENGINETEST :=		enginetest
+$	GOST2814789TEST :=	gost2814789test
+$	EVPTEST :=		evp_test
+$	P5_CRPT2_TEST :=	p5_crpt2_test
+$	IGETEST :=		igetest
+$	JPAKETEST :=		jpaketest
+$	SRPTEST :=		srptest
+$	V3NAMETEST :=		v3nametest
+$	HEARTBEATTEST :=	heartbeat_test
+$	CONSTTIMETEST :=	constant_time_test
 $!
 $	tests_i = 0
 $ loop_tests:
@@ -105,6 +114,9 @@ $
 $ test_evp:
 $	mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt
 $	return
+$ test_p5_crpt2:
+$	mcr 'texe_dir''p5_crpt2_test'
+$	return
 $ test_des:
 $	mcr 'texe_dir''destest'
 $	return
@@ -112,8 +124,9 @@ $ test_idea:
 $	mcr 'texe_dir''ideatest'
 $	return
 $ test_sha:
-$	mcr 'texe_dir''shatest'
 $	mcr 'texe_dir''sha1test'
+$	mcr 'texe_dir''sha256test'
+$	mcr 'texe_dir''sha512test'
 $	return
 $ test_mdc2:
 $	mcr 'texe_dir''mdc2test'
@@ -154,6 +167,10 @@ $	return
 $ test_rand:
 $	mcr 'texe_dir''randtest'
 $	return
+$ test_gost2814789:
+$	define/user OPENSSL_ENGINES 'engines_dir'
+$	mcr 'texe_dir''gost2814789test'
+$	return
 $ test_enc:
 $	@testenc.com 'pointer_size'
 $	return
@@ -361,7 +378,21 @@ $ test_srp:
 $	write sys$output "Test SRP"
 $	mcr 'texe_dir''srptest'
 $	return
-$
+$ test_v3name:
+$	write sys$output "Test X509v3_check_*"
+$	mcr 'texe_dir''v3nametest'
+$	return
+$ test_ocsp:
+$	write sys$output "Test OCSP"
+$	@tocsp.com
+$	return
+$ test_heartbeat:
+$	mcr 'texe_dir''heartbeattest'
+$	return
+$ test_constant_time:
+$	write sys$output "Test constant time utilites"
+$	mcr 'texe_dir''consttimetest'
+$	return
 $
 $ exit:
 $	mcr 'exe_dir'openssl version -a
diff --git a/test/tocsp.com b/test/tocsp.com
new file mode 100644
index 0000000..97253fe
--- /dev/null
+++ b/test/tocsp.com
@@ -0,0 +1,165 @@
+$! TOCSP.COM  --  Test ocsp
+$
+$	__arch = "VAX"
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch = "UNK"
+$!
+$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$       cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"
+$	ocspdir = "ocsp-tests"
+$
+$!	17 December 2012 so we don't get certificate expiry errors.
+$	check_time="-attime 1355875200"
+$
+$ test_ocsp:
+$	subroutine
+$		'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin
+$		'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -
+		      "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:
+$		if $severity .ne. p3+1
+$		then
+$		    write sys$error "OCSP test failed!"
+$		    exit 3
+$		endif
+$	endsubroutine
+$
+$	set noon
+$
+$	write sys$output "=== VALID OCSP RESPONSES ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0
+$	
+$	write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1
+$	
+$	write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
+$!	Expect success, because we're explicitly trusting the issuer certificate.
+$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0
+$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0
+$	write sys$output "NON-DELEGATED; Root CA -> EE"
+$	call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0
+$	write sys$output "DELEGATED; Intermediate CA -> EE"
+$	call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0
+$	write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$	call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0
+$	write sys$output "DELEGATED; Root CA -> EE"
+$	call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0
+$	
+$	write sys$output "ALL OCSP TESTS SUCCESSFUL"
+$
+$	set on
+$	
+$	exit


More information about the openssl-commits mailing list