[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.7 and 0.9.8  [xx XXX 2002]

  *) Let BN_rand_range() abort with an error after 100 iterations
     without success (which indicates a broken PRNG).
     [Bodo Moeller]

  *) Change BN_mod_sqrt() so that it verifies that the input value
     is really the square of the return value.  (Previously,
     BN_mod_sqrt would show GIGO behaviour.)
     [Bodo Moeller]

  *) Add named elliptic curves over binary fields from X9.62, SECG,
     and WAP/WTLS; add OIDs that were still missing.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Extend the EC library for elliptic curves over binary fields
     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
     New EC_METHOD:

          EC_GF2m_simple_method

     New API functions:

          EC_GROUP_new_curve_GF2m
          EC_GROUP_set_curve_GF2m
          EC_GROUP_get_curve_GF2m
          EC_POINT_set_affine_coordinates_GF2m
          EC_POINT_get_affine_coordinates_GF2m
          EC_POINT_set_compressed_coordinates_GF2m

     Point compression for binary fields is disabled by default for
     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
     enable it).

     As binary polynomials are represented as BIGNUMs, various members
     of the EC_GROUP and EC_POINT data structures can be shared
     between the implementations for prime fields and binary fields;
     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
     are essentially identical to their ..._GFp counterparts.
     (For simplicity, the '..._GFp' prefix has been dropped from
     various internal method names.)

     An internal 'field_div' method (similar to 'field_mul' and
     'field_sqr') has been added; this is used only for binary fields.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
     through methods ('mul', 'precompute_mult').

     The generic implementations (now internally called 'ec_wNAF_mul'
     and 'ec_wNAF_precomputed_mult') remain the default if these
     methods are undefined.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) New function EC_GROUP_get_degree, which is defined through
     EC_METHOD.  For curves over prime fields, this returns the bit
     length of the modulus.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) New functions EC_GROUP_dup, EC_POINT_dup.
     (These simply call ..._new  and ..._copy).

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
     Polynomials are represented as BIGNUMs (where the sign bit is not
     used) in the following functions [macros]:  

          BN_GF2m_add
          BN_GF2m_sub             [= BN_GF2m_add]
          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
          BN_GF2m_mod_inv
          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
          BN_GF2m_cmp             [= BN_ucmp]

     (Note that only the 'mod' functions are actually for fields GF(2^m).
     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)

     For some functions, an the irreducible polynomial defining a
     field can be given as an 'unsigned int[]' with strictly
     decreasing elements giving the indices of those bits that are set;
     i.e., p[] represents the polynomial
          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
     where
          p[0] > p[1] > ... > p[k] = 0.
     This applies to the following functions:

          BN_GF2m_mod_arr
          BN_GF2m_mod_mul_arr
          BN_GF2m_mod_sqr_arr
          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
          BN_GF2m_mod_exp_arr
          BN_GF2m_mod_sqrt_arr
          BN_GF2m_mod_solve_quad_arr
          BN_GF2m_poly2arr
          BN_GF2m_arr2poly

     Conversion can be performed by the following functions:

          BN_GF2m_poly2arr
          BN_GF2m_arr2poly

     bntest.c has additional tests for binary polynomial arithmetic.

     Two implementations for BN_GF2m_mod_div() are available.
     The default algorithm simply uses BN_GF2m_mod_inv() and
     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
     copyright notice in crypto/bn/bn_gf2m.c before enabling it).

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Add new error code 'ERR_R_DISABLED' that can be used when some
     functionality is disabled at compile-time.
     [Douglas Stebila <douglas.stebila@sun.com>]

  *) Change default behaviour of 'openssl asn1parse' so that more
     information is visible when viewing, e.g., a certificate:

     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
     mode the content of non-printable OCTET STRINGs is output in a
     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
     avoid the appearance of a printable string.
     [Nils Larsch <nla@trustcenter.de>]

  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
     functions
          EC_GROUP_set_asn1_flag()
          EC_GROUP_get_asn1_flag()
          EC_GROUP_set_point_conversion_form()
          EC_GROUP_get_point_conversion_form()
     These control ASN1 encoding details:
     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
       has been set to OPENSSL_EC_NAMED_CURVE.
     - Points are encoded in uncompressed form by default; options for
       asn1_for are as for point2oct, namely
          POINT_CONVERSION_COMPRESSED
          POINT_CONVERSION_UNCOMPRESSED
          POINT_CONVERSION_HYBRID

     Also add 'seed' and 'seed_len' members to EC_GROUP with access
     functions
          EC_GROUP_set_seed()
          EC_GROUP_get0_seed()
          EC_GROUP_get_seed_len()
     This is used only for ASN1 purposes (so far).
     [Nils Larsch <nla@trustcenter.de>]

  *) Add 'field_type' member to EC_METHOD, which holds the NID
     of the appropriate field type OID.  The new function
     EC_METHOD_get_field_type() returns this value.
     [Nils Larsch <nla@trustcenter.de>]

  *) Add functions 
          EC_POINT_point2bn()
          EC_POINT_bn2point()
          EC_POINT_point2hex()
          EC_POINT_hex2point()
     providing useful interfaces to EC_POINT_point2oct() and
     EC_POINT_oct2point().
     [Nils Larsch <nla@trustcenter.de>]

  *) Change internals of the EC library so that the functions
          EC_GROUP_set_generator()
          EC_GROUP_get_generator()
          EC_GROUP_get_order()
          EC_GROUP_get_cofactor()
     are implemented directly in crypto/ec/ec_lib.c and not dispatched
     to methods, which would lead to unnecessary code duplication when
     adding different types of curves.
     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]

  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
     arithmetic, and such that modified wNAFs are generated
     (which avoid length expansion in many cases).
     [Bodo Moeller]

  *) Add a function EC_GROUP_check_discriminant() (defined via
     EC_METHOD) that verifies that the curve discriminant is non-zero.

     Add a function EC_GROUP_check() that makes some sanity tests
     on a EC_GROUP, its generator and order.  This includes
     EC_GROUP_check_discriminant().
     [Nils Larsch <nla@trustcenter.de>]

  *) Add ECDSA in new directory crypto/ecdsa/.

     Add applications 'openssl ecparam' and 'openssl ecdsa'
     (these are based on 'openssl dsaparam' and 'openssl dsa').

     ECDSA support is also included in various other files across the
     library.  Most notably,
     - 'openssl req' now has a '-newkey ecdsa:file' option;
     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
       them suitable for ECDSA where domain parameters must be
       extracted before the specific public key.
     [Nils Larsch <nla@trustcenter.de>]

  *) Include some named elliptic curves, and add OIDs from X9.62,
     SECG, and WAP/WTLS.  The curves can be obtained from the new
     functions
          EC_GROUP_new_by_nid()
          EC_GROUP_new_by_name()
     Also add a 'curve_name' member to EC_GROUP objects, which can be
     accessed via
         EC_GROUP_set_nid()
         EC_GROUP_get_nid()
     [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
 
 Changes between 0.9.6g and 0.9.7  [XX xxx 2002]

  *) Make sure tests can be performed even if the corresponding algorithms
     have been removed entirely.  This was also the last step to make
     OpenSSL compilable with DJGPP under all reasonable conditions.
     [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]

  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
     to allow version independent disabling of normally unselected ciphers,
     which may be activated as a side-effect of selecting a single cipher.

     (E.g., cipher list string "RSA" enables ciphersuites that are left
     out of "ALL" because they do not provide symmetric encryption.
     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
     [Lutz Jaenicke, Bodo Moeller]

  *) Add appropriate support for separate platform-dependent build
     directories.  The recommended way to make a platform-dependent
     build directory is the following (tested on Linux), maybe with
     some local tweaks:

	# Place yourself outside of the OpenSSL source tree.  In
	# this example, the environment variable OPENSSL_SOURCE
	# is assumed to contain the absolute OpenSSL source directory.
	mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
	cd objtree/`uname -s`-`uname -r`-`uname -m`
	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
		mkdir -p `dirname $F`
		ln -s $OPENSSL_SOURCE/$F $F
	done

     To be absolutely sure not to disturb the source tree, a "make clean"
     is a good thing.  If it isn't successfull, don't worry about it,
     it probably means the source directory is very clean.
     [Richard Levitte]

  *) Make sure any ENGINE control commands make local copies of string
     pointers passed to them whenever necessary. Otherwise it is possible
     the caller may have overwritten (or deallocated) the original string
     data when a later ENGINE operation tries to use the stored values.
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
4d94ae00 BM	5	Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
4d94ae00 BM	6
95ecacf8 BM	7	*) Let BN_rand_range() abort with an error after 100 iterations
	8	without success (which indicates a broken PRNG).
	9	[Bodo Moeller]
	10
6fb60a84 BM	11	*) Change BN_mod_sqrt() so that it verifies that the input value
	12	is really the square of the return value. (Previously,
	13	BN_mod_sqrt would show GIGO behaviour.)
	14	[Bodo Moeller]
	15
7793f30e BM	16	*) Add named elliptic curves over binary fields from X9.62, SECG,
	17	and WAP/WTLS; add OIDs that were still missing.
	18
	19	[Sheueling Chang Shantz and Douglas Stebila
	20	(Sun Microsystems Laboratories)]
	21
	22	*) Extend the EC library for elliptic curves over binary fields
	23	(new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
	24	New EC_METHOD:
	25
	26	EC_GF2m_simple_method
	27
	28	New API functions:
	29
	30	EC_GROUP_new_curve_GF2m
	31	EC_GROUP_set_curve_GF2m
	32	EC_GROUP_get_curve_GF2m
7793f30e BM	33	EC_POINT_set_affine_coordinates_GF2m
	34	EC_POINT_get_affine_coordinates_GF2m
	35	EC_POINT_set_compressed_coordinates_GF2m
	36
	37	Point compression for binary fields is disabled by default for
	38	patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
	39	enable it).
	40
	41	As binary polynomials are represented as BIGNUMs, various members
	42	of the EC_GROUP and EC_POINT data structures can be shared
	43	between the implementations for prime fields and binary fields;
	44	the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
	45	are essentially identical to their ..._GFp counterparts.
9e4f9b36 BM	46	(For simplicity, the '..._GFp' prefix has been dropped from
9e4f9b36 BM	47	various internal method names.)
7793f30e BM	48
	49	An internal 'field_div' method (similar to 'field_mul' and
	50	'field_sqr') has been added; this is used only for binary fields.
	51
	52	[Sheueling Chang Shantz and Douglas Stebila
	53	(Sun Microsystems Laboratories)]
	54
9e4f9b36	55	*) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
7793f30e BM	56	through methods ('mul', 'precompute_mult').
	57
	58	The generic implementations (now internally called 'ec_wNAF_mul'
	59	and 'ec_wNAF_precomputed_mult') remain the default if these
	60	methods are undefined.
	61
	62	[Sheueling Chang Shantz and Douglas Stebila
	63	(Sun Microsystems Laboratories)]
	64
	65	*) New function EC_GROUP_get_degree, which is defined through
	66	EC_METHOD. For curves over prime fields, this returns the bit
	67	length of the modulus.
	68
	69	[Sheueling Chang Shantz and Douglas Stebila
	70	(Sun Microsystems Laboratories)]
	71
	72	*) New functions EC_GROUP_dup, EC_POINT_dup.
	73	(These simply call ..._new and ..._copy).
	74
	75	[Sheueling Chang Shantz and Douglas Stebila
	76	(Sun Microsystems Laboratories)]
	77
1dc920c8 BM	78	*) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
	79	Polynomials are represented as BIGNUMs (where the sign bit is not
	80	used) in the following functions [macros]:
	81
	82	BN_GF2m_add
	83	BN_GF2m_sub [= BN_GF2m_add]
	84	BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
	85	BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
	86	BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
	87	BN_GF2m_mod_inv
	88	BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
	89	BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
	90	BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
	91	BN_GF2m_cmp [= BN_ucmp]
	92
	93	(Note that only the 'mod' functions are actually for fields GF(2^m).
	94	BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
	95
	96	For some functions, an the irreducible polynomial defining a
	97	field can be given as an 'unsigned int[]' with strictly
	98	decreasing elements giving the indices of those bits that are set;
	99	i.e., p[] represents the polynomial
	100	f(t) = t^p[0] + t^p[1] + ... + t^p[k]
	101	where
	102	p[0] > p[1] > ... > p[k] = 0.
	103	This applies to the following functions:
	104
	105	BN_GF2m_mod_arr
	106	BN_GF2m_mod_mul_arr
	107	BN_GF2m_mod_sqr_arr
	108	BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
	109	BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
	110	BN_GF2m_mod_exp_arr
	111	BN_GF2m_mod_sqrt_arr
	112	BN_GF2m_mod_solve_quad_arr
	113	BN_GF2m_poly2arr
	114	BN_GF2m_arr2poly
	115
	116	Conversion can be performed by the following functions:
	117
	118	BN_GF2m_poly2arr
	119	BN_GF2m_arr2poly
	120
	121	bntest.c has additional tests for binary polynomial arithmetic.
	122
909abce8 BM	123	Two implementations for BN_GF2m_mod_div() are available.
	124	The default algorithm simply uses BN_GF2m_mod_inv() and
	125	BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
	126	if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
	127	copyright notice in crypto/bn/bn_gf2m.c before enabling it).
1dc920c8 BM	128
	129	[Sheueling Chang Shantz and Douglas Stebila
	130	(Sun Microsystems Laboratories)]
	131
16dc1cfb BM	132	*) Add new error code 'ERR_R_DISABLED' that can be used when some
	133	functionality is disabled at compile-time.
	134	[Douglas Stebila <douglas.stebila@sun.com>]
	135
ea4f109c BM	136	*) Change default behaviour of 'openssl asn1parse' so that more
	137	information is visible when viewing, e.g., a certificate:
	138
	139	Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
	140	mode the content of non-printable OCTET STRINGs is output in a
	141	style similar to INTEGERs, but with '[HEX DUMP]' prepended to
	142	avoid the appearance of a printable string.
	143	[Nils Larsch <nla@trustcenter.de>]
	144
254ef80d BM	145	*) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
	146	functions
	147	EC_GROUP_set_asn1_flag()
	148	EC_GROUP_get_asn1_flag()
	149	EC_GROUP_set_point_conversion_form()
	150	EC_GROUP_get_point_conversion_form()
	151	These control ASN1 encoding details:
b8e0e123 BM	152	- Curves (i.e., groups) are encoded explicitly unless asn1_flag
b8e0e123 BM	153	has been set to OPENSSL_EC_NAMED_CURVE.
5f3d6f70	154	- Points are encoded in uncompressed form by default; options for
254ef80d BM	155	asn1_for are as for point2oct, namely
	156	POINT_CONVERSION_COMPRESSED
	157	POINT_CONVERSION_UNCOMPRESSED
	158	POINT_CONVERSION_HYBRID
5f3d6f70 BM	159
	160	Also add 'seed' and 'seed_len' members to EC_GROUP with access
	161	functions
	162	EC_GROUP_set_seed()
	163	EC_GROUP_get0_seed()
	164	EC_GROUP_get_seed_len()
	165	This is used only for ASN1 purposes (so far).
458c2917 BM	166	[Nils Larsch <nla@trustcenter.de>]
	167
	168	*) Add 'field_type' member to EC_METHOD, which holds the NID
	169	of the appropriate field type OID. The new function
	170	EC_METHOD_get_field_type() returns this value.
	171	[Nils Larsch <nla@trustcenter.de>]
	172
6cbe6382 BM	173	*) Add functions
	174	EC_POINT_point2bn()
	175	EC_POINT_bn2point()
	176	EC_POINT_point2hex()
	177	EC_POINT_hex2point()
	178	providing useful interfaces to EC_POINT_point2oct() and
	179	EC_POINT_oct2point().
	180	[Nils Larsch <nla@trustcenter.de>]
	181
b6db386f BM	182	*) Change internals of the EC library so that the functions
	183	EC_GROUP_set_generator()
	184	EC_GROUP_get_generator()
	185	EC_GROUP_get_order()
	186	EC_GROUP_get_cofactor()
	187	are implemented directly in crypto/ec/ec_lib.c and not dispatched
	188	to methods, which would lead to unnecessary code duplication when
	189	adding different types of curves.
6cbe6382	190	[Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
b6db386f	191
47234cd3 BM	192	*) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
	193	arithmetic, and such that modified wNAFs are generated
	194	(which avoid length expansion in many cases).
	195	[Bodo Moeller]
	196
82652aaf BM	197	*) Add a function EC_GROUP_check_discriminant() (defined via
	198	EC_METHOD) that verifies that the curve discriminant is non-zero.
	199
	200	Add a function EC_GROUP_check() that makes some sanity tests
	201	on a EC_GROUP, its generator and order. This includes
	202	EC_GROUP_check_discriminant().
	203	[Nils Larsch <nla@trustcenter.de>]
	204
4d94ae00 BM	205	*) Add ECDSA in new directory crypto/ecdsa/.
4d94ae00 BM	206
5dbd3efc BM	207	Add applications 'openssl ecparam' and 'openssl ecdsa'
5dbd3efc BM	208	(these are based on 'openssl dsaparam' and 'openssl dsa').
4d94ae00 BM	209
	210	ECDSA support is also included in various other files across the
	211	library. Most notably,
	212	- 'openssl req' now has a '-newkey ecdsa:file' option;
	213	- EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
	214	- X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
	215	d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
	216	them suitable for ECDSA where domain parameters must be
	217	extracted before the specific public key.
f8e21776	218	[Nils Larsch <nla@trustcenter.de>]
4d94ae00	219
af28dd6c BM	220	*) Include some named elliptic curves, and add OIDs from X9.62,
	221	SECG, and WAP/WTLS. The curves can be obtained from the new
	222	functions
4d94ae00 BM	223	EC_GROUP_new_by_nid()
4d94ae00 BM	224	EC_GROUP_new_by_name()
254ef80d BM	225	Also add a 'curve_name' member to EC_GROUP objects, which can be
254ef80d BM	226	accessed via
4d94ae00 BM	227	EC_GROUP_set_nid()
	228	EC_GROUP_get_nid()
	229	[Nils Larsch <nla@trustcenter.de, Bodo Moeller]
	230
fbe792f0	231	Changes between 0.9.6g and 0.9.7 [XX xxx 2002]
dc014d43	232
f013c7f2 RL	233	*) Make sure tests can be performed even if the corresponding algorithms
	234	have been removed entirely. This was also the last step to make
	235	OpenSSL compilable with DJGPP under all reasonable conditions.
	236	[Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
	237
648765ba	238	*) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
c6ccf055 LJ	239	to allow version independent disabling of normally unselected ciphers,
c6ccf055 LJ	240	which may be activated as a side-effect of selecting a single cipher.
648765ba BM	241
	242	(E.g., cipher list string "RSA" enables ciphersuites that are left
	243	out of "ALL" because they do not provide symmetric encryption.
	244	"RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
c6ccf055 LJ	245	[Lutz Jaenicke, Bodo Moeller]
c6ccf055 LJ	246
041843e4 RL	247	*) Add appropriate support for separate platform-dependent build
	248	directories. The recommended way to make a platform-dependent
	249	build directory is the following (tested on Linux), maybe with
	250	some local tweaks:
	251
	252	# Place yourself outside of the OpenSSL source tree. In
	253	# this example, the environment variable OPENSSL_SOURCE
	254	# is assumed to contain the absolute OpenSSL source directory.
	255	mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
	256	cd objtree/`uname -s`-`uname -r`-`uname -m`
	257	(cd $OPENSSL_SOURCE; find . -type f -o -type l) \| while read F; do
	258	mkdir -p `dirname $F`
	259	ln -s $OPENSSL_SOURCE/$F $F
	260	done
	261
	262	To be absolutely sure not to disturb the source tree, a "make clean"
	263	is a good thing. If it isn't successfull, don't worry about it,
	264	it probably means the source directory is very clean.
	265	[Richard Levitte]
	266
a6c6874a GT	267	*) Make sure any ENGINE control commands make local copies of string
	268	pointers passed to them whenever necessary. Otherwise it is possible
	269	the caller may have overwritten (or deallocated) the original string
	270	data when a later ENGINE operation tries to use the stored values.
	271