Revert lots of Cryptlib updates.

OpenSSL changes quite a bit of the key validation, and most of the keys
I can find in the wild aren't marked as trusted by the new checker.

Intel noticed this too: https://github.com/vathpela/edk2/commit/f536d7c3ed
but instead of fixing the compatibility error, they switched their test
data to match the bug.

So that's pretty broken.

For now, I'm reverting OpenSSL 1.1.0e, because we need those certs in
the wild to work.

This reverts commit 513cbe2aea689bf968f171f894f3d4cdb43524d5.
This reverts commit e9cc33d6f2b7f35c6f5e349fd83fb9ae0bc66226.
This reverts commit 80d49f758ead0180bfe6161931838e0578248303.
This reverts commit 9bc647e2b23bcfd69a0077c0717fbc454c919a57.
This reverts commit ae75df6232ad30f3e8736e9449692d58a7439260.
This reverts commit e883479f35644d17db7efed710657c8543cfcb68.
This reverts commit 97469449fda5ba933a64280917e776487301a127.
This reverts commit e39692647f78e13d757ddbfdd36f440d5f526050.
This reverts commit 0f3dfc01e2d5e7df882c963dd8dc4a0dfbfc96ad.
This reverts commit 4da6ac819510c7cc4ba21d7a735d69b45daa5873.
This reverts commit d064bd7eef201f26cb926450a76260b5187ac689.
This reverts commit 9bc86cfd6f9387f0da9d5c0102b6aa5627e91c91.
This reverts commit ab9a05a10f16b33f7ee1e9da360c7801eebdb9d2.

Signed-off-by: Peter Jones <pjones@redhat.com>

1 files changed, 353 insertions, 91 deletions

diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h
index eafa8623..3e9dae2e 100644
--- a/Cryptlib/OpenSSL/e_os.h
+++ b/Cryptlib/OpenSSL/e_os.h
@@ -1,10 +1,59 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* e_os.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
  */
 
 #ifndef HEADER_E_OS_H
@@ -23,28 +72,11 @@ extern "C" {
 #endif
 
 /* Used to checking reference counts, most while doing perl5 stuff :-) */
-# if defined(OPENSSL_NO_STDIO)
-#  if defined(REF_PRINT)
-#   error "REF_PRINT requires stdio"
-#  endif
-# endif
-
-# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO)
-#  define REF_ASSERT_ISNT(test) \
-    (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0)
-# else
-#  define REF_ASSERT_ISNT(i)
-# endif
 # ifdef REF_PRINT
-#  define REF_PRINT_COUNT(a, b) \
-        fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
-# else
-#  define REF_PRINT_COUNT(a, b)
+#  undef REF_PRINT
+#  define REF_PRINT(a,b)  fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)
 # endif
 
-# define osslargused(x)      (void)x
-# define OPENSSL_CONF        "openssl.cnf"
-
 # ifndef DEVRANDOM
 /*
  * set this to a comma-separated list of 'random' device files to try out. My
@@ -52,9 +84,9 @@ extern "C" {
  */
 #  define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
 # endif
-# if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)
+# ifndef DEVRANDOM_EGD
 /*
- * set this to a comma-separated list of 'egd' sockets to try out. These
+ * set this to a comma-seperated list of 'egd' sockets to try out. These
  * sockets will be tried in the order listed in case accessing the device
  * files listed in DEVRANDOM did not return enough entropy.
  */
@@ -67,9 +99,33 @@ extern "C" {
 #  define NO_SYSLOG
 # endif
 
+# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+#  if macintosh==1
+#   ifndef MAC_OS_GUSI_SOURCE
+#    define MAC_OS_pre_X
+#    define NO_SYS_TYPES_H
+#   endif
+#   define NO_SYS_PARAM_H
+#   define NO_CHMOD
+#   define NO_SYSLOG
+#   undef  DEVRANDOM
+#   define GETPID_IS_MEANINGLESS
+#  endif
+# endif
+
 /********************************************************************
  The Microsoft section
  ********************************************************************/
+/*
+ * The following is used because of the small stack in some Microsoft
+ * operating systems
+ */
+# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
+#  define MS_STATIC     static
+# else
+#  define MS_STATIC
+# endif
+
 # if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
 #  define WIN32
 # endif
@@ -85,7 +141,6 @@ extern "C" {
 # endif
 
 # ifdef WIN32
-#  define NO_SYS_UN_H
 #  define get_last_sys_error()    GetLastError()
 #  define clear_sys_error()       SetLastError(0)
 #  if !defined(WINNT)
@@ -103,12 +158,17 @@ extern "C" {
 #  define writesocket(s,b,n)      send((s),(b),(n),0)
 # elif defined(__DJGPP__)
 #  define WATT32
-#  define WATT32_NO_OLDIES
 #  define get_last_socket_error() errno
 #  define clear_socket_error()    errno=0
 #  define closesocket(s)          close_s(s)
 #  define readsocket(s,b,n)       read_s(s,b,n)
 #  define writesocket(s,b,n)      send(s,b,n,0)
+# elif defined(MAC_OS_pre_X)
+#  define get_last_socket_error() errno
+#  define clear_socket_error()    errno=0
+#  define closesocket(s)          MacSocket_close(s)
+#  define readsocket(s,b,n)       MacSocket_recv((s),(b),(n),true)
+#  define writesocket(s,b,n)      MacSocket_send((s),(b),(n))
 # elif defined(OPENSSL_SYS_VMS)
 #  define get_last_socket_error() errno
 #  define clear_socket_error()    errno=0
@@ -123,6 +183,32 @@ extern "C" {
 #  define closesocket(s)              close(s)
 #  define readsocket(s,b,n)           read((s),(b),(n))
 #  define writesocket(s,b,n)          write((s),(char *)(b),(n))
+# elif defined(OPENSSL_SYS_BEOS_R5)
+#  define get_last_socket_error() errno
+#  define clear_socket_error()    errno=0
+#  define FIONBIO SO_NONBLOCK
+#  define ioctlsocket(a,b,c)                setsockopt((a),SOL_SOCKET,(b),(c),sizeof(*(c)))
+#  define readsocket(s,b,n)       recv((s),(b),(n),0)
+#  define writesocket(s,b,n)      send((s),(b),(n),0)
+# elif defined(OPENSSL_SYS_NETWARE)
+#  if defined(NETWARE_BSDSOCK)
+#   define get_last_socket_error() errno
+#   define clear_socket_error()    errno=0
+#   define closesocket(s)          close(s)
+#   define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#   if defined(NETWARE_LIBC)
+#    define readsocket(s,b,n)       recv((s),(b),(n),0)
+#    define writesocket(s,b,n)      send((s),(b),(n),0)
+#   else
+#    define readsocket(s,b,n)       recv((s),(char*)(b),(n),0)
+#    define writesocket(s,b,n)      send((s),(char*)(b),(n),0)
+#   endif
+#  else
+#   define get_last_socket_error() WSAGetLastError()
+#   define clear_socket_error()    WSASetLastError(0)
+#   define readsocket(s,b,n)               recv((s),(b),(n),0)
+#   define writesocket(s,b,n)              send((s),(b),(n),0)
+#  endif
 # else
 #  define get_last_socket_error() errno
 #  define clear_socket_error()    errno=0
@@ -132,20 +218,30 @@ extern "C" {
 #  define writesocket(s,b,n)      write((s),(b),(n))
 # endif
 
+# ifdef WIN16                   /* never the case */
+#  define MS_CALLBACK   _far _loadds
+#  define MS_FAR        _far
+# else
+#  define MS_CALLBACK
+#  define MS_FAR
+# endif
+
+# ifdef OPENSSL_NO_STDIO
+#  undef OPENSSL_NO_FP_API
+#  define OPENSSL_NO_FP_API
+# endif
+
 # if (defined(WINDOWS) || defined(MSDOS))
 
 #  ifdef __DJGPP__
 #   include <unistd.h>
 #   include <sys/stat.h>
 #   include <sys/socket.h>
-#   include <sys/un.h>
 #   include <tcp.h>
 #   include <netdb.h>
 #   define _setmode setmode
 #   define _O_TEXT O_TEXT
 #   define _O_BINARY O_BINARY
-#   define HAS_LFN_SUPPORT(name)  (pathconf((name), _PC_NAME_MAX) > 12)
-#   undef DEVRANDOM_EGD  /*  Neither MS-DOS nor FreeDOS provide 'egd' sockets.  */
 #   undef DEVRANDOM
 #   define DEVRANDOM "/dev/urandom\x24"
 #  endif                        /* __DJGPP__ */
@@ -168,18 +264,20 @@ extern "C" {
        /*
         * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
         * Most notably we ought to check for availability of each specific
-        * routine that was introduced after denoted _WIN32_WINNT with
-        * GetProcAddress(). Normally newer functions are masked with higher
-        * _WIN32_WINNT in SDK headers. So that if you wish to use them in
-        * some module, you'd need to override _WIN32_WINNT definition in
-        * the target module in order to "reach for" prototypes, but replace
-        * calls to new functions with indirect calls. Alternatively it
-        * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs
-        * and check for current OS version instead.
+        * routine with GetProcAddress() and/or guard NT-specific calls with
+        * GetVersion() < 0x80000000. One can argue that in latter "or" case
+        * we ought to /DELAYLOAD some .DLLs in order to protect ourselves
+        * against run-time link errors. This doesn't seem to be necessary,
+        * because it turned out that already Windows 95, first non-NT Win32
+        * implementation, is equipped with at least NT 3.51 stubs, dummy
+        * routines with same name, but which do nothing. Meaning that it's
+        * apparently sufficient to guard "vanilla" NT calls with GetVersion
+        * alone, while NT 4.0 and above interfaces ought to be linked with
+        * GetProcAddress at run-time.
         */
-#    define _WIN32_WINNT 0x0501
+#    define _WIN32_WINNT 0x0400
 #   endif
-#   if defined(_WIN32_WINNT) || defined(_WIN32_WCE)
+#   if !defined(OPENSSL_NO_SOCK) && (defined(_WIN32_WINNT) || defined(_WIN32_WCE))
        /*
         * Just like defining _WIN32_WINNT including winsock2.h implies
         * certain "discipline" for maintaining [broad] binary compatibility.
@@ -253,6 +351,14 @@ extern FILE *_imp___iob;
 #   define OPENSSL_NO_POSIX_IO
 #  endif
 
+#  if defined (__BORLANDC__)
+#   define _setmode setmode
+#   define _O_TEXT O_TEXT
+#   define _O_BINARY O_BINARY
+#   define _int64 __int64
+#   define _kbhit kbhit
+#  endif
+
 #  define EXIT(n) exit(n)
 #  define LIST_SEPARATOR_CHAR ';'
 #  ifndef X_OK
@@ -264,6 +370,10 @@ extern FILE *_imp___iob;
 #  ifndef R_OK
 #   define R_OK        4
 #  endif
+#  define OPENSSL_CONF  "openssl.cnf"
+#  define SSLEAY_CONF   OPENSSL_CONF
+#  define NUL_DEV       "nul"
+#  define RFILE         ".rnd"
 #  ifdef OPENSSL_SYS_WINCE
 #   define DEFAULT_HOME  ""
 #  else
@@ -293,7 +403,11 @@ extern FILE *_imp___iob;
 #   else
 #    include <unixlib.h>
 #   endif
+#   define OPENSSL_CONF        "openssl.cnf"
+#   define SSLEAY_CONF         OPENSSL_CONF
+#   define RFILE               ".rnd"
 #   define LIST_SEPARATOR_CHAR ','
+#   define NUL_DEV             "NLA0:"
   /* We don't have any well-defined random devices on VMS, yet... */
 #   undef DEVRANDOM
   /*-
@@ -309,26 +423,47 @@ extern FILE *_imp___iob;
 
      So, what we do here is to change 0 to 1 to get the default success status,
      and everything else is shifted up to fit into the status number field, and
-     the status is tagged as an error, which is what is wanted here.
-
-     Finally, we add the VMS C facility code 0x35a000, because there are some
-     programs, such as Perl, that will reinterpret the code back to something
-     POSIXly.  'man perlvms' explains it further.
-
-     NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
-     codes (status type = 1).  I couldn't disagree more.  Fortunately, the
-     status type doesn't seem to bother Perl.
+     the status is tagged as an error, which I believe is what is wanted here.
      -- Richard Levitte
   */
-#   define EXIT(n)  exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1)
-
+#   define EXIT(n)             do { int __VMS_EXIT = n; \
+                                     if (__VMS_EXIT == 0) \
+                                       __VMS_EXIT = 1; \
+                                     else \
+                                       __VMS_EXIT = (n << 3) | 2; \
+                                     __VMS_EXIT |= 0x10000000; \
+                                     exit(__VMS_EXIT); } while(0)
 #   define NO_SYS_PARAM_H
-#   define NO_SYS_UN_H
 
-#   define DEFAULT_HOME "SYS$LOGIN:"
+#  elif defined(OPENSSL_SYS_NETWARE)
+#   include <fcntl.h>
+#   include <unistd.h>
+#   define NO_SYS_TYPES_H
+#   undef  DEVRANDOM
+#   ifdef NETWARE_CLIB
+#    define getpid GetThreadID
+extern int GetThreadID(void);
+/* #      include <conio.h> */
+extern int kbhit(void);
+#   else
+#    include <screen.h>
+#   endif
+#   define NO_SYSLOG
+#   define _setmode setmode
+#   define _kbhit kbhit
+#   define _O_TEXT O_TEXT
+#   define _O_BINARY O_BINARY
+#   define OPENSSL_CONF   "openssl.cnf"
+#   define SSLEAY_CONF    OPENSSL_CONF
+#   define RFILE    ".rnd"
+#   define LIST_SEPARATOR_CHAR ';'
+#   define EXIT(n)  { if (n) printf("ERROR: %d\n", (int)n); exit(n); }
 
 #  else
      /* !defined VMS */
+#   ifdef OPENSSL_SYS_MPE
+#    define NO_SYS_PARAM_H
+#   endif
 #   ifdef OPENSSL_UNISTD
 #    include OPENSSL_UNISTD
 #   else
@@ -337,24 +472,49 @@ extern FILE *_imp___iob;
 #   ifndef NO_SYS_TYPES_H
 #    include <sys/types.h>
 #   endif
+#   if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)
+#    define pid_t int           /* pid_t is missing on NEXTSTEP/OPENSTEP
+                                 * (unless when compiling with
+                                 * -D_POSIX_SOURCE, which doesn't work for
+                                 * us) */
+#   endif
+#   ifdef OPENSSL_SYS_NEWS4     /* setvbuf is missing on mips-sony-bsd */
+#    define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
+typedef unsigned long clock_t;
+#   endif
 #   ifdef OPENSSL_SYS_WIN32_CYGWIN
 #    include <io.h>
 #    include <fcntl.h>
 #   endif
 
+#   define OPENSSL_CONF        "openssl.cnf"
+#   define SSLEAY_CONF         OPENSSL_CONF
+#   define RFILE               ".rnd"
 #   define LIST_SEPARATOR_CHAR ':'
+#   define NUL_DEV             "/dev/null"
 #   define EXIT(n)             exit(n)
 #  endif
 
+#  define SSLeay_getpid()       getpid()
+
 # endif
 
 /*************/
 
+# if defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_DGRAM)
+#  define OPENSSL_NO_DGRAM
+# endif
+
 # ifdef USE_SOCKETS
-#  ifdef OPENSSL_NO_SOCK
-#  elif defined(WINDOWS) || defined(MSDOS)
+#  if defined(WINDOWS) || defined(MSDOS)
       /* windows world */
-#   if !defined(__DJGPP__)
+
+#   ifdef OPENSSL_NO_SOCK
+#    define SSLeay_Write(a,b,c)       (-1)
+#    define SSLeay_Read(a,b,c)        (-1)
+#    define SHUTDOWN(fd)              close(fd)
+#    define SHUTDOWN2(fd)             close(fd)
+#   elif !defined(__DJGPP__)
 #    if defined(_WIN32_WCE) && _WIN32_WCE<410
 #     define getservbyname _masked_declaration_getservbyname
 #    endif
@@ -372,16 +532,53 @@ struct servent *PASCAL getservbyname(const char *, const char *);
 /*
  * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
  * the value constitutes an index in per-process table of limited size
- * and not a real pointer. And we also depend on fact that all processors
- * Windows run on happen to be two's-complement, which allows to
- * interchange INVALID_SOCKET and -1.
+ * and not a real pointer.
  */
 #     define socket(d,t,p)   ((int)socket(d,t,p))
 #     define accept(s,f,l)   ((int)accept(s,f,l))
 #    endif
+#    define SSLeay_Write(a,b,c)       send((a),(b),(c),0)
+#    define SSLeay_Read(a,b,c)        recv((a),(b),(c),0)
+#    define SHUTDOWN(fd)              { shutdown((fd),0); closesocket(fd); }
+#    define SHUTDOWN2(fd)             { shutdown((fd),2); closesocket(fd); }
 #   else
+#    define SSLeay_Write(a,b,c)       write_s(a,b,c,0)
+#    define SSLeay_Read(a,b,c)        read_s(a,b,c)
+#    define SHUTDOWN(fd)              close_s(fd)
+#    define SHUTDOWN2(fd)             close_s(fd)
 #   endif
 
+#  elif defined(MAC_OS_pre_X)
+
+#   include "MacSocket.h"
+#   define SSLeay_Write(a,b,c)         MacSocket_send((a),(b),(c))
+#   define SSLeay_Read(a,b,c)          MacSocket_recv((a),(b),(c),true)
+#   define SHUTDOWN(fd)                MacSocket_close(fd)
+#   define SHUTDOWN2(fd)               MacSocket_close(fd)
+
+#  elif defined(OPENSSL_SYS_NETWARE)
+         /*
+          * NetWare uses the WinSock2 interfaces by default, but can be
+          * configured for BSD
+          */
+#   if defined(NETWARE_BSDSOCK)
+#    include <sys/socket.h>
+#    include <netinet/in.h>
+#    include <sys/time.h>
+#    if defined(NETWARE_CLIB)
+#     include <sys/bsdskt.h>
+#    else
+#     include <sys/select.h>
+#    endif
+#    define INVALID_SOCKET (int)(~0)
+#   else
+#    include <novsock2.h>
+#   endif
+#   define SSLeay_Write(a,b,c)   send((a),(b),(c),0)
+#   define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
+#   define SHUTDOWN(fd)    { shutdown((fd),0); closesocket(fd); }
+#   define SHUTDOWN2(fd)      { shutdown((fd),2); closesocket(fd); }
+
 #  else
 
 #   ifndef NO_SYS_PARAM_H
@@ -389,6 +586,8 @@ struct servent *PASCAL getservbyname(const char *, const char *);
 #   endif
 #   ifdef OPENSSL_SYS_VXWORKS
 #    include <time.h>
+#   elif !defined(OPENSSL_SYS_MPE)
+#    include <sys/time.h>       /* Needed under linux for FD_XXX */
 #   endif
 
 #   include <netdb.h>
@@ -398,22 +597,18 @@ struct servent *PASCAL getservbyname(const char *, const char *);
 #    include <inet.h>
 #   else
 #    include <sys/socket.h>
-#    ifndef NO_SYS_UN_H
-#     ifdef OPENSSL_SYS_VXWORKS
-#      include <streams/un.h>
-#     else
-#      include <sys/un.h>
-#     endif
-#     ifndef UNIX_PATH_MAX
-#      define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path)
-#     endif
-#    endif
 #    ifdef FILIO_H
-#     include <sys/filio.h> /* FIONBIO in some SVR4, e.g. unixware, solaris */
+#     include <sys/filio.h>     /* Added for FIONBIO under unixware */
 #    endif
 #    include <netinet/in.h>
-#    include <arpa/inet.h>
-#    include <netinet/tcp.h>
+#    if !defined(OPENSSL_SYS_BEOS_R5)
+#     include <arpa/inet.h>
+#    endif
+#   endif
+
+#   if defined(NeXT) || defined(_NEXT_SOURCE)
+#    include <sys/fcntl.h>
+#    include <sys/types.h>
 #   endif
 
 #   ifdef OPENSSL_SYS_AIX
@@ -424,12 +619,16 @@ struct servent *PASCAL getservbyname(const char *, const char *);
 #    include <sys/select.h>
 #   endif
 
-#   ifndef VMS
-#    include <sys/ioctl.h>
+#   if defined(__sun) || defined(sun)
+#    include <sys/filio.h>
 #   else
-        /* ioctl is only in VMS > 7.0 and when socketshr is not used */
-#    if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
+#    ifndef VMS
 #     include <sys/ioctl.h>
+#    else
+         /* ioctl is only in VMS > 7.0 and when socketshr is not used */
+#     if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
+#      include <sys/ioctl.h>
+#     endif
 #    endif
 #   endif
 
@@ -440,6 +639,10 @@ struct servent *PASCAL getservbyname(const char *, const char *);
 #    endif
 #   endif
 
+#   define SSLeay_Read(a,b,c)     read((a),(b),(c))
+#   define SSLeay_Write(a,b,c)    write((a),(b),(c))
+#   define SHUTDOWN(fd)    { shutdown((fd),0); closesocket((fd)); }
+#   define SHUTDOWN2(fd)   { shutdown((fd),2); closesocket((fd)); }
 #   ifndef INVALID_SOCKET
 #    define INVALID_SOCKET      (-1)
 #   endif                       /* INVALID_SOCKET */
@@ -449,7 +652,7 @@ struct servent *PASCAL getservbyname(const char *, const char *);
  * Some IPv6 implementations are broken, disable them in known bad versions.
  */
 #  if !defined(OPENSSL_USE_IPV6)
-#   if defined(AF_INET6) && !defined(NETWARE_CLIB)
+#   if defined(AF_INET6) && !defined(OPENSSL_SYS_BEOS_BONE) && !defined(NETWARE_CLIB)
 #    define OPENSSL_USE_IPV6 1
 #   else
 #    define OPENSSL_USE_IPV6 0
@@ -458,6 +661,22 @@ struct servent *PASCAL getservbyname(const char *, const char *);
 
 # endif
 
+# if (defined(__sun) || defined(sun)) && !defined(__svr4__) && !defined(__SVR4)
+  /* include headers first, so our defines don't break it */
+#  include <stdlib.h>
+#  include <string.h>
+  /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
+#  define memmove(s1,s2,n) bcopy((s2),(s1),(n))
+#  define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
+extern char *sys_errlist[];
+extern int sys_nerr;
+#  define strerror(errnum) \
+        (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
+  /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */
+#  include "crypto/o_str.h"
+#  define memcmp OPENSSL_memcmp
+# endif
+
 # ifndef OPENSSL_EXIT
 #  if defined(MONOLITH) && !defined(OPENSSL_C)
 #   define OPENSSL_EXIT(n) return(n)
@@ -468,20 +687,40 @@ struct servent *PASCAL getservbyname(const char *, const char *);
 
 /***********************************************/
 
+# define DG_GCC_BUG             /* gcc < 2.6.3 on DGUX */
+
+# ifdef sgi
+#  define IRIX_CC_BUG           /* all version of IRIX I've tested (4.* 5.*) */
+# endif
+# ifdef OPENSSL_SYS_SNI
+#  define IRIX_CC_BUG           /* CDS++ up to V2.0Bsomething suffered from
+                                 * the same bug. */
+# endif
+
 # if defined(OPENSSL_SYS_WINDOWS)
 #  define strcasecmp _stricmp
 #  define strncasecmp _strnicmp
-#  if (_MSC_VER >= 1310)
-#   define open _open
-#   define fdopen _fdopen
-#   define close _close
-#   ifndef strdup
-#    define strdup _strdup
-#   endif
-#   define unlink _unlink
-#  endif
-# else
-#  include <strings.h>
+# elif defined(OPENSSL_SYS_VMS)
+/* VMS below version 7.0 doesn't have strcasecmp() */
+#  include "o_str.h"
+#  define strcasecmp OPENSSL_strcasecmp
+#  define strncasecmp OPENSSL_strncasecmp
+#  define OPENSSL_IMPLEMENTS_strncasecmp
+# elif defined(OPENSSL_SYS_OS2) && defined(__EMX__)
+#  define strcasecmp stricmp
+#  define strncasecmp strnicmp
+# elif defined(OPENSSL_SYS_NETWARE)
+#  include <string.h>
+#  if defined(NETWARE_CLIB)
+#   define strcasecmp stricmp
+#   define strncasecmp strnicmp
+#  endif                        /* NETWARE_CLIB */
+# endif
+
+# if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
+#  include <io.h>
+#  include <fcntl.h>
+#  define NO_SYSLOG
 # endif
 
 /* vxworks */
@@ -511,7 +750,30 @@ struct servent *getservbyname(const char *name, const char *proto);
 # endif
 /* end vxworks */
 
-#define OSSL_NELEM(x)    (sizeof(x)/sizeof(x[0]))
+/* beos */
+# if defined(OPENSSL_SYS_BEOS_R5)
+#  define SO_ERROR 0
+#  define NO_SYS_UN
+#  define IPPROTO_IP 0
+#  include <OS.h>
+# endif
+
+# if !defined(inline) && !defined(__cplusplus)
+#  if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
+   /* do nothing, inline works */
+#  elif defined(__GNUC__) && __GNUC__>=2
+#   define inline __inline__
+#  elif defined(_MSC_VER)
+  /*
+   * Visual Studio: inline is available in C++ only, however
+   * __inline is available for C, see
+   * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+   */
+#   define inline __inline
+#  else
+#   define inline
+#  endif
+# endif
 
 #ifdef  __cplusplus
 }